This document describes the configuration of a VPN tunnel between two sites (Site A and Site B) using VyOS routers and firewalls. IPsec is used to create the VPN tunnel, with ESP and IKE groups defined. OSPF routing is configured between the sites. Each site has redundant firewalls in a cluster, with a primary and secondary, to provide high availability. Virtual interfaces are used to create VLANs and the required IP addressing. The configuration details for each device are then provided.
1. Vyos Unbreable VPN
Fig: 1
The device used here is VyOS (version 1.1.7) which is a fork from Vyatta community edition. It has Juniper like
command set. The community edition lacks both the system config sync and GUI based configuration management and
are available only in subscribed editions. The other features supported by this device are DMVPN (using NHRP, mGRE,
and IPSEC) which is a Cisco propreitary technology, zone-based or interface-based firewalling, routing protocols like
RIP, OSPF, and BGP, NAT and VLANs.
The diagram (Fig: 1) helps in configuring the lab to attain IPSEC tunnel between the two sites ‘A’ and ‘B’. Both sites are
connected over public IP addresses via an ISP. Instead of BGP since this is a lab inside VirtualBox OSPF is used for
dynamic routing purposes between the sites. There are redundant firewalls used for clustering purposes in both sites.
The cluster public IP on both sides are used for building IPSEC tunnel with revertive high availability configuration.
Revertive high availability is a technique by which the secondary member in the cluster fails back to the primary once it
is available, that is failover is made false ad failback is made true. In the cluster the internal IP is monitored over
10.x.x.2/29 and internal cluster IP 10.x.x.1/29 is used. The same way the public IP is monitored over x01.1.2.4/29 and
external cluster IP x01.1.2.1/29 is used. Both these cluster IPs are used to build the IPSEC peers. Virtual interfaces (vif)
are used to create VLANs for internal and exeternal IP ranges on both sites. Either the firewall or the interface
(primary firewall) malfunctions the secondary firewall takes over and the cluster IP moves to the vif of the secondary
firewall and the IPSEC tunnel regains. Once the primary functions properly the secondary failback to the primary
making the primary responsible for the connectivity always. The cluster dead-interval has to more than twice the value
of keepalive-interval.
The management subnet is 192.168.56.x/24. SSH service is used to login to the devices. The host and domain names are
configured accordingly on all the devices.
The virtual environment is facilitated by VirtualBox (version 5.x). All devices in it has the host only interface which is
used for its management over SSH from the host device. The second interface is internal (intnet) which is used in the
device for VLAN (vif) purposes. The environment details are funished after the configuration details.
2. Configuration Details
Common Configuration
System/Service
set service ssh port '22'
set system config-management commit-revisions '20'
set system console device ttyS0 speed '9600'
set system login user vyos authentication encrypted-password '$1$HR42KG7n$Ynpv5D8LEnJiOZPX85Wt.1'
set system login user vyos authentication plaintext-password ''
set system login user vyos level 'admin'
set system ntp server '0.pool.ntp.org'
set system ntp server '1.pool.ntp.org'
set system ntp server '2.pool.ntp.org'
set system time-zone 'UTC'
set system package auto-sync '1'
set system package repository community components 'main'
set system package repository community distribution 'helium'
set system package repository community password ''
set system package repository community url 'http://packages.vyos.net/vyos'
set system package repository community username ''
set system syslog global facility all level 'notice'
set system syslog global facility protocols level 'debug'
IPSEC
set vpn ipsec esp-group MyESP compression 'disable'
set vpn ipsec esp-group MyESP lifetime '3600'
set vpn ipsec esp-group MyESP mode 'tunnel'
set vpn ipsec esp-group MyESP pfs 'enable'
set vpn ipsec esp-group MyESP proposal 1 encryption 'aes256'
set vpn ipsec esp-group MyESP proposal 1 hash 'sha256'
set vpn ipsec ike-group MyIKE ikev2-reauth 'no'
set vpn ipsec ike-group MyIKE key-exchange 'ikev1'
set vpn ipsec ike-group MyIKE lifetime '28800'
set vpn ipsec ike-group MyIKE proposal 1 dh-group '2'
set vpn ipsec ike-group MyIKE proposal 1 encryption 'aes256'
set vpn ipsec ike-group MyIKE proposal 1 hash 'sha256'
Cluster
set cluster dead-interval '10000'
set cluster group cluster1 auto-failback 'true'
set cluster group cluster1 service 'ipsec'
set cluster keepalive-interval '2000'
set cluster monitor-dead-interval '20000'
set cluster pre-shared-secret 'Ma2754ni'
Site A
3. Router 1
set interfaces ethernet eth0 address '192.168.56.111/24'
set interfaces ethernet eth0 duplex 'auto'
set interfaces ethernet eth0 hw-id '08:00:27:4a:97:c7'
set interfaces ethernet eth0 smp_affinity 'auto'
set interfaces ethernet eth0 speed 'auto'
set interfaces ethernet eth1 duplex 'auto'
set interfaces ethernet eth1 hw-id '08:00:27:9a:a2:44'
set interfaces ethernet eth1 smp_affinity 'auto'
set interfaces ethernet eth1 speed 'auto'
set interfaces ethernet eth1 vif 10 address '10.1.3.2/29'
set interfaces ethernet eth2 duplex 'auto'
set interfaces ethernet eth2 hw-id '08:00:27:78:ce:27'
set interfaces ethernet eth2 smp_affinity 'auto'
set interfaces ethernet eth2 speed 'auto'
set interfaces ethernet eth3 duplex 'auto'
set interfaces ethernet eth3 hw-id '08:00:27:24:b3:d6'
set interfaces ethernet eth3 smp_affinity 'auto'
set interfaces ethernet eth3 speed 'auto'
set interfaces loopback 'lo'
set protocols static route 0.0.0.0/0 next-hop '10.1.3.1'
set service ssh listen-address '192.168.56.111'
set system domain-name 'aattu.com'
set system host-name 'rtr01'
Router 2
set interfaces dummy dum1 address '101.0.0.1/32'
set interfaces ethernet eth1 address '192.168.56.112/24'
set interfaces ethernet eth1 duplex 'auto'
set interfaces ethernet eth1 hw-id '08:00:27:2e:a8:db'
set interfaces ethernet eth1 smp_affinity 'auto'
set interfaces ethernet eth1 speed 'auto'
set interfaces ethernet eth2 duplex 'auto'
set interfaces ethernet eth2 hw-id '08:00:27:84:bc:9a'
set interfaces ethernet eth2 smp_affinity 'auto'
set interfaces ethernet eth2 speed 'auto'
set interfaces ethernet eth2 vif 101 address '101.1.2.4/29'
set interfaces ethernet eth2 vif 111 address '111.1.2.3/29'
set interfaces ethernet eth3 duplex 'auto'
set interfaces ethernet eth3 hw-id '08:00:27:12:6f:7d'
set interfaces ethernet eth3 smp_affinity 'auto'
set interfaces ethernet eth3 speed 'auto'
set interfaces ethernet eth4 duplex 'auto'
set interfaces ethernet eth4 hw-id '08:00:27:ea:7d:c5'
set interfaces ethernet eth4 smp_affinity 'auto'
set interfaces ethernet eth4 speed 'auto'
set interfaces loopback 'lo'
set protocols ospf area 10 network '101.1.2.0/29'
set protocols ospf area 10 network '111.1.2.0/29'
set protocols ospf parameters abr-type 'cisco'
set protocols ospf parameters router-id '101.0.0.1'
set service ssh listen-address '192.168.56.112'
set system domain-name 'aattu.com'
4. set system host-name 'rtr02'
Firewall 1
set cluster group cluster1 monitor '101.1.2.4'
set cluster group cluster1 monitor '10.1.3.2'
set cluster group cluster1 primary 'fwl01'
set cluster group cluster1 secondary 'fwl02'
set cluster group cluster1 service '10.1.3.1/29/eth1.10'
set cluster group cluster1 service '101.1.2.1/29/eth1.101'
set cluster interface 'eth1.10'
set cluster interface 'eth1.101'
set interfaces dummy dum1 address '101.0.0.2/32'
set interfaces ethernet eth0 address '192.168.56.113/24'
set interfaces ethernet eth0 duplex 'auto'
set interfaces ethernet eth0 hw-id '08:00:27:3d:0d:98'
set interfaces ethernet eth0 smp_affinity 'auto'
set interfaces ethernet eth0 speed 'auto'
set interfaces ethernet eth1 duplex 'auto'
set interfaces ethernet eth1 hw-id '08:00:27:fa:33:5f'
set interfaces ethernet eth1 smp_affinity 'auto'
set interfaces ethernet eth1 speed 'auto'
set interfaces ethernet eth1 vif 10 address '10.1.3.3/29'
set interfaces ethernet eth1 vif 101 address '101.1.2.2/29'
set interfaces ethernet eth2 duplex 'auto'
set interfaces ethernet eth2 hw-id '08:00:27:0b:08:80'
set interfaces ethernet eth2 smp_affinity 'auto'
set interfaces ethernet eth2 speed 'auto'
set interfaces ethernet eth3 duplex 'auto'
set interfaces ethernet eth3 hw-id '08:00:27:c1:ce:b1'
set interfaces ethernet eth3 smp_affinity 'auto'
set interfaces ethernet eth3 speed 'auto'
set interfaces loopback 'lo'
set protocols ospf area 10 network '101.1.2.0/29'
set protocols ospf parameters abr-type 'cisco'
set protocols ospf parameters router-id '101.1.2.2'
set service ssh listen-address '192.168.56.113'
set system domain-name 'aattu.com'
set system host-name 'fwl01'
set vpn ipsec ipsec-interfaces interface 'eth1.101'
set vpn ipsec site-to-site peer 201.1.2.1 authentication mode 'pre-shared-secret'
set vpn ipsec site-to-site peer 201.1.2.1 authentication pre-shared-secret 'Ma2754ni'
set vpn ipsec site-to-site peer 201.1.2.1 connection-type 'initiate'
set vpn ipsec site-to-site peer 201.1.2.1 default-esp-group 'MyESP'
set vpn ipsec site-to-site peer 201.1.2.1 ike-group 'MyIKE'
set vpn ipsec site-to-site peer 201.1.2.1 ikev2-reauth 'inherit'
set vpn ipsec site-to-site peer 201.1.2.1 local-address '101.1.2.1'
set vpn ipsec site-to-site peer 201.1.2.1 tunnel 101 allow-nat-networks 'disable'
set vpn ipsec site-to-site peer 201.1.2.1 tunnel 101 allow-public-networks 'disable'
set vpn ipsec site-to-site peer 201.1.2.1 tunnel 101 local prefix '10.1.3.0/29'
set vpn ipsec site-to-site peer 201.1.2.1 tunnel 101 remote prefix '10.3.4.0/29'
Firewall 2
set cluster group cluster1 monitor '10.1.3.2'
set cluster group cluster1 monitor '101.1.2.4'
5. set cluster group cluster1 primary 'fwl01'
set cluster group cluster1 secondary 'fwl02'
set cluster group cluster1 service '10.1.3.1/29/eth1.10'
set cluster group cluster1 service '101.1.2.1/29/eth1.101'
set cluster interface 'eth1.10'
set cluster interface 'eth1.101'
set interfaces dummy dum1 address '101.0.0.4/32'
set interfaces ethernet eth0 address '192.168.56.114/24'
set interfaces ethernet eth0 duplex 'auto'
set interfaces ethernet eth0 hw-id '08:00:27:76:a9:82'
set interfaces ethernet eth0 smp_affinity 'auto'
set interfaces ethernet eth0 speed 'auto'
set interfaces ethernet eth1 duplex 'auto'
set interfaces ethernet eth1 hw-id '08:00:27:7f:da:5c'
set interfaces ethernet eth1 smp_affinity 'auto'
set interfaces ethernet eth1 speed 'auto'
set interfaces ethernet eth1 vif 10 address '10.1.3.4/29'
set interfaces ethernet eth1 vif 101 address '101.1.2.3/29'
set interfaces ethernet eth2 duplex 'auto'
set interfaces ethernet eth2 hw-id '08:00:27:7a:75:9e'
set interfaces ethernet eth2 smp_affinity 'auto'
set interfaces ethernet eth2 speed 'auto'
set interfaces ethernet eth3 duplex 'auto'
set interfaces ethernet eth3 hw-id '08:00:27:1b:df:6e'
set interfaces ethernet eth3 smp_affinity 'auto'
set interfaces ethernet eth3 speed 'auto'
set interfaces loopback 'lo'
set protocols ospf area 10 network '101.1.2.0/29'
set protocols ospf parameters abr-type 'cisco'
set protocols ospf parameters router-id '101.0.0.4'
set service ssh listen-address '192.168.56.114'
set system domain-name 'aattu.com'
set system host-name 'fwl02'
set vpn ipsec ipsec-interfaces interface 'eth1.101'
set vpn ipsec site-to-site peer 201.1.2.1 authentication mode 'pre-shared-secret'
set vpn ipsec site-to-site peer 201.1.2.1 authentication pre-shared-secret 'Ma2754ni'
set vpn ipsec site-to-site peer 201.1.2.1 connection-type 'initiate'
set vpn ipsec site-to-site peer 201.1.2.1 default-esp-group 'MyESP'
set vpn ipsec site-to-site peer 201.1.2.1 ike-group 'MyIKE'
set vpn ipsec site-to-site peer 201.1.2.1 ikev2-reauth 'inherit'
set vpn ipsec site-to-site peer 201.1.2.1 local-address '101.1.2.1'
set vpn ipsec site-to-site peer 201.1.2.1 tunnel 101 allow-nat-networks 'disable'
set vpn ipsec site-to-site peer 201.1.2.1 tunnel 101 allow-public-networks 'disable'
set vpn ipsec site-to-site peer 201.1.2.1 tunnel 101 local prefix '10.1.3.0/29'
set vpn ipsec site-to-site peer 201.1.2.1 tunnel 101 remote prefix '10.3.4.0/29'
ISP01
Router 1
set interfaces dummy dum1 address '110.0.0.1/32'
set interfaces ethernet eth0 address '192.168.56.101/24'
set interfaces ethernet eth0 duplex 'auto'
set interfaces ethernet eth0 hw-id '08:00:27:ff:e4:3a'
set interfaces ethernet eth0 smp_affinity 'auto'
6. set interfaces ethernet eth0 speed 'auto'
set interfaces ethernet eth1 duplex 'auto'
set interfaces ethernet eth1 hw-id '08:00:27:58:6b:cc'
set interfaces ethernet eth1 smp_affinity 'auto'
set interfaces ethernet eth1 speed 'auto'
set interfaces ethernet eth1 vif 111 address '111.1.2.2/29'
set interfaces ethernet eth1 vif 211 address '211.1.2.2/29'
set interfaces ethernet eth2 duplex 'auto'
set interfaces ethernet eth2 hw-id '08:00:27:b2:fe:d5'
set interfaces ethernet eth2 smp_affinity 'auto'
set interfaces ethernet eth2 speed 'auto'
set interfaces ethernet eth3 duplex 'auto'
set interfaces ethernet eth3 hw-id '08:00:27:4f:96:d3'
set interfaces ethernet eth3 smp_affinity 'auto'
set interfaces ethernet eth3 speed 'auto'
set interfaces loopback 'lo'
set protocols ospf area 0 network '110.0.0.1/32'
set protocols ospf area 10 network '111.1.2.0/29'
set protocols ospf area 10 network '211.1.2.0/29'
set service ssh listen-address '192.168.56.101'
set system domain-name 'isp01.com'
set system host-name 'rtr01'
Site B
Router 1
set interfaces ethernet eth0 address '192.168.56.221/24'
set interfaces ethernet eth0 duplex 'auto'
set interfaces ethernet eth0 hw-id '08:00:27:3c:61:46'
set interfaces ethernet eth0 smp_affinity 'auto'
set interfaces ethernet eth0 speed 'auto'
set interfaces ethernet eth1 duplex 'auto'
set interfaces ethernet eth1 hw-id '08:00:27:8b:f6:b5'
set interfaces ethernet eth1 smp_affinity 'auto'
set interfaces ethernet eth1 speed 'auto'
set interfaces ethernet eth1 vif 20 address '10.3.4.2/29'
set interfaces ethernet eth2 duplex 'auto'
set interfaces ethernet eth2 hw-id '08:00:27:58:2d:eb'
set interfaces ethernet eth2 smp_affinity 'auto'
set interfaces ethernet eth2 speed 'auto'
set interfaces ethernet eth3 duplex 'auto'
set interfaces ethernet eth3 hw-id '08:00:27:5a:1d:dc'
set interfaces ethernet eth3 smp_affinity 'auto'
set interfaces ethernet eth3 speed 'auto'
set interfaces loopback 'lo'
set protocols static route 0.0.0.0/0 next-hop '10.3.4.1'
set service ssh listen-address '192.168.56.221'
set system domain-name 'abc.com'
set system host-name 'rtr01'
Router 2
set interfaces dummy dum1 address '201.0.0.1/32'
7. set interfaces ethernet eth1 duplex 'auto'
set interfaces ethernet eth1 hw-id '08:00:27:d1:93:20'
set interfaces ethernet eth1 smp_affinity 'auto'
set interfaces ethernet eth1 speed 'auto'
set interfaces ethernet eth1 vif 201 address '201.1.2.4/29'
set interfaces ethernet eth1 vif 211 address '211.1.2.3/29'
set interfaces ethernet eth2 duplex 'auto'
set interfaces ethernet eth2 hw-id '08:00:27:f5:5a:fd'
set interfaces ethernet eth2 smp_affinity 'auto'
set interfaces ethernet eth2 speed 'auto'
set interfaces ethernet eth3 duplex 'auto'
set interfaces ethernet eth3 hw-id '08:00:27:4f:26:39'
set interfaces ethernet eth3 smp_affinity 'auto'
set interfaces ethernet eth3 speed 'auto'
set interfaces ethernet eth4 address '192.168.56.222/24'
set interfaces ethernet eth4 duplex 'auto'
set interfaces ethernet eth4 hw-id '08:00:27:a7:bc:c1'
set interfaces ethernet eth4 smp_affinity 'auto'
set interfaces ethernet eth4 speed 'auto'
set interfaces loopback 'lo'
set protocols ospf area 10 network '201.1.2.0/29'
set protocols ospf area 10 network '211.1.2.0/29'
set protocols ospf parameters abr-type 'cisco'
set protocols ospf parameters router-id '201.0.0.1'
set service ssh listen-address '192.168.56.222'
set system domain-name 'abc.com'
set system host-name 'rtr02'
Firewall 1
set cluster group cluster1 monitor '201.1.2.4'
set cluster group cluster1 monitor '10.3.4.2'
set cluster group cluster1 primary 'fwl01'
set cluster group cluster1 secondary 'fwl02'
set cluster group cluster1 service '10.3.4.1/29/eth1.20'
set cluster group cluster1 service '201.1.2.1/29/eth1.201'
set cluster interface 'eth1.20'
set cluster interface 'eth1.201'
set interfaces dummy dum1 address '201.0.0.2/32'
set interfaces ethernet eth0 address '192.168.56.223/24'
set interfaces ethernet eth0 duplex 'auto'
set interfaces ethernet eth0 hw-id '08:00:27:99:5e:57'
set interfaces ethernet eth0 smp_affinity 'auto'
set interfaces ethernet eth0 speed 'auto'
set interfaces ethernet eth1 duplex 'auto'
set interfaces ethernet eth1 hw-id '08:00:27:94:67:64'
set interfaces ethernet eth1 smp_affinity 'auto'
set interfaces ethernet eth1 speed 'auto'
set interfaces ethernet eth1 vif 20 address '10.3.4.3/29'
set interfaces ethernet eth1 vif 201 address '201.1.2.2/29'
set interfaces ethernet eth2 duplex 'auto'
set interfaces ethernet eth2 hw-id '08:00:27:d1:22:ce'
set interfaces ethernet eth2 smp_affinity 'auto'
set interfaces ethernet eth2 speed 'auto'
set interfaces ethernet eth3 duplex 'auto'
set interfaces ethernet eth3 hw-id '08:00:27:79:04:f4'
set interfaces ethernet eth3 smp_affinity 'auto'
set interfaces ethernet eth3 speed 'auto'
set interfaces loopback 'lo'
8. set protocols ospf area 10 network '201.1.2.0/29'
set protocols ospf parameters abr-type 'cisco'
set protocols ospf parameters router-id '201.0.0.2'
set service ssh listen-address '192.168.56.223'
set system domain-name 'abc.com'
set system host-name 'fwl01'
set vpn ipsec ipsec-interfaces interface 'eth1.201'
set vpn ipsec site-to-site peer 101.1.2.1 authentication mode 'pre-shared-secret'
set vpn ipsec site-to-site peer 101.1.2.1 authentication pre-shared-secret 'Ma2754ni'
set vpn ipsec site-to-site peer 101.1.2.1 connection-type 'initiate'
set vpn ipsec site-to-site peer 101.1.2.1 default-esp-group 'MyESP'
set vpn ipsec site-to-site peer 101.1.2.1 ike-group 'MyIKE'
set vpn ipsec site-to-site peer 101.1.2.1 ikev2-reauth 'inherit'
set vpn ipsec site-to-site peer 101.1.2.1 local-address '201.1.2.1'
set vpn ipsec site-to-site peer 101.1.2.1 tunnel 201 allow-nat-networks 'disable'
set vpn ipsec site-to-site peer 101.1.2.1 tunnel 201 allow-public-networks 'disable'
set vpn ipsec site-to-site peer 101.1.2.1 tunnel 201 local prefix '10.3.4.0/29'
set vpn ipsec site-to-site peer 101.1.2.1 tunnel 201 remote prefix '10.1.3.0/29'
Firewall 2
set cluster group cluster1 monitor '201.1.2.4'
set cluster group cluster1 monitor '10.3.4.2'
set cluster group cluster1 primary 'fwl01'
set cluster group cluster1 secondary 'fwl02'
set cluster group cluster1 service '10.3.4.1/29/eth1.20'
set cluster group cluster1 service '201.1.2.1/29/eth1.201'
set cluster interface 'eth1.20'
set cluster interface 'eth1.201'
set interfaces dummy dum1 address '201.0.0.3/32'
set interfaces ethernet eth0 address '192.168.56.224/24'
set interfaces ethernet eth0 duplex 'auto'
set interfaces ethernet eth0 hw-id '08:00:27:14:70:76'
set interfaces ethernet eth0 smp_affinity 'auto'
set interfaces ethernet eth0 speed 'auto'
set interfaces ethernet eth1 duplex 'auto'
set interfaces ethernet eth1 hw-id '08:00:27:06:01:2c'
set interfaces ethernet eth1 smp_affinity 'auto'
set interfaces ethernet eth1 speed 'auto'
set interfaces ethernet eth1 vif 20 address '10.3.4.4/29'
set interfaces ethernet eth1 vif 201 address '201.1.2.3/29'
set interfaces ethernet eth2 duplex 'auto'
set interfaces ethernet eth2 hw-id '08:00:27:de:60:ff'
set interfaces ethernet eth2 smp_affinity 'auto'
set interfaces ethernet eth2 speed 'auto'
set interfaces ethernet eth3 duplex 'auto'
set interfaces ethernet eth3 hw-id '08:00:27:1f:8e:fb'
set interfaces ethernet eth3 smp_affinity 'auto'
set interfaces ethernet eth3 speed 'auto'
set interfaces loopback 'lo'
set protocols ospf area 10 network '201.1.2.0/29'
set protocols ospf parameters abr-type 'cisco'
set protocols ospf parameters router-id '201.0.0.3'
set service ssh listen-address '192.168.56.224'
9. set system domain-name 'abc.com'
set system host-name 'fwl02'
set vpn ipsec ipsec-interfaces interface 'eth1.201'
set vpn ipsec site-to-site peer 101.1.2.1 authentication mode 'pre-shared-secret'
set vpn ipsec site-to-site peer 101.1.2.1 authentication pre-shared-secret 'Ma2754ni'
set vpn ipsec site-to-site peer 101.1.2.1 connection-type 'initiate'
set vpn ipsec site-to-site peer 101.1.2.1 default-esp-group 'MyESP'
set vpn ipsec site-to-site peer 101.1.2.1 ike-group 'MyIKE'
set vpn ipsec site-to-site peer 101.1.2.1 ikev2-reauth 'inherit'
set vpn ipsec site-to-site peer 101.1.2.1 local-address '201.1.2.1'
set vpn ipsec site-to-site peer 101.1.2.1 tunnel 201 allow-nat-networks 'disable'
set vpn ipsec site-to-site peer 101.1.2.1 tunnel 201 allow-public-networks 'disable'
set vpn ipsec site-to-site peer 101.1.2.1 tunnel 201 local prefix '10.3.4.0/29'
set vpn ipsec site-to-site peer 101.1.2.1 tunnel 201 remote prefix '10.1.3.0/29'
Virtual Environment Details
VirtualBox Configuration
Vyos
Memory: 512 MB
Operating system: Linux 2.6, 64 bit, Debian
NIC1: Intel PRO/1000 MT Desktop (Host-Only Adapter, ‘vboxnet0’)
NIC2: el PRO/1000 MT Desktop (Internal Network, ‘intnet’)
Virutalization Parameters: VT-x/AMD-V, Nested Paging, PAE/NX, KVM Paravirtualization
Boot Order: Optical Disk, HDD
Host Configuration
Memory: 12 GB
Operating system: Ubuntu 16.04 LTS
Virtual Environment: VirtualBox 5.1.6
Disclaimer:
All of the above details in this document are only for lab environment purposes and to promote interests within the
networking/virtualization/IT Security enthusiasts. There is no intend to violate any copyrights. All the devices (host and virtual)
used here are based on the open source environment.