Install OpenVPN in a Centos 7 Virtual Machine -Page 1

Install OpenVPN Overview

OpenVPN is an incredible tool for creating securely encrypted, remote network-to-network and client-to-network tunneled connections. You can think of it like this, if you have an OpenVPN connection to a network, then you have a secure connection to that network and all the resources on that network, like printers, file servers, other host computers, etc.. To set it up, you need to install an OpenVPN access server on one computer, and then on a separate computer, install an OpenVPN client for connecting to the server remotely. The goal of the lab is to install and configure an OpenVPN server, and then from a second computer, open a tunnel to the server using an OpenVPN client. To do this, you will first need to install Centos 7 (64bit) in a VMware Player virtual machine. Since this is a test case scenario, during the Centos 7 installation, I recommend installing the Gnome Desktop instead of the default, minimal install. When creating the virtual machine with VMware Player you will need to add an additional virtual network interface (NIC) to your virtual machine. After creating the virtual machine, edit the virtual machine settings, add a second network adapter, then change it from Bridged mode to LAN Segment mode. You will need to create/add a LAN Segment, name it VLAN10, and then configure the network adapter to the LAN Segment (VLAN10) setting. The virtual machine will have two network adapters, the first in Bridged Mode, and the second in LAN Segment mode (VLAN10).

Install Centos in a VM

Start up your VMware Centos 7 virtual machine, run through the installation, install the Gnome desktop environment, create a student account as well as a root password. After the install, start Centos and login. At the desktop, go to Applications and open a terminal window. In the terminal issue an ifconfig command to verify the presence of the two network adapters, they will probably show up as eno16777736 and eno33554960. If the second network adapter did not appear after issuing the ifconfig command then shutdown Centos, edit the virtual machine settings in VMware Player, remove and then re-add the second network adapter, until the second network adapter registers as present from within Centos.

   

The diagram below represents a network hosted from a single computer using virtual machines. The single physical host computer is the laptop represented by the laptop icon and the black rectangular outline. The virtual machines are running inside the laptop using VMware Player, VMware Workstation, or Virtualbox. Notice the Centos 7 Server has two Ethernet network adapters. The bridged mode network adapter places the Centos 7 eth0 interface on the network just like any other physical computer. Notice that by configuring eth0 with a DHCP client it will obtain an IP address just like the laptop. The eth1 network adapter is in LAN Segment mode which will allow it to communicate with any other virtual machines that are similarly configured with an identical LAN Segment network adapter. In this scenario, if the the Interior Client virtual machine wishes to connect to the internet, it will need to go through the Centos 7 Server, making the Centos 7 Server a transparent proxy or gateway for any virtual machines on the LAN Segment. With 8Gb of RAM and a quad core processor on the host computer it is possible to run two virtual machines simultaneously.

Lab Steps

Change the server’s hostname
=========================
1. Get root super-user access using su. Everything in this exercise is done with root access.

   su

2. Change localhost.localdomain to a server name of your choice (eg. danscentos-s2)

   nano /etc/hostname

3. Add your new hostname to the file (eg. 127.0.0.1 danscentos-s2 localhost localhost.localdomain …)

   nano /etc/hosts

Change the Network Interfaces to eth0 and eth1
=======================================
For some strange reason the network interfaces show up as: eno16777736 and eno33554960. Thanks to some great websites, I was able to find a fix.

4. In the following file search for the line “GRUB_CMDLINE_LINUX” and append the following: net.ifnames=0 biosdevname=0
note: make sure to append the text within the ending quotation mark as such: net.ifnames=0 biosdevname=0″

   nano /etc/default/grub

   grub2-mkconfig -o /boot/grub2/grub.cfg

   reboot

5. After rebooting, use su for root access. Enter the hostname command to verify your new hostname. Do an ifconfig and you should see the following network interfaces: eth0, eth1, and Lo. If not go back to step 4 an try again.

Configure the Network Interfaces
===========================

6. To configure the network interfaces we need the network-scripts directory

   cd /etc/sysconfig/network-scripts/

7. Rename the ifcfg-en016777736 file to ifcfg-eth0 then do an ls command to verify

   mv /etc/sysconfig/network-scripts/ifcfg-eno16777736 /etc/sysconfig/network-scripts/ifcfg-eth0

8. Copy the ifcfg-eth0 file to ifcfg-eth1 so now you have a config file for each network interface. Do an ls command to verify

   cp /etc/sysconfig/network-scripts/ifcfg-eth0 ifcfg-eth1

9. Edit the ifcfg-eth1 file {loadposition adposition6}

    nano ifcfg-eth1

//change the contents of ifcfg-eth1 to the following, exit and save:

TYPE=”Ethernet”
DEVICE=”eth1″
BOOTPROTO=”static”
IPADDR=”192.168.10.1″
NETMASK=”255.255.255.0″
IPV4_FAILURE_FATAL=”no”
IPV6INIT=”yes”
IPV6_AUTOCONF=”yes”
IPV6_DEFROUTE=”yes”
IPV6_PEERDNS=”yes”
IPV6_PEERROUTES=”yes”
IPV6_FAILURE_FATAL=”no”
NAME=”eth1″
ONBOOT=”yes”

10. Edit the ifcfg-eth0 file

    nano ifcfg-eth0

//change the contents of ifcfg-eth0 to the following, exit and save:

TYPE=”Ethernet”
DEVICE=”eth0″
BOOTPROTO=”dhcp”
DEFROUTE=”yes”
PEERDNS=”yes”
PEERROUTES=”yes”
IPV4_FAILURE_FATAL=”no”
IPV6INIT=”yes”
IPV6_AUTOCONF=”yes”
IPV6_DEFROUTE=”yes”
IPV6_PEERDNS=”yes”
IPV6_PEERROUTES=”yes”
IPV6_FAILURE_FATAL=”no”
NAME=”eth0″
ONBOOT=”yes”

Remove the Network Manager
=========================

11. Since this is a server, I recommend removing the Network Manager and relying on manual network configurations instead

    systemctl stop NetworkManager
systemctl disable NetworkManager
service network restart

12. Reboot, then login and verify network connectivity and internet access. You should see that eth0 received an IP address through DHCP and that eth1 has the IP address 192.168.10.1. If not, then re-edit your ifcfg-eth0 and ifcfg-eth1 configuration files.

    reboot
ifconfig
ping yahoo.com

Note: you can manually bring a network interfaces up or down with the following commands
   ifconfig eth0 down
ifconfig eth0 up
   ifconfig eth1 down
ifconfig eth1 up

 

Video Tutorials

 

 

 

Click here to go to Part 2

HSRP – Hot Standby Routing Protocol Packet Tracer Activity

HSRP Overview

If your gateway goes down it is a good idea to have a backup that takes over immediately. Using Cisco’s Hot Standby Routing Protocol (HSRP) you can configure a router to be an automatic backup gateway without having to change all of your network client’s default gateways, by reconfiguring your DHCP server, and releasing all of the gateway addresses on your network. {loadposition adposition5}In this graded Packet Tracer activity you configure HSRP to create active and standby router gateways.

In the activity, R1 is the current gateway router at 192.168.1.2. Your task is to configure a virtual IP address on both router R1 and R2 G0/0 interfaces. You will configure R1 as the active router and R2 as the standby. Once that is done you will change the default gateway address on PC-A to the new virtual IP address and test. Download the Packet Tracer file and following along with my video tutorial.

Instructions

1. Configure router R1 G0/0 interface with the following hot standby attributes:
standby 1 ip address 192.168.1.1
standby 1 priority 105
standby 1 preempt
standby 1 track g0/1
2. Configure router R2 G0/0 interface with the following hot standby attributes:
standby 1 ip address 192.168.1.1
3. Change the default gateway on PC-A to 192.168.1.1
4. Disable either of the Ethernet links to R1 and test to see if you can still ping the ISP.

Download

HSRP_activity.zip

Note: You will need to have Packet Tracer version 6.1 installed on your computer in order to open the file.

Video Tutorial

VLANs and Trunks Packet Tracer 6.1 Activity

VLANs and Trunks – Activity Overview

In this graded Packet Tracer 6.1 activity you will configure two Cisco Catalyst 2960 switches with VLANs and Trunks. The tasks include named VLANs, a trunk between two switches, and a management IP address on each switch using switched virtual interfaces or SVIs. You will also need to configure hostnames on the switches and each PC, with an IP address and subnet mask.

VLANS and Trunks Packet Tracer diagram and physical topology

Instructions

1. Set the PC’s IP addresses based on the host address label and VLAN color code in the topology diagram
2. Assign the switch hostnames based on their labels.
3. Configure the switch VLAN numbers and VLAN names according to the diagram.
4. Configure Interface VLAN88 (SVI) addresses on both switches according to the diagram.
5. Change the switchports as access ports and assign them to VLANs according to the diagram.
6. Configure G0/1 as a Trunk. Allow the listed VLANs only across the trunk and configure the Native VLAN as shown
7. Shutdown the G0/2 interface.

Download

For this graded activity you will need Packet Tracer version 6.1 or higher.

VLANS-Switchports-Trunks-SVIs.zip

IOS CLI Commands for Switch S1

Switch> enable
Switch# configure terminal
Switch(config)# hostname S1
S1(config)# vlan 10
S1(config-vlan)# name students
S1(config-vlan)# vlan 20
S1(config-vlan)# name faculty
S1(config-vlan)# vlan 30
S1(config-vlan)# name administration
S1(config-vlan)# vlan 88
S1(config-vlan)# name management
S1(config-vlan)# vlan 99
S1(config-vlan)# name native
S1(config-vlan)# exit
S1(config)# int range f0/1 – 8
S1(config-if)# switchport mode access
S1(config-if)# switchport access vlan 10
S1(config-if)# int range f0/9 – 16
S1(config-if)# switchport mode access
S1(config-if)# switchport access vlan 20
S1(config-if)# int range f0/17 – 23
S1(config-if)# switchport mode access
S1(config-if)# switchport access vlan 30
S1(config-if)# int f0/24
S1(config-if)# switchport mode access
S1(config-if)# switchport access vlan 88
S1(config-if)# int vlan 88
S1(config-if)# ip address 192.168.88.254 255.255.255.0
S1(config-if)# int g0/1
S1(config-if)# switchport mode trunk
S1(config-if)# switchport trunk allowed vlan 10,20,30,88,99
S1(config-if)# switchport trunk native vlan 99
S1(config-if)# int g0/2
S1(config-if)# shut

Windows Utilities Lab

Windows Utilities Lab Overview

Windows Utilities are useful programs that allow you to examine your computer’s hardware, troubleshoot hardware and software related issues, update device drivers, and configure important system settings. In this lab you will use the following Windows Utilities to obtain information about your particular computer:

– Device Manager (devmgmt.msc),
– System Information Tool (msinfo32.exe),
– DirectX Diagnostic Tool (dxdiag.exe),
– Resource Monitor (perfmon.exe),
– System Configuration Tool (msconfig.exe)

Basic knowledge of these diagnostic tools and how to access them is important for the CompTIA A+ exams. A quick way to launch any of the tools listed above is to press the Windows Start Button and in the “Search Programs and Files” dialogue box type in the name of the utility programs above and press enter. Lets go through each tool and extract a piece of computer system information.

Device Manager

The device manager is an important tool for identifying hardware devices that are not functioning correctly or are not being properly recognized by the Windows Operating System. The Device Manager can be used to identify which software device drivers are being used for a particular hardware device like a video card or a network adapter.

1. Launch the Device Manager – press the Start menu button > right+click on Computer > press Properties > and press Device Manager in the left hand column. You can also find the Device Manager in the Control Panel by going to Start > Control Panel > choose View by: Small icons.

2. Using the Device Manager pull-down menu  choose View > Devices by Type scroll down to Processors and click the arrow icon.

Question A: What processor (CPU) name is identified in the device manager? Is the processor name listed more than once? If so, why?

     Question B: Under what arrow heading in the Device Manager list would you locate the drivers for your graphics card? Examples: Disk Drives, Keyboards, Security Devices, etc.

 

System Information Tool

The System Information Tool provides information about your computer’s resources, hardware devices, your operating system environment, and running processes.

1. Launch the System Information Tool – press the Start menu button > type in msinfo32.exe in the Search programs and files search box, highlight the program or press enter. You can also find it under Start > All Programs > Accessories > System Tools > System Information.

2. There is useful information in the first screen under the System Summary heading. See if you can locate the following information:

Question C: What is the BIOS manufacturer and version?

3. Examine the information under the other listed headings. Can you find the following information:

    Question D: What is your hard drive manufacturer and model number?

    Question E: Under what heading can you find Problem Devices? Do you have any listed? 

    Question F: Find the filename and file path to either your Gigabit Ethernet network adapter driver or wireless network adapter?

DirectX Diagnostics Tool

DirectX are the APIs and runtime libraries that allow windows to achieve advanced multimedia and 3D graphics. The DirectX Diagnostics Tool can be used to check the version of DirectX currently installed on the computer system, whether or not DirectX features like DirectX Draw, DirectX 3D, and AGP Texture are enabled, and whether or not there are any problems related to the video, graphics, sound, and input hardware device drivers and DirectX features.

1. Launch the DirectX Diagnostic Tool – press the Start menu button > type in dxdiag.exe in the Search programs and files search box, highlight the program or press enter.

2. In the DirectX Diagnostics Tool click on the Display, Sound and Input tabs and look to the notes area for any listed problems

Question G: Are there any problems listed in the Notes area of the Display, Sound and Input tabs?

3. Notice the “Run 64-bit DxDiag” button at the bottom of the window which will run the 64bit version of the program.

 

Resource Monitor

The Resource Monitor is a great tool for monitoring processes as they run as well as seeing which processes and programs are utilizing the most CPU, memory, and network resources.

1. Launch the Resource Monitor Tool – press the Start menu button > type in resource monitor perfmon.exe in the Search programs and files search box, highlight the program or press enter. You can also find it under Start > All Programs > Accessories > System Tools > Resource Monitor.

2. In the Resource Monitor Tool you can hover over the column headings like Image, PID, Description, etc. for a description of the column information. Click on the CPU tab and under Processes order the information by clicking on the various column headings.

Question H:  Which program is utilizing the most CPU resources?

3. Click on the Memory tab.

Question I: Under Processes which heading will tell you the program that is utilizing the most physical memory? Which program is it?

4. Click on the Network tab.

Question J: Under Processes with Network Activity which program is sending and receiving the most information over the network?

System Configuration Tool

The System Configuration Tool can be used to configure how Windows behave on startup. If there are multiple operating systems installed on the hard disk drive you can define which one will boot by default. You can also define which services and programs will launch on startup. This can be useful if you find that Windows is running a lot of programs on startup that you do not need or want. You can also use the System Configuration Tool to boot to a Diagnostic startup or boot to safe mode.

1. Launch the System Configuration Tool – press the Start menu button > type in msconfig.exe in the Search programs and files search box, highlight the program or press enter.

2. In the System Configuration Tool click on the Startup tab and examine the programs that are launching on startup.

Question K: Do you notice any programs that are unnecessarily running all the time by launching on startup? Which ones?

Build a Computer – Time Lapse

Overview – Build a Computer – GoPro Time Lapse

The video below shows the process of building a computer from parts. The computer is a midsized tower that will serve as a firewall router using a freely downloaded, community edition operating system. By using a GoPro time-lapse picture capture I was able to produce a condensed 4 minute video depicting the process of building a computer which normally takes anywhere from 40 to 90 minutes.

Network Troubleshooting PT Activity

Overview

It is important to know how to troubleshoot network connectivity issues. How to configure PCs to add them to the network? What tools can you use from the command prompt to test connectivity and check your network address settings? In order to test your skills, I created a Packet Tracer 6.1 activity in which you are the network administrator and you need to troubleshooting the network and answer some fundamental questions about the network. I have included the Packet Tracer activity file for you to download as well as the instructions below.

Instructions – Troubleshooting Activity

Troubleshooting Tasks
1. Fix PC1 and PC2 so they can reach the company website www.initech.com, and remote website www.danscourses.com.
2. Fix Laptop0 so it can associate with Wireless Router0, and connect to the wireless network

Initech Admin
vty password: swingline
enable secret: cubicle

Answer the Following Questions
1. What is the network address of the green network?
2. What is the network address of the orange network?
3. What is the IP address of the Initech webserver?
4. What is the IP address of the Initech Nameserver?
5. What is the IP address of the Initech Mail Server?
Hint: what is the subdomain name of the mail server?
6. What is the IP address of the danscourses.com Webserver?
7. What is the SSID of Wireless Router0?
8. What is the wireless security key?
9. What is the IP address of the WAN interface on the Edge Router?

Download

Click here to download the PT activity:  TroubleshootingActivity1.zip
To open the file you will need Packet Tracer 6.1

Basic Network Configuration PT Activity

Overview

This is a beginning network configuration activity in Packet Tracer 6.1. This activity is designed to challenge you with some basic Cisco IOS configurations using a Cisco 1941 router, two Cisco Catalyst 2960 switches, a TFTP server and two PCs. In this Packet Tracer activity you are asked to configure the following items:

Step 1. Assign IPv4 addresses, subnet masks and default gateways to PC-A, PC-B, and Server1

Step 2. Configure the router with the following settings:
– hostname: R1
– console password: cisco
– vty 0-to-4 password: cisco
– enable secret: class
– banner message of the day: Unauthorized access is not allowed!
– encrypt all passwords
– configure Gigabit Ethernet interfaces with:
— IPv4 addresses,
— subnet masks,
— descriptions (LAN-Management, LAN-Student)
— bring-up the interfaces
– save the running configuration

Step 3. Configure each switch with the following settings:
– hostname: S1, S2
– console password: cisco
– vty 0-to-15 password: cisco
– enable secret: class
– banner message of the day: Unauthorized access is not allowed!
– encrypt all passwords
– configure interface VLAN 1 with:
— IPv4 address,
— subnet mask,
— bring-up the interface
– default gateway IPv4 address
– save running configuration

Step 4. Copy the IOS and startup-config file on R1, to the Server1 TFTP server.

Lab Activity Diagram/Topology Packet Tracer - Screenshot

Download the Activity

 
BasicNetworkConfiguration-Activity2.zip

EtherChannel

EtherChannel Overview

EtherChannel is a Cisco technology that enables the aggregation or bundling of switchports into one logical link. Bundling multiple switchport ethernet links into one logical channel increases bandwidth as well creating redundancy and fault tolerance. For example, a bundle of four switchports into one EtherChannel would provide four times the bandwidth coming to and from the switch. EtherChannel bundles or port groups can be run from switch-to-switch or switch-to-server if the server’s network interfaces cards (NICs) support EtherChannel. You can bundle up to eight switchports in one Etherchannel port group with no more than six EtherChannel port groups per switch.

Instructions

In this Packet Tracer 6.2 activity you configure different forms of EtherChannel on switches S1, S2 and S3. The PCs have already been configured with IP addresses, subnet masks and default gateways.

1. Create VLANs 10 and 20 on all three switches
2. On both S1 and S2 configure switchport 0/1 as an access port and add it to VLAN10. Configure switchport 0/10 as an access port and add it to VLAN20.
3. Configure the open standard for EtherChannel, Link Aggregation Control Protocol (LACP 802.3ad) as channel-group 1 on both S1 and S2 Gigabit Ethernet switchports 0/1 and 0/2.
4. Configure Cisco’s Port Aggregation Protocol (PAgP) for EtherChannel as channel-group 2 between S2 and S3 Fast Ethernet switchports 0/21-24.
5. Configure Cisco’s EtherChannel manually with no PAgP as channel-group 3 between S3 and S1 Fast Ethernet switchports 0/17-20.
6. Configure all three resulting virtual or logical interfaces (port-channel interfaces) as trunks and allowing only VLANs 10 and 20.
7. Verify the EtherChannels with show etherchannel commands and by pinging from PC0 to PC2 and PC1 to PC3.

 

Download

 etherchannel-begin.zip

Note: This Packet Tracer activity requires Packet Tracer version 6.2 minimum.

Video Walkthrough Tutorial

 

 

CLI Command Examples

S1(config)# vlan 10
S1(config-vlan)# vlan 20

S1(config-vlan)# exit
S1(config)# int f0/1
S1(config-if)# switchport mode access
S1(config-if)# switchport access vlan 10
S1(config-if)# int f0/10
S1(config-if)# switchport mode access
S1(config-if)# switchport access vlan 20
<repeat commands above on S2>

S1(config)# int range g0/1-2
S1(config-if)# channel-group 1 mode active
S1(config-if)# exit
S1(config)# int port-channel 1
S1(config-if)# switchport mode trunk
S1(config-if)# switchport trunk allowed vlan 10,20

S2(config)# int range g0/1-2
S2(config-if)# channel-group 1 mode passive
S2(config-if)# exit
S2(config)# int port-channel 1
S2(config-if)# switchport mode trunk
S2(config-if)# switchport trunk allowed vlan 10,20

S3(config)# vlan 10
S3(config-vlan)# vlan 20

S3(config)# int range f0/21-24
S3(config-if)# channel-group 2 mode desirable
S3(config-if)# exit
S3(config)# int port-channel 2
S3(config-if)# switchport mode trunk
S3(config-if)# switchport trunk allowed vlan 10,20

S2(config)# int range f0/21-24
S2(config-if)# channel-group 2 mode auto
S2(config-if)# exit
S2(config)# int port-channel 2
S2(config-if)# switchport mode trunk
S2(config-if)# switchport trunk allowed vlan 10,20

S3(config)# int range f0/17-20
S3(config-if)# channel-group 3 mode on
S3(config-if)# exit
S3(config)# int port-channel 3
S3(config-if)# switchport mode trunk
S3(config-if)# switchport trunk allowed vlan 10,20

S1(config)# int range f0/17-20
S1(config-if)# channel-group 3 mode on
S1(config-if)# exit
S1(config)# int port-channel 3
S1(config-if)# switchport mode trunk
S1(config-if)# switchport trunk allowed vlan 10,20