Tiny Core Linux add IPv6 support

1. tce-load  -wi ipv6-netfilter-5.15.10-tinycore.tcz
2. sudo echo "modprobe ipv6" >> /opt/bootlocal.sh
3. /usr/bin/filetool.sh -b

Telnet to a node's console on remote GNS server through SSH tunnel

Connect a node on remote GNS3 server through SSH tunnel

A dstnat is required to forward node_dstnat_port to node_console_port on GNS3 

For telnet

ssh -Nf -L local_port:gns3_server_ip:node_dstnat_port ssh_user@ssh_server

telnet localhost:local_port

User PuTTY to connect a node on remote GNS3 server through SSH tunnel

PuTTY --> SSH server --> GNS3 remote server 

(1) Command line:

C:\>putty username@proxy-ssh-server -L localport:gns3-remote-server:node-console-port

C:\>telnet localhost localport

(2) GUI

Open PuTTY 

-> Session 

Host Name: remote-server-name Port: remote-node-port

->Connection -> Proxy

Proxy type: Local

Proxy hostname: hostname-for-ssh-server

Port: 22

Username: username-for-ssh-server

Password: password-for-ssh-server

local proxy command:

plink -pw %pass %user@%proxyhost -nc %host:%port

-> Session

Saved sessions: name-for-node

click save

更新 .ssh/config 內容如下之後：

1. 如果要連接 vm3，則輸入

ssh vm3 

輸入 pc106 和 vm3 的 password 就可以連線。

2. 如果要從 vm3 下載或上傳資料，則輸入

ssh -Nf pc106

之後，如要複製 $HOME/history 檔案，則可輸入

scp -P 3199 127.0.0.1:history history

就會把檔案從 vm3 下載到本機，要留意的是遠端檔案的正確路徑和名稱。

Host *

        StrictHostKeyChecking no

        Ciphers aes256-gcm@openssh.com

Host pc106

        HostName 120.125.80.106

        LocalForward 3197 163.28.10.197:22

        LocalForward 3198 163.28.10.198:22

        LocalForward 3199 163.28.10.199:22

        LocalForward 3200 163.28.10.200:22

Host vm1

        ProxyCommand ssh 120.125.80.106 -W 163.28.10.197:22

Host vm2

        ProxyCommand ssh 120.125.80.106 -W 163.28.10.198:22

Host vm3

        ProxyCommand ssh 120.125.80.106 -W 163.28.10.199:22

Host vm4

        ProxyCommand ssh 120.125.80.106 -W 163.28.10.200:22

qemu Mikrotik ROS for GNS3 Remote Server

Convert img to qcow2:

qemu-img convert -f raw -O qcow2 chr-7.6.img chr-7.6.qcow2

Boot ROS and connect with webfig:

qemu-system-x86_64 -nic user,hostfwd=tcp:127.0.0.1:6001-:80 "chr-7.6.qcow2"

Boot ROS and connect with winbox:

qemu-system-x86_64 -nic user,hostfwd=tcp:127.0.0.1:6002-:8291 "chr-7.6.qcow2"

For GNS3 remote server:

1. If the first interface is not ether1, do /system/reset-configuration, power off the machine, then upload the image to GNS3.
2. To avoid default route added by dhcp client, use the following script or do /system/reset-configuration with no default configuration and run-after-reset=oob.rsc:

oob.rsc
/ip vrf add name=oob interface=ether1 /ip service set winbox vrf=oob /ip service set www vrf=oob

in /ip firewall managle, the output chain with new-routing-mark will not work if there is no route in the main table; use routing rule instead.

Mikrotik ROS v7 User Manager v5 as RADIUS server (with VLAN)

PART 1. RADIUS server

A. Certificate Generation

menu System/Certificate

Certificates tab:

add (for CA)

General Tab

Name CA-Root

Common Name root

Key Usage Tab

key cert. sign

crl sign

select OK

General Tab

Sign CA-Root

add (for Server certificate)

General Tab

Name Cert-Server

Common Name server

Key Usage Tab

digital signature

key encipherment

data encipherment

key cert. sign

crl sign

tls client

tls server

select OK

General Tab

Sign Cert-Server (with CA CA-Root) 

Check Cert-Server as Trusted (General Tab)

B. User Manager

menu User Manager

Setting Tab

Check Enabled

Certitifcate: select server certitificate (Certitifate Generation)

User tab

add (for MAC auth)

Name 0C:66:17:E7:00:00 (MAC address with capital letter)

Attributes Tunnel-Medium-Type 6
Attributes Tunnel-Type 13
Attributes Tunnel-Private-Group-ID 100 (VLAN ID)

add (for 802.1x)

Name user1  (802.1x login username)

Password 12345 (802.1x login password)

Attributes Tunnel-Medium-Type 6
Attributes Tunnel-Type 13
Attributes Tunnel-Private-Group-ID 100 (VLAN ID)

Router tab

Name RT-1 (name for RADIUS client)

Share secret 123456 (password for RADIUS client)

Address 10.1.1.254 (IP address for RADIUS client)

PART 2. RADIUS client

A. RADIUS client setup

menu RADIUS

add (for do1x service)

Service do1x

Address 10.1.1.1 (IP address for RADIUS server) (Be careful, the IP address must match the RADIUS server's interface address that sending packet back to the client; otherwise, the received packet will be sliently dropped.)

Secert 123456 (password for RADIUS client)

B. Dot1X server setup

menu Do1X

Server Tab

add (for interface)

check dot1x (for 802.1x) or mac auth (for MAC auth)

GNS3 Notes

Some notes about GNS3 on Windows 10

1. Till GNS3 version 2.2.29, the WinPcap is required for both uBridge and Dynamips. Hosts inside GNS3 may not connect to host PC (ping replied destination unreachable) if WinPcap is not installed. uBridge is compiled with WinPcap SDK, so it cannot be replaced by the WinPcap compatible-API provided by NPcap. 
2. Serial console is required for a appliance in GNS3, such that its console can be redirected to a TCP port which can be connect by telnet programs on host PC.
3. The VPCS in GNS3 is initiated with the same MAC address (stating at 00:50:79:66:68:00 by default). If there are two VPCSs running on two different GNS3s which are connected in a physical LAN, this will raise the MAC address conflict problem.  

GNS3 Micro Core Linux (Tiny Core Linux) qcow2

GNS3 Micro Core Linux (Tiny Core Linux 13.0) 的 qcow2

問題所在

1. 在 GNS3 VPCS 的 MAC address 起始值是固定的，如果有兩個 GNS3 在同一個 LAN 環境下，在 VPCS 互通的情況下，會有問題。
2. There is a serious bug in Tiny Core Linux 12.0, the traceroute program does not work as expected. The bug has been resolved in Tiny Core Linux 13.0.  [updated:2/5/2022]

前置準備

1. Go to Tiny Core Linux website  (http://tinycorelinux.net/downloads.html) download Core x86 Release Files Core-13.1.iso, or click Other Ports (http://tinycorelinux.net/ports.html) to download CorePure64-13.1.iso
2. 至 QEMU website (https://www.qemu.org/download/#windows)下載 Windows 64bit 安裝檔 qemu-w64-setup-20220831.exe
3. 執行安裝檔
4. 將安裝後路徑加入使用者環境變數 PATH

產生 qcow2 on Windows 10

A. 利用 QEMU (on Windows 10)產生qcow2

1. 產生 Micro Core Linux qcow2 檔案
   qemu-img create -f qcow2 Core-13.qcow2 128M
   qemu-img create -f qcow2 Core64-13.qcow2 128M
2. 將Micro Core Linux載入qcow2影像檔並開機
   qemu-system-i386 -hda Core-13.qcow2 -cdrom Core-13.1.iso -boot d -m 128
   qemu-system-x86_64 -hda Core64-13.qcow2 -cdrom CorePure64-13.1.iso -boot d -m 256
3. 執行從iso安裝Micro Core Linux至影像檔
4. 測試產生的qcow2影像檔
   qemu-system-i386 -hda Core-13.qcow2 -m 128
   qemu-system-x86_64 -hda Core64-13.qcow2 -m 128

B-1. 利用Vriturlbox (on Window 10)產生vdi

1. 新增虛擬機
   類型: Linux
   版本: Linux 2.6/3.x/4.x (32/64-bit)
   記憶體: 128MB
   立即建立虛擬機
   檔案位置: Core64-13.vdi
   檔案大小: 64MB
   硬碟類型: VDI
   動態分配
   建立
2. 設定虛機
   儲存裝置:加入光碟影像檔CorePure64-13.0.iso，並調整Core-13.vdi至IDE
3. 執行從iso安裝Micro Core Linux至影像檔
   
4. 測試產生的Core64-13.vdi
   設定虛機: 移除光碟影像檔
   開啟虛機，正常運作後，關閉虛機

B-2. 利用qemu-img將vdi轉換為qcow2

1. qemu-img convert -f vdi -O qcow2 Core64-13.dvi Core64-13.qcow2

從iso安裝Micro Core Linux至影像檔

1. Micro Core Linux開機後下載安裝程式
   tce-load -wic tc-install
2. 執行安裝程式
   sudo tc-install.sh
   boot from [C]drom: c
   Install type [F]rugal: f
   Target 1. Whole Disk: 1
   Disk for corepure64 2.sda: 2
   Install a bootloader: y
   Install Extensions:
   Formatting Option 3.ext4: 3
   Boot options:
   Continue: y
   
3. 安裝完畢後關機
   sudo halt

將Console轉導至serial port (ttyS0)

因GNS3使用serial來連接VM，必須讓Micro Core Linux將console轉導至serial port

A. Method 1

修改/opt/bootsync.sh加入/sbin/getty 38400 ttyS0

sudo vi /opt/bootsync.sh
---
/usr/bin/sethostname box
/sbin/getty 38400 ttyS0 &
/opt/bootlocal.sh &
---

儲存修改結果

filetool.sh -b 

完成Micro Core Linux的qcow2影像檔

B. Method 2

修改extlinux.conf，設定開機訊息顯示在serial console，在首行加入SERIAL 0 38400，並在末行尾加入console=ttyS0,38400

cd /mnt/sda1/tce/boot/extlinux

vi extlinux.conf

---

SERIAL 0 38400

DEFAULT core

LABEL core

KERNEL /tce/boot/vmlinuz

INITRD /tce/boot/core.gz

APPEND quiet waitusb=5:UUID="..." tce=UUID="..."  console=ttyS0,38400 tz=GMT+8 nodhcp

---

設定可從serial console登入，需修改/mnt/sda1/tce/boot/core.gz (corepure64.gz) 中的etc/inittab及etc/security

在etc/inittab 
加入自動登入serial console
ttyS0::respawn:/sbin/getty -nl /sbin/autologin 38400 ttyS0
修改自動登入
tty1::respawn:/sbin/getty -nl /sbin/autologin 38400 tty1
為人工登入 (tc)
tty1::respawn:/sbin/getty -L 38400 tty1

cd /opt

mkdir tmp

cd tmp

zcat /mnt/sda1/tce/boot/core.gz | sudo cpio -i -H newc -d

vi etc/inittab

---自動登入serial console，人工登入tty console (tc)---

# /sbin/getty respawn shell invocations for selected ttys.

ttyS0::respawn:/sbin/getty -nl /sbin/autologin 38400 ttyS0

tty1::respawn:/sbin/getty -L 38400 tty1

---

修改etc/security，將 # ttyS0 行首的註解去除，允許serial登入console

vi etc/securetty

---

# For people with serial port consoles

ttyS0

---

刪除 core.gz (corepure64.gz)，並以重新打包的 core.gz (corepure64.gz)替代

rm /mnt/sda1/tce/boot/core.gz

find|sudo cpio -o -H newc | gzip -2 > /mnt/sda1/tce/boot/core.gz

關機即可得到qcow2影像檔

虛機使用serial連線console

使用QEMU

qemu-system-i386 "Core-13.qcow2" -m 128 -serial telnet:localhost:12345,server,nowait 
qemu-system-x86_64 "Core64-13.qcow2" -m 128 -serial telnet:localhost:12345,server,nowait

使用VirtualBox

虛機設定->序列埠->序列埠1->啟用序列埠

連接埠模式: TCP

連線到現有管線端/通訊埠: 不勾選

路徑/位址: 12345 (輸入通訊部號碼)

連線serial console

啟用虛機後，即可使用 telnet localhost:12345連接serail console

QEMU模擬器無法輸入非小寫字母的解決方式

請使用左方的shift鍵。(右方shift無效)

如果qemu中無法使用shift key，則可利用qemu monitor (用Ctrl+Alt+2切換)搭配sendkey來送出非小寫英文字母

• sendkey shift-S
• sendkey esc
• sendkey shift-semicolon
• sendkey shift-1

Microsoft Automatic Update trusted CTL

 Microsoft Automatic Update URL for trusted CTL

1. The computer requires HTTP (TCP port 80) access and name resolution (TCP and UDP port 53) ability to contact ctldl.windowsupdate.com.
2. Currently all the downloaded files require approximately 1.5 MB of space.

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn265983(v=ws.11)