Category: Networking

Debian: Tunnel your traffic using SSH

Debian: Tunnel your traffic using SSH

gsettings set org.gnome.system.proxy mode 'manual'
gsettings set org.gnome.system.proxy.socks host '127.0.0.1'
gsettings set org.gnome.system.proxy.socks port 9050
ssh -f -N -D 9050 Username@Host
Advertisements
FRRouting: Debian / Ubuntu Install Guide

FRRouting: Debian / Ubuntu Install Guide

Free Range Routing or FRRouting or FRR is a network routing software suite providing implementations of Open Shortest Path First (OSPF), Routing Information Protocol (RIP), Border Gateway Protocol (BGP), IS-IS, Label Distribution Protocol (LDP), Protocol Independent Multicast (PIM), Babel, and Bidirectional Forwarding Detection (BFD) as well as alpha implementations of Next Hop Resolution Protocol (NHRP) and Enhanced Interior Gateway Protocol (EIGRP). It runs on Unix-like platforms, particularly Linux, Solaris, OpenBSD, FreeBSD and NetBSD.

Below is a simple set of instructions to get FRR installed

wget -O- https://apps3.cumulusnetworks.com/setup/cumulus-apps-deb.pubkey | apt-key add -
echo "deb [arch=amd64] https://apps3.cumulusnetworks.com/repos/deb $(lsb_release -cs) roh-3" >> /etc/apt/sources.list.d/cumulus-apps-deb-$(lsb_release -cs).list
apt-get update && apt-get install frr
echo "
# /etc/sysctl.d/99frr_defaults.conf
# Place this file at the location above and reload the device.
# or run the sysctl -p /etc/sysctl.d/99frr_defaults.conf
   
# Enables IPv4/IPv6 Routing
net.ipv4.ip_forward = 1
net.ipv6.conf.all.forwarding=1
 
# Routing
net.ipv6.route.max_size=131072
net.ipv4.conf.all.ignore_routes_with_linkdown=1
net.ipv6.conf.all.ignore_routes_with_linkdown=1
 
 
# Best Settings for Peering w/ BGP Unnumbered
#    and OSPF Neighbors
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.lo.rp_filter = 0
net.ipv4.conf.all.forwarding = 1
net.ipv4.conf.default.forwarding = 1
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.default.arp_notify = 1
net.ipv4.conf.default.arp_ignore=1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.all.arp_notify = 1
net.ipv4.conf.all.arp_ignore=1
net.ipv4.icmp_errors_use_inbound_ifaddr=1
 
# Miscellaneous Settings
 
#   Keep ipv6 permanent addresses on an admin down
net.ipv6.conf.all.keep_addr_on_down=1
 
# igmp
net.ipv4.igmp_max_memberships=1000
net.ipv4.neigh.default.mcast_solicit = 10
 
# MLD
net.ipv6.mld_max_msf=512
 
# Garbage Collection Settings for ARP and Neighbors
net.ipv4.neigh.default.gc_thresh2=7168
net.ipv4.neigh.default.gc_thresh3=8192
net.ipv4.neigh.default.base_reachable_time_ms=14400000
net.ipv6.neigh.default.gc_thresh2=3584
net.ipv6.neigh.default.gc_thresh3=4096
net.ipv6.neigh.default.base_reachable_time_ms=14400000
 
# Use neigh information on selection of nexthop for multipath hops
net.ipv4.fib_multipath_use_neigh=1
 
# Allows Apps to Work with VRF
net.ipv4.tcp_l3mdev_accept=1
" >> /etc/sysctl.d/99frr_defaults.conf
sysctl -p /etc/sysctl.d/99frr_defaults.conf
service frr restart
systemctl enable frr.service
Quagga: Debian Installation

Quagga: Debian Installation

Quagga is a network routing software suite providing implementations of Open Shortest Path First, Routing Information Protocol, Border Gateway Protocol and IS-IS for Unix-like platforms, particularly Linux and the below is your quick guide for installation

echo "deb http://ftp.uk.debian.org/debian/ jessie main contrib non-free" >> /etc/apt/sources.list
echo "deb-src http://ftp.uk.debian.org/debian/ jessie main contrib non-free" >> /etc/apt/sources.list
echo "deb http://ftp.uk.debian.org/debian/ jessie-updates main contrib non-free" >> /etc/apt/sources.list
echo "deb-src http://ftp.uk.debian.org/debian/ jessie-updates main contrib non-free" >> /etc/apt/sources.list
echo "deb http://security.debian.org/ jessie/updates main contrib non-free" >> /etc/apt/sources.list
echo "deb-src http://security.debian.org/ jessie/updates main contrib non-free" >> /etc/apt/sources.list
apt-get update
apt-get upgrade
apt-get install quagga=0.99.23.1-1+deb8u5
cd /etc/quagga
touch /etc/quagga/bgpd.conf
touch /etc/quagga/isisd.conf
touch /etc/quagga/ospf6d.conf 
touch /etc/quagga/ospfd.conf
touch /etc/quagga/pimd.conf
touch /etc/quagga/ripd.conf
touch /etc/quagga/ripngd.conf
touch /etc/quagga/vtysh.conf
touch /etc/quagga/zebra.conf
chown quagga:quagga /etc/quagga/babeld.conf && chmod 640 /etc/quagga/babeld.conf 
chown quagga:quagga /etc/quagga/bgpd.conf && chmod 640 /etc/quagga/bgpd.conf 
chown quagga:quagga /etc/quagga/isisd.conf && chmod 640 /etc/quagga/isisd.conf 
chown quagga:quagga /etc/quagga/ospf6d.conf && chmod 640 /etc/quagga/ospf6d.conf 
chown quagga:quagga /etc/quagga/ospfd.conf && chmod 640 /etc/quagga/ospfd.conf 
chown quagga:quagga /etc/quagga/pimd.conf && chmod 640 /etc/quagga/pimd.conf 
chown quagga:quagga /etc/quagga/ripd.conf && chmod 640 /etc/quagga/ripd.conf 
chown quagga:quagga /etc/quagga/ripngd.conf && chmod 640 /etc/quagga/ripngd.conf 
chown quagga:quaggavty /etc/quagga/vtysh.conf && chmod 660 /etc/quagga/vtysh.conf 
chown quagga:quagga /etc/quagga/zebra.conf && chmod 640 /etc/quagga/zebra.conf 
sed -i 's/ospfd=no/ospfd=yes/g' daemon
service quagga stop
service quagga start

You are now ready to connect to the configuration interface via telnet

telnet localhost 2604

The default password is “Zebra”

VPN: WireGuard Quick Setup Guide

VPN: WireGuard Quick Setup Guide

WireGuard® offers an extremely fast VPN connection with very little overhead and maintains security with state-of-the-art cryptography. It has the potential to offer a simpler, more secure, more efficient, and easier to use VPN over existing technologies.

The below code snippet will take you through the process of building a Wireguard VPN gateway on Debian Linux

## Add Repos
echo "deb http://deb.debian.org/debian/ unstable main" | tee /etc/apt/sources.list.d/unstable-wireguard.list
printf "Package: *\nPin: release a=unstable\nPin-Priority: 150\n" | tee /etc/apt/preferences.d/limit-unstable
## Update Repo Database
apt-get update -y
# Upgrade Pre-exsisting packages
apt-get upgrade -y
# Install Required Packages
apt-get install linux-headers-$(uname -r) -y
apt-get install wireguard -y
# Enable WireGuard Kernle Module
modprobe wireguard;
# Enable Packet Forwarding
sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/g' /etc/sysctl.conf
sysctl -p;
echo 1 > /proc/sys/net/ipv4/ip_forward;
# Setup Virtual Network Adapater
ip link add dev wg0 type wireguard
# Generate Key Pair
cd /etc/wireguard
umask 077
wg genkey | tee server_private_key | wg pubkey > server_public_key
# Build Configuration File
PriKey=$(cat /server_private_key)
echo "
[Interface]
Address = 10.0.80.1/24
SaveConfig = true
PrivateKey = 
ListenPort = 51820
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
[Peer]
PublicKey = 
AllowedIPs = 10.0.80.2/32
" >> wg0.conf
# Configure WireGuard Service To Start On Boot
systemctl enable wg-quick@wg0-client.service
# Bring Up the Wireguard Service
wg-quick up wg0
# Kill Wireguard Service
wg-quick down wg0
# View Status of Wireguard VPN
wg show
Network Basics: OSPF Standup and Route Sharing Process

Network Basics: OSPF Standup and Route Sharing Process

Open Shortest Path First (OSPF) is a routing protocol for Internet Protocol (IP) networks. It uses a link state routing (LSR) algorithm and falls into the group of interior gateway protocols (IGPs), operating within a single autonomous system (AS). It is defined as OSPF Version 2 in RFC 2328 (1998) for IPv4.

Below is a digram showing you the process flow of two routers initialising and sharing routes between each other within the same OSPF area

OSPF Int and Share