Child pages
  • 802.1X secured wifi installation

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Here, we replicate the relevant parts of the present installation as a starting point.

Base virtual machine preparation

Imported ~/Documents/Debian9-base.ova as Debian9-base_8021x, re-initializing all MAC addressesAdded eth adapter 2, re-init MAC
CPU, increase to 2

added eth1 mac address to server DHCP config, 192.168.10.52

...

Code Block
Debian 9 amd64 installation
- Hostname:
debian9-base
- User accounts (username password):
ls last
root last
- Partitioning:
--- Physical:
------ 1GB RAID boot flag
------ 29GB RAID
--- RAID:
------ md0: ext3 /boot
------ md1: LVM - part of volume group debian9-base
--- LVM (VG/LV):
------ debian9-base/root: 18.6GB ext4 /
------ debian9-base/swap: 3.72GB swap area
- Up to date as of 2017-09-27
- sources.list includes:
Sections: main contrib non-free
Additional repository: backports
- Apt-cacher configured as per Last School site (Proxy credentials will need to be entered in /etc/apt/apt.conf.d/02proxy by user)
- SSH access installed and enabled

- Gnome and Firefox configured to auto-detect proxy settings
- Extra software installed:
vlc gimp emacs fonts-indic tcpdump iperf exfat-utils wireshark

- One network interface as bridged adapter, cable connected.


Added a second ethernet adapter in settings, connected to "Not attached", re-initialized its MAC address
Increased the allocated CPUs to 2

enp0s3 - Adapter 1 - Bridged adapter

enp0s8 - Adapter 2 - Not attached

Booted, disconnected eth2 because of errors

Logged in to GUI, connected DHCP

Code Block
rm /etc/apt/apt.conf.d/02proxy
apt-get update

...


apt-get upgrade

reboot VM
rm 02proxy
set better Rebooted the virtual machine

Set strong passwords for ls and root passwordsusersinstalled

Installed my ssh pub public key in root's .ssh/authorized_keys file.

 

 

Code Block
apt-get install shorewall
apt-get install ipset
mv /etc/shorewall{,-orig}
mkdir /etc/shorewall
root@server.lastschl:~# scp /etc/shorewall/* root@192.168.10.52:/etc/shorewall/
#commented all entries related to loc and vpn zones (including dynamic zone man) in all files
#removed all MAC addresses of wifi clients

...