Child pages
  • 802.1X secured wifi installation

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Replication of production setup

Here, we replicate the relevant parts of the present installation as a starting point.

Imported ~/Documents/Debian9-base.ova as Debian9-base_8021x, re-initializing all MAC addresses
Added eth adapter 2, re-init MAC
CPU, increase to 2

added eth1 mac address to server DHCP config, 192.168.10.52

server shwl add 52

Booted, disconnected eth2 because of errors

Logged in to GUI, connected DHCP

apt-get update
apt-get upgrade
reboot VM
rm 02proxy
set better ls and root passwords
installed ssh pub key in root

Code Block
apt-get install shorewall
apt-get install ipset
mv /etc/shorewall{,-orig}
mkdir /etc/shorewall
root@server.lastschl:~# scp /etc/shorewall/* root@192.168.10.52:/etc/shorewall/
#commented all entries related to loc and vpn zones (including dynamic zone man) in all files
#removed all MAC addresses of wifi clients

Code Block
cp -r shorewall{,-remove-loc-vpn-man-wifimac}
updated interface names in interfaces, masq
cp -r shorewall{,-updated-interfaces}
/etc/default/shorewall startup=1



removed postfix, proxy rules (did not update config backups)



added shorewall rules _apt
Code Block
systemctl enable shorewall.service
systemctl disable network-manager.service
systemctl disable NetworkManager.service
root@server.lastschl:~# scp /etc/network/interfaces 192.168.10.52:/etc/network/
updated interface names, removed loc interface, and updated net ip
unlink /etc/resolv.conf
echo nameserver 192.168.10.1 > /etc/resolv.conf
Code Block
root@server.lastschl:~# scp /etc/rsyslog.d/40-shorewall.conf  192.168.10.52:/etc/rsyslog.d/
root@server.lastschl:~# scp /etc/logrotate.d/shorewall 192.168.10.52:/etc/logrotate.d/
root@server.lastschl:~# scp /etc/logrotate.d/rsyslog 192.168.10.52:/etc/logrotate.d/
root@server.lastschl:~# scp /etc/logrotate.conf 192.168.10.52:/etc/
mkdir /etc/ltsp
root@server.lastschl:~# scp /etc/ltsp/dhcpd.conf 192.168.10.52:/etc/ltsp/
root@server.lastschl:~# scp /etc/dhcp/dhcpd.conf 192.168.10.52:/etc/dhcp/
apt-get install isc-dhcp-server
/etc/default/isc-dhcp-server
removed 10 network from dhcp
lastschl.av to test.av
removed MAC reservations

Configure DNS (based on LASTSCHL-211):

Code Block
apt-get install dnsmasq
touch /var/log/dnsmasq
chmod 640 /var/log/dnsmasqSet in /etc/dnsmasq.conf
Code Block
strict-order
interface=enp0s8
expand-hosts
domain=test.av
log-queries
log-facility=/var/log/dnsmasq

/etc/logrotate.d/dnsmasq
Code Block
/var/log/dnsmasq
{
	rotate 730
	daily
	nomissingok	
	notifempty
	delaycompress
	compress
	dateext
	postrotate
		reload rsyslog >/dev/null 2>&1 || true
	endscript
}

/etc/hostname

Code Block
debian9-base.test.av

/etc/hosts

Code Block
127.0.0.1	localhost

192.168.9.1	test.av
192.168.9.1	server.test.av	server

# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

 

 

packages: shorewall

New stuff

...