Contents

Lab0: Adding external device and local host

Now that the lab is almost complete, we still need to add a wireless access point to the public network. To do this, we will use an OpenWrt router or any router you have on hand. The procedure for adding a physical device to GNS3 (in this case, a wireless router with OpenWrt) is described in the following video:

External Devices

As mentioned, any external device can be added to GNS3, you just need an additional Ethernet port. On the device side, the network is configured like any other network, either WAN or LAN. A more detailed description can be found in the book:

Wireless Access Point

Now that we have the wireless router configured in GNS3, we will connect it to a port on the switch that belongs to VLAN 20. On the router side, for this guide, a new interface (LAB) was created, attached to the switch port that is connected to GNS3, and in client DHCP mode:

/pentesting/lab/lab02/images/ether.png
Figure 1: Configuration of the LAB interface in OpenWrt

And the wireless interface that is in the LAB network:

/pentesting/lab/lab02/images/wifi.png
Figure 2: Configuration of the wireless interface in OpenWrt

With this configuration, people who connect to the "Lab-2099" network will be part of VLAN 20. Finally, the lab will look like this:

/pentesting/lab/lab02/images/pentestLab.png
Figure 3: Laboratory with wireless access point

Local Host

For this lab, I used the BackBox distribution as the host machine (but any other can be used). To connect BackBox to GNS3, we need to create a TAP interface, which is done with the command:

1
$ sudo tunclt -u <user>

This will create the tap0 interface, which by default is in the down state, so we need to:

1
sudo ip link set tap0 up

Now, in GNS3, we create a cloud connection and in the “TAP interfaces” tab, we select the tap0 interface and connect the cloud to some network.

/pentesting/lab/lab02/images/tap.png
Figure 4: TAP tab of the BackBox cloud

Finally, in the BackBox terminal, we write:
1
$ dhclient tap0

So we will get an IP within the network that the cloud is connected to, and we can use our own computer as another machine on the network.

/pentesting/lab/lab02/images/backbox.png
Figure 5: The BackBox host machine connected to the administrative network in GNS3

Gateway
From the moment we are connected using the tap0 interface, all communication with the outside will be done through the GNS3 network.