Install GNS3 server
sudo add-apt-repository ppa:gns3/ppa
sudo apt-get update
sudo apt-get install gns3-server
If you are prompted whether non-root users should be allowed to use ubridge, select "Yes".
Note that GNS3 only works if the front-end and back-end are the same version. Therefore we recommend you 'hold' the gns3-server package so that it is not updated unless you explicitly ask for it:
sudo apt-mark hold gns3-server
Note
You can cancel this later with apt-mark unhold
, e.g. when you
are ready to perform an upgrade:
# How to upgrade gns3
sudo apt-mark unhold gns3-server
sudo apt-get install gns3-server
sudo apt-mark hold gns3-server
sudo systemctl restart gns3
Create gns3 user
This is the user that the gns3 server will run as.
sudo useradd -d /var/lib/GNS3 -s /bin/bash -r gns3
Add to groups
Add the gns3 user into the "kvm" and "ubridge" groups:
sudo usermod -a -G kvm,ubridge gns3
It's also conventient add your unprivileged user to the "gns3" group, as it
will allow you to change directory to /var/lib/GNS3
without "sudo".
sudo usermod -a -G gns3 nsrc
Create directories
sudo mkdir -p /var/lib/GNS3 /etc/gns3
sudo chown -R gns3:gns3 /var/lib/GNS3 /etc/gns3
These directories must be writable by the gns3
user.
Optionally you can secure them so they are only readable by the gns3 user and group (this helps protect the gns3 server password from prying eyes)
sudo chmod 750 /var/lib/GNS3 /etc/gns3
Create a systemd unit file
Create file /etc/systemd/system/gns3.service
[Unit]
Description=GNS3 network simulator
After=network-online.target
Wants=network-online.target
Conflicts=shutdown.target
[Service]
User=gns3
Group=gns3
ExecStart=/usr/bin/gns3server --config /etc/gns3/gns3_server.conf
ExecReload=/bin/kill -s HUP $MAINPID
Restart=always
RestartSec=5
LimitNOFILE=16384
[Install]
WantedBy=multi-user.target
Create configuration file
Now create file /etc/gns3/gns3_server.conf
with the following contents:
[Server]
images_path = /var/lib/GNS3/images
projects_path = /var/lib/GNS3/projects
configs_path = /var/lib/GNS3/configs
appliances_path = /var/lib/GNS3/appliances
symbols_path = /var/lib/GNS3/symbols
report_errors = True
auth = True
user = nsrc
password = XXXXXXXX
[Qemu]
enable_kvm = True
require_kvm = False
For reference:
images_path
tells GNS3 where to find its base hard drive images. The pre-generated snapshots have/var/lib/GNS3/images/QEMU/xxx.img
as the base path coded within them, so we need to put images in the same place.auth
,user
andpassword
configure the GNS3 API to require authentication. This will prevent students from connecting and taking over the emulator. The password in this file is in cleartext, so do not use a valuable password. The GNS3 username and password do not need to match your system username and password.
There is more documentation on this file here and here.
Start GNS3
Start the gns3 server like this:
sudo systemctl start gns3
sudo systemctl enable gns3
The second line means that it will be automatically started at system boot.
If it won't start, check for errors using this command:
journalctl -eu gns3
Security notes
Warning
Regardless of authentication settings, serial consoles are accessible remotely without any authentication, to anyone who knows or guesses the port number. If this is a concern (e.g. because your WAN interface is a public IP) then you can apply firewall rules, or you can bind GNS3 so that it only listens on the internal interface:
[Server]
images_path = /var/lib/GNS3/images
host = 100.64.0.1
... etc
However there is a bug in
gns3-server (at least 2.2.11) which may prevent network traffic flowing when
you have this setting. You will also need to change the TARGET setting
in /etc/apache2/nsrc-web/cgi-bin/gns3man
.