Install GNS3 server

sudo add-apt-repository ppa:gns3/ppa
sudo apt-get update
sudo apt-get install gns3-server

If you are prompted whether non-root users should be allowed to use ubridge, select "Yes".

Note that GNS3 only works if the front-end and back-end are the same version. Therefore we recommend you 'hold' the gns3-server package so that it is not updated unless you explicitly ask for it:

sudo apt-mark hold gns3-server

Note

You can cancel this later with apt-mark unhold, e.g. when you are ready to perform an upgrade:

# How to upgrade gns3
sudo apt-mark unhold gns3-server
sudo apt-get install gns3-server
sudo apt-mark hold gns3-server
sudo systemctl restart gns3

Create gns3 user

This is the user that the gns3 server will run as.

sudo useradd -d /var/lib/GNS3 -s /bin/bash -r gns3

Add to groups

Add the gns3 user into the "kvm" and "ubridge" groups:

sudo usermod -a -G kvm,ubridge gns3

It's also conventient add your unprivileged user to the "gns3" group, as it will allow you to change directory to /var/lib/GNS3 without "sudo".

sudo usermod -a -G gns3 nsrc

Create directories

sudo mkdir -p /var/lib/GNS3 /etc/gns3
sudo chown -R gns3:gns3 /var/lib/GNS3 /etc/gns3

These directories must be writable by the gns3 user.

Optionally you can secure them so they are only readable by the gns3 user and group (this helps protect the gns3 server password from prying eyes)

sudo chmod 750 /var/lib/GNS3 /etc/gns3

Create a systemd unit file

Create file /etc/systemd/system/gns3.service

[Unit]
Description=GNS3 network simulator
After=network-online.target
Wants=network-online.target
Conflicts=shutdown.target

[Service]
User=gns3
Group=gns3
ExecStart=/usr/bin/gns3server --config /etc/gns3/gns3_server.conf
ExecReload=/bin/kill -s HUP $MAINPID
Restart=always
RestartSec=5
LimitNOFILE=16384

[Install]
WantedBy=multi-user.target

Create configuration file

Now create file /etc/gns3/gns3_server.conf with the following contents:

[Server]
images_path = /var/lib/GNS3/images
projects_path = /var/lib/GNS3/projects
configs_path = /var/lib/GNS3/configs
appliances_path = /var/lib/GNS3/appliances
symbols_path = /var/lib/GNS3/symbols
report_errors = True

auth = True
user = nsrc
password = XXXXXXXX

[Qemu]
enable_kvm = True
require_kvm = False

For reference:

  • images_path tells GNS3 where to find its base hard drive images. The pre-generated snapshots have /var/lib/GNS3/images/QEMU/xxx.img as the base path coded within them, so we need to put images in the same place.
  • auth, user and password configure the GNS3 API to require authentication. This will prevent students from connecting and taking over the emulator. The password in this file is in cleartext, so do not use a valuable password. The GNS3 username and password do not need to match your system username and password.

There is more documentation on this file here and here.

Start GNS3

Start the gns3 server like this:

sudo systemctl start gns3
sudo systemctl enable gns3

The second line means that it will be automatically started at system boot.

If it won't start, check for errors using this command:

journalctl -eu gns3

Security notes

Warning

Regardless of authentication settings, serial consoles are accessible remotely without any authentication, to anyone who knows or guesses the port number. If this is a concern (e.g. because your WAN interface is a public IP) then you can apply firewall rules, or you can bind GNS3 so that it only listens on the internal interface:

[Server] images_path = /var/lib/GNS3/images host = 100.64.0.1 ... etc

However there is a bug in gns3-server (at least 2.2.11) which may prevent network traffic flowing when you have this setting. You will also need to change the TARGET setting in /etc/apache2/nsrc-web/cgi-bin/gns3man.