From 2e1959bf2c88455b51e98bbdacc6c47f0c87acec Mon Sep 17 00:00:00 2001 From: Alex Date: Thu, 22 Apr 2021 11:05:32 +0200 Subject: [PATCH] POC: Before auto launch --- Guests/RTR-01.ps1 | 4 ++- Guests/RTR-02.ps1 | 75 ++++++++++++++++++++++++++++----------- Guests/RTR-03.ps1 | 77 +++++++++++++++++++++++++++++------------ Guests/RTR-03_Old.ps1 | 47 +++++++++++++++++++++++++ Host/Infra-Standard.ps1 | 4 +-- 5 files changed, 160 insertions(+), 47 deletions(-) create mode 100644 Guests/RTR-03_Old.ps1 diff --git a/Guests/RTR-01.ps1 b/Guests/RTR-01.ps1 index a2b78fc..15735a3 100644 --- a/Guests/RTR-01.ps1 +++ b/Guests/RTR-01.ps1 @@ -72,10 +72,12 @@ Set-NetFirewallRule @Params echo "Activate NAT and DHCP Relay" netsh routing ip relay install +netsh routing ip add interface name="Arc-SRV" state=enable +netsh routing ip add interface name="Arc-CLI" state=enable netsh routing ip add interface name="WAN" state=enable netsh routing ip relay add interface "WAN" -netsh rout ip rel set int ARC-CLI min=0 +netsh rout ip rel set int ARC-SRV min=0 netsh routing ip relay add interface "Arc-CLI" netsh rout ip rel set int ARC-SRV min=0 netsh routing ip relay add interface "Arc-SRV" diff --git a/Guests/RTR-02.ps1 b/Guests/RTR-02.ps1 index d80bbf0..6a35e5d 100644 --- a/Guests/RTR-02.ps1 +++ b/Guests/RTR-02.ps1 @@ -1,32 +1,56 @@ -# Alexandre SIMAO +# Made by Alexandre SIMAO # GPLv3 # Script to install and configure a Fuckdows Server 2016 as a router -# RTR-02 Only +# RTR-01 Only +# Script done + +# Change the poor machine name echo "Shamefully made by Alexandre Simao. Pardon-me M. Stallman" -# Change the poor machine name -Rename-computer "RTR-02" +Rename-computer RTR-02 -Rename-NetAdapter -Name "Ethernet" -NewName "Bou-LAN" -Rename-NetAdapter -Name "Ethernet 2" -NewName "WAN" +$adapts = Get-NetAdapter +foreach ($adapt in $adapts) { +$HVName = (Get-NetAdapterAdvancedProperty -name $adapt.name -DisplayName "Hyper-v Network Adapter Name").DisplayValue +Rename-Netadapter -name $adapt.name -NewName $HVName +} + +#Général IP configure + +$MaskBits = 24 # This means subnet mask = 255.255.255.0 +$IPType = "IPv4" + +#Bou-LAN IP conf + +$adapter = Get-NetAdapter | ? {$_.Name -eq "Bou-LAN"} +$IP = "192.168.128.254" +$adapter | New-NetIPAddress ` + -AddressFamily $IPType ` + -IPAddress $IP ` + -PrefixLength $MaskBits + + #WAN + + $adapter = Get-NetAdapter | ? {$_.Name -eq "WAN"} + $IP = "192.168.255.254" + $adapter | New-NetIPAddress ` + -AddressFamily $IPType ` + -IPAddress $IP ` + -PrefixLength $MaskBits ` + +#DNS Conf for all InterfaceAlias +foreach ($c in Get-NetAdapter) { write-host 'Setting DNS for' $c.interfaceName ; Set-DnsClientServerAddress -InterfaceIndex $c.interfaceindex -ServerAddresses ('9.9.9.9') } -netsh interface ip set address "WAN" static 192.168.255.8 255.255.255.0 192.168.255.254 -netsh interface ip set address "Bou-LAN" static 192.168.128.254 255.255.255.0 -netsh interface ip set dns name="WAN" static 9.9.9.9. # Install Routing and necessary linked roles Install-WindowsFeature RemoteAccess, RSAT-RemoteAccess-PowerShell, Routing -IncludeManagementTools -set-service RemoteAccess -StartupType Automatic -Start-Service RemoteAccess - -# Display interfaces and active forwarding for all of thm via Regedit -netsh inter show inter - +#Install VPN +echo "Install-remoteAccess -VpnType Vpn" +Install-remoteAccess -VpnType Vpn Set-NetConnectionProfile -NetworkCategory Private - $Params = @{ "Name" = 'vm-monitoring-icmpv4' "Action" = 'Allow' @@ -35,18 +59,27 @@ $Params = @{ Set-NetFirewallRule @Params # Activate NAT and DHCP Relay +echo "Activate NAT and DHCP Relay" netsh routing ip relay install +netsh routing ip add interface name="Bou-LAN" state=enable netsh routing ip add interface name="WAN" state=enable -netsh routing ip relay add interface "WAN" -netsh rout ip rel set int ARC-CLI min=0 + netsh routing ip relay add interface "Bou-LAN" netsh rout ip rel set int ARC-SRV min=0 +netsh routing ip relay add interface "WAN" +netsh rout ip rel set int WAN min=0 +netsh routing ip relay add dhcpserver 192.168.8.1 +set-service RemoteAccess -StartupType Automatic +Start-Service RemoteAccess +netsh -f ./WAN.conf netsh -f ./Bou-LAN.conf +Set-NetConnectionProfile -networkcategory private + # Change ZoneAlarm rule to accept incoming ICMP ipv4 probes $Params = @{ "Name" = 'vm-monitoring-icmpv4' @@ -58,7 +91,7 @@ Set-NetFirewallRule @Params # Add routes route add -p 192.168.8.0/24 192.168.255.8 -route add -p 192.168.12.0.24 192.168.255.8 -route add -p 192.168.255.0/24 192.168.255.128 -route add -p 192.168.128.0/24 192.168.128.254 +route add -p 192.168.12.0/24 192.168.255.8 route add -p 0.0.0.0/0 192.168.255.254 + +Read-Host "Finished???" diff --git a/Guests/RTR-03.ps1 b/Guests/RTR-03.ps1 index a8784da..1eeaad9 100644 --- a/Guests/RTR-03.ps1 +++ b/Guests/RTR-03.ps1 @@ -1,34 +1,53 @@ -# Alexandre SIMAO +# Made by Alexandre SIMAO # GPLv3 -### TODO ? - # Script to install and configure a Fuckdows Server 2016 as a router -# RTR-03 Only -echo "Shamefully made by Alexandre Simao. Pardon-me M. Stallman" +# RTR-01 Only +# Script done # Change the poor machine name -Rename-computer "RTR-03" -Rename-NetAdapter -Name "Ethernet" -NewName "WAN" -Rename-NetAdapter -Name "Ethernet 2" -NewName "Aston" +echo "Shamefully made by Alexandre Simao. Pardon-me M. Stallman" + +Rename-computer RTR-03 + +$adapts = Get-NetAdapter +foreach ($adapt in $adapts) { +$HVName = (Get-NetAdapterAdvancedProperty -name $adapt.name -DisplayName "Hyper-v Network Adapter Name").DisplayValue +Rename-Netadapter -name $adapt.name -NewName $HVName +} + +#Général IP configure + +$MaskBits = 24 # This means subnet mask = 255.255.255.0 +$IPType = "IPv4" + +#WAN IP conf + +$adapter = Get-NetAdapter | ? {$_.Name -eq "WAN"} +$IP = "192.168.255.254" +$adapter | New-NetIPAddress ` + -AddressFamily $IPType ` + -IPAddress $IP ` + -PrefixLength $MaskBits + + #Aston + + $adapter = Get-NetAdapter | ? {$_.Name -eq "Aston"} + $IP = "192.168.255.254" + $adapter | Set-NetIPInterface -Dhcp Enabled + +#DNS Conf for all InterfaceAlias +foreach ($c in Get-NetAdapter) { write-host 'Setting DNS for' $c.interfaceName ; Set-DnsClientServerAddress -InterfaceIndex $c.interfaceindex -ServerAddresses ('9.9.9.9') } + # Install Routing and necessary linked roles Install-WindowsFeature RemoteAccess, RSAT-RemoteAccess-PowerShell, Routing -IncludeManagementTools -set-service RemoteAccess -StartupType Automatic -Start-Service RemoteAccess - -netsh interface ip set address "WAN" static 192.168.255.254 255.255.255.0 -netsh interface ip set dns name="WAN" static 9.9.9.9 - -# Activate NAT - -netsh routing ip nat install -netsh routing ip nat add interface name="WAN" mode=PRIVATE -netsh routing ip nat add interface name="Aston" mode=FULL - -# Change ZoneAlarm rule to accept incoming ICMP ipv4 probes +#Install VPN +echo "Install-remoteAccess -VpnType Vpn" +Install-remoteAccess -VpnType Vpn +Set-NetConnectionProfile -NetworkCategory Private $Params = @{ "Name" = 'vm-monitoring-icmpv4' "Action" = 'Allow' @@ -36,12 +55,26 @@ $Params = @{ Set-NetFirewallRule @Params +set-service RemoteAccess -StartupType Automatic +Start-Service RemoteAccess + +netsh -f ./WAN.conf + Set-NetConnectionProfile -networkcategory private +# Change ZoneAlarm rule to accept incoming ICMP ipv4 probes +$Params = @{ + "Name" = 'vm-monitoring-icmpv4' + "Action" = 'Allow' +} + +Set-NetFirewallRule @Params # Add routes route add -p 192.168.8.0/24 192.168.255.8 route add -p 192.168.12.0/24 192.168.255.8 route add -p 192.168.128.0/24 192.168.255.128 -route add -p 192.168.255.0/24 192.168.255.254 +route add -p 0.0.0.0/0 192.168.255.254 + +Read-Host "Finished???" diff --git a/Guests/RTR-03_Old.ps1 b/Guests/RTR-03_Old.ps1 new file mode 100644 index 0000000..16d8db9 --- /dev/null +++ b/Guests/RTR-03_Old.ps1 @@ -0,0 +1,47 @@ +# Alexandre SIMAO +# GPLv3 + +### TODO ? + +# Script to install and configure a Fuckdows Server 2016 as a router +# RTR-03 Only +echo "Shamefully made by Alexandre Simao. Pardon-me M. Stallman" + +# Change the poor machine name +Rename-computer "RTR-03" + +Rename-NetAdapter -Name "Ethernet" -NewName "WAN" +Rename-NetAdapter -Name "Ethernet 2" -NewName "Aston" + +# Install Routing and necessary linked roles +Install-WindowsFeature RemoteAccess, RSAT-RemoteAccess-PowerShell, Routing -IncludeManagementTools +set-service RemoteAccess -StartupType Automatic +Start-Service RemoteAccess + +netsh interface ip set address "WAN" static 192.168.255.254 255.255.255.0 +netsh interface ip set dns name="WAN" static 9.9.9.9 + +# Activate NAT + +netsh routing ip nat install +netsh routing ip nat add interface name="WAN" mode=PRIVATE +netsh routing ip nat add interface name="Aston" mode=FULL + +# Change ZoneAlarm rule to accept incoming ICMP ipv4 probes + +$Params = @{ + "Name" = 'vm-monitoring-icmpv4' + "Action" = 'Allow' +} + +Set-NetFirewallRule @Params + +Set-NetConnectionProfile -networkcategory private + + +# Add routes + +route add -p 192.168.8.0/24 192.168.255.8 +route add -p 192.168.12.0/24 192.168.255.8 +route add -p 192.168.128.0/24 192.168.255.128 +route add -p 192.168.255.0/24 192.168.255.254 diff --git a/Host/Infra-Standard.ps1 b/Host/Infra-Standard.ps1 index 3462989..f40b0ca 100644 --- a/Host/Infra-Standard.ps1 +++ b/Host/Infra-Standard.ps1 @@ -71,7 +71,7 @@ New-VM @vms Set-VMMemory RTR-03 -DynamicMemoryEnabled $true -MinimumBytes 512MB -StartupBytes 1024MB -MaximumBytes 2GB $vmadapter = Get-VMNetworkAdapter -VMName "RTR-02" -Add-VMNetworkAdapter -VMName "RTR-02" -SwitchName "Arc-CLI" -Name "Bou-LAN" -DeviceNaming on +Add-VMNetworkAdapter -VMName "RTR-02" -SwitchName "Bou-LAN" -Name "Bou-LAN" -DeviceNaming on Add-VMNetworkAdapter -VMName "RTR-02" -SwitchName "WAN" -Name "WAN" -DeviceNaming on @@ -90,8 +90,6 @@ $vms = @{ Generation = '2' MemoryStartupBytes = 1024Mb VHDPath = "d:\VHD\$VMName.vhdx" - SwitchName = 'WAN' - } New-VM @vms