Bernhard's Homepage

GNS3 Cloud connection on a Linux server

GNS3 Cloud connection on a Linux server

Creating a cloud connection from GNS3 to the host is easily done in the GNS3 GUI. But you need some knowledge about the host OS to make to best out of it. In the following I'm going to explain, what's special when using a Linux OS.

This guide was developed and tested on a Debian system. It should also work on similar distributions, like Ubuntu and Mint. But it needs some adaptions for other Linux distributions.

Ethernet Cloud connection

GNS3 ethernet cloud

This is the easiest way, just choose the ethernet interface of your Linux system (e.g. eth0) as the cloud interface.

The GNS3 device is connection to your LAN like a separate device. That way the GNS3 device uses the same IP network as your linux host and it gets the same connectivity. The logical layout of a typical home network will look like this:
GNS3 ethernet logical connection

The big advantage is, that you don't have to change anything on your host and in your network. But this has three drawbacks:

  • You can connect to the internet and to other devices on your LAN, but not to the Linux host.
    The reason is, that the data sent by GNS3 to the ethernet cloud interface is directly transmitted on the wire. The TCP/IP system of the host doesn't see these packets, so it can't respond to them.
  • It doesn't work with WLAN interfaces, see the next chapter how to use a TAP cloud connection.
  • The performance is quite poor.
    I get about 100 MBit/s to my Linux box, but with the ethernet cloud I get only 1 MBit/s to the GNS3 device.

TAP Cloud connection

GNS3 TAP cloud

A TAP interface is a dedicated point-to-point connection between your Linux system and an application (in our case GNS3). A home network will have such a structure:
GNS3 TAP logical connection

The advantage is, that you will be able to access the Linux host, and the connection speed is fine. Furthermore wireless interfaces can be used to connect to the LAN. The major drawback is, that a TAP interface can be used only by one GNS3 project at a time. If you are the only GNS3 user, having only one project open at any given time, this is not an issue. But as soon as multiple projects are simultaneously open, you have to use multiple TAP interfaces. The assignment of these TAP interfaces to the projects will be very difficult to handle.

This TAP connection is a new IP network, that has to be configured on the host. To create a TAP interface add the following to /etc/network/interfaces (adapt the IP address to your needs):

auto tap0
iface tap0 inet static
	pre-up	/sbin/ip tuntap add dev tap0 mode tap user <gns3_user>
	post-down /sbin/ip tuntap del dev tap0 mode tap

Replace <gns3_user> by the user, that runs the GNS3 server process, typically it's the user gns3. You can also leave out the "user <gns3_user>" part, then every user can connect to the TAP interface.

Activate it with sudo ifup tap0, after reboot it's automatically activated.

On the GNS3 device you have to configure a static IP and a default gateway suitable for the TAP interface.

Now you should be able to reach the host, but no other hosts and not the internet. To achieve that, the host has to enable routing (Linux calls that IP forwarding). Edit /etc/sysctl.conf and add/uncomment net.ipv4.ip_forward=1, then reboot.

After that start Wireshark and sniff the ethernet interface of the Linux host. When you now ping the IP of your internet router from the GNS3 device, you should see the ping going out, but you won't see a reply.

If you don't see the outgoing ping, then you should check the configuration of the FORWARD chain of the iptables firewall. The default is to allow forwarding, but that might has been changed.

Now we have to take care about the missing answer to our outgoing packets. The reason is, that the devices on our LAN, and especially the router to the internet, have no idea, where the TAP IP network is located and how to reach it.

You have two ways changing that.

  • Reconfigure your LAN devices
    Create a static route for the TAP network to your linux host on all devices of your LAN. Furthermore on your internet router you might have to allow the TAP network to reach the internet. That way all LAN devices get direct access to the GNS3 devices connected to the cloud, but it's quite of lot of work to setup this.
  • NAT the TAP traffic leaving the Linux host
    sudo iptables -t nat -A POSTROUTING -s ! -d -j MASQUERADE (adapt the IP addresses to your TAP network) will NAT all traffic coming from the TAP interface and leaving the Linux box. With the help of the package iptables-persistent the iptables entries will survive a reboot.

Optionally you may want to make it easier to configure the GNS3 device by enabling DHCP. For that we install dnsmasq and create the file /etc/dnsmasq.d/tap0.conf (again adapt the IP addresses):

# Configuration file for dnsmasq on tap0 interface


Then restart dnsmasq with sudo service dnsmasq restart.

Linux Bridge and NAT Cloud connection

GNS3 NAT cloud

Starting with v2.0 GNS3 is able to connect to Linux bridge interfaces. Every time a GNS3 project uses a bridge interface cloud, a TAP device is created and connected to this bridge. That way multiple projects can use the same bridge cloud in parallel.

The NAT cloud is just a cloud to the 'virbr0' bridge. By default it uses NAT (network address translation) as a very easy and efficient way to access the internet. It is meant to be used with the GNS3 VM. But as this VM is just a regular Linux system, the NAT cloud can also be used with a normal Linux server. The address translation is done in the Linux OS, not by the GNS3 application.

The easy way to create a NAT cloud is to install libvirt (libvirt-bin on Ubuntu, libvirt-daemon-system on Debian). The IP configuration can be modified with "virsh net-edit default".

But it's not so hard to create a bridge interface without libvirt. In the following the 'virbr0' bridge is created (for use with the NAT cloud), but you can use the same procedure to setup any other bridge.

First install the bridge-utils (sudo apt-get install bridge-utils). Then add the bridge configuration to /etc/network/interfaces (adapt IP address, choose a random hwaddress):

auto virbr0
iface virbr0 inet static
	bridge_ports none
	bridge_stp off
	bridge_fd 0
	hwaddress ether 12:75:1b:5d:a1:0d

Then activate it with sudo ifup <bridge_name>, after reboot it’s automatically activated.

The remaining procedure is the same as in the TAP section, here just a quick overview:

  • Activate forwarding in /etc/sysctl.conf, then reboot
  • Check if the FORWARD chain in iptables allows forwarding
  • Activate NAT for the bridge traffic leaving the Linux host
    Alternatively go without NAT, change your LAN to route the bridge network to the Linux host. That means, that you can use the NAT cloud without address translation.
  • Install dnsmasq, create the configuration in /etc/dnsmasq.d/<bridge_name>.conf and restart dnsmaq.

    # Configuration file for dnsmasq on virbr0 interface