Installation [Документация VAS Experts]
Документация VAS Experts Документация VAS Experts-mobile
in

Settings

  • Show page
  • Old revisions
  • Export to PDF
  • Backlinks
  • Show page
  • Old revisions
  • Export to PDF
  • Backlinks

    • Differences

    This shows you the differences between two versions of the page.

    Link to this comparison view

    Both sides previous revisionPrevious revision
    Next revision    		Previous revision
    en:veos:installation [2024/12/12 07:35] – ↷ Links adapted because of a move operation elena.krasnobryzhen:veos:installation [2025/01/14 07:33] (current) – [Pre-configuring VEOS] elena.krasnobryzh
    Line 11: Line 11:
      
     ===== ISO Links ===== ===== ISO Links =====
    -  [[https://repo.vasexperts.com/veos/8.7/isos/x86_64/VEOS-8.7-x86_64-Minimal.iso|VEOS 8.7 Sakhalin]] ([[https://repo.vasexperts.com/veos/8.7/isos/x86_64/checksum|SHA-256 checksum]]) for minimal installation.+  [[https://repo.vasexperts.com/veos/8.8/isos/x86_64/VEOS-8.8-x86_64-Minimal.iso|VEOS 8.8 Kildin]] ([[https://repo.vasexperts.com/veos/8.8/isos/x86_64/checksum|SHA-256 checksum]]) for minimal installation
      
     [[en:veos:installation:archived_versions]] [[en:veos:installation:archived_versions]]
    Line 100: Line 100:
     ===== Pre-configuring VEOS ===== ===== Pre-configuring VEOS =====
      
    -If you received a preinstalled system from us, please immediately refer to the [[en:dpi:dpi_brief:install_point_ssg:micra_install|Appliance installation instruction]] section.\\+If you received a preinstalled system from us, please immediately refer to the [[en:dpi:dpi_brief:network_preparation:install_point_ssg:micra_install|Appliance installation instruction]] section.\\
     Otherwise, you need to install the VEOS operating system on your server yourself and give us remote SSH access and root rights to perform the installation and initial configuration of the platform. After the work is completed, the remote access can be closed. Otherwise, you need to install the VEOS operating system on your server yourself and give us remote SSH access and root rights to perform the installation and initial configuration of the platform. After the work is completed, the remote access can be closed.
      
    Line 107: Line 107:
       - Save the password for **vasexpertsmnt**.   - Save the password for **vasexpertsmnt**.
       - Set permission for users of the wheel group to use all commands on behalf of all users, for this you need to add to ///etc/sudoers// the line: <code>% wheel ALL=(ALL) NOPASSWD: ALL</code>   - Set permission for users of the wheel group to use all commands on behalf of all users, for this you need to add to ///etc/sudoers// the line: <code>% wheel ALL=(ALL) NOPASSWD: ALL</code>
    -  - To provide remote access via SSH and set restrictions on valid IP addresses from the list: <code> 45.151.108.0/22, 94.140.198.64/27, 78.140.234.98, 193.218.143.187, 93.100.47.212, 93.100.73.160, 77.247170.13491.197.172.2, 46.243.181.24293.159.236.11 </code>+  - To provide remote access via SSH and set restrictions on valid IP addresses from the list: <code>45.151.108.0/23, 94.140.198.64/27, 193.218.143.187, 93.100.73.160, 78.140.234.9893.159.236.11, 46.243.181.3546.243.181.242</code>
     <code> <code>
    -iptables -A INPUT -m conntrack --ctstate RELATED, ESTABLISHED -j ACCEPT +<code> 
    -iptables -A INPUT -p tcp -s 45.151.108.0/22 ​​-m tcp --dport 22 -j ACCEPT + iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT 
    -iptables -A INPUT -p tcp -s 94.140.198.64/27 -m tcp --dport 22 -j ACCEPT + iptables -A INPUT -p tcp -s 45.151.108.0/23 -m tcp --dport 22 -j ACCEPT 
    -iptables -A INPUT -p tcp -s 78.140.234.98 -m tcp --dport 22 -j ACCEPT + iptables -A INPUT -p tcp -s 94.140.198.64/27 -m tcp --dport 22 -j ACCEPT 
    -iptables -A INPUT -p tcp -s 193.218.143.187 -m tcp --dport 22 -j ACCEPT + iptables -A INPUT -p tcp -s 193.218.143.187 -m tcp --dport 22 -j ACCEPT 
    -iptables -A INPUT -p tcp -s 93.100.47.212 -m tcp --dport 22 -j ACCEPT + iptables -A INPUT -p tcp -s 93.100.73.160 -m tcp --dport 22 -j ACCEPT 
    -iptables -A INPUT -p tcp -s 93.100.73.160 -m tcp --dport 22 -j ACCEPT + iptables -A INPUT -p tcp -s 78.140.234.98 -m tcp --dport 22 -j ACCEPT 
    -iptables -A INPUT -p tcp -s 77.247.170.134 -m tcp --dport 22 -j ACCEPT + iptables -A INPUT -p tcp -s 93.159.236.11 -m tcp --dport 22 -j ACCEPT 
    -iptables -A INPUT -p tcp -s 91.197.172.-m tcp --dport 22 -j ACCEPT + iptables -A INPUT -p tcp -s 46.243.181.35 -m tcp --dport 22 -j ACCEPT 
    -iptables -A INPUT -p tcp -s 46.243.181.242 -m tcp --dport 22 -j ACCEPT + iptables -A INPUT -p tcp -s 46.243.181.242 -m tcp --dport 22 -j ACCEPT 
    -iptables -A INPUT -p tcp -s 93.159.236.11 -m tcp --dport 22 -j ACCEPT + iptables -A INPUT -p tcp --dport 22 -j DROP 
    -iptables -A INPUT -p tcp --dport 22 -j DROP + service iptables save
    -service iptables save+
     </code> </code>
      
     If you are using firewalld: If you are using firewalld:
     <code> <code>
    -firewall-cmd --permanent --zone = public --add-rich-rule = 'rule family = "ipv4" source address = "45.151.108.0/22" service name = "ssh" accept' + firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="45.151.108.0/23" service name="ssh" accept' 
    -firewall-cmd --permanent --zone = public --add-rich-rule = 'rule family = "ipv4" source address = "94.140.198.64/27" service name = "ssh" accept' + firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="94.140.198.64/27" service name="ssh" accept' 
    -firewall-cmd --permanent --zone = public --add-rich-rule = 'rule family = "ipv4" source address = "78.140.234.98" service name = "ssh" accept' + firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="193.218.143.187" service name="ssh" accept' 
    -firewall-cmd --permanent --zone = public --add-rich-rule = 'rule family = "ipv4" source address = "193.218.143.187" service name = "ssh" accept' + firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="93.100.73.160" service name="ssh" accept' 
    -firewall-cmd --permanent --zone = public --add-rich-rule = 'rule family = "ipv4" source address = "93.100.47.212" service name = "ssh" accept' + firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="78.140.234.98" service name="ssh" accept' 
    -firewall-cmd --permanent --zone = public --add-rich-rule = 'rule family = "ipv4" source address = "93.100.73.160" service name = "ssh" accept' + firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="93.159.236.11" service name="ssh" accept' 
    -firewall-cmd --permanent --zone = public --add-rich-rule = 'rule family = "ipv4" source address = "77.247.170.134" service name = "ssh" accept' + firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="46.243.181.35" service name="ssh" accept' 
    -firewall-cmd --permanent --zone = public --add-rich-rule = 'rule family = "ipv4" source address = "91.197.172.2" service name = "ssh" accept' + firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="46.243.181.242" service name="ssh" accept' 
    -firewall-cmd --permanent --zone = public --add-rich-rule = 'rule family = "ipv4" source address = "46.243.181.242" service name = "ssh" accept' + firewall-cmd --zone=public --remove-service=ssh --permanent 
    -firewall-cmd --permanent --zone = public --add-rich-rule = 'rule family = "ipv4" source address = "93.159.236.11" service name = "ssh" accept' + firewall-cmd --reload
    -firewall-cmd --zone = public --remove-service = ssh --permanent +
    -firewall-cmd --reload+
     </code> </code>
     **!Save your settings as the server will be rebooted during installation!** \\ **!Save your settings as the server will be rebooted during installation!** \\