Image Image Image Image Image Image Image Image Image Image

This 8-Bit Life | September 27, 2016

Scroll to top



Connect to GNS3 from the Internet! - This 8-Bit Life

Connect to GNS3 from the Internet!
  • On April 13, 2014

As if there wasn’t already endless possibilities to GNS3, today I want to take it one step further and show you how to access your GNS3 networks via the internet. I searched all over for a tutorial on how to do this but I could not find anything exactly like what I wanted to do. So I pieced a bunch of articles and videos together to create a single

“how to”.

Connecting to a GNS3 lab from the internet; why?

Well I will give you the reason I wanted to do it and then you can come up with your own reasons. I wanted to have a way to work on labs from anywhere. I also wanted a way to create a lab with bugs and then allow friends a chance to fix the lab without moving typologies and files around, adding another way to study.

You will need to have GNS3 up and running. I will not be covering how to set up GNS3. I will presume you have everything in order to run GNS3 normally on windows.

  1. First thing we will do is create two Microsoft loopback adapters. Yes two! Go to Computer Management- Device manager- right click your device name- click add legacy hardware.


2. Now click Install manually- next


3. Now click Network adapters- next


4. Next scroll down and highlight Microsoft- then find Loopback Adapter- click on it then click next


5. Click next then click finish. Once the install is complete restart your PC to ensure the Adapter will be properly identified by GNS3.

6. Now we will bridge the physical adapter to one of our loopback adapters (I have renamed my loopbacks to make it easier to ID them), I will be using Loopback0 to bridge to the outside world and Loopback1 to turn our router into a terminal server to allow us OOB (Out of Band, not Out of Body) access to all of our devices on the GNS3 work space. To bridge them, just hold “Ctrl” and click on both, now that both are highlighted, right click on either and select bridge. You will see another icon pop up labeled bridge. And that’s it for that one.

Now for our LoopBack1 we need to assign it an IP, I used with a mask. On the router side I will use to change the IP on the loopback1 adapter right click- scroll down to ipv4 select it, properties, click the manual IP assignment radial button and assign the IP. (You can use whatever you want just not the range)


7. Now let’s add the magic that allows you to reach the GNS3 network from the internet. First you will need to access your home router (assuming you have one because it would be insane if you were reading this and you do not have a wireless router at home o_O)

On this model, the port forwarding is listed under applications and gaming. Yours may differ but you are looking for “Port-forwarding.” Here we named our application “SSH.” The SSH protocol by default uses port 22. So I will forward port 22 traffic to the IP we assign to our GNS3 router Fa0/0 interface. Fa0/0 will be the interface we will be plugging into the cloud (more on that coming up). Enable the rule and save.


8. Now you will need to determine your Public IP address. Google will tell you, if you ask.


So now we have our public IP.  We can use this IP on port 22 to then SSH to our GNS3 router via the internet.


Next is to set up our GNS3 router. Here is the topology we will be using.  I will break down each part.


9. Let’s configure and add our Loopbacks to the Cloud first




10. Go ahead and cable them up and power on your router. Here is the config

conf t
hostname TerminalServer
no ip domain-lookup
int f0/0
ip add
no shut
int f0/1
ip add
no shut
ip route
ip route FastEthernet0/1
ip route FastEthernet0/0
ip domain name
crypto key generate rsa
should see this---> %SSH-5-ENABLED: SSH 1.99 has been enabled
line con 0
login local
logging synchronous
no exec-timeout
line vty 0 4 
login local
logging synchronous
no exec-timeout
username gns3 secret t8bl
enable secret t8bl
banner login #
 ______ __ ____ __ 
/\__ _\/'_ `\ /\ _`\ /\ \ 
\/_/\ \/\ \L\ \\ \ \L\ \\ \ \ 
 \ \ \/_> _ <_\ \ _ <'\ \ \ __ 
 \ \ \/\ \L\ \\ \ \L\ \\ \ \L\ \
 \ \_\ \____/ \ \____/ \ \____/
 \/_/\/___/ \/___/ \/___/.com #

11. Now we are ready to login from the internet. Open up your terminal emulator and set it up to use your public IP on port 22 and password only. Then connect.


You should be prompted to accept the self-signed RSA certificate we created and then you will be prompted again for the username and password we created as well.



BAM you are hitting your GNS3 Terminal Server from the Internet!

Since we set up the second Loopback, we can access any running device on the work space, even if we totally botch the configs while we are practicing something. (Hover your mouse over a device to view the console port.


You can see that even with R2 not connected to anything, we still have that OOB connection. It may be worth noting that GNS3 may not always use the same port numbers for consoles when you first drag your devices out. After you set them all up you can note what device is using what port and then save. When you load that topology up again the ports will be the same. If you want to earn some serious cool points with your co workers, download a ssh client/terminal emulator to your phone and log into your GNS3 lab… Mind=blown!

So now we have an Internet reachable OOB Terminal Server on GNS3!!!

I thank you for reading, see you next time for “The Poor Man’s guide to a Complete Network Management Deployment.” We will open source the @#$% out of a network and see if we can compete with the big boys of the network monitoring world!!!



Real quick add on for a request to use a web browser to connect.

First go grab the freeSecure Shell app” from Google and add it to your apps (must be signed into your gmail account)

The open the app and type in the username you created on your GNS3 router, along with your public IP address (google “what is my IP address” to figure out what it is)




At this point you will need to accept the self signed RSA key(***key note: if you look at the below screen shoot you will see this error, this is because we only created a 512 bit RSA key when we first built the Terminal server router. we will need to create a larger key and then we MUST clear this old key from chrome)


Create the larger key (Google Secure Shell asked for a minimum of 768 Bit) So I have opened a connection to the terminal server and re-built the key. (If this command is not the exact same on the IOS you are running, try “?” a few times with different variations of the “crypto key gen rsa” command. make sure you have you domain-name set as well.


Now lets delete the old RSA key out of Chrome so we do not get the “Nasty” error

We must open the Java console while on the Secure shell tab


then type



This will delete the old RSA and you can now hit “R” to reconnect


The nice thing is once you have it all working anyone with the “Secure Shell” app can access the terminal server without having to download and install client software.

Enjoy :)


Next Story

This is the most recent story.


  1. IceWulf

    There is a much simpler and more powerful way to do this – this is dependent on GNS3 router not crashing and it won’t allow for massive topologies easily. – especially if you add a router to the mix for instance.

    • Jacob

      IceWolf thx for checking out my article. this is one of the reasons I wanted to post my article in the open, to see if others had done something similar. So how have you been able to create a remote/internet accessible console server?. also GNS3 I hate to say it is always dependent on the router (program) not crashing. I can say that with a windows7 box running an i7 and 8GB mem I have not crashed with about 15 3700 IOS’s running… including all the bells and whistles.

  2. Richard

    Were does the IP come from after bridging?

    • Jacob

      Richard thx for reading. So the .114 in this case i just a unused IP from my home networks IP range. So I checked the DHCP table on my home router (my trusty little Linksys) and grabbed an IP address that what unused and then statically assigned it to the Fa0/0 interface. Then once you plug Fa0/0 into the cloud/Loopback0 in my example and Loopback0 is then bridged to your computers actual network adapter you then have the internet reachability portion complete. hope this helps. let me know if you need anything else!

  3. hi
    this exactly what im looking for !!!!
    but i have a question from can we open the terminal emulator to connect or to open the router console in gns3??

    • Jacob

      Albalushi, I am glad this helped you out!. So in my example I am opening the terminal emulator(I use SecureCRT) and then connecting remotely to the “console server” we built giving me out of band(OOB) access. Meaning the device dose not need to have any configs, just needs to be on). From the console server you can use Reverse telnet to access anything running on your topology. the key is knowing the console ports of your running devices. What I will do sometimes is have the console port info listed in the “exec banner” so then after I login to the console server I can navigate around. And then of course if you don’t mess up your configs or you restore connectivity to a broken network you then can telnet directly between devices. If you look in the example I show how you can hover your mouse over any device and it will display the console port.

  4. hello
    m very happy to see your reply
    i have a competition that will be held on 5th may and my idea was to help our student to open the gns3 via internet or a website i have created
    i want to provide a link in my website the immediate open the router console in gns3
    and m trying to find out for weeks but i still didn’t find the way and i felt the u have posted i similar idea
    i really need ur help
    i appreciate that

  5. and when i type the crypto command to enable the ssh in the router i get an error msg that its not recognized

    and when i try to telnet from the secureCRT terminal emulator i get the wrong username and pass

    • Jacob

      Albalushi, I added in something similar to what you were describing. hope that helps you in your search for web accessibility. as for your crypto command not working try:
      router#conf t
      router(config)#crypto ?

      just to see the correct syntax for your IOS. might try checking as well for your IOS’s specific syntax to create crypto keys.

  6. Love to see the cool ways people make use of GNS3! Effectively what you have done is made a router a ssh server for your PC (I could be unkind and add “to make up for the fact that Windows doesn’t give you one”). But hey – what a creative way to do it. But indeed, as IceWulf said (without elaborating) there is a (possibly) more simple way of doing this – by installing a ssh server on your PC – on OS X or Linux I’d use open-ssh but open-ssh for Windows requires cygwin, so starts to get messy. I have no idea how good freesshd ( is, but that might be a simpler solution).

    • Jacob

      Hey Chris thx for the reply! I guess I haven’t attempted to do it that way(plotting) I may give that a shot and see how the two methods compare in setup and functionality. book marked your site as well, ill do some reading :)

  7. Andrea

    Hi Jacob!Great description!I have a problem, I followed every step of your tutorial, but I’m not able at the end to ping the Internet from the router:

    TerminalServer#sh ip int bri
    Interface IP-Address OK? Method Status Protocol
    FastEthernet0/0 YES manual up up
    FastEthernet1/0 YES manual up up
    TerminalServer#ping source fa0/0

    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to, timeout is 2 seconds:
    Packet sent with a source address of
    Success rate is 0 percent (0/5)
    TerminalServer#sh run | s ip route
    ip route
    ip route FastEthernet1/0
    ip route FastEthernet0/0

Submit a Comment