🖥️ Step-by-Step Guide to Installing and Configuring an IP Address Manager

An IP Address Manager (IPAM) is a tool or software solution that helps in managing, tracking, and organizing IP addresses within a network. It allows administrators to assign, monitor, and audit IP addresses efficiently, ensuring there are no conflicts and that the network runs smoothly. For your blog, you could use an IP Address Manager to ensure that your site's backend infrastructure is properly configured and to prevent any potential IP-related issues that might disrupt the accessibility or security of your site.

📜 Open-source IP address managers

When implementing a solution to a problem, such as saving and maintaining IP addresses, I always start by looking for an open-source project that is actively maintained. Opting for open-source software offers several advantages. The main being that open-source projects are often developed by a community of contributors, ensuring that the software is continually improved and adapted to meet user needs. This community-driven approach leads to greater transparency, as the code is available for anyone to inspect, modify, and enhance, which fosters innovation and security.

🔍 What are the options?

The following open-source and free to use IP Address Managers (IPAMs) are available at the time of writing this article.

1. phpIPAM: is developed by Miha Petkovsek, a network engineer, and is now maintained by a community of contributors with regular updates and contribution from the community on its GitHub repository.

2. NetBox: was initially developed by DigitalOcean, a cloud infrastructure provider, to manage their own infrastructure needs. NetBox continues to be actively maintained, now by a broader community of contributors, with the NetBox community and maintainers overseeing the project’s development.

3. GestióIP: is developed by the Catalan company NEXUS-IT. The project is still maintained by NEXUS-IT, although it sees less frequent updates compared to some other IPAMs.

4. NIPAP (Neat IP Address Planner): was originally created by the Swedish company Spotify, specifically by staff network engineers. NIPAP is currently maintained by a small community of contributors. While not as actively updated as some others, it still receives updates and support from its users.

5. OpenIPAM: was developed by the University of Utah’s Center for High Performance Computing. The project is primarily maintained by the University of Utah, with contributions from other users. It is still maintained, although updates are less frequent.

While phpIPAM and NetBox are my favorite open-source IPAMs, we will be using phpIPAM in this tutorial.

🚀 Getting started with phpIPAM

⚙️ Step 1: Set-up Ubuntu VM or container

Start by setting up the base Ubuntu 22.04 VM or container, of course you can also install Ubuntu on bare metal, meaning without a hypervisor. In this example I will be using Proxmox as the (type 1) hypervisor using the configuration down below.

🛠️ Step 2: Configuring Ubuntu

Once the base Ubuntu VM or container is configured, first step is to login in using SSH or a console session. Personally I like to change the hostname to make it descriptive of its function. You can change the default hostname by renaming the current hostname in the following configuration files.

sudo nano /etc/hostname
sudo nano /etc/hosts

After that, reboot to apply the changes.
sudo reboot

Once rebooted, update the package index and installed packages to ensure the latest (security) patches, bug fixes and latest stable features.

sudo apt update && sudo apt upgrade

After that is done, install the packages that PHP IPAM relies on. Personally I have found issues installing all packages in one go, so these are split up.

sudo apt install curl wget zip git -y
sudo apt install apache2 mariadb-server mariadb-client -y

Once the packages are installed, now install all the PHP modules to be able to make phpIPAM work.

sudo add-apt-repository ppa:ondrej/php
sudo apt update
sudo apt install php8.2 php8.2-curl php8.2-common php8.2-gmp php8.2-mbstring php8.2-gd php8.2-xml php8.2-mysql php8.2-ldap php-pear -y

• pdo, pdo_mysql : Adds support for mysql connections

• session : Adds persistent session support

• sockets : Adds sockets support

• openssl : Adds openSSL support

• gmp : Adds support for dev-libs/gmp (GNU MP library) -> to calculate IPv6 networks

• ldap : Adds LDAP support (Lightweight Directory Access Protocol – for AD also)

• crypt : Add support for password encryption

• SimpleXML: Support for SimpleXML (optional, for RIPE queries and if required for API)

• json: Enable JSON support

• gettext: Enables translation

• filter : Adds filtering support

• pcntl : Add support for process creation functions (optional, required for scanning)

• cli : Enable CLI (optional, required for scanning and status checks)

• mbstring : Enable mbstring support

🛠️ Step 3: Configuring MariaDB

Now execute the secure configuration of the MariaDB installation that the IPAM will store all content on. I experienced issues executing the configuration when no password is setup for the root user yet, for that reason I switched to the root user using sudo su.

sudo su
mysql_secure_installation

Now setup a secure password for the root user and follow the next steps.

Switch to unix_socket authentication [Y/n] y
Change the root password [Y/n] y

Now enter a secure password for the root user, twice

Remove anonymous users? [Y/n] y
Disallow root login remotely > [Y/n] y
Remove test database and access to it? [Y/n] y
Reload privilege tables now? [Y/n] y

After that is done, log in to MariaDB using the root user.

mysql -u root -p

Now its time to create a database for phpIPAM using the following commands. Where it says <insert password> you will need to provide the new password for the php_ipam_rw database user that we will use to configure phpIPAM with.

CREATE DATABASE phpipam; 
GRANT ALL PRIVILEGES ON phpipam.* TO 'php_ipam_rw'@'localhost' IDENTIFIED BY '<insert password>';
FLUSH PRIVILEGES; 
EXIT;

🛠️ Step 4: Install phpIPAM

sudo git clone https://github.com/phpipam/phpipam.git /var/www/html/phpipam
cd /var/www/html/phpipam

Use the latest stable version

sudo git checkout "$(git tag --sort=v:tag | tail -n1)"

Change owner of phpIPAM installation folder

sudo chown -R www-data:www-data /var/www/html/phpipam

Copy the default config to the production config location. Make sure you are still in the /var/www/html/phpipam directory.

sudo cp config.dist.php config.php
sudo nano config.php

Edit the config, making sure to define the BASE variable.

$db['host'] = '127.0.0.1';
$db['user'] = 'php_ipam_rw';
$db['pass'] = 'Correct&stable@';
$db['name'] = 'phpipam';
$db['port'] = 3306;
define('BASE', "/phpipam/");

Enable mod_rewrite and restart Apache

sudo a2enmod rewrite
sudo systemctl restart apache2

🛠️ Step 5: Configure phpIPAM

Browse to the phpIPAM webserver http://<ip-address>/phpipam

Example: http://172.16.100.10/phpipam/

Click on New phpipam installation

Click on Automatic database installation

• MySQL/MariaDB username: php_ipam_rw

• MySQL/MariaDB password: <use the password you've setup>

• MySQL/MariaDB database location: 127.0.0.1

• MySQL/MariaDB database name: phpipam

• Advanced Options: Turn all options off (Drop existing database, Create new database, Set permissions)

Click on Install phpipam database, you will see a confirmation after that. Next, setup the password for the user 'Admin', setup the site title and site URL.

🛠️ Step 6: Start using phpIPAM

Log in to phpIPAM with the default user 'Admin' and the password you've setup for it.

# Backup IP address table, remove backups older than 10 days

crontab -e

@daily /usr/bin/mysqldump -u ipv6 -pipv6admin phpipam > /var/www/html/phpipam/db/bkp/phpipam_bkp_$(date +"\%y\%m\%d").db

@daily /usr/bin/find /var/www/html/phpipam/db/bkp/ -ctime +10 -exec rm {} \;