wiki.alphaframe.net

User Tools

Site Tools

Trace: lamobo_r1

Sidebar

linux:lamobo_r1

Table of Contents

Lamobo R1 Arch Linux Setup

The Device is also known as Banana Pi Router or BPi-R1

Scope of this guide installing Arch Linux and bringing up some basic router stuff.

The BPi-R1 had a security bug in design, there is no separation of WAN and LAN in booting phase.
This guide will only cover a “fixed” version, fix based on “lan2usb” device, just look for good driver support.
If you need to work without lan2usb, you have to deal with DSA (Distributed Switch Architecture) for port management.

During the installation process you will need to cross compile sunxi on your machine, you will also need a card reader.

uboot

Install uboot tools on your system to create a uboot image for your R1 

pacman -S community/uboot-tools

Cross-Compiler Toolchain

You will need a toolchain for compiling for arm-linux-gnueabihf architecture.
Check out linux-sunxi.org/Toolchain wiki for details if you don't run a Arch System
On Arch Linux based Systems you can use this AUR Package: arm-linux-gnueabihf-gcc
This part can take a long time

You might need this additional package: 

pacman -S extra/swig

Checkout stable uboot

Create a dir and checkout current stable uboot 

mkdir -p ~/uboot/lamobo_r1
cd ~/uboot/lamobo_r1
git clone https://github.com/trini/u-boot.git
cd ./uboot
git checkout v2018.01 # use current stable here

Build uboot

make CROSS_COMPILE=arm-linux-gnueabihf- Lamobo_R1_defconfig
make CROSS_COMPILE=arm-linux-gnueabihf-

If you end up with 

Traceback (most recent call last):
  File "./tools/binman/binman", line 32, in <module>
    import control
  File "/home/$USER/uboot/lamobo_r1/u-boot/tools/binman/control.py", line 16, in <module>
    import fdt
  File "/home/$USER/uboot/lamobo_r1/u-boot/tools/binman/../dtoc/fdt.py", line 13, in <module>
    import libfdt
  File "scripts/dtc/pylibfdt/libfdt.py", line 17, in <module>
    _libfdt = swig_import_helper()
  File "scripts/dtc/pylibfdt/libfdt.py", line 16, in swig_import_helper
    return importlib.import_module('_libfdt')
  File "/usr/lib/python2.7/importlib/__init__.py", line 37, in import_module
    __import__(name)
ImportError: No module named _libfdt
make: *** [Makefile:1148: u-boot-sunxi-with-spl.bin] Error 1

you need a working python2 instance. 

pacman -S extra/python2-virtualenv
virtualenv2 ~/uboot/lamobo_r1/py27env
source ~/uboot/lamobo_r1/py27env/bin/activate
#Start build process again
make CROSS_COMPILE=arm-linux-gnueabihf-
#deactivate env
deactivate

After this part you should have a file called: u-boot-sunxi-with-spl.bin in your work dir

Prepare SD card

Next step is to setup your SD card for your Lamobo

Clean up your SD card
If anything unwanted happened, you can always startover from this point 

dd if=/dev/zero of=/dev/sdX bs=1M count=8

Create Filesystem on SD

Time to bring the sd card up
Next you will create a single partition with fdisk, this will automatically create the partition table for you as well. 

fdisk /dev/sdX
mkfs.ext4 -O ^metadata_csum,^64bit /dev/sdX1

Copy uboot to SD

dd if=/path/to/u-boot-sunxi-with-spl.bin of=/dev/sdX bs=1024 seek=8

ARM Arch latest

Next we will copy the arch linux system to the sd card 

cd /tmp
wget https://archlinuxarm.org/os/ArchLinuxARM-armv7-latest.tar.gz
mount /dev/sdX /mnt/
bsdtar -xpf ArchLinuxARM-armv7-latest.tar.gz -C /mnt/

boot.scr

Create file /mnt/boot/boot.cmd with the following content 

setenv bootargs  console=ttyS0,115200 console=tty0 root=/dev/mmcblk0p1 rootwait panic=10 rootfstype=ext4 rw 
ext2load mmc 0 0x49000000 /boot/dtbs/sun7i-a20-lamobo-r1.dtb
ext2load mmc 0 0x46000000 /boot/zImage
bootz 0x46000000 - 0x49000000

Build boot.scr with 

mkimage -C none -A arm -T script -d /mnt/boot/boot.cmd /mnt/boot/boot.scr

* Unmount /dev/sdX
* Put the SD-Card in the Lamobo

Router setup

At this point, you have a booting and working BPi-R1.
Login to your R1, the default is root:root.
Of course you can do this via SSH but you can't login as root by default, you will need to create a user on your router and put him in the wheel group.
There is also a user alarm with password alarm by default, you could use this, but remember to change the password or remove the user if not needed.

Install basic needs 

pacman -S community/rxvt-unicode-terminfo # only need if you use urxvt
pacman -S extra/vim
pacman -S extra/bash-completion
pacman -S community/hostapd
pacman -S extra/dnsmasq
pacman -S extra/metalog
pacman -S core/mlocate

Disable bootscreen clean

mkdir /etc/systemd/system/getty@tty1.service.d/
echo -e "[Service]\nTTYVTDisallocate=no" > /etc/systemd/system/getty@tty1.service.d/noclear.conf

Network Configuration

dnsmasq

/etc/dnsmasq.conf 

interface=eth0
interface=wlan0
interface=lo
no-dhcp-interface=eth1
 
dhcp-range=eth0,10.10.1.100,10.10.1.200,120h
dhcp-range=wlan0,10.10.2.60,10.10.2.200,120h
 
 
domain=intern
bogus-priv
domain-needed
expand-hosts
dhcp-authoritative
 
 
 
#https://tools.ietf.org/html/rfc2132#section-3.8
#default dns
dhcp-option=eth0,6,10.10.1.1
dhcp-option=wlan0,6,10.10.2.1
 
#broadcast
dhcp-option=eth0,28,10.10.1.255
dhcp-option=wlan0,28,10.10.2.255
 
# Set subnet mask
dhcp-option=eth0,1,255.255.255.0
dhcp-option=wlan0,1,255.255.255.0
 
# Set the "all subnets are local" flag
dhcp-option=27,1
 
 
resolv-file=/etc/resolv_dnsmasq.conf
 
 
#Leases
dhcp-host=9c:5c:ff:ff:ff:ff,ClientA,10.10.1.3,infinite
dhcp-host=00:1b:ff:ff:ff:ff,ClientB,10.10.2.4,infinite

/etc/resolv_dnsmasq.conf (use your favorite DNS here) 

nameserver 85.214.20.141
nameserver 204.152.184.76
nameserver 2001:4f8:0:2::14
nameserver 194.150.168.168

Basic firewall

not a firewall at all, but for managing basic network stuff, just merge your rules in
/usr/local/bin/firewall basic firewall script 

#!/bin/bash
 
LOGLIMIT=1
IPTABLES=/sbin/iptables
 
IF_LAN=eth0
IF_WAN=eth1
IF_WIFI=wlan0
 
 
#load modules
modprobe ip_tables
modprobe ip_conntrack
 
 
case "$1" in
stop)
    #=========================
    # Alle Regeln loeschen
    #=========================
    $IPTABLES -F
    $IPTABLES -X
   #=========================
    # Default Policy auf ACCEPT setzen
    #=========================
    $IPTABLES -P INPUT   ACCEPT
    $IPTABLES -P FORWARD ACCEPT
    $IPTABLES -P OUTPUT  ACCEPT
 
    /usr/sbin/sysctl -w net.ipv4.ip_forward=0
    /usr/sbin/sysctl -w net.ipv6.conf.all.forwarding=0
    exit 0
    ;;
 
start)
     /usr/sbin/sysctl -w net.ipv4.ip_forward=1
    /usr/sbin/sysctl -w net.ipv6.conf.all.forwarding=1
    #=========================
    # Alle Regeln loeschen
    #=========================
    $IPTABLES -F
    $IPTABLES -X
 
       ####basic routing
        $IPTABLES -t nat -A POSTROUTING -s 10.0.0.0/16 -o $IF_WAN -j MASQUERADE
        $IPTABLES -A INPUT -i $IF_WAN -m state --state RELATED,ESTABLISHED -j ACCEPT
        $IPTABLES -A FORWARD -i $IF_WAN -o $IF_LAN -m state --state ESTABLISHED,RELATED -j ACCEPT
        $IPTABLES -A FORWARD -i $IF_WAN -o $IF_WIFI -m state --state ESTABLISHED,RELATED -j ACCEPT
 
    #=========================
    # Default Policy setzen
    #=========================
    $IPTABLES -P INPUT   ACCEPT
    $IPTABLES -P FORWARD ACCEPT
    $IPTABLES -P OUTPUT  ACCEPT
 
   exit 0
    ;;
*)
        echo "Usage: `basename $0` {start | stop}" >&2
        exit 64
        ;;
esac
 
exit 0

Network ports

Ports already configured through DSA (Distributed Switch Architecture)
You can use eth0 as a bridge for all LAN and the WAN port.
/etc/systemd/system/network-lamobo.service 

[Unit]
Description=Config ethernet switch
Wants=network.target
Before=network.target
 
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/bin/modprobe br_netfilter
ExecStart=/usr/bin/ip link set eth0 up
ExecStart=/usr/bin/ip addr add 10.0.1.1/24 dev eth0
 
#start firewall (need for routing)
ExecStart=/usr/bin/local/firewall start
 
ExecStop=/usr/bin/ip link set dev eth0 down
 
[Install]
WantedBy=multi-user.target

Wireless

create a service file for systemd
/etc/systemd/system/network-wlan0.service 

[Unit]
Description=Start Wifi
Requires=sys-subsystem-net-devices-wlan0.device
After=sys-subsystem-net-devices-wlan0.device dbus.service
Before=hostapd.service
 
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/bin/ip link set wlan0 up
ExecStart=/usr/bin/ip addr add 10.0.2.1/24 dev wlan0
 
 
ExecStop=/usr/bin/ip link set dev wlan0 down
 
[Install]
WantedBy=multi-user.target

Hostapd

cat /etc/hostapd/hostapd.conf 

ssid=BPI-R1
wpa_passphrase=PA$$WORD
 
ctrl_interface=/run/hostapd.pid
interface=wlan0
driver=nl80211
hw_mode=g
channel=11
 
# ESSID visibile 0=on / 1=off
ignore_broadcast_ssid=0
 
country_code=DE
#limit the frequencies to those allowed in country
ieee80211d=1
 
# Beacons
beacon_int=100
dtim_period=2
 
# MAC-Auth
macaddr_acl=0
 
# max. clients
max_num_sta=20
 
# package size
rts_threshold=2347
fragm_threshold=2346
 
 
# Auth options
auth_algs=1 # 1=wpa, 2=wep, 3=both
 
# encryption (only WPA2)
wpa=2
rsn_preauth=1
rsn_preauth_interfaces=wlan0
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP
 
# keyexchange
wpa_group_rekey=600
wpa_ptk_rekey=600
wpa_gmk_rekey=86400

systemd dhcp

replace unwanted network config in systemd.
/etc/systemd/network/eth1.network (replace name with your usb ethernet dev in this part) 

[Match]
Name=eth1
 
[Network]
DHCP=yes

/etc/systemd/network/eth0.network (disable dhcp on this dev) 

[Match]
Name=eth0
 
[Network]
DHCP=no

/etc/systemd/network/wlan0.network 

[Match]
Name=wlan0
 
[Network]
DHCP=no

remove unwanted config (optional) 

rm /etc/systemd/network/en.network

Enable your network configuration

systemctl enable network-lamobo
systemctl enable network-wlan0
systemctl enable hostapd
systemctl enable dnsmasq

known issues

  • The wireless performance is unsatisfying.
linux/lamobo_r1.txt · Last modified: 2018/08/10 14:13 by karloff

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
GNU Free Documentation License 1.3 Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki