The Device is also known as Banana Pi Router or BPi-R1
Scope of this guide installing Arch Linux and bringing up some basic router stuff.
The BPi-R1 had a security bug in design, there is no separation of WAN and LAN in booting phase.
This guide will only cover a “fixed” version, fix based on “lan2usb” device, just look for good driver support.
If you need to work without lan2usb, you have to deal with DSA (Distributed Switch Architecture) for port management.
During the installation process you will need to cross compile sunxi on your machine, you will also need a card reader.
Install uboot tools on your system to create a uboot image for your R1
pacman -S community/uboot-tools
You will need a toolchain for compiling for arm-linux-gnueabihf architecture.
Check out linux-sunxi.org/Toolchain wiki for details if
you don't run a Arch System
On Arch Linux based Systems you can use this AUR Package: arm-linux-gnueabihf-gcc
This part can take a long time
You might need this additional package:
pacman -S extra/swig
Create a dir and checkout current stable uboot
mkdir -p ~/uboot/lamobo_r1 cd ~/uboot/lamobo_r1 git clone https://github.com/trini/u-boot.git cd ./uboot git checkout v2018.01 # use current stable here
make CROSS_COMPILE=arm-linux-gnueabihf- Lamobo_R1_defconfig make CROSS_COMPILE=arm-linux-gnueabihf-
If you end up with
Traceback (most recent call last): File "./tools/binman/binman", line 32, in <module> import control File "/home/$USER/uboot/lamobo_r1/u-boot/tools/binman/control.py", line 16, in <module> import fdt File "/home/$USER/uboot/lamobo_r1/u-boot/tools/binman/../dtoc/fdt.py", line 13, in <module> import libfdt File "scripts/dtc/pylibfdt/libfdt.py", line 17, in <module> _libfdt = swig_import_helper() File "scripts/dtc/pylibfdt/libfdt.py", line 16, in swig_import_helper return importlib.import_module('_libfdt') File "/usr/lib/python2.7/importlib/__init__.py", line 37, in import_module __import__(name) ImportError: No module named _libfdt make: *** [Makefile:1148: u-boot-sunxi-with-spl.bin] Error 1
you need a working python2 instance.
pacman -S extra/python2-virtualenv virtualenv2 ~/uboot/lamobo_r1/py27env source ~/uboot/lamobo_r1/py27env/bin/activate #Start build process again make CROSS_COMPILE=arm-linux-gnueabihf- #deactivate env deactivate
After this part you should have a file called: u-boot-sunxi-with-spl.bin in your work dir
Next step is to setup your SD card for your Lamobo
Clean up your SD card
If anything unwanted happened, you can always startover from this point
dd if=/dev/zero of=/dev/sdX bs=1M count=8
Time to bring the sd card up
Next you will create a single partition with fdisk, this will automatically create the partition table for you as well.
fdisk /dev/sdX mkfs.ext4 -O ^metadata_csum,^64bit /dev/sdX1
dd if=/path/to/u-boot-sunxi-with-spl.bin of=/dev/sdX bs=1024 seek=8
Next we will copy the arch linux system to the sd card
cd /tmp wget https://archlinuxarm.org/os/ArchLinuxARM-armv7-latest.tar.gz mount /dev/sdX /mnt/ bsdtar -xpf ArchLinuxARM-armv7-latest.tar.gz -C /mnt/
Create file /mnt/boot/boot.cmd with the following content
setenv bootargs console=ttyS0,115200 console=tty0 root=/dev/mmcblk0p1 rootwait panic=10 rootfstype=ext4 rw ext2load mmc 0 0x49000000 /boot/dtbs/sun7i-a20-lamobo-r1.dtb ext2load mmc 0 0x46000000 /boot/zImage bootz 0x46000000 - 0x49000000
Build boot.scr with
mkimage -C none -A arm -T script -d /mnt/boot/boot.cmd /mnt/boot/boot.scr
* Unmount /dev/sdX
* Put the SD-Card in the Lamobo
At this point, you have a booting and working BPi-R1.
Login to your R1, the default is root:root.
Of course you can do this via SSH but you can't login as root by default, you will need to create a user
on your router and put him in the wheel group.
There is also a user alarm with password alarm by default, you could use this, but remember to change the password or remove the user if not needed.
Install basic needs
pacman -S community/rxvt-unicode-terminfo # only need if you use urxvt pacman -S extra/vim pacman -S extra/bash-completion pacman -S community/hostapd pacman -S extra/dnsmasq pacman -S extra/metalog pacman -S core/mlocate
mkdir /etc/systemd/system/getty@tty1.service.d/ echo -e "[Service]\nTTYVTDisallocate=no" > /etc/systemd/system/getty@tty1.service.d/noclear.conf
/etc/dnsmasq.conf
interface=eth0 interface=wlan0 interface=lo no-dhcp-interface=eth1 dhcp-range=eth0,10.10.1.100,10.10.1.200,120h dhcp-range=wlan0,10.10.2.60,10.10.2.200,120h domain=intern bogus-priv domain-needed expand-hosts dhcp-authoritative #https://tools.ietf.org/html/rfc2132#section-3.8 #default dns dhcp-option=eth0,6,10.10.1.1 dhcp-option=wlan0,6,10.10.2.1 #broadcast dhcp-option=eth0,28,10.10.1.255 dhcp-option=wlan0,28,10.10.2.255 # Set subnet mask dhcp-option=eth0,1,255.255.255.0 dhcp-option=wlan0,1,255.255.255.0 # Set the "all subnets are local" flag dhcp-option=27,1 resolv-file=/etc/resolv_dnsmasq.conf #Leases dhcp-host=9c:5c:ff:ff:ff:ff,ClientA,10.10.1.3,infinite dhcp-host=00:1b:ff:ff:ff:ff,ClientB,10.10.2.4,infinite
/etc/resolv_dnsmasq.conf (use your favorite DNS here)
nameserver 85.214.20.141 nameserver 204.152.184.76 nameserver 2001:4f8:0:2::14 nameserver 194.150.168.168
not a firewall at all, but for managing basic network stuff, just merge your rules in
/usr/local/bin/firewall
basic firewall script
#!/bin/bash LOGLIMIT=1 IPTABLES=/sbin/iptables IF_LAN=eth0 IF_WAN=eth1 IF_WIFI=wlan0 #load modules modprobe ip_tables modprobe ip_conntrack case "$1" in stop) #========================= # Alle Regeln loeschen #========================= $IPTABLES -F $IPTABLES -X #========================= # Default Policy auf ACCEPT setzen #========================= $IPTABLES -P INPUT ACCEPT $IPTABLES -P FORWARD ACCEPT $IPTABLES -P OUTPUT ACCEPT /usr/sbin/sysctl -w net.ipv4.ip_forward=0 /usr/sbin/sysctl -w net.ipv6.conf.all.forwarding=0 exit 0 ;; start) /usr/sbin/sysctl -w net.ipv4.ip_forward=1 /usr/sbin/sysctl -w net.ipv6.conf.all.forwarding=1 #========================= # Alle Regeln loeschen #========================= $IPTABLES -F $IPTABLES -X ####basic routing $IPTABLES -t nat -A POSTROUTING -s 10.0.0.0/16 -o $IF_WAN -j MASQUERADE $IPTABLES -A INPUT -i $IF_WAN -m state --state RELATED,ESTABLISHED -j ACCEPT $IPTABLES -A FORWARD -i $IF_WAN -o $IF_LAN -m state --state ESTABLISHED,RELATED -j ACCEPT $IPTABLES -A FORWARD -i $IF_WAN -o $IF_WIFI -m state --state ESTABLISHED,RELATED -j ACCEPT #========================= # Default Policy setzen #========================= $IPTABLES -P INPUT ACCEPT $IPTABLES -P FORWARD ACCEPT $IPTABLES -P OUTPUT ACCEPT exit 0 ;; *) echo "Usage: `basename $0` {start | stop}" >&2 exit 64 ;; esac exit 0
Ports already configured through DSA (Distributed Switch Architecture)
You can use eth0 as a bridge for all LAN and the WAN port.
/etc/systemd/system/network-lamobo.service
[Unit] Description=Config ethernet switch Wants=network.target Before=network.target [Service] Type=oneshot RemainAfterExit=yes ExecStart=/usr/bin/modprobe br_netfilter ExecStart=/usr/bin/ip link set eth0 up ExecStart=/usr/bin/ip addr add 10.0.1.1/24 dev eth0 #start firewall (need for routing) ExecStart=/usr/bin/local/firewall start ExecStop=/usr/bin/ip link set dev eth0 down [Install] WantedBy=multi-user.target
create a service file for systemd
/etc/systemd/system/network-wlan0.service
[Unit] Description=Start Wifi Requires=sys-subsystem-net-devices-wlan0.device After=sys-subsystem-net-devices-wlan0.device dbus.service Before=hostapd.service [Service] Type=oneshot RemainAfterExit=yes ExecStart=/usr/bin/ip link set wlan0 up ExecStart=/usr/bin/ip addr add 10.0.2.1/24 dev wlan0 ExecStop=/usr/bin/ip link set dev wlan0 down [Install] WantedBy=multi-user.target
cat /etc/hostapd/hostapd.conf
ssid=BPI-R1 wpa_passphrase=PA$$WORD ctrl_interface=/run/hostapd.pid interface=wlan0 driver=nl80211 hw_mode=g channel=11 # ESSID visibile 0=on / 1=off ignore_broadcast_ssid=0 country_code=DE #limit the frequencies to those allowed in country ieee80211d=1 # Beacons beacon_int=100 dtim_period=2 # MAC-Auth macaddr_acl=0 # max. clients max_num_sta=20 # package size rts_threshold=2347 fragm_threshold=2346 # Auth options auth_algs=1 # 1=wpa, 2=wep, 3=both # encryption (only WPA2) wpa=2 rsn_preauth=1 rsn_preauth_interfaces=wlan0 wpa_key_mgmt=WPA-PSK rsn_pairwise=CCMP # keyexchange wpa_group_rekey=600 wpa_ptk_rekey=600 wpa_gmk_rekey=86400
replace unwanted network config in systemd.
/etc/systemd/network/eth1.network (replace name with your usb ethernet dev in this part)
[Match] Name=eth1 [Network] DHCP=yes
/etc/systemd/network/eth0.network (disable dhcp on this dev)
[Match] Name=eth0 [Network] DHCP=no
/etc/systemd/network/wlan0.network
[Match] Name=wlan0 [Network] DHCP=no
remove unwanted config (optional)
rm /etc/systemd/network/en.network
systemctl enable network-lamobo systemctl enable network-wlan0 systemctl enable hostapd systemctl enable dnsmasq