ProHoster > Pūnaewele > Nā Administration > Banana Pi R64 router - Debian, Wireguard, RKN

Banana Pi R64 router - Debian, Wireguard, RKN

ʻO ka Banana Pi 64 he kamepiula papa hoʻokahi e like me ka Raspberry Pi, akā me kekahi mau awa Ethernet, kahi e hiki ai ke hoʻololi iā ia i kahi alalai e pili ana i ka hoʻolaha Linux kumu nui.

Banana Pi R64 router - Debian, Wireguard, RKN

ʻAe, aia kahi Openwrt, akā aia kona mau pilikia ponoʻī, kona GUI a me CLI; Aia ʻo Mikrotik, akā loaʻa hou kāna GUI / CLI ponoʻī, a ʻaʻole hana ʻo Wireguard i waho o ka pahu ... Ma ke ʻano laulā, makemake wau i kahi alalai me nā hoʻonohonoho maʻalahi, ʻoiai e waiho ana i loko o ke kahua o Linux maʻamau, āu e hana nei. me kēlā me kēia lā.

Ma ka ʻatikala ma lalo o nā inoa BPI, R64, papa hoʻokahi, e manaʻo wau i ka mea like - ʻo ka Banana Pi R64 pākahi-papa ponoʻī.

Ke koho ʻana i kahi kiʻi. Hoʻoiho ma o eMMC

ʻO ke akamai mua loa e pono ai ʻoe e loaʻa i ka wā e hana pū ai me SBC ma ka laulā, a me ka R64 ma ke ʻano, ʻo ia hoʻi ke aʻo ʻana pehea e hoʻouka ai i kahi ʻōnaehana hana i loko a hiki ke launa pū me ia, no ka mea, ʻaʻohe awa o ka R64 no kahi nānā (HDMI, no ka laʻana). I ka wā i hāʻule ai nā mea a pau - Wifi, Ethernet, Bluetooth, USB, a me nā mea'ē aʻe i ho'ōki i ka hana. Aia kahi UART, ma o kaʻokoʻa e hiki ai iāʻoe keʻike mau i ka hewa, a holo pū kekahi mau kauoha mai ka console, inā pono.

Algorithm no ka hoʻopili ʻana iā R64 ma o USB-UART:

  • holo mākou i ka hale kūʻai ʻāpana lekiō no kahi kelepona USB-UART (PL2303, Serial-to-USB)
  • e hoʻohui i kekahi hopena USB i ke kamepiula, a ʻo kekahi, ʻo UART, i ka R64, me ʻekolu mau uea mai ʻehā, e like me ke kiʻi ma lalo.
  • holo i ka console computer sudo minicom

Ma hope o kēia, ma ka hapanui o nā hihia e ʻike ʻia ka console papa hoʻokahi = kūleʻa.
Hiki iā ʻoe ke ʻike i nā kikoʻī hou aku maanei.

Banana Pi R64 router - Debian, Wireguard, RKN

A laila, ʻo ke ala maʻalahi loa ka hoʻouka ʻana i ka ʻōnaehana hana mai kahi kāleka SD: download e loulou kiʻi a hoʻopiha iā ia:

unzip -p 2019-08-23-ubuntu-16.04-lite-preview-bpi-r64-sd-emmc.img.zip | pv | sudo dd of=/dev/mmcblk0 bs=10M status=noxfer

Hoʻokomo mākou i ke kāleka i loko o ka slot R64 SD, hoʻohuli, a nānā i ka console pili e hoʻouka mua ana i ka uboot, a laila hoʻouka Linux maʻamau.

ʻO kahi koho boot hou e hoʻohana ana i kahi kāleka 64Gb i kūkulu ʻia i loko o ka R8, i kapa ʻia eMMC. E like me nā ʻōlelo kuhikuhi ma ka wiki, kope mākou i ke kiʻi i ka hāmeʻa
/dev/mmcblk0 i BPI, hoʻomaka hou, wehe i ke kāleka SD, hoʻohuli hou i ka BPI ... ʻaʻole ia e hana. Pehea e hele ai i hope Boot select mai pilikia.

ʻO ka mea ʻoiaʻiʻo ʻo ka liʻiliʻi loa no ka BPI pono ʻoe e hoʻonohonoho i kahi hae kūikawā i hiki ke hoʻopaʻa ʻia mai kahi flash drive kūloko.

root@bpi-r64:~# ./mmc extcsd read /dev/mmcblk1 | grep 'PARTITION_CONFIG'
Boot configuration bytes [PARTITION_CONFIG: 0x00]
root@bpi-r64:~# ./mmc bootpart enable 1 1 /dev/mmcblk1
root@bpi-r64:~# ./mmc extcsd read /dev/mmcblk1 | grep 'PARTITION_CONFIG'
Boot configuration bytes [PARTITION_CONFIG: 0x48]

A laila, pono ʻoe e kākau i ka preloader i kahi ʻāpana boot kūikawā

root@bpi-r64:~# echo 0 > /sys/block/mmcblk0boot0/force_ro 
root@bpi-r64:~# dd if=preloader_evb7622_64_foremmc.bin of=/dev/mmcblk0boot0

Hoʻopuka ka mea hana R64 (Kina) i kēia binary maanei. ʻAʻole ʻike ʻia ka mea e hana ai (ʻaʻohe kumu kumu), akā ʻaʻole ia e hana me ka ʻole.

Ma keʻano laulā, ma hope o kēia, hoʻomaka nā kiʻi e hoʻouka mai eMMC. Inā makemake ʻoe e noʻonoʻo a hana i nā kiʻi mai ka ʻohi ʻana, a laila no nā hihia ʻelua (SD/eMMC) pono ʻoe e kākau i nā faila hou aku (preloader no ke kāleka SD, ATF, u-boot) i mea e hoʻouka ai i ka kernel. Aia nō kēia kumuhana ke ulu nei, akā no mākou ka mea nui he hana a maikaʻi.

I kēia manawa ke kiʻi nei au ma o eMMC, e ʻoiaʻiʻo, ʻaʻole wau e hoʻohana, ua lawa kahi kāleka SD, akā ua hoʻohana nui wau i ka manawa e hana ai, no laila e waiho i loko o ka ʻatikala.

Ke koho ʻana i kahi ʻōnaehana hana. Armbian

ʻO ka hana noi mua e hoʻomaka i kahi VPN, ʻo Wireguard maoli. Ua ʻike koke ʻia ma ka ʻaoʻao kernel ʻaʻole i hui ʻia a ʻaʻohe poʻo. Ua kūkulu hou au i ka kernel a, e like me kaʻu maʻamau me x86, hōʻuluʻulu i ka module kernel me DKMS. Eia nō naʻe, ʻo ka wikiwiki o ke kūkulu ʻana i nā mea pono liʻiliʻi ma ka arm64 ua pīhoihoi wau. A laila ua koi ʻia kekahi module kernel, etc. Ma ka laulā, ʻike ʻia nā mea a pau e pili ana i ka kernel ʻoi aku ka maikaʻi o ka ʻākoakoa ʻana ma kahi kamepiula x86 mahana, a laila hoʻoneʻe ʻia i ka R64 ma ke kope maʻalahi, rebooted a hoʻāʻo.

ʻO kekahi mea ʻē aʻe ka ʻāpana mea hoʻohana. I kaʻu hihia o ke koho ʻana iā Debian, aia nā mea āpau no ka hoʻolālā arm64 ma packages.debian.org a ʻaʻohe pono e kūkulu hou i kekahi mea.

I ʻole e hana i kahi kaʻa kaʻa ʻē aʻe, I awa Arawia ma BPI R64.
A i ʻole, ʻo kēia: ʻo Armbian ka mea hoʻohana, a lawe ʻia ka kernel mai ka waihona Frank-A. Hiki ke kiʻi ʻia ke kiʻi hou loa maanei.

Hoʻokō ʻia nā hana āpau i ka hoʻomohala ʻana i ka ʻāpana polokalamu o R64 hui. Ma ka ʻōlelo maʻamau, hoʻāʻo ka mea hana pono e hoʻolaha i ka router no Openwrt, akā hoʻomaikaʻi i ka hana a ka mea hoʻomohala ʻo Frank mai Kelemānia, pau koke nā hiʻohiʻona āpau i ka kernel no Debian. ʻO ka mea kupanaha, ʻeleu ʻo Frank i kēlā me kēia pae forum.

ʻO ka hui hana: nā uea

Ma kahi kaʻawale, makemake wau e haʻi iā ʻoe pehea, i ka wā hoʻomohala / hoʻāʻo, e kau i kahi SBC (ʻaʻole wale he BPI) ma luna o ka papaʻaina i ʻole e holo i kahi uwea Ethernet iā ia mai kahi punaewele ma waena o ka lumi / keʻena holoʻokoʻa. ʻO ka ʻoiaʻiʻo, ma kekahi ʻaoʻao, pono ʻoe e hoʻolako i kahi ʻāpana me ka Pūnaewele, akā ma ka ʻaoʻao ʻē aʻe, hiki i nā mea a pau i loko o kēlā ʻāpana o ka lako hiki ke wāwahi, a ʻo ka mea mua o Wifi.

ʻO ka mea mua, ua hoʻoholo wau e kūʻai i kahi "whistle" USB-Wifi maʻalahi, e hoʻopili iā ia i loko o ke awa wale nō ma ka BPI a poina i nā uea. No ka hana ʻana i kēia, ua kūʻai au i kahi TP-LINK TL-WN725N USB 2.0 maʻalahi, akā naʻe, ua maopopo koke ʻaʻole ia e haʻalele: no ka hana ʻana o ka whistle, pono ʻoe i kahi mea hoʻokele kernel, ʻoiaʻiʻo, ʻaʻole i laila. (ma hope ua hōʻuluʻulu au i ka mea hoʻokele RTL8XXXU pono, akā ʻaʻole hiki ke hana). A ua hoʻopau ke kaula Ethernet i ke ʻano o ka lumi no kekahi manawa.

ʻO ka hopena, ua hiki iaʻu ke hoʻopau i ke kaula me ke kōkua o Tenda MW3 (Wifi mesh system): Ua hoʻonoho wale wau i hoʻokahi pahu ma lalo o ka papaʻaina a hoʻopili i ka BPI i ka port LAN o ka hope me kahi kaula Ethernet mika lōʻihi. Pōmaikaʻi.

Wireguard, RKN, Manu

ʻO kekahi o nā mea aʻu e makemake ai e hoʻohana i ka Banana PI no ka loaʻa ʻana o ka manuahi i nā pūnaewele i pāpā ʻia e RKN, ʻo ia hoʻi, i hiki ai i nā kelepona Telegram a me Slack ke hana. Ua hoʻopuka mua ʻia nā ʻatikala ma Habré ma kēia kumuhana: manawa, mau, ekolu.

Ua hoʻopuka pololei wau i kēia hopena me ka hoʻohana ʻana iā Ansible: loulou.

Manaʻo ʻia ka VPS e holo ana i ka Ubuntu 18.04. Ua nānā au i ka hana ma ʻelua hosters ma ʻEulopa: Amazon a me Digital Ocean.

No laila, ua hoʻokomo mākou i ka Armbian ma luna o R64, hiki ke loaʻa ma o ssh ma lalo o ka inoa hm-bananapi-1 a loaʻa iā ia ka pūnaewele. Hoʻokomo mau mākou i nā palapala Ansible, automation a hoʻomaka i ka hoʻokomo ʻana iā ia iho ma R64:

# зависимости для Debian-based дистрибутивов
$ sudo apt install --no-install-recommends python3-pip python3-setuptools python3-wheel git
$ which pip3
/usr/bin/pip3

# ansible с pybook, скриптование на Python
$ pip3 install https://github.com/muravjov/ansible/archive/ansible-2.10.0.dev0-pybook2019.tar.gz

$ export PATH=~/.local/bin:$PATH
$ which ansible-playbook
/home/sa/.local/bin/ansible-playbook

$ git clone https://github.com/muravjov/ansible-bpi-r64.git
$ cd ansible-bpi-r64

$ git submodule update --init

# убеждаемся в доступности hm-bananapi-1
$ ssh hm-bananapi-1 which python3
/usr/bin/python3

# собственно установка
$ ansible-playbook ./router.py -l hm-bananapi-1

A laila, pono ʻoe e kau i kā mākou VPN i ka VPS ma ke ʻano like:

ansible-playbook ./router.py -l current-vpn

Eia ka hoʻopaʻapaʻa i kēia manawa-vpn, a ua hoʻonohonoho ʻia ka inoa VPS maoli i kahi loli (ma kēia hihia ʻo paris-vpn-aws-t2-micro-1):

$ grep current_vpn group_vars/all 
current_vpn: paris-vpn-aws-t2-micro-1
#current_vpn: frankfurt-vpn-d0-starter-1

ʻAe, ma mua o kēia mau hana, pono ʻoe e hoʻopuka i nā mea huna (ma nā kī Wireguard) i loko o ka waihona ./secrets, e like ke ano o ka papa kuhikuhi no laila,.

Ansible Automation ma Python

E ʻike paha ʻoe ma kahi o ka YAML format, ua hoʻopili ʻia nā kauoha Ansible i nā palapala Python. No ka hoʻohālikelike, pehea e hiki ai i ka daemon manu ma ke ʻano maʻamau:

- name: start bird
  systemd:
    name: bird
    state: started
    enabled: yes

a pehea e hana like ai ma o Python:

with mapping:
    append("name", "start bird")
    with mapping("systemd"):
        append("name",  "bird")
        append("state", "started")
        append("enabled", "yes")

ʻO ke kākau ʻana i nā kauoha Ansible ma Python hiki iā ʻoe ke hoʻohana hou i ke code, a ma ke ʻano ākea e wehe i nā mea āpau o ka ʻōlelo kumu nui. No ka laʻana, ke kau ʻana i ka manu ma R64 a me VPS:

install_bird("router/bird.conf.j2")
install_bird("vpn/bird.conf.j2")

ʻike i ke code hana install_bird().

Ua kapa ʻia kēia hiʻohiʻona pybook hoʻokō ʻia maanei. ʻAʻohe palapala ma ka pybook i kēia manawa, akā e hoʻoponopono wau i kēia pilikia ma hope.

Pehea kona manao kupuʻia ma keia manawa.

Nānā. Prometheus

Huina: hana telegram, linkedin a me pornhub pū kekahi, ma ke ʻano laulā, maikaʻi ka ʻike mea hoʻohana. Akā hiki i nā mea āpau ke haki, me ka lako lako Kina.

Hiki ke hoihoi hou i nā mea hou: no ka laʻana, makemake wau e hoʻonui i ka kernel 5.4 => 5.6, maikaʻi, aia ʻo Wireguard ma waho o ka pahu, ʻaʻohe pono e hoʻopili ... i ka 5.4, ua hoʻomaka ka kernel, ua pinged ka tunnel i ka VPS, akā ʻaʻole hiki i ka manu ke hoʻopili me ka hewa "BGP Error" ... "Ua ʻōwili wau i ka weliweli" (c) i 5.6; Ua hoʻopanee ʻia ka neʻe ʻana i 5.4 ma TODO.

No laila, ma kahi o ka hoʻokomo ʻana i ka router a me VPS, ua hoʻohui au i ka nānā ʻana (ma ka x86 Ubuntu 18.04), i hoʻokomo ʻia ma kahi pūʻali kaʻawale me nā ʻāpana aʻe:

  • prometheus, alertmanager, blackbox_exporter - nā mea a pau i ka docker
  • Hoʻouna ʻia nā ʻōlelo aʻoaʻo i ke kahawai telegram me ka hoʻohana ʻana i ka metalmatze/alertmanager-bot bot - pū kekahi ma Docker
  • tor no ka bot, i hiki ai i ka bot ke hoʻomaopopo i nā kūlana inā loaʻa ka Pūnaewele, akā ʻaʻole hana ʻo Telegram, a ʻaʻole hiki i ka bot ke hoʻopili.
  • pili makaʻala: NodeVPNTroubles (ʻaʻohe ping iā VPS), BirdVPNTroubles (ʻaʻohe hālāwai Bird), AntifilterDownloadTroubles (hewa i ka hoʻouka ʻana i nā leka uila IP i hoʻopaʻa ʻia), SiteTroubles (ʻaʻole i loaʻa ka telegrama pōʻino)
  • ʻO nā ʻōkuhi ʻōnaehana, no ka laʻana, HostGrowingDiskReadLatency (ʻaʻole hiki ke heluhelu ʻia ke kāleka SD haʻahaʻa)

Laʻana hoʻonohonoho nānā ʻana:

ansible-playbook ./monitoring.py -l monitoring-preprod

Hoʻonohonoho ʻia ʻo Auto Discovery for Prometheus i loko o ka waihona /etc/prometheus/auto_http, kahi laʻana o ka hoʻohui ʻana i kahi mea hoʻokipa i ka nānā ʻana (ʻaʻole nānā ʻia nā pūʻali e ka paʻamau):

bash << 'EOF'
HOSTNAME=hm-bananapi-1
IP_ADDRESS=`ssh -G $HOSTNAME | awk '/^hostname / { print $2 }'`

ssh monitoring-preprod sudo sponge /etc/prometheus/auto_http/$HOSTNAME.json << EOF2
[
  {
    "targets": ["$IP_ADDRESS:9100"],
    "labels": {
      "env": "prod",
      "hostname": "$HOSTNAME"
    }
  }
]
EOF2
EOF

TODO: 2 mea hoʻolako, 2 BPI, anycast failover

Ma waho aʻe o nā mea a pau, ua hoʻolālā wau e hoʻohui i nā mea hoʻolako ʻelua i mea e hoʻomau ai ka hana o ka Pūnaewele, ʻoiai inā pilikia kekahi mea lawelawe me ka pūnaewele, a poina paha lākou e uku no ka Pūnaewele, a me nā mea ʻē aʻe.

Ua wehewehe ʻia ka ʻike mea hoʻohana kiʻekiʻe loa ma ke kumuhana o multi-wan maanei no ka ʻōnaehana Mwan3 ma lalo o Openwrt. He waiwai nui kēia hoʻonā, akā paʻakikī loa ka hoʻonohonoho ʻana a me ka hana ʻana ma ka laulā no multi-wan. Hoʻokahi wale nō laʻana: inā hele ʻoe i kekahi mau pūnaewele mai ʻelua mau IP address i ka manawa hoʻokahi, ʻaʻole makemake lākou, e pau ka hana ʻana => "ʻaʻole e hana ka Pūnaewele."

I ka noʻonoʻo ʻana i kēia ʻike, ua hoʻoholo wau ʻaʻole ʻo ka multihoming ka mea nui i kēia manawa, ʻo failover wale nō. ʻOiai, me he mea lā i nā mana hou o Linux e hana nā mea āpau me hoʻokahi kauoha e like me:

ip route add default 
    nexthop via 192.168.1.1 weight 10 
    nexthop via 192.168.2.1 weight 5

No laila, i mea e pale aku ai i hoʻokahi wahi o ka hāʻule ʻole, lawe mākou i 2 BPIs, hoʻopili i kēlā me kēia mea i hoʻokahi mea hoʻolako, hoʻopili iā lākou i kekahi i kekahi a hana i ka pilina me kēlā me kēia ala hoʻoikaika ma o manu / OSPF.

A laila, hoʻolaha mākou i ka leka uila IP like ma kēlā me kēia inā loaʻa ka lawelawe (Internet, DNS). ʻO ia, ʻaʻole mākou e hoʻonohonoho i ke ala paʻa iā mākou iho, akā ma o ka manu. Ua ʻike au i ka hoʻonā maanei .

ʻAʻole i hoʻokō ʻia kēia hana, ua pāʻani ka coronavirus insidious i kahi hoʻopunipuni ma aneʻi (ʻaʻole i hiki mai nā mea āpau mai Aliexpress; ʻo kahi hale kūʻai pūnaewele ʻē aʻe, ʻo Layta, i hoʻohiki e hoʻopuka i loko o hoʻokahi pule, akā ʻoi aku ma mua o hoʻokahi mahina i hala; ʻaʻohe manawa o ka mea hoʻolako lua. e hoʻolōʻihi i ke kaula ma mua o ka quarantine, hiki ke loaʻa i kahi lua i ka drill i ka paia no ke kaula).

Pehea e kauoha ai iā R64

Aia ka papa pono'ī ma ka hale kūʻai kūhelu SinoVoip.
ʻOi aku ka maikaʻi e kauoha koke:

  • mea hoʻonaʻauao + hoʻomaopopo i ka maʻamau plug EU a i ʻole US
  • wela wela: radiators/fans; no ka mea, e wela ana ka CPU a me ka chip switch
  • antenna no ka wifi, Eia kekahi lā

Aia kahi nuance - ua lilo ke kumukūʻai hoʻouna i mea kiʻekiʻe loa i ka hale kūʻai kūhelu no kekahi manawa. Ua hōʻoiaʻiʻo ʻo Manager Judy Huang iaʻu ʻaʻohe hewa, a hiki iā ʻoe ke koho i ka ePacket no $5, akā ʻike wau no Rūsia aia wale nō ʻo EMS no > $33. ʻAʻole ʻoluʻolu, akā ʻaʻole koʻikoʻi. Eia kekahi, inā koho ʻoe i kahi ʻāina ʻē aʻe no ka lawe ʻana (ua hele au ma nā ʻāina āpau), e uku ʻia ka lawe ʻana ~ $5. ʻO Russophobes?.. Akā, uaʻike wau no Farani ke kumu kūʻai hoʻouna he ~ 30 $, a ua mālie wau.

ʻO ka hopena, hāʻawi ʻo Judy e kau i kahi kauoha, akā ʻaʻole uku (, hoʻomaoe hou akula: kau i ka liʻiliʻi ma ke kāleka i ʻole e hele ka uku maʻamau); e kākau iā ia a e hoʻemi ʻo ia i ke kumukūʻai hāʻawi i ka mea maʻamau. Pōmaikaʻi.

aʻe o

ʻAʻole naʻe e hana maikaʻi nā mea a pau.

'Ohanahana

Ansible=Hoʻokō lohi ʻia nā kauoha Python, ʻoiai nā mea hana ʻole, no 20-30 kekona; ʻoi aku ka lōʻihi ma mua o kahi kamepiula x86. Eia kekahi, i ka wā mua, ua hoʻokō ʻia lākou me ka wikiwiki, ~ 3 kekona, a laila lohi wikiwiki lākou. Ma muli paha o ka wela o ka CPU (throttling). He lōʻihi ka hana ʻana o ka code Go:

# запрос метрик для прометея из node_exporter на Go
$ time curl -s http://172.30.1.1:9100/metrics > /dev/null

real    0m6,118s
user    0m0,005s
sys     0m0,009s

# однако температура 51 градус, не так и много
sa@bananapir64:~$ cat /sys/devices/virtual/thermal/thermal_zone0/temp
51700

Wifi

Ke hana nei ʻo Wifi, akā ma Armbian ua kū ia ma hope o kahi lā, kākau:

sa@bananapir64:~$ dmesg | grep -E 'mt7622_wmac.*timeout'
[470303.802539] mt7622_wmac 18000000.wmac: Message 38 (seq 3) timeout
[470314.042508] mt7622_wmac 18000000.wmac: Message 50 (seq 4) timeout
...

He kōkua hou wale nō. Pono mākou e neʻe e noonoo iho.

Ethernet

Hana ʻo Ethernet, akā ma hope o ~ 64 hola packets (DHCP) mai RXNUMX pau ka hōʻea ʻana.
E kōkua ka hoʻomaka hou ʻana i ka interface:

ifdown br0; sleep 30; ifup br0

He mea hou ka mea hoʻokele, ʻaʻole i ʻae ʻia i loko o ka kernel i kēia manawa, manaʻo wau ʻo ia ʻo China Landen Chao hoopau ia.

Source: www.habr.com

Pākuʻi i ka manaʻo hoʻopuka