ProHoster > Π‘Π»ΠΎΠ³ > Kev tswj hwm > Banana Pi R64 router - Debian, Wireguard, RKN

Banana Pi R64 router - Debian, Wireguard, RKN

Lub Banana Pi 64 yog ib lub khoos phis tawj ib leeg zoo ib yam li Raspberry Pi, tab sis nrog ntau qhov chaw nres nkoj Ethernet, uas ua rau nws muaj peev xwm tig nws mus rau hauv router raws li lub hom phiaj ntawm Linux faib.

Banana Pi R64 router - Debian, Wireguard, RKN

Yog lawm, twb muaj Openwrt, tab sis nws muaj nws tus kheej cov teeb meem, nws GUI thiab CLI; Muaj Mikrotik, tab sis dua nws muaj nws tus kheej GUI / CLI, thiab Wireguard tsis ua hauj lwm tawm ntawm lub thawv ... Feem ntau, kuv xav tau ib lub router nrog hloov tau yooj yim, thaum tseem nyob rau hauv lub moj khaum ntawm standard Linux, uas koj ua hauj lwm. nrog txhua hnub.

Nyob rau hauv tsab xov xwm nyob rau hauv lub npe BPI, R64, ib leeg-board, kuv yuav txhais tau tib yam - lub Banana Pi R64 ib leeg-board nws tus kheej.

Xaiv ib daim duab. Download tau ntawm eMMC

Thawj qhov txuj ci uas koj yuav tsum tau txais thaum ua haujlwm nrog SBC feem ntau, thiab nrog R64 tshwj xeeb, qhov no txhais tau hais tias kev kawm yuav ua li cas thauj cov kev ua haujlwm rau hauv nws thiab muaj peev xwm cuam tshuam nrog nws, vim tias R64 tsis muaj chaw nres nkoj rau lub monitor (piv txwv li HDMI). Thaum txhua yam poob tawm - Wifi, Ethernet, Bluetooth, USB, thiab lwm yam tsis ua haujlwm, muaj UART, los ntawm kev sib cuam tshuam uas koj tuaj yeem pom txhua qhov yuam kev, thiab tseem khiav ob peb cov lus txib los ntawm lub console, yog tias tsim nyog.

Algorithm rau txuas rau R64 ntawm USB-UART:

  • peb khiav mus rau lub xov tooj cua qhov chaw khaws khoom rau USB-UART cable (PL2303, Serial-rau-USB)
  • txuas ib lub USB kawg rau lub khoos phis tawj, thiab lwm qhov, UART, rau R64, nrog peb cov xov hlau tawm ntawm plaub, raws li hauv daim duab hauv qab no
  • khiav hauv lub computer console sudo minicom

Tom qab qhov no, feem ntau cov rooj sib tham ib leeg yuav tshwm sim = ua tiav.
Koj tuaj yeem pom cov ntsiab lus ntxiv no.

Banana Pi R64 router - Debian, Wireguard, RKN

Tom ntej no, txoj kev yooj yim tshaj yog thauj cov kev khiav hauj lwm los ntawm SD card: download tau los ntawm txuas duab thiab sau nws:

unzip -p 2019-08-23-ubuntu-16.04-lite-preview-bpi-r64-sd-emmc.img.zip | pv | sudo dd of=/dev/mmcblk0 bs=10M status=noxfer

Peb ntxig daim npav rau hauv R64 SD qhov, tig rau, thiab saib xyuas cov kev sib txuas console loading thawj uboot, ces tus qauv Linux loading.

Lwm qhov kev xaiv khau raj yog siv daim npav 64Gb uas twb tau tsim rau hauv R8, hu ua eMMC. Raws li cov lus qhia hauv wiki, peb luam cov duab rau hauv lub cuab yeej
/dev/mmcblk0 rau BPI, rov pib dua, tshem daim npav SD, tig rau BPI dua ... thiab nws tsis ua haujlwm. Yuav rov qab mus li cas Boot select tsis txhob thab.

Qhov tseeb yog tias tsawg kawg rau BPI koj yuav tsum tau teeb tsa tus chij tshwj xeeb thiaj li yuav tau khau raj ntawm lub flash drive sab hauv:

root@bpi-r64:~# ./mmc extcsd read /dev/mmcblk1 | grep 'PARTITION_CONFIG'
Boot configuration bytes [PARTITION_CONFIG: 0x00]
root@bpi-r64:~# ./mmc bootpart enable 1 1 /dev/mmcblk1
root@bpi-r64:~# ./mmc extcsd read /dev/mmcblk1 | grep 'PARTITION_CONFIG'
Boot configuration bytes [PARTITION_CONFIG: 0x48]

Tom ntej no, koj yuav tsum sau preloader rau hauv qhov tshwj xeeb khau raj muab faib

root@bpi-r64:~# echo 0 > /sys/block/mmcblk0boot0/force_ro 
root@bpi-r64:~# dd if=preloader_evb7622_64_foremmc.bin of=/dev/mmcblk0boot0

Chaw tsim tshuaj paus R64 (Tuam Tshoj) tshaj tawm no binary no. Nws ua dab tsi yog tsis paub (tsis muaj cov lej cim), tab sis nws yuav tsis ua haujlwm yam tsis muaj nws.

Feem ntau, tom qab no, cov duab pib thauj khoom los ntawm eMMC. Yog tias koj xav txheeb xyuas nws thiab tsim cov duab los ntawm kos, tom qab ntawd rau ob qho xwm txheej (SD / eMMC) koj yuav tsum tau sau ntau cov ntaub ntawv ntxiv (preloader rau SD card, ATF, u-boot) tsuas yog kom tau mus rau qhov chaw thau khoom. Lub ntsiab lus no tseem yog txhim kho, tab sis rau peb qhov tseem ceeb tshaj plaws yog nws ua haujlwm thiab ua tau.

Tam sim no kuv rub tawm ntawm eMMC, ua siab ncaj, kuv tsis siv nws, daim npav SD txaus, tab sis kuv siv sijhawm ntau heev kom nws ua haujlwm, yog li cia nws nyob hauv tsab xov xwm.

Xaiv lub operating system. Armbian

Thawj daim ntawv thov ua haujlwm yog tsim lub VPN, ib txwm Wireguard. Nws tau pom tam sim ntawd tias nyob rau sab kernel nws tsis tau sib sau ua ke thiab tsis muaj headers. Kuv rov tsim kho lub ntsiav thiab, ib yam li kuv tus cwj pwm nrog x86, sib sau ua ke cov ntsiav module siv DKMS. Txawm li cas los xij, qhov ceev ntawm lub tsev txawm tias cov khoom siv me me ntawm arm64 unpleasantly surprised kuv. Thiab tom qab ntawd yuav tsum muaj lwm cov kernel module, thiab lwm yam. Feem ntau, nws hloov tawm hais tias txhua yam hais txog cov ntsiav yog zoo tshaj plaws sib sau ua ke ntawm ib tug sov so x86 laptop, ces pauv mus rau R64 los ntawm yooj yim luam, rebooted thiab sim.

Lwm qhov yog qhov userspace. Hauv kuv qhov kev xaiv Debian, txhua yam rau arm64 architecture twb nyob rau ntawm packages.debian.org thiab tsis tas yuav rov tsim dua dab tsi.

Yuav kom tsis txhob tsim lwm lub tsheb kauj vab, I ported armbian rau BPI R64.
Los yog theej, qhov no: qhov chaw siv siv yog Armbian, thiab cov ntsiav raug coj los ntawm qhov chaw cia khoom Frank-A. Cov duab tshiab tuaj yeem rub tawm no.

Txhua yam haujlwm ntawm kev txhim kho software ib feem ntawm R64 yog ua tiav rooj sab laj. Feem ntau hais lus, cov chaw tsim khoom nws tus kheej siv zog ua kom nrov lub router rau Openwrt, tab sis ua tsaug rau cov haujlwm ntawm tus tsim tawm Frank los ntawm lub teb chaws Yelemees, tag nrho cov yam ntxwv sai sai mus rau hauv cov ntsiav rau Debian. Kuj ceeb tias, Frank ua haujlwm hauv txhua lub rooj sib tham xov xwm.

Lub koom haum chaw ua haujlwm: xov hlau

Cais, kuv xav qhia koj li cas, thaum lub sijhawm txhim kho / kev sim, tso SBC (tsis yog BPI nkaus xwb) rau ntawm lub rooj kom tsis txhob khiav Ethernet cable rau nws los ntawm Internet qhov chaw hla tag nrho chav / chaw ua haujlwm. Qhov tseeb yog tias, ntawm ib sab, koj yuav tsum muab ib qho khoom siv nrog Is Taws Nem, tab sis ntawm qhov tod tes, txhua yam ntawm cov khoom siv ntawd tuaj yeem tawg, thiab ua ntej ntawm tag nrho Wifi.

Ua ntej, kuv txiav txim siab yuav pheej yig USB-Wifi "xwb", ntsaws rau hauv tib qhov chaw nres nkoj ntawm BPI thiab tsis nco qab txog cov xov hlau. Txhawm rau ua qhov no, kuv yuav tus nqi pheej yig TP-LINK TL-WN725N USB 2.0, tab sis tsis ntev nws tau pom tseeb tias nws yuav tsis tawm: rau lub xuav ua haujlwm, koj xav tau tus tsav tsheb, uas, ntawm chav kawm, tsis nyob ntawd. (tom qab ntawd kuv tau sib sau ua ke tus tsim nyog RTL8XXXU tsav tsheb, tab sis nws tseem ua tsis tau zoo). Thiab Ethernet cable ua rau qhov zoo ntawm chav nyob ib ntus.

Raws li qhov tshwm sim, kuv tau tswj kom tshem tawm cov cable nrog kev pab los ntawm Tenda MW3 (Wifi mesh system): Kuv tsuas yog tso ib lub voos xwmfab rau hauv qab lub rooj thiab txuas BPI mus rau tom kawg ntawm qhov chaw nres nkoj LAN nrog 'meter' ntev Ethernet cable. Kev vam meej.

Wireguard, RKN, noog

Ib qho uas kuv xav siv Banana PI rau yog kom muaj kev nkag mus rau cov vev xaib raug thaiv los ntawm RKN, tshwj xeeb, kom Telegram thiab Slack hu tuaj yeem ua haujlwm. Cov ntawv xov xwm ntawm Habre twb tau hais txog lub ntsiab lus no: sij hawm, ob, peb.

Kuv deployed raws nraim qhov kev daws teeb meem no siv Ansible: txuas.

VPS tau xav tias yuav khiav Ubuntu 18.04. Kuv tau tshuaj xyuas qhov ua haujlwm ntawm ob tus tswv hauv Tebchaws Europe: Amazon thiab Dej Hiav Txwv Digital.

Yog li, peb tau nruab qhov saum toj no Armbian ntawm R64, nws tuaj yeem siv tau ntawm ssh hauv qab lub npe hm-bananapi-1 thiab muaj kev siv internet. Peb tsis tu ncua siv Ansible, automation scripts thiab tso lub installation nws tus kheej ntawm R64:

# зависимости для Debian-based дистрибутивов
$ sudo apt install --no-install-recommends python3-pip python3-setuptools python3-wheel git
$ which pip3
/usr/bin/pip3

# ansible с pybook, скриптованиС Π½Π° Python
$ pip3 install https://github.com/muravjov/ansible/archive/ansible-2.10.0.dev0-pybook2019.tar.gz

$ export PATH=~/.local/bin:$PATH
$ which ansible-playbook
/home/sa/.local/bin/ansible-playbook

$ git clone https://github.com/muravjov/ansible-bpi-r64.git
$ cd ansible-bpi-r64

$ git submodule update --init

# убСТдаСмся Π² доступности hm-bananapi-1
$ ssh hm-bananapi-1 which python3
/usr/bin/python3

# собствСнно установка
$ ansible-playbook ./router.py -l hm-bananapi-1

Tom ntej no, koj yuav tsum xa peb lub VPN mus rau VPS tib txoj kev:

ansible-playbook ./router.py -l current-vpn

Ntawm no qhov kev sib cav yog ib txwm tam sim no-vpn, thiab lub npe VPS tiag tiag yog teeb tsa hauv qhov sib txawv (qhov no nws yog paris-vpn-aws-t2-micro-1):

$ grep current_vpn group_vars/all 
current_vpn: paris-vpn-aws-t2-micro-1
#current_vpn: frankfurt-vpn-d0-starter-1

Huag yog, ua ntej tag nrho cov haujlwm no koj yuav tsum tsim kom muaj kev zais cia (tshwj xeeb yog cov yuam sij Wireguard) rau hauv daim nplaub tshev ./secrets, daim ntawv teev npe yuav tsum zoo li li ntawd,.

Ansible Automation hauv Python

Koj tuaj yeem pom tias tsis yog nyob rau hauv YAML hom, Ansible cov lus txib tau encoded hauv Python scripts. Rau kev sib piv, yuav ua li cas kom cov noog daemon nyob rau hauv txoj kev ib txwm:

- name: start bird
  systemd:
    name: bird
    state: started
    enabled: yes

thiab yuav ua li cas ib yam ntawm Python:

with mapping:
    append("name", "start bird")
    with mapping("systemd"):
        append("name",  "bird")
        append("state", "started")
        append("enabled", "yes")

Kev Sau Ansible cov lus txib hauv Python tso cai rau koj rov siv cov cai, thiab feem ntau qhib txhua qhov muaj peev xwm ntawm hom lus dav dav. Piv txwv li, txhim kho noog ntawm R64 thiab VPS:

install_bird("router/bird.conf.j2")
install_bird("vpn/bird.conf.j2")

saib cov lej ua haujlwm install_bird().

Qhov no feature hu ua pybook ua raws no. Tsis muaj ntaub ntawv ntawm pybook tsis tau, tab sis kuv yuav kho qhov teeb meem tom qab.

Nws xav li cas ntws los nyob rau lub sijhawm no.

Saib xyuas. Prometheus

Tag nrho: telegram ua haujlwm, linkedin thiab pornhub ib yam nkaus, feem ntau cov neeg siv kev paub yog ok. Tab sis txhua yam tuaj yeem tawg, suav nrog cov khoom siv hauv Suav teb.

Kernel hloov tshiab kuj tseem tuaj yeem nthuav: piv txwv li, Kuv xav hloov kho kernel 5.4 => 5.6, zoo, Wireguard yog muaj tawm ntawm lub thawv, tsis tas yuav kho... mus rau 5.4, lub ntsiav tau pib, lub qhov mus rau VPS pinged, tab sis noog tsis tuaj yeem txuas nrog qhov yuam kev "BGP yuam kev" ... "Kuv dov rov qab txaus ntshai" (c) rau 5.6; Qhov kev txav mus rau 5.4 tau raug ncua hauv TODO.

Yog li ntawd, ntxiv rau kev txhim kho lub router thiab VPS, Kuv ntxiv kev saib xyuas (ntawm x86 Ubuntu 18.04), uas tau teeb tsa ntawm tus tswv tsev sib cais nrog cov khoom hauv qab no:

  • prometheus, alertmanager, blackbox_exporter - tag nrho hauv docker
  • Cov lus ceeb toom raug xa mus rau hauv xov tooj cua siv lub metalmatze/alertmanager-bot bot - kuj hauv Docker
  • tor rau bot, kom bot tuaj yeem ceeb toom cov xwm txheej thaum muaj Is Taws Nem, tab sis Telegram tseem tsis ua haujlwm, thiab bot nws tus kheej tsis tuaj yeem txuas.
  • siv ceeb toom: NodeVPNTtroubles (tsis muaj ping rau VPS), BirdVPNT teeb meem (tsis muaj noog sib tham), AntifilterDownloadTroubles (yuam kev thauj khoom thaiv IP chaw nyob), SiteTroubles (tsis muaj hmoo xov tooj tsis muaj)
  • ceeb toom system, piv txwv li, HostGrowingDiskReadLatency (pheej yig SD card yuav nyeem tsis tau)

Kev soj ntsuam kev teeb tsa piv txwv:

ansible-playbook ./monitoring.py -l monitoring-preprod

Nws pib Discovery rau Prometheus tau teeb tsa hauv /etc/prometheus/auto_http nplaub tshev, piv txwv ntawm kev ntxiv tus tswv tsev rau kev saib xyuas (tus tswv tsis raug saib xyuas los ntawm lub neej ntawd):

bash << 'EOF'
HOSTNAME=hm-bananapi-1
IP_ADDRESS=`ssh -G $HOSTNAME | awk '/^hostname / { print $2 }'`

ssh monitoring-preprod sudo sponge /etc/prometheus/auto_http/$HOSTNAME.json << EOF2
[
  {
    "targets": ["$IP_ADDRESS:9100"],
    "labels": {
      "env": "prod",
      "hostname": "$HOSTNAME"
    }
  }
]
EOF2
EOF

TODO: 2 tus neeg muab kev pabcuam, 2 BPI, txhua qhov tsis ua haujlwm

Ntxiv rau txhua yam, kuv npaj yuav txuas mus rau ob lub chaw muab kev pabcuam kom Internet txuas ntxiv ua haujlwm, txawm tias ib tus kws kho mob muaj teeb meem nrog lub network, lossis lawv tsis nco qab them nyiaj rau Is Taws Nem, thiab lwm yam, thiab lwm yam tib neeg.

Cov neeg siv kev tshaj lij tshaj plaws ntawm cov ncauj lus ntawm multi-wan tau piav qhia no rau Mwan3 system nyob rau hauv Openwrt. Qhov kev daws teeb meem no muaj kev ua haujlwm nplua nuj, tab sis kev teeb tsa thiab kev ua haujlwm feem ntau rau ntau lub wan yog qhov teeb meem heev. Tsuas yog ib qho piv txwv: yog tias koj tuaj rau qee qhov chaw los ntawm ob qhov chaw nyob IP ib zaug, lawv yuav tsis nyiam, lawv yuav tsis ua haujlwm => "Internet tsis ua haujlwm."

Nrog rau qhov kev paub dhau los no, kuv txiav txim siab tias kev sib koom ua ke tsis yog qhov tseem ceeb, tsuas yog ua tsis tiav. Txawm hais tias, nws zoo li tias nyob rau hauv qhov tseeb versions ntawm Linux txhua yam yuav tsum ua haujlwm nrog ib qho lus txib xws li:

ip route add default 
    nexthop via 192.168.1.1 weight 10 
    nexthop via 192.168.2.1 weight 5

Yog li, txhawm rau kom tsis txhob muaj ib qho kev tsis ua tiav, peb muab 2 BPIs, txuas rau ib tus neeg muab kev pabcuam, txuas lawv rau ib leeg thiab ua kom muaj kev sib txuas nrog ib leeg dynamic routing ntawm noog / OSPF.

Tom ntej no, peb tshaj tawm tib qhov chaw nyob IP ntawm txhua tus yog tias muaj kev pabcuam (Internet, DNS). Qhov ntawd yog, peb yuav tsis teeb lub neej ntawd txoj kev peb tus kheej, tab sis los ntawm noog. Kuv soj ntsuam cov tshuaj no .

Qhov kev ua haujlwm no tseem tsis tau raug coj los siv, tus kab mob tsis txaus ntseeg tau ua kom yuam kev ntawm no (tsis yog txhua yam tuaj txog ntawm Aliexpress; lwm lub khw hauv online, Layta, tau cog lus tias yuav xa hauv ib lub lis piam, tab sis ntau tshaj ib hlis dhau los; tus kws kho mob thib ob tsis muaj sijhawm. txhawm rau txuas lub cable ua ntej cais tawm, tsuas yog tswj kom tau txais lub qhov laum rau hauv phab ntsa rau cable).

Yuav Order R64

Lub rooj tsavxwm nws tus kheej yog nyob rau hauv lub official khw SinoVoip.
Nws tseem zoo dua los txiav txim tam sim:

  • kev noj haus + Qhia rau EU lossis US plug standard
  • cua sov dab dej: radiators / kiv cua; vim tias ob qho tib si CPU thiab cov nti hloov tau cua sov
  • wifi kav hlau txais xov, piv txwv

Muaj ib qho nuance - tus nqi xa khoom tau dhau los ua tsis txaus siab hauv lub khw muag khoom rau qee lub sijhawm. Tus Thawj Saib Xyuas Judy Huang ntseeg kuv tias tsis muaj qhov yuam kev, thiab koj tuaj yeem xaiv ePacket rau $ 5, tab sis kuv pom tias rau Russia tsuas yog EMS rau > $ 33. Tsis kaj siab, tab sis tsis tseem ceeb. Ntxiv mus, yog tias koj xaiv lwm lub tebchaws rau kev xa khoom (Kuv tau mus dhau txhua lub tebchaws), kev xa khoom yuav raug nqi ~ $ 5. Russophobes?.. Tab sis tom qab ntawd kuv pom tias rau Fabkis tus nqi xa khoom kuj yog ~ 30$, thiab kuv zoo siab.

Yog li ntawd, Judy tau muab tso rau qhov kev txiav txim, tab sis tsis them (hint: muab tsawg dua rau ntawm daim npav kom tsis siv neeg them nyiaj tsis dhau); sau rau nws thiab nws yuav txo tus nqi xa mus rau qhov qub. Kev vam meej.

teeb meem

Tsis yog txhua yam ua haujlwm zoo kawg nkaus.

Tsim tau

Ansible = Python cov lus txib tau ua tiav maj mam, txawm tias tsis ua haujlwm, rau 20-30 vib nas this; ib qho kev txiav txim siab ntev dua ntawm x86 laptop. Ntxiv mus, thaum xub thawj lawv raug tua sai heev, ~ 3 vib nas this, ces lawv maj mam poob qis. Qhov no yuav yog vim CPU cua sov (throttling). Go code kuj siv sijhawm ntev los ua haujlwm:

# запрос ΠΌΠ΅Ρ‚Ρ€ΠΈΠΊ для промСтСя ΠΈΠ· node_exporter Π½Π° Go
$ time curl -s http://172.30.1.1:9100/metrics > /dev/null

real    0m6,118s
user    0m0,005s
sys     0m0,009s

# ΠΎΠ΄Π½Π°ΠΊΠΎ Ρ‚Π΅ΠΌΠΏΠ΅Ρ€Π°Ρ‚ΡƒΡ€Π° 51 градус, Π½Π΅ Ρ‚Π°ΠΊ ΠΈ ΠΌΠ½ΠΎΠ³ΠΎ
sa@bananapir64:~$ cat /sys/devices/virtual/thermal/thermal_zone0/temp
51700

Wifi

Wifi ua haujlwm, tab sis ntawm Armbian nws nres tom qab ib hnub, sau:

sa@bananapir64:~$ dmesg | grep -E 'mt7622_wmac.*timeout'
[470303.802539] mt7622_wmac 18000000.wmac: Message 38 (seq 3) timeout
[470314.042508] mt7622_wmac 18000000.wmac: Message 50 (seq 4) timeout
...

Tsuas yog rov pib dua yuav pab tau. Peb yuav tsum txav mus ntxiv xav txog nws.

Ethernet

Ethernet ua haujlwm, tab sis tom qab ~ 64 teev pob ntawv (DHCP) los ntawm RXNUMX nres.
Restarting lub interface pab:

ifdown br0; sleep 30; ifup br0

Tus tsav tsheb yog tshiab, nws tseem tsis tau txais mus rau hauv cov ntsiav tsis tau, Kuv vam tias nws yog Suav Landen Chao ua kom tiav.

Tau qhov twg los: www.hab.com

Ntxiv ib saib