ProHoster > Blog > Tsamaiso > Banana Pi R64 Router - Debian, Wireguard, RKN

Banana Pi R64 Router - Debian, Wireguard, RKN

Banana Pi 64 ke komporo e le 'ngoe ea boto e ts'oanang le Raspberry Pi, empa e na le likou tse ngata tsa Ethernet, e e etsa router ea kakaretso ea Linux.

Banana Pi R64 Router - Debian, Wireguard, RKN

E, Openwrt e se e ntse e le teng, empa e na le GUI ea eona le CLI; ho na le Mikrotik, empa hape e na le GUI / CLI ea eona, 'me Wireguard ha e sebetse ka ntle ho lebokose ... letsatsi le letsatsi.

Sengoliloeng se tlas'a mabitso a BPI, R64, boto e le 'ngoe, ke tla bolela ntho e tšoanang - letlapa le le leng la Banana Pi R64 ka boeona.

Khetho ea setšoantšo. Khoasolla ka eMMC

Tsebo ea pele eo u ka e fumanang ha u sebetsa le eona SBC ka kakaretso, 'me ka R64 ka ho khetheha, ho bolela ho ithuta mokhoa oa ho kenya OS ho eona le ho khona ho sebelisana le eona, hobane R64 ha e na sekepe sa ho shebella (HDMI, mohlala). Ha ntho e 'ngoe le e' ngoe e oa - Wifi e ile ea khaotsa ho sebetsa, marang-rang a Ethernet, Bluetooth, USB, joalo-joalo ho na le UART, ka sebopeho sa eona u ka bonang se sa tsamaeeng hantle, hape u tsamaisa litaelo tse 'maloa ho tloha console, ha ho hlokahala.

Algorithm ea khokahano ho R64 ka USB-UART:

  • mathela lebenkeleng la likarolo tsa seea-le-moea bakeng sa thapo ea USB-UART (PL2303, Serial-to-USB)
  • re hokahanya ntlha e le 'ngoe ea USB khomphuteng,' me e 'ngoe, UART, ho R64, ka lithapo tse tharo ho tse' nè, joalo ka setšoantšong se ka tlase.
  • ka har'a komporo ea khomphutha matha sudo minicom

Ka mor'a moo, maemong a mangata, console e le 'ngoe e tla hlaha = katleho.
O ka bona ho feta mona.

Banana Pi R64 Router - Debian, Wireguard, RKN

E latelang, tsela e bonolo ka ho fetisisa ke ho kenya sistimi ea ts'ebetso ho tsoa ho karete ea SD: jarolla ka kgokahanyo setšoantšo 'me u se kenye:

unzip -p 2019-08-23-ubuntu-16.04-lite-preview-bpi-r64-sd-emmc.img.zip | pv | sudo dd of=/dev/mmcblk0 bs=10M status=noxfer

re kenya karete ka har'a R64 SD-slot, e bulele, e shebelle ho roala ha uboot pele ho console e hokahaneng, ebe ke boot e tloaelehileng ea Linux.

Khetho e 'ngoe ea bootlamo ke ho sebelisa karete ea 64Gb e seng e kentsoe ho R8, e bitsoang eMMC. Ho ea ka litaelo tsa wiki, re ngola setšoantšo hape ho sesebelisoa
/dev/mmcblk0 ho BPI, qala hape, tlosa karete ea SD, nolofalletsa BPI hape ... 'me ha e sebetse. Mokhoa oa ho fihla moo Boot select o seke wa itshwarella.

'Nete ke hore bonyane bakeng sa BPI u hloka ho beha folakha e khethehileng e le hore u tsebe ho qalisa ho tloha ho flash drive e ka hare:

root@bpi-r64:~# ./mmc extcsd read /dev/mmcblk1 | grep 'PARTITION_CONFIG'
Boot configuration bytes [PARTITION_CONFIG: 0x00]
root@bpi-r64:~# ./mmc bootpart enable 1 1 /dev/mmcblk1
root@bpi-r64:~# ./mmc extcsd read /dev/mmcblk1 | grep 'PARTITION_CONFIG'
Boot configuration bytes [PARTITION_CONFIG: 0x48]

Ka mor'a moo, o hloka ho ngola preloader ho karolo e khethehileng ea boot

root@bpi-r64:~# echo 0 > /sys/block/mmcblk0boot0/force_ro 
root@bpi-r64:~# dd if=preloader_evb7622_64_foremmc.bin of=/dev/mmcblk0boot0

Moetsi oa R64 (Chaena) o kentse binary ena mona. Seo a se etsang ha se tsejoe (ha ho na likhoutu tsa mohloli), empa ntle le eena le eona e ke ke ea sebetsa.

Ka kakaretso, ka mor'a moo, litšoantšo li qala ho laela ho tloha eMMC. Haeba u batla ho e fumana le ho etsa litšoantšo ho tloha qalong, joale bakeng sa linyeoe tseo ka bobeli (SD / eMMC) u hloka ho ngola lifaele tse ling tse 'maloa (preloader bakeng sa karete ea SD, ATF, u-boot), hore feela u fihle kernel. boot. Sehlooho sena se ntse se le teng e tsoela pele, empa ho rona ntho e ka sehloohong ke hore e sebetsa ebile e lokile.

Hona joale, ho bua 'nete, ha ke sebelise download ea eMMC, likarete tsa SD li lekane, empa ke qetile nako e ngata ke e etsa hore e sebetse, kahoo e ke e be sehloohong.

Khetho ea sistimi e sebetsang. Armenian

Mosebetsi oa pele oa kopo ke ho qala VPN, ehlile Wireguard. Hang-hang ho ile ha fumaneha hore e ne e sa bokelloa ho tloha lehlakoreng la kernel, 'me ho ne ho se na lihlooho. Ke ile ka tsosolosa kernel, 'me ka lebaka la tloaelo ea x86, ke ile ka haha ​​​​mojule ea kernel ke sebelisa DKMS. Leha ho le joalo, lebelo la kopano holim'a arm64 ea esita le lisebelisoa tse nyenyane li ile tsa 'makatsa ka mokhoa o sa thabiseng. 'Me joale ho ne ho hlokahala mojule o mong oa kernel, joalo-joalo. Ka kakaretso, hoa fumaneha hore ntho e 'ngoe le e' ngoe e amanang le kernel e molemo ho bokelloa ka laptop ea X86 e futhumetseng, ebe e fetisetsoa ho R64 ka ho kopitsa habonolo, ho tsosolosoa le ho lekoa.

Ntho e 'ngoe ke karolo ea sebaka sa basebelisi. Tabeng ea ka ea ho khetha Debian, ntho e 'ngoe le e' ngoe bakeng sa mohaho oa arm64 e se e ntse e le packages.debian.org 'me ha ho hlokahale hore u tsosolose letho.

E le hore ke se ke ka hlahisa baesekele e 'ngoe, I ported Armenian ka BPI R64.
Kapa ho fapana le hoo: karolo ea sebaka sa basebelisi ke Armbian, 'me motheo o nkiloe sebakeng sa polokelo Frank-A. Setšoantšo sa morao-rao se ka kopitsoa mona.

Mesebetsi eohle e mabapi le nts'etsopele ea karolo ea software ea R64 e etsoa ka foramo. Ka kakaretso, moetsi ka boeena o batla ho tsebahatsa router ea Openwrt, empa ka lebaka la mosebetsi oa moqapi Frank oa Jeremane, likarolo tsohle li fella ka potlako kernel ea Debian. Ho makatsang ke hore Frank o sebetsa ka har'a khoele e 'ngoe le e 'ngoe ea liforamu.

Mokhatlo oa sebaka sa mosebetsi: lithapo

Ka thoko, ke batla ho u joetsa mokhoa oa ho beha SBC (eseng BPI feela) tafoleng nakong ea nts'etsopele / tlhahlobo e le hore u se ke ua isa thapo ea Ethernet ho eona ho tsoa mohloling oa Marang-rang ho pholletsa le kamore / ofisi kaofela. 'Nete ke hore, ka lehlakoreng le leng, u lokela ho fana ka Inthanete ho karolo ea tšepe,' me ka lehlakoreng le leng, ntho e 'ngoe le e' ngoe e ka senya karolo ena ea tšepe, haholo-holo Wifi.

Pele ke ile ka etsa qeto ea ho reka "mololi" ea theko e tlaase ea USB-Wifi, ho e kenya ka har'a koung e le 'ngoe feela ho BPI ebe u lebala ka lithapo. Ho etsa sena, ke ile ka reka TP-LINK TL-WN725N USB 2.0 e theko e tlaase, empa haufinyane ho ile ha hlaka hore e ke ke ea tloha: e le hore mololi o sebetse, ho ne ho hlokahala mokhanni oa kernel, eo, ha e le hantle, a neng a le sieo. (hamorao ke ile ka bokella mokhanni ea hlokahalang oa RTL8XXXU, empa e ntse e sa sebetse). 'Me thapo ea ethernet e ile ea senya pono ea phaposi nakoana.

Ka lebaka leo, ke ile ka khona ho tlosa thapo ka thuso ea Tenda MW3 (Sistimi ea Wifi mesh): Ke ile ka beha cube e le 'ngoe ka tlas'a tafole' me ka kopanya BPI ho sekepe sa LAN sa ho qetela ka mohala oa Ethernet oa limithara. Katleho.

Wireguard, RKN, Nonyana

E 'ngoe ea lintho tseo ke li sebelisang Banana PI ke ho ba le bolokolohi ba ho fumana libaka tse koetsoeng ke RKN, haholo-holo, e le hore Telegram le ho letsetsa Slack mosebetsi. Lingoliloeng tse mabapi le sehlooho sena li se li hlahisitsoe ka Habré: linako, два, tse tharo.

Ke kentse tšebetsong phepelo ea tharollo e joalo ke sebelisa Ansible: link.

VPS e tlameha ho tsamaisa Ubuntu 18.04. Ke hlahlobile ts'ebetso ho li-hosters tse peli tsa Europe: Amazon le Digital Ocean.

Kahoo, re kentse Armbian e kaholimo ho R64, e fumaneha ka ssh tlasa lebitso hm-bananapi-1 mme e na le phihlello ya inthanete. Re fana ka lingoloa tse lumellanang ka tatellano, 'me re tsamaisa instola ka boeona ka R64:

# зависимости для Debian-based дистрибутивов
$ sudo apt install --no-install-recommends python3-pip python3-setuptools python3-wheel git
$ which pip3
/usr/bin/pip3

# ansible с pybook, скриптование на Python
$ pip3 install https://github.com/muravjov/ansible/archive/ansible-2.10.0.dev0-pybook2019.tar.gz

$ export PATH=~/.local/bin:$PATH
$ which ansible-playbook
/home/sa/.local/bin/ansible-playbook

$ git clone https://github.com/muravjov/ansible-bpi-r64.git
$ cd ansible-bpi-r64

$ git submodule update --init

# убеждаемся в доступности hm-bananapi-1
$ ssh hm-bananapi-1 which python3
/usr/bin/python3

# собственно установка
$ ansible-playbook ./router.py -l hm-bananapi-1

E latelang, o hloka ho tsamaisa VPN ea rona ho VPS ka tsela e ts'oanang:

ansible-playbook ./router.py -l current-vpn

Mona, khang e lula e le teng-vpn, 'me lebitso la VPS ka boeona le hlophisitsoe ka mokhoa o fapaneng (tabeng ena, ke paris-vpn-aws-t2-micro-1):

$ grep current_vpn group_vars/all 
current_vpn: paris-vpn-aws-t2-micro-1
#current_vpn: frankfurt-vpn-d0-starter-1

Ee, pele ho ts'ebetso tsena tsohle, o hloka ho hlahisa liphiri (haholo-holo, linotlolo tsa Wireguard) foldareng. ./secrets, directory e lokela ho shebahala joalo kahoo.

Boiketsetso bo ikhethileng ho Python

U kanna oa hlokomela hore sebakeng sa sebopeho sa YAML, litaelo tsa Ansible li kentsoe ka har'a lingoloa tsa Python. Ho bapisa, mokhoa oa ho nolofalletsa daemon ea nonyana ka tsela e tloaelehileng:

- name: start bird
  systemd:
    name: bird
    state: started
    enabled: yes

le hore na ho tšoana joang ka Python:

with mapping:
    append("name", "start bird")
    with mapping("systemd"):
        append("name",  "bird")
        append("state", "started")
        append("enabled", "yes")

Ho ngola Litaelo tse Ansible ka khoutu ea Python ho u lumella ho sebelisa khoutu hape, 'me ka kakaretso, menyetla eohle ea puo e sebelisoang ka kakaretso e bulehile. Mohlala, ho kenya nonyana ho R64 le VPS:

install_bird("router/bird.conf.j2")
install_bird("vpn/bird.conf.j2")

sheba khoutu ya tshebetso kenya_nonyana().

Tšobotsi ena e bitsoa pybook kenngwa tshebetsong mona. Ha ho na litokomane ho pybook hajoale, joale ke tla lokisa sekoli sena.

O nahana eng nyolosa ketsahalong ena.

Tlhokomelo. Prometheus

Kakaretso: telegram e sebetsa, linkedin le pornhub hape, ka kakaretso, phihlelo ea mosebedisi e lokile. Empa ntho e ngoe le e ngoe e ka robeha, le likotoana tsa tšepe tsa China le tsona.

Lintlafatso tsa kernel le tsona li ka khahla: ho etsa mohlala, ke ne ke batla ho nchafatsa kernel 5.4 => 5.6, hantle, ho na le Wireguard ka ntle ho lebokose, ha ho hlokahale ho patch ... Hang ho feta ho etsoa: li-patches tse bohloko li fetisitsoe ho tloha 5.4 ho ea ho 5.6, kernel e ile ea qala, kotopo e eang VPS e ping, empa nonyana ha e khone ho hokahana le phoso "BGP Error"... "E khutliselitsoe ka tšabo" (c) ho ea ho 5.4; ho fallela ho 5.6 ho ile ha chechisoa ho TODO.

Ka hona, ntle le ho kenya router le VPS, ke kentse leihlo (ho x86 Ubuntu 18.04), e kentsoeng ho moamoheli ea arohaneng le likarolo tse latelang:

  • prometheus, alertmanager, blackbox_exporter - kaofela ho docker
  • Litlhokomeliso li romelloa seteisheneng sa thelekramo ho sebelisoa metalmatze/alertmanager-bot bot - hape ho docker.
  • tor bakeng sa bot, e le hore bot e ka lemosa maemo ha Marang-rang a fumaneha, empa thelekramo e ntse e sa sebetse, 'me bot ka boeona ha e khone ho hokela.
  • dirisitsoe litlhokomeliso: NodeVPNTroubles (ha ho ping ho VPS), NonyanaVPNMathata (ha ho lenaneo la Nonyana), AntifilterDownloadTroubles (e hlolehile ho kenya liaterese tsa IP tse koetsoeng), SiteTroubles (telegram e malimabe ha e fumanehe)
  • tlhokomeliso ea sistimi joalo ka HostGrowingDiskReadLatency (karete ea theko e tlaase ea SD e emisa ho baloa)

Mohlala oa ho beha leihlo:

ansible-playbook ./monitoring.py -l monitoring-preprod

Auto Discovery bakeng sa prometheus e behiloe ho foldareng ea /etc/prometheus/auto_http, mohlala oa ho kenyelletsa moamoheli ho lekola (baamoheli ha ba shejoe ka boiketsetso):

bash << 'EOF'
HOSTNAME=hm-bananapi-1
IP_ADDRESS=`ssh -G $HOSTNAME | awk '/^hostname / { print $2 }'`

ssh monitoring-preprod sudo sponge /etc/prometheus/auto_http/$HOSTNAME.json << EOF2
[
  {
    "targets": ["$IP_ADDRESS:9100"],
    "labels": {
      "env": "prod",
      "hostname": "$HOSTNAME"
    }
  }
]
EOF2
EOF

TODO: 2 bafani, 2 BPIs, anycast failover

Ho phaella ho ntho e 'ngoe le e' ngoe, ke ne ke rerile ho hokahanya le bafani ba babeli e le hore Inthanete e tsoele pele ho sebetsa, esita le haeba mofani a le mong a e-na le mathata le marang-rang, kapa a lebala ho lefa Inthanete, joalo-joalo, le lintlha tse ling tsa batho.

Boiphihlelo bo tsoetseng pele ka ho fetesisa ba mosebelisi ka sehlooho sa multi-wan bo hlalositsoe mona bakeng sa sistimi ea Mwan3 tlasa Openwrt. Tharollo ena e na le ts'ebetso e ngata, empa ho theha le ho sebetsa ka kakaretso bakeng sa multi-wan ho thata haholo. Mohlala o le mong feela: haeba u tla libakeng tse ling ho tloha ho liaterese tse peli tsa IP hang-hang, joale ba ka 'na ba se ke ba e rata, ba tla khaotsa ho sebetsa => "Internet ha e sebetse."

Ka lebaka la phihlelo ena, ke ile ka etsa qeto ea hore multihoming hase ntho e tlang pele, ke feela failover. Leha ho bonahala eka liphetolelong tsa morao-rao tsa linux tsohle li lokela ho sebetsa ka taelo e le 'ngoe joalo ka:

ip route add default 
    nexthop via 192.168.1.1 weight 10 
    nexthop via 192.168.2.1 weight 5

Kahoo, e le ho qoba ntlha e le 'ngoe ea ho hlōleha, re nka 2 BPIs, e' ngoe le e 'ngoe e amahanngoa le mofani a le mong, e kopanya hammoho le ho buisana le e mong ka matla ka nonyana / OSPF.

Ho feta moo, ho e 'ngoe le e' ngoe re phatlalatsa aterese e tšoanang ea IP haeba tšebeletso e fumaneha (Internet, DNS). Ke hore, re ke ke ra beha tsela ea kamehla ka borona, empa ka nonyana. Tharollo e ile ea hloela mona .

Ts'ebetso ena ha e so kenngoe ts'ebetsong, "coronavirus" e bolotsana e senyehile (ha se ntho e 'ngoe le e' ngoe e tsoang ho aliexpress; lebenkele le leng la marang-rang, Layta, le tšepisitse ho fana ka beke, 'me nako e fetang khoeli e se e fetile; mofani oa bobeli ha a ka a khona ho otlolla thepa. thapo pele e beoa ka thoko, e ile ea khona feela ho etsa lesoba leboteng ho phunya thapo).

Mokhoa oa ho odara R64

Boto ka boeona lebenkeleng la molao SinoVoip.
Hape ho molemo ho odara hang-hang:

  • phepo + tsebisa EU kapa maemo a plug a US
  • mocheso oa mocheso: li-radiator / fans; hobane CPU ka bobeli e futhumetse, le switch chip
  • antenna ea wifi, mohlala

Ho na le nuance - theko ea ho tsamaisoa ho tloha ka nako e itseng e se e phahame ka mokhoa o sa lekaneng lebenkeleng la molao. Mookameli Judy Huang o ile a ntiisetsa hore ha ho phoso, 'me u ka khetha ePacket bakeng sa $5, empa ke bone hore Russia ho na le EMS feela bakeng sa>33 $. E sa thabiseng, empa eseng e nyatsa-nyatsang. Ho feta moo, haeba u khetha naha leha e le efe e 'ngoe bakeng sa ho pepa (ke ile ka pholletsa le lik'honthinente tsohle), ho tsamaisoa ho tla bitsa ~ 5 $. Russophobes?.. Empa joale ke ile ka fumana hore bakeng sa Fora theko ea thepa e boetse e ~ $ 30, 'me ea khutsa.

Ka lebaka leo, Judy o ile a ithaopela ho fana ka taelo, empa a se ke a lefa (hint: beha hanyane ka karete e le hore tefo e se ke ea feta ka bo eona); mo ngolle 'me o tla fokotsa theko ea sekepe hore e be e tloaelehileng. Katleho.

litokollo

Ha se tsohle tse sebetsang hantle hajoale.

Tlhahiso

Ansible=Litaelo tsa Python li etsoa butle, esita le tse sa sebetseng, ka metsotsoana e 20-30; taelo ea boholo bo bolelele ho feta ho laptop ea x86. Ho feta moo, qalong li etsoa kapele haholo, ~ metsotsoana e 3, ebe li lieha haholo. Mohlomong sena se bakoa ke ho futhumatsa ha CPU (ho otla). Khoutu ea Go e boetse e sebetsa nako e telele:

# запрос метрик для прометея из node_exporter на Go
$ time curl -s http://172.30.1.1:9100/metrics > /dev/null

real    0m6,118s
user    0m0,005s
sys     0m0,009s

# однако температура 51 градус, не так и много
sa@bananapir64:~$ cat /sys/devices/virtual/thermal/thermal_zone0/temp
51700

WiFi

Wifi ea sebetsa, empa e emisa ho Armbian kamora nako e ka etsang letsatsi, oa ngola:

sa@bananapir64:~$ dmesg | grep -E 'mt7622_wmac.*timeout'
[470303.802539] mt7622_wmac 18000000.wmac: Message 38 (seq 3) timeout
[470314.042508] mt7622_wmac 18000000.wmac: Message 50 (seq 4) timeout
...

Ho thusa feela ho qala bocha. Re lokela ho fetela pele lokisa.

Ethernet

Ethernet ea sebetsa, empa kamora ~ letsatsi lipakete (DHCP) ho tloha ho R64 li emisa ho tla.
Ho qala interface ho thusa:

ifdown br0; sleep 30; ifup br0

Mokhanni o mocha, kernel ha e e-s'o amoheloe, ke tšepa hore Landen Chao ea Chaena qeta.

Source: www.habr.com

Eketsa ka tlhaloso