Oh so only remote and ssh. Your a professional level network engineer. 
But not all can handle this level of control. Maybe for someone like me, a ui from the browser would be an easy task. So I guess the only option is to use openwrt or other ready to use router os?
Imho no one has got lucy running on openwrt…i only see openwrt-images with uart/ssh only.
Maybe there is a web-interface for configuration in debian too,but i havn’t searched for one because this will be a high security risk
1 Like
Ah ok. I am still waiting on ray to reply about freebsd work. I have started going through freebsd porting methods. But I cant do anything about the kernel, as I dont have that much knowledge.
Now I am interested in this. I would be looking into Luci to check why is it not working. Will post this in OpenWRT thread. Thanks
That’s not because luci is hard to get working on owrt for R2, it’s probably because people who are capable of crafting openwrt images for R2 feel themselves a bit limited when configuring the board through web ui compared to the freedom you get when working from the commandline. I don’t expect that there would be major problems getting luci up and running in any of R2 owrt images available in the wild, it is probably just a matter of downloading/installing several packages using opkg.
1 Like
I read multiple times that the install-process was broken (opkg). But right a web-gui cannot catch all cases you can configure directly,especially firewall/iptables…thats why i build my own router using r2 instead of using a stock router
1 Like
It is (maybe was - didn’t check it for 18.06.4) for upstream image as upstream image was lacking non-volatile storage support for R2. I.e. it was an “initrafms” type image that is using overlayfs+ramdisk as a “storage”. Ramdisk is volatile thus every reboot all data is lost - configs, installs, e.t.c. With properly configured/installed openwrt (i.e. when your storage is non-volatile) opkg seems to work just fine, at least it works for me and I’m content it is. 
Can you describe this in your forks thread because here it is off-topic?
Hi frank-w,
I don’ t know how to make a subnet to use to make a bridge. I put some pictures about what I’m trying to configure:
(note: on the picture above should be wlan0 instead of wlan)
what is working:
- I connect the board using the TTL cable and picocom
- I can ping access internet
- I can connect my other device to the access point (thx to your scripts!)
what is not working:
- I failed to bridge wlan0 and wan,
brctl addbr br0
brctl addif br0 wlan0
return: can’t add wlan0 to bridge br0: Operation not supported
brctl addif br0 wan
ip link set br0 up
- I didn’ t try yet to bridge eth1 and eth0 because of the next point
- I failed to run the dhcpc server on the bpi-r2 for eth0,
ob for isc-dhcp-server.service failed because the control process exited with error code.
See "systemctl status isc-dhcp-server.service" and "journalctl -xe" for details. invoke-rc.d: initscript isc-dhcp-server, action "start" failed. ● isc-dhcp-server.service - LSB: DHCP server Loaded: loaded (/etc/init.d/isc-dhcp-server; generated) Active: failed (Result: exit-code) since Sun 2019-10-27 15:10:13 UTC; 46ms ago Docs: man:systemd-sysv-generator(8) Process: 960 ExecStart=/etc/init.d/isc-dhcp-server start (code=exited, status=1/FAILURE) Oct 27 15:10:11 bpi-r2 dhcpd[972]: bugs on either our web page at www.isc.org or in the README file Oct 27 15:10:11 bpi-r2 dhcpd[972]: before submitting a bug. These pages explain the proper Oct 27 15:10:11 bpi-r2 dhcpd[972]: process and the information we find helpful for debugging. Oct 27 15:10:11 bpi-r2 dhcpd[972]: Oct 27 15:10:11 bpi-r2 dhcpd[972]: exiting. Oct 27 15:10:13 bpi-r2 isc-dhcp-server[960]: Starting ISC DHCPv4 server: dhcpdcheck syslog for diagnostics. ... failed! Oct 27 15:10:13 bpi-r2 isc-dhcp-server[960]: failed! Oct 27 15:10:13 bpi-r2 systemd[1]: isc-dhcp-server.service: Control process exited, code=exited, status=1/FAILURE Oct 27 15:10:13 bpi-r2 systemd[1]: isc-dhcp-server.service: Failed with result 'exit-code'. Oct 27 15:10:13 bpi-r2 systemd[1]: Failed to start LSB: DHCP server.
I spent my whole saturday on it… could you help me ?
as i’ve wrote above, do NOT bridge the wifi-device with anything else, and if you using access-point you have to use ap0 and not wlanx
use routing instead
and not configuring the gmacs (eth0/1), only put them up
you mean do that:
root@bpi-r2:~# brctl addif br0 ap0
root@bpi-r2:~# brctl addif br0 wan
root@bpi-r2:~# ip link set br0 up
root@bpi-r2:~# brctl show br0
bridge name bridge id STP enabled interfaces
br0 8000.020822fe5afc no ap0
. . . . . . . . . . . . . . . . . . . . . wan
I tried that too, but all my devices fail to obtaining any ip address
I don’ t know what is gmacs, if you are talking about mac address, I don’ t have touched that
that what I don’t know how to do
no…not bridging anything (only lanX)
gmacs are the interfaces eth0 and eth1 (if kernel has wan + lanX), these are the connections between SOC (mt7623) and Switch (mt7530), they are not connected to outside and so they don’t need any IP-config
for routing you only need to give your interfaces an IP-Address (separate subnet) and enable routing
https://wiki.fw-web.de/doku.php?id=en:bpi-r2:network:start#routing
only special thing is if you have another router and you want to access clients from it through r2
existing router -> (wan) r2 (lan) -> client
then your existing router does not know subnet you use on r2’s lan-ports, so you need a static route here
it work! thx a lot, I can’ t say I understand everything I did to make the routing working:
ipt=/sbin/iptables
if_wan=wan
${ipt} -t nat -A POSTROUTING -o ${if_wan} -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
then I executed wifi.sh
my devices can connect to the AP and have internet access.
not the case thx. you really made a great work with that debian image. There is a way to make a little donation to you ?
Best donation is help me getting things to work testing different things,make reproducable reportings and try to fix
PLEASE DO NOT FOLLOW WHAT I DID HERE, FOR SOME REASON I RAN TO ISSUE, BUT KEEP READING.
Hi frank-w, I finished to configure the whole ethernet/wifi/access-point for my bpi r-2. Here is my summary:
- yellow is the cable connected to a modem (not a router)
- the blue is some cable to other device
- the black is the access point
- (for the access-point I use your scripts)
I bridged both eth0 and eth1 together,
- following the complete
/etc/network/interfaces,
# interfaces(5) file used by ifup(8) and ifdown(8)
# Include files from /etc/network/interfaces.d:
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet manual
pre-up ip link set $IFACE up
post-down ip link set $IFACE down
auto eth1
iface eth1 inet manual
pre-up ip link set $IFACE up
post-down ip link set $IFACE down
auto wan
iface wan inet manual
auto lan0
iface lan0 inet manual
auto lan1
iface lan1 inet manual
auto lan2
iface lan2 inet manual
auto lan3
iface lan3 inet manual
auto br0
iface br0 inet static
address 192.168.40.1
netmask 255.255.255.0
bridge_ports wan lan0 lan1 lan2 lan3
bridge_fd 5
bridge_stp no
source-directory /etc/network/interfaces.d
- following the complete
/etc/dnsmasq.d/interfaces.conf,
interface=wlan1
interface=ap0
no-dhcp-interface=eth0
no-dhcp-interface=eth1
dhcp-range=ap0,192.168.10.100,192.168.10.150,255.255.255.0,48h
dhcp-option=ap0,3,192.168.10.1
dhcp-range=wlan1,192.168.11.100,192.168.11.150,255.255.255.0,48h
dhcp-option=wlan1,3,192.168.11.1
- following the complete
start.shscript I run at boot,
#!/bin/bash
ipt=/sbin/iptables
if_wan=wan
${ipt} -t nat -A POSTROUTING -o ${if_wan} -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
wifi.sh
dhclient
feel free to add it to your wiki as an example for your debian image. I will redo the whole configuration from scratch to figure if something missing
Why? Btw. Bridging wan and lan together is a very bad idea when directly connected to internet…
And you need a firewall nat is not for security
hi, it doesn’ t work anymore… I do not undertand… I got the blue plugged to lan0 and yellow to wan and got internet to the PC connected using the blue cable… no I just don’ t understand… I’ m back at the steps where I can connect internet using the the ap only…
because I want to forward internet (wan) to lanX… but anyway, as said it doesn’ t work anymore 
if you can tell me how to do it, otherwise I start to lack of idea about how to fix that…
Do only bridge lan-ports…not wan, not ethX
First test is if you got internet on r2 itself…then on client,if on r2 works and not on client,try to ping r2 from client,then traceroute/tracert.
ok
yes I can ping 8.8.8.8
- I can ping two machines connected at br0 (lanX only)
- I can ping two machines connecter at ap0
- ping failed when try between a machine connected at br0 to another one connecter at ap0
- I can ping internet from any machine connected to ap0
- ping internet failed when I try from any machine connected to br0
traceroute results:
- from ap0,
[user@motorhead ~]$ traceroute 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
1 _gateway (192.168.10.1) 1.707 ms 1.741 ms 2.182 ms
2 * * *
3 10.170.192.53 (10.170.192.53) 39.722 ms 39.647 ms 39.944 ms
4 135.0.255.17 (135.0.255.17) 39.663 ms 135.0.255.5 (135.0.255.5) 39.879 ms 38.959 ms
5 te0-0-1-0.nr11.b029490-1.ymq02.atlas.cogentco.com (38.104.154.105) 40.502 ms 39.896 ms 39.871 ms
6 te0-0-2-2.agr11.ymq02.atlas.cogentco.com (154.24.16.53) 40.697 ms te0-0-2-2.agr12.ymq02.atlas.cogentco.com (154.24.16.57) 32.577 ms te0-0-2-2.agr11.ymq02.atlas.cogentco.com (154.24.16.53) 27.217 ms
7 be3381.rcr21.ymq02.atlas.cogentco.com (154.54.41.221) 27.115 ms 27.064 ms 27.015 ms
8 tata.ymq02.atlas.cogentco.com (154.54.10.206) 23.460 ms 31.679 ms 30.983 ms
9 209.85.149.230 (209.85.149.230) 32.247 ms 32.207 ms 32.143 ms
10 108.170.251.49 (108.170.251.49) 32.066 ms 31.957 ms 108.170.251.1 (108.170.251.1) 31.954 ms
11 108.170.231.61 (108.170.231.61) 32.733 ms 108.170.231.63 (108.170.231.63) 32.693 ms 108.170.231.65 (108.170.231.65) 11.397 ms
12 dns.google (8.8.8.8) 15.495 ms 24.930 ms 24.197 ms
Then I disconnected from ap0 and connect to br0
- from br0,
user@motorhead ~]$ traceroute 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
1 motorhead.local (192.168.40.132) 3034.332 ms !H 3034.232 ms !H 3034.178 ms !H
note: I did the tests with different laptops, you see motorhead was used here to make easy to copy+paste…
does that talk to you? coz I’ m lost…
r2 pingable from br0-client? Have you a default-route on your clients (dhcp?)? As you ping ip it is no dns-problem