[BPI-R64] Imagebuilder R64 ArchlinuxArm, linux-rolling-stable

frank-w · January 25, 2024, 4:14pm

In my main-router i use the old /etc/network/interfaces to create vlans. My next system uses systemd. There is some documentstion in my wiki about it and afair i added some basic configs in my router-images repo

https://wiki.fw-web.de/doku.php?id=en:linux:systemd#vlan

Seems i have not added vlan files to images repo,but the pppoe service

github.com

frank-w/BPI-Router-Images/blob/main/conf/generic/etc/systemd/system/pppoe.service

#https://www.sherbers.de/diy-linux-router-part-3-pppoe-and-routing/
[Unit]
Description=Connect DSL
After=network.target

[Service]
Type=exec
ExecStart=/usr/sbin/pppd call provider
StandardOutput=null

Restart=always
RestartSec=10s

# filesystem access
ProtectSystem=strict
ReadWritePaths=/run/

PrivateTmp=true
ProtectControlGroups=true
ProtectKernelModules=true

This file has been truncated. show original

but you need the ppp config file too where you point to the vlan interface. I created the ppp file (named provider in systemd service) using pppoeconf in debian

in my system the ppp-file (/etc/ppp/peers/bambit-internet) looks like this (not using systemd service here,so infinite tries):

# Minimalistic default options file for DSL/PPPoE connections

noipdefault
defaultroute
replacedefaultroute
hide-password
#lcp-echo-interval 30
#lcp-echo-failure 4
#updetach
noauth
persist
#mtu 1492
#Terminate after n consecutive failed connection attempts. A value of 0 means no limit. The default value is 10.
maxfail 0
#Specifies how many seconds to wait before re-initiating the link after it terminates. This option only has any effect if the persist or demand option is used. The holdoff period is not applied if the link was terminated because it was idle.
holdoff 60
plugin rp-pppoe.so wan.140
user "username"
#usepeerdns
unit 8

there is also /etc/ppp/chap-secrets and /etc/ppp/pap-secrets where you have to put your username/password for your provider. I have credentials in both files but chap (the better method) is used. If this is not the case in your test you can try require-chap in the peers file

ericwoud · January 26, 2024, 12:50pm

I’ve added CONFIG_NF_CONNTRACK_PPTP=m

When using (dsa-port5) aux port to eth1, this traffic is separated using vlan.

So when using vlan on wan, still can use eth1-aux, but need to setup vlan carefully. It would be easier to setup, just using wan directly though.

If you change the use of eth1 to/from the wan port directly, also edit the /etc/nftables.conf.

ericwoud · July 2, 2024, 11:59am

ALERT!!!

Upgrading systemd will break router function (disable ipforward)

github.com

systemd/systemd/blob/a9d472d6e4ae6c548dd24097b20563dc9c06b329/NEWS#L73-L83


      
          * IPForward= setting in .network file is deprecated and replaced with
            IPv4Forwarding= and IPv6Forwarding= settings. These new settings are
            supported both in .network file and networkd.conf. If specified in a
            .network file, they control corresponding per-link settings. If
            specified in networkd.conf, they control corresponding global
            settings. Note, previously IPv6SendRA= and IPMasquerade= implied
            IPForward=, but now they imply the new per-link settings. One of the
            simplest ways to migrate configurations, that worked as a router with
            the previous version, is enabling both IPv4Forwarding= and
            IPv6Forwarding= in networkd.conf. See systemd.network(5) and
            networkd.conf(5) for more details.

ericwoud · July 4, 2024, 10:37am

See this post, how to fix:

Keks · August 3, 2024, 10:27am

Thank you very much for this post. It helped a lot.

One further question: I used the following script from lynxthecat to enable and apply for using Cake as congestion control: https://github.com/lynxthecat/cake-dual-ifb

To apply this some kernel options needed to be changed / added, please see the attached Git patch file for the “defconfig” file.

Would it be possible to add/change these kernel options in your AUR-repository for building the linux kernel.

Thank you very much in advance. Kernel_Options_for_Cake_congestion_control.patch (2.4 KB)

Keks · August 3, 2024, 10:30am

@frank-w and @ericwoud Thank you very much for these posts. They helped a lot an I was able to set the PPOE-connection properly.

ericwoud · August 3, 2024, 12:51pm

I’ll see what is needed for cake, those options are not all related.

Add cake using systemd-networkd would be the easiest way.

ericwoud · August 3, 2024, 6:48pm

@Keks So I’ve added CONFIG_NET_SCH_CAKE=m, and rebuilt the kernel. Update the linux-bpir-git package and it should be available.

Keks · August 4, 2024, 6:33pm

@ericwoud Thank you for adding the kernel option.

Sorry, I accidentally posted an incorrect link in my last post. I’ve just updated the link again. As described here, most of the kernel options are necessary… I did a bit of try-and-error here and built the kernel with different options. There are certainly a few options in there that are not absolutely necessary, but most of them seem to be necessary.

ericwoud · August 4, 2024, 8:29pm

So just use:

https://www.freedesktop.org/software/systemd/man/latest/systemd.network.html#%5BCAKE%5D%20Section%20Options

Edit:

I just added a few more dependencies, but it is scheduled to be rebuild at nighttime.

Keks · August 10, 2024, 7:10pm

Thank you for adding the dependencies.

Unfortunately, the added options do not seem to be sufficient for cake. I get the following error message: Dependency failed for Apply Cake scheduling based upon dual IFB interface (ingress handling).

ericwoud · August 10, 2024, 8:54pm

Can you try if we are missing

CONFIG_NET_SCH_INGRESS=m

PKGBUILD obtained like so:

git clone --branch linux-bpir-git https://github.com/ericwoud/archlinuxarm-repo.git

I already added the option, so makepkg the package, or wait 24h and it will be in prebuild package.

Keks · August 11, 2024, 11:32am

Thank you again for investigating and supporting.

Yes, that one is definetely missing:

CONFIG_NET_SCH_INGRESS=m

Unfortunately, it is not that easy to identify after many trials the really needed modules. In the following I will try to give some further info based on my mind, I hope remember as good as possible.

Furthermore I am pretty sure to remember that the following are needed:

CONFIG_NET_SCH_PRIO=m
CONFIG_NET_SCH_DSMARK=m

Also further _CLS modules were needed, but I am sure which (at least _CLS, _CLS_BASIC and DS marks are used and the matchall):

CONFIG_NET_CLS=y
CONFIG_NET_CLS_BASIC=m
CONFIG_NET_CLS_TCINDEX=m
CONFIG_NET_CLS_FW=m
CONFIG_NET_CLS_U32=m
CONFIG_CLS_U32_MARK=y
CONFIG_NET_CLS_RSVP=n
CONFIG_NET_CLS_RSVP6=n
CONFIG_NET_CLS_FLOW=m
CONFIG_NET_CLS_MATCHALL=m
CONFIG_NET_CLS_CGROUP=m
CONFIG_NET_CLS_FLOWER=m

Not sure about this one:

CONFIG_NET_EMATCH=y

Also here some of those are needed, at least the _CTINFO and _CONNMARK, not sure about the others:

CONFIG_NET_ACT_CONNMARK=m
CONFIG_NET_ACT_CTINFO=m
CONFIG_NET_ACT_SKBMOD=m
CONFIG_NET_ACT_IFE=m
CONFIG_NET_ACT_TUNNEL_KEY=m
CONFIG_NET_ACT_CT=m
CONFIG_NET_ACT_GATE=m

Besides the CONNTRACK_PPTP, which you already added for us (thanks again) I remember that here also some furthers were needed:

CONFIG_NF_CONNTRACK_ZONES=y
CONFIG_NF_CONNTRACK_EVENTS=y
CONFIG_NF_CONNTRACK_TIMEOUT=y
CONFIG_NF_CONNTRACK_TIMESTAMP=y
CONFIG_NF_CONNTRACK_LABELS=y

When it came to bridges there were also some things needed, but again not sure which:

CONFIG_BRIDGE_NETFILTER=m
CONFIG_NFT_BRIDGE_META=m
CONFIG_NFT_BRIDGE_REJECT=m
CONFIG_NF_CONNTRACK_BRIDGE=m
CONFIG_BRIDGE_NF_EBTABLES=m
CONFIG_BRIDGE_MRP=y

Also here I remeber one or more those were needed:

CONFIG_NF_DUP_NETDEV=m
CONFIG_NFT_DUP_NETDEV=m
CONFIG_NFT_FWD_NETDEV=m
CONFIG_NFT_REJECT_NETDEV=m

ericwoud · August 11, 2024, 12:15pm

Ok, added lots more, give it a try, build or wait 24h.

ericwoud · August 11, 2024, 12:23pm

Did you know you can now build the linux package on a x86-64 machine running archlinux (in a chroot)?

Keks · August 11, 2024, 6:27pm

Thank you very much. I will try it then and give you feedback.

Keks · August 11, 2024, 6:27pm

No, I didn’t. Do you have more details on that? I’m very interested.

ericwoud · August 11, 2024, 6:31pm

Just makepkg on x86 machine…

ericwoud · August 11, 2024, 7:01pm

The new 6.10.3 now has the new options in prebuild package.

ericwoud · September 17, 2024, 9:20am

ALERT:

Router Setup using dsa port 5 now is broken, because port 5 became a dsa conduit port in the newer kernels.