[BPI-R64] Imagebuilder R64 ArchlinuxArm, linux-rolling-stable

In my main-router i use the old /etc/network/interfaces to create vlans. My next system uses systemd. There is some documentstion in my wiki about it and afair i added some basic configs in my router-images repo

https://wiki.fw-web.de/doku.php?id=en:linux:systemd#vlan

Seems i have not added vlan files to images repo,but the pppoe service

but you need the ppp config file too where you point to the vlan interface. I created the ppp file (named provider in systemd service) using pppoeconf in debian

in my system the ppp-file (/etc/ppp/peers/bambit-internet) looks like this (not using systemd service here,so infinite tries):

# Minimalistic default options file for DSL/PPPoE connections

noipdefault
defaultroute
replacedefaultroute
hide-password
#lcp-echo-interval 30
#lcp-echo-failure 4
#updetach
noauth
persist
#mtu 1492
#Terminate after n consecutive failed connection attempts. A value of 0 means no limit. The default value is 10.
maxfail 0
#Specifies how many seconds to wait before re-initiating the link after it terminates. This option only has any effect if the persist or demand option is used. The holdoff period is not applied if the link was terminated because it was idle.
holdoff 60
plugin rp-pppoe.so wan.140
user "username"
#usepeerdns
unit 8

there is also /etc/ppp/chap-secrets and /etc/ppp/pap-secrets where you have to put your username/password for your provider. I have credentials in both files but chap (the better method) is used. If this is not the case in your test you can try require-chap in the peers file

1 Like

I’ve added CONFIG_NF_CONNTRACK_PPTP=m

When using (dsa-port5) aux port to eth1, this traffic is separated using vlan.

So when using vlan on wan, still can use eth1-aux, but need to setup vlan carefully. It would be easier to setup, just using wan directly though.

If you change the use of eth1 to/from the wan port directly, also edit the /etc/nftables.conf.

1 Like

ALERT!!!

Upgrading systemd will break router function (disable ipforward)

1 Like

See this post, how to fix:

1 Like

Thank you very much for this post. It helped a lot.

One further question: I used the following script from lynxthecat to enable and apply for using Cake as congestion control: https://github.com/lynxthecat/cake-dual-ifb

To apply this some kernel options needed to be changed / added, please see the attached Git patch file for the “defconfig” file.

Would it be possible to add/change these kernel options in your AUR-repository for building the linux kernel.

Thank you very much in advance. Kernel_Options_for_Cake_congestion_control.patch (2.4 KB)

@frank-w and @ericwoud Thank you very much for these posts. They helped a lot an I was able to set the PPOE-connection properly.

I’ll see what is needed for cake, those options are not all related.

Add cake using systemd-networkd would be the easiest way.

@Keks So I’ve added CONFIG_NET_SCH_CAKE=m, and rebuilt the kernel. Update the linux-bpir-git package and it should be available.

@ericwoud Thank you for adding the kernel option.

Sorry, I accidentally posted an incorrect link in my last post. I’ve just updated the link again. As described here, most of the kernel options are necessary… I did a bit of try-and-error here and built the kernel with different options. There are certainly a few options in there that are not absolutely necessary, but most of them seem to be necessary.

So just use:

https://www.freedesktop.org/software/systemd/man/latest/systemd.network.html#%5BCAKE%5D%20Section%20Options

Edit:

I just added a few more dependencies, but it is scheduled to be rebuild at nighttime.

Thank you for adding the dependencies.

Unfortunately, the added options do not seem to be sufficient for cake. I get the following error message: Dependency failed for Apply Cake scheduling based upon dual IFB interface (ingress handling).

Can you try if we are missing

CONFIG_NET_SCH_INGRESS=m

PKGBUILD obtained like so:

git clone --branch linux-bpir-git https://github.com/ericwoud/archlinuxarm-repo.git

I already added the option, so makepkg the package, or wait 24h and it will be in prebuild package.

Thank you again for investigating and supporting.

Yes, that one is definetely missing:

CONFIG_NET_SCH_INGRESS=m

Unfortunately, it is not that easy to identify after many trials the really needed modules. In the following I will try to give some further info based on my mind, I hope remember as good as possible.

Furthermore I am pretty sure to remember that the following are needed:

CONFIG_NET_SCH_PRIO=m
CONFIG_NET_SCH_DSMARK=m

Also further _CLS modules were needed, but I am sure which (at least _CLS, _CLS_BASIC and DS marks are used and the matchall):

CONFIG_NET_CLS=y
CONFIG_NET_CLS_BASIC=m
CONFIG_NET_CLS_TCINDEX=m
CONFIG_NET_CLS_FW=m
CONFIG_NET_CLS_U32=m
CONFIG_CLS_U32_MARK=y
CONFIG_NET_CLS_RSVP=n
CONFIG_NET_CLS_RSVP6=n
CONFIG_NET_CLS_FLOW=m
CONFIG_NET_CLS_MATCHALL=m
CONFIG_NET_CLS_CGROUP=m
CONFIG_NET_CLS_FLOWER=m

Not sure about this one:

CONFIG_NET_EMATCH=y

Also here some of those are needed, at least the _CTINFO and _CONNMARK, not sure about the others:

CONFIG_NET_ACT_CONNMARK=m
CONFIG_NET_ACT_CTINFO=m
CONFIG_NET_ACT_SKBMOD=m
CONFIG_NET_ACT_IFE=m
CONFIG_NET_ACT_TUNNEL_KEY=m
CONFIG_NET_ACT_CT=m
CONFIG_NET_ACT_GATE=m

Besides the CONNTRACK_PPTP, which you already added for us (thanks again) I remember that here also some furthers were needed:

CONFIG_NF_CONNTRACK_ZONES=y
CONFIG_NF_CONNTRACK_EVENTS=y
CONFIG_NF_CONNTRACK_TIMEOUT=y
CONFIG_NF_CONNTRACK_TIMESTAMP=y
CONFIG_NF_CONNTRACK_LABELS=y

When it came to bridges there were also some things needed, but again not sure which:

CONFIG_BRIDGE_NETFILTER=m
CONFIG_NFT_BRIDGE_META=m
CONFIG_NFT_BRIDGE_REJECT=m
CONFIG_NF_CONNTRACK_BRIDGE=m
CONFIG_BRIDGE_NF_EBTABLES=m
CONFIG_BRIDGE_MRP=y

Also here I remeber one or more those were needed:

CONFIG_NF_DUP_NETDEV=m
CONFIG_NFT_DUP_NETDEV=m
CONFIG_NFT_FWD_NETDEV=m
CONFIG_NFT_REJECT_NETDEV=m

Ok, added lots more, give it a try, build or wait 24h.

1 Like

Did you know you can now build the linux package on a x86-64 machine running archlinux (in a chroot)?

Thank you very much. I will try it then and give you feedback.

No, I didn’t. Do you have more details on that? I’m very interested.

Just makepkg on x86 machine…

1 Like

The new 6.10.3 now has the new options in prebuild package.

ALERT:

Router Setup using dsa port 5 now is broken, because port 5 became a dsa conduit port in the newer kernels.