Discussion

BPI R1 as VPN Aggregating Appliance using vtrunkd

0 256
Edited by rcoulsell at May 16, 2017 20:19

Hi everyone, new to the forum. Having some issues doing a non-standard config of the BPI R1 board.
I am attempting to configure the board as an internet aggregating appliance using the 'vtrunkd' package by VrayoSystems outlined here: How to set up a bonding VPN connection in Linux on Bananan PI M2 board, and a free Amazon AWS E2C ubuntu instance in the cloud. Trying to do it on the cheap, and learn something through DIY.

I am running the latest bananian image (Debian 8/Jessie), and following this great tutorial Using the Banana Pi BPI-R1 as a Router With Bananian. The tutorial got me the basic config going and was pretty straight forward, but of course we are veering off course here.

I have a feeling I am off on the routing configurations (iptables, ip rules, and ip routes). Coupled with splitting out the eth0 into multiple VLAN's / WAN's complicates the process.

Any help / guidance would be greatly appreciated!!!

Here are the various configuration files / settings I have used so far:

nano /etc/network/swconfig

  1. ifconfig eth0 up

  2. # The swconfig port number are:
  3. # |2|1|0|4|  |3|
  4. # (looking at front of ports)

  5. swconfig dev eth0 set reset 1
  6. swconfig dev eth0 set enable_vlan 1

  7. #Configure our VLANs 101 to 104 for our 4 WANs
  8. swconfig dev eth0 vlan 101 set ports '3 8t'
  9. swconfig dev eth0 vlan 102 set ports '4 8t'
  10. swconfig dev eth0 vlan 103 set ports '0 8t'
  11. swconfig dev eth0 vlan 104 set ports '1 8t'

  12. #Configure our VLAN four our LAN Connection
  13. swconfig dev eth0 vlan 201 set ports '2 8t'

  14. swconfig dev eth0 set apply 1
Copy the Code


nano /etc/network/interfaces

  1. auto lo
  2. iface lo inet loopback

  3. # not sure this works with VLAN's tested the state variables with cable plugged and unplugged and didn't see a difference (carrier and operstate don't change)
  4. allow-hotplug eth0
  5. allow-hotplug wlan0

  6. # allow WANs to get external address via DHCP
  7. auto eth0.101
  8.         iface eth0.101 inet dhcp
  9. auto eth0.102
  10.         iface eth0.102 inet dhcp
  11. auto eth0.103
  12.         iface eth0.103 inet dhcp
  13. auto eth0.104
  14.         iface eth0.104 inet dhcp

  15. # allow LAN to get address via DHCP through br0
  16. auto eth0.201
  17.         iface eth0.201 inet manual

  18. auto wlan0
  19.         iface wlan0 inet manual

  20. auto br0
  21.         iface br0 inet static
  22.         bridge_ports eth0.201 wlan0
  23.         bridge_waitport 0
  24.         address 192.168.2.1
  25.         network 192.168.2.0
  26.         netmask 255.255.255.0
Copy the Code


nano /etc/dhcp/dhcpd.conf

  1. ddns-update-style none;
  2. option domain-name-servers 8.8.8.8, 8.8.4.4;

  3. default-lease-time 600;
  4. max-lease-time 7200;
  5. authoritative;
  6. log-facility local7;

  7. subnet 192.168.2.0 netmask 255.255.255.0 {
  8.   range 192.168.2.10 192.168.2.100;
  9.   option routers 192.168.2.1;
  10. }
Copy the Code


no issues with hostapd... so I won't go there...

nano /etc/sysctl.conf

  1. net.ipv4.ip_forward=1
Copy the Code


Then we add some iptables rules to get the routing going... this is probably where I make my first mistakes with multiple WANs...

Set up the reload iptables file
  1. #!/bin/sh
  2. iptables-restore --counters < /etc/iptables/rules.v4
  3. exit 0
Copy the Code


Set up the iptables rules
  1. iptables -A INPUT -i br0 -j ACCEPT
  2. iptables -A INPUT -i lo -j ACCEPT
  3. iptables -A FORWARD -s 192.168.2.0/24 -i br0 -j ACCEPT
  4. iptables -A FORWARD -d 192.168.2.0/24 -i eth0.101 -j ACCEPT
  5. iptables -A FORWARD -d 192.168.2.0/24 -i eth0.102 -j ACCEPT
  6. iptables -A FORWARD -d 192.168.2.0/24 -i eth0.103 -j ACCEPT
  7. iptables -A FORWARD -d 192.168.2.0/24 -i eth0.104 -j ACCEPT
  8. iptables -A -t nat POSTROUTING -j MASQUERADE

  9. chmod 755 /etc/network/if-pre-up.d/iptables
  10. mkdir -p /etc/iptables
  11. iptables-save > /etc/iptables/rules.v4
Copy the Code


At this point I'm feeling pretty good... but major issues begin to show based on my limited ability to set up the multiple WAN's above correctly. I have read the 'man iptables' on my gnome ubuntu linux distro, and even read through The Beginner's Guide to iptables, the Linux Firewall - How-To Geek. I've even poked around google pretty thorough.

All traffic goes out on eth0.101 by default maybe I need a wildcard (i.e eth0.10+) above or to bond the interfaces first. I can however PING 8.8.8.8 -I eth0.10X with X = 1-4 for all four of the VLAN's. So this probably needs to be tweaked more to function with the vtrunkd tutorial. If I get this working off to phase two, getting the trunk to work!
You have to log in before you can reply Login | Sign Up

Points Rules