[Freedombox-discuss] Setting up a FreedomBox on an apu1d4. Problem with "network".
A. F. Cano
afc at shibaya.lonestar.org
Thu Mar 17 02:10:57 UTC 2016
On Tue, Feb 16, 2016 at 11:41:37PM +0530, Sunil Mohan Adapa wrote:
Thanks for replying. I can't believe it's been a month since my
original message. I finally have some more details, and some progress.
> On 02/13/2016 08:40 AM, A. F. Cano wrote:
> >
> > I just installed the latest freedombox image on a 4GB SD card:
> >
> > dd bs=1M if=freedombox-unstable-free_2015-12-13_all-amd64.img of=/dev/sde conv=fdatasync
> > dd: writing `/dev/sde': No space left on device
> > 3797+0 records in
> > 3796+0 records out
> > 3980394496 bytes (4.0 GB) copied, 180.22 s, 22.1 MB/s
> >
> > I put the SD card in the slot and it seems to have booted up fine. For now
> > the freedombox is just connected to a standalone computer via the center
> > ethernet port. I can access it at 10.42.0.1 after I configured the computer
> > like this:
> >
> > ifconfig eth0 10.42.0.8 netmask 255.255.255.0
>
> You should not have to configure the computer manually. FreedomBox
> should act as a DHCP server and provide your computer a proper IP address.
The problem is that in my internal network I don't use DHCP. I have
static IP addresses in the /etc/hosts file.
I have finally connected it where it should be in the final
configuration, the staic IP addresses issue is solved, but due to no
internet access except via ppp (which is apparently not supported yet)
I can't really use it for anything yet, or even upgrade it. More below.
> > From the browser, I got all the warnings about certificates as explained
> > here: https://wiki.debian.org/FreedomBox/Manual and then I was told that
> > the initial set up was done and I had 2 choices (buttons): network and
> > applications. I selected network and it showed that only one interface
> > was connected: FreedomBox LAN enp2s0. When I clicked on it, to see if I
> > could change the IP address (I run static IP addresses in my local
> > network - 192.168.x.x) I got this:
> >
> > 500
> > This is an internal error and not something you caused or can fix. Please
> > report the error on the bug tracker so we can fix it.
>
> This is a known issue while showing the details of a network connection.
> As a workaround, from here you can proceed to editing the network
> connection by typing "/edit" at the end of the show URL. This issue is
> fixed in the latest version of Plinth (0.7.2, or it could be the
> upcoming version 0.8).
Very strangely, I tried many many times to duplicate the original setup:
the freedombox connected directly to a single computer, and couldn't
even get the web browser to connect. Then, at some point (and I'm not
sure what changed or what I did differently) I could get back in.
This is after multiple power off cycles and many many ifconfig and route
configurations. Maybe it's just long timeouts that I kept interrupting
and if I had waited everything would have stabilized.
I eventually could connect from the internal network:
Computer 1 -> inside outside -> ubiquiti 1 -> internet
Computer 2 -> netgear -> freedombox -> netgear -> ubiquiti 2 -> internet
router router
> Even though you see the above error, it is not a hindrance to editing,
> activating, deactivating or deleting the connection with workaround.
Like I said, very strangely, I now don't get the "internal error"
described earlier. When I click on the internal interface (enp3s0) I
get the correct screen and I even see an "Edit" button.
When I figured out I had to change the drop-down list to manual I could
enter the new ipv4 address. After a reboot I could then access the
freedombox from the internal network.
Then I changed the WAN/outside interface to the same IP as the internal.
Big scare! The freedombox was inaccessible for many minutes after a
restart and then suddenly it was again. The long timeouts?
I did this an an attempt to access the ubiquiti routers that are between
the freedombox and the internet. They are inaccessible. It's no
surprise that an arp_scan only shows what's on the internal network.
Actually, the outside router (between the freedombox WAN interface and
the Ubiquitis) is also inaccessible.
> You may alternatively use the 'nmtui' and 'nmcli' command line tools for
> editing Network Manager connections (for which Plinth is simply a Web UI).
Is there a specific way to access the command line? I remember reading
in the online manual that such access is not possible unless I install
a patched image. However, I just stumbled on a post on this list about
ssh and it turns out that I can ssh to the freedombox from computers on
the internal network. I'll have to investigate how to use these tools
to deal with the usb-tethered phone that does ppp.
> > Is what I'm trying to do possible? I would like to change the IP address
> > of the freedombox to 192.168.x.x so it fits into my internal network. For
> > the "outside" or WAN ethernet port I will have a 4-port router to which are
> > connected 2 Ubiquiti bullet 2 (HP and M2 HP) in station mode. This setup
> > was working very nicely (without the freedombox) when there was wifi
> > available, which is not the case now. So, as a backup I would like to use
> > a tethered cell phone in a usb port on the apu1d4/freedombox. Since ths
> > tethered phone acts like a modem (which works great although quite slowly,
> > with ppp when connected directly to a computer) it would be really nice
> > if I could just plug it in into the freedombox and have internet access
> > when the 2 ubiquitis don't find an AP.
> >
>
> I am not really clear on the targeted network setup. However, since you
> want to connect using Phone sometimes, here is what comes to my mind:
See the ascii diagram above, or below (in the same order as yours):
> Regular Internet:
>
> Internet --> (Slot 1) FreedomBox (Slot 2 or 3) --> Downstream router -->
> Ubiquiti
Actually, it's like this:
Internet -> Ubiquiti 1 -> outside -> (s1) FreedomBox (s2/s3 -> inside -> comp 1
Internet -> Ubiquiti 2 -> router router -> comp 2
> Internet with Phone:
>
> Phone (USB) --> (USB) FreedomBox (Slot 2 or 3) --> Downstream router -->
> Ubiquiti
Correct, except there is no Ubiquiti in this situation as they are the
alternative to the phone.
In neither (outside or inside) router is the "internet interface" used.
Only the internal ones, so they're essentially used as switches. None
of the problems are due to firewall issues in any router since those
interfaces are not used.
> 1) To connect Internet connection on Slot 1, if DHCP works, leave the
> default configuration, otherwise, edit as necessary. zone should be
> 'external'
>
> 2) When you connect a USB tethered phone it will show us as an Ethernet
> device. Which you can configure as 'external' connection in Plinth. If
> your phone only provides PPP, you will have configure that from 'nmtui'
> from command line (Plinth does not do PPP connections yet)
Ok, so ssh it is for now. I'll play with nmtui but given how ppp works
(needing to be started and stopped to make the calls) it would be really
nice to be able to configure it via plinth to either do on-demand calls
(with time restrictions) or pon/poff from a button on the web interface.
> 3) For Slot 2 or 3, you don't have to configure much. FreedomBox will
> automatically provide DHCP addresses (10.42.0.x series) to router and
> which ever device wants to connect. If you want to change the allocated
> pool of IP addresses, Plinth UI does not have the capability yet. You
> will have to do this using nmtui on command line. For example, if you
> want to have 192.168.0.1 to 254 addresses allocated, then set the method
> to 'shared', IP to 192.168.0.1 and netmask to 24.
Without the freedombox, I can access the Ubiquiti routers at their
192.168.x.x internal (wired) interface. Now the freedombox makes that
impossible. How can I access the web interface of the ubiquiti routers
that are on the WAN/outside interface of the freedombox? From the
inside network of course.
> Hope this helps, do write about your targeted layout.
Thanks. I keep learning. After I learn how to use the command line
interface, I'll try to see how connecting the ppp phone works or doesn't.
But I keep investigating and I have more specific questions below.
Then, I'll start configuring all the apps.
The immediate items are:
1 - How to upgrade with only the ppp phone available. I can dd a new
image to the sd card but it looks like the preferred way is to do
upgrades via the net. Looks like I'll have to figure out and configure
ppp. What would be the command line way? install the ppp files I'm
already running (on another computer) into /etc/ppp and
/etc/chatscripts? What else do I need to do? ssh into the freedombox
and manually start pon/poff? I notice that /etc/chatscripts is not
accessible by the admin user I created during initial set up and that
pon/poff can only be run by users in the group dip. What are the
security implications of messing with users and group memberships in
the context of the freedombox? Should I wait for ppp to be implemented
properly? What would be the way to implement ppp properly?
2 - Accessing the Ubiquiti routers from the inside network. Maybe this
is a firewall issue, but I don't see what in the current (default) setup
can cause this. Maybe I need to create a route through the freedombox
as a gateway, but I suspect that having the same IPV4 number on both the
internal and WAN interfaces is a problem for the freedombox and routing.
After all, arp_scan on the internal net only shows what is physically
connected to the internal router. Without the freedombox, the ubiquiti
routers are also visible/accessible.
Is the only way to reconfigure the Ubiquiti routers to use DHCP on the
wired interface (that connects to the WAN interface of the freedombox)
and reset that interface to use DHCP?
In any case, thanks for replying, and of course for your work on the
freedombox. It is much appreciated.
> --
> Sunil
Augustine
More information about the Freedombox-discuss
mailing list