User Tools

Site Tools


en:cube:install

Install a cube

This procedure explains how to setup an Internet Cube (Olimex Lime2 or lime) and configure it with the Neutrinet VPN.

Generate the VPN certificates

In order to use our VPN, you need to follow this registration process. You will generate a private key and obtain a personal VPN certificate.

In case, for some reason, you are reinstalling a cube and you want to reuse your VPN certificate, you can find them on a running (or dead) cube as user.crt, user.key, ca-server.crt and credentials in /etc/openvpn/keys.

Generate a cube file

To configure Yunohost's VPN app, you will need a cube file which contains your VPN credentials and certificates. Put all the VPN files in the same folder.

You will also need a file with the credentials chosen while the registration process :

snippet.bash
cd <path/to/foler>
nano auth

In the file, write your credentials, for example :

snippet.bash
a.mail@address.xyz
Password or Passphrase

In the same folder, download Neutrinet's script to create a .cube :

snippet.bash
wget https://git.domainepublic.net/Neutrinet/scripts/-/raw/master/cubefile/faire_un_point_cube.sh

Run the script :

snippet.bash
./faire_un_point_cube.sh 

Components

This is the strict minimum you need:

  • a computer (preferably running a Linux/Unix/BSD system) to perform the install
  • a A20-OLinuXino-LIME board
  • a microSD card where the Cube operating system (Yunohost/Debian) will be stored
  • a MOD-WIFI-R5370-ANT WiFi Antenna (optional)
  • a 5V DC power adapter
  • a Neutrinet VPN account

You can find details about the components and buy them here

Others

You'll also need:

  • An Internet connection to download the Yunohost image.
  • An ethernet cable to connect the Cube to your home router (i.e. your ISP internet box)

Install Yunohost on the SD Card

Download the Yunohost image

Download the latest version of Yunohost for internet cubes (Olimex Lime1 or Lime2) from https://yunohost.org/en/administrate/install/hardware:internetcube

For instance, for a Lime2 board:

snippet.bash
wget https://build.yunohost.org/internetcube-buster-4.1.7.4_v2021.04.01-lime2-stable.img.gz

Import the Yunohost GPG key:

snippet.bash
gpg --keyserver keyserver.ubuntu.com --recv-keys 1904C5B42E4856DCD4E9CF96360AAF3259A3E6FF

Download the image's signature:

snippet.bash
wget https://build.yunohost.org/internetcube-buster-4.1.7.4_v2021.04.01-lime2-stable.img.gz.sig

Verify the image's signature:

snippet.bash
gpg --verify internetcube-buster-4.1.7.4_v2021.04.01-lime2-stable.img.gz.sig

Uncompress the Yunohost image:

snippet.bash
gunzip internetcube-buster-4.1.7.4_v2021.04.01-lime2-stable.img.gz

Flash the SD card

Read the Yunohost documentation for graphical methods: https://yunohost.org/en/administrate/install/hardware:internetcube#flash-the-image-type-image

First, find the device name of your SD card:

snippet.bash
lsblk

Usually, it's mmcblk0

Install the image on your SD card (all data on the SD card will be lost).

snippet.bash
sudo dd if=internetcube-buster-4.1.7.4_v2021.04.01-lime2-stable.img of=/dev/mmcblk0 status=progress

:!: Ensure that the SD card is not mounted during the copy process!

Remove the SD card from your computer when it's done.

Start your Cube

Prepare it

  • Make sure the Cube is not connected to a power source (e.g: the power cable should be unplugged)
  • Insert the WiFi antenna into the USB port of the Cube's board
  • Insert the SD card into your Cube
  • Connect your Cube to an ethernet cable that is connected to your home router (i.e your ISP internet box)
  • Make sure your computer is connected (via WiFi or ethernet) to your home router too (you will connect to your Cube via the local network)

Boot it

  • Connect the power cable to the Cube to start it
  • Wait a couple of minutes to let the Cube start and connect to the network

Find it on the network

In order to connect to your Cube, you need to find its IP address on your local network.

In your terminal, run:

snippet.bash
for interface in $(ip link show up | grep "state UP" | cut -d ':' -f 2); do
  sudo arp-scan -l --interface "$interface" | grep -P '\t02' | cut -f 1
done

The output should give you a list of IP addresses:

192.168.1.46

These are IP addresses of Internet Cubes connected on the local network.

If you cannot find your cube, try again a couple of minutes later.

Run the Internet Cube installer

Connect to https://192.168.1.46 (Please replace 192.168.1.46 with the IP address of your Cube found in the previous step)

Provide the following details:

  • The main domain name
  • First user name
  • First user password (this will be your admin password as well)
  • Your cube file generated in a previous step
  • Your Wifi hotspot credentials (optional)

You will be able to change your passwords later on if you want.

Install the Neutrinet app

Your VPN certificate will be valid for 1 year.

Connect to your Cube with SSH:

snippet.bash
ssh admin@192.168.1.46

(Please replace 192.168.1.46 with the IP address of your Cube found in the previous step)

Install the Neutrinet app for Yunohost in order to let the cube automatically renew the certificate before expiration:

snippet.bash
sudo yunohost app install neutrinet

You can keep the default values.

Configure the DNS records of your domain

See this page.

Configure IPv6 for the Hotspot Wifi

If you installed the hotspot Wifi, you need an extra step to configure IPv6.

Connect to https://user.neutrinet.be/ and enter your VPN credentials. You can find them in your cube file or in /etc/openvpn/keys/credentials on your internet cube.

Go to your client details by clicking on the entry with mail address.

You should see IPv6 subnet lease (the row with a /64 IPv6).

In case you don't have a IPv6 subnet lease yet, click on Modify IP lease assignment.

Then click on your mail address and click Add IPv6 subnet lease.

Choose a range of 64, and click on the Assign button.

You can then go back to the home page to see your new IPv6 subnet lease.

Connect to Wifi Hotspot admin of your internet cube: https://192.168.1.46/wifiadmin/

Then, under the tab IPv6, paste the IPv6 subnet lease to the delegated prefix field.

Click on the button Save and reload to apply your changes.

Troubleshootings

If you have issues, or maybe you were able to find a fix for an issue, do not hesitate to contact us : https://chat.neutrinet.be

During the install

Debian repositories changed from stable to oldstable

See also https://github.com/YunoHost/issues/issues/1852

At the very first step of the internet cube installer, the install is stuck with the following error:

E: Repository 'http://deb.debian.org/debian buster InRelease' changed its 'Suite' value from 'stable' to 'oldstable'
E: Repository 'http://security.debian.org buster/updates InRelease' changed its 'Suite' value from 'stable' to 'oldstable'
E: Repository 'http://deb.debian.org/debian buster-updates InRelease' changed its 'Suite' value from 'stable-updates' to 'oldstable-updates'
Command 'DEBIAN_FRONTEND=noninteractive APT_LISTCHANGES_FRONTEND=none LC_ALL=C apt-get -o=Acquire::Retries=3 -o=Dpkg::Use-Pty=0 --quiet --assume-yes update &>> ./data/upgrade.logs' returned non-zero exit status 100.

Connect with SSH to your cube with the root account:

snippet.bash
ssh root@192.168.1.46

Enter yunohost as password.

Then, just run:

snippet.bash
apt update

And then answer yes to the questions.

VPN install failed

See also https://github.com/labriqueinternet/install/issues/4

In case there are special characters in your VPN account password:, the install will fail with the following error:

Running: yunohost app addaccess vpnclient -u '******'
'yunohost app addaccess' is deprecated and will be removed in the future
'yunohost app addaccess' is deprecated and will be removed in the future
allowed_users: 
  vpnclient: ******
Running: yunohost app setting vpnclient service_enabled -v 1
Running: ynh-vpnclient-loadcubefile.sh -u '******' -p '[REDACTED]' -c /tmp/config.cube
[VPN] Error: Configuration updated but service reload failed
Command 'ynh-vpnclient-loadcubefile.sh -u '******' -p '[REDACTED]' -c /tmp/config.cube &>> ./data/configure_vpnclient.logs' returned non-zero exit status 1.

Connect to your internet cube with the admin account:

snippet.bash
ssh admin@192.168.1.46

Enter your admin password.

Then, run the command that failed:

snippet.bash
sudo ynh-vpnclient-loadcubefile.sh -u "<username>" -p "<password>" -c /tmp/config.cube

(Please replace <username> and <password> with your credentials.)

:!: Make sure to keep the quotes!

On the internet cube installer, retry the last step by clicking on the yellow button.

The loading bar freeze

If the loading bar freeze during the install, set the debug mode button to up.

You will then see the details of the install and what the install procedure is doing.

iptables/nftables doesn't seem to be working

See https://chat.neutrinet.be/api/v4/files/3wxxx14t7fg6xjomitpyojk4fy/preview

This is due to a kernel update: you just need to reboot the cube.

Then, connect to the internet cube installer and retry the last step.

After the install

Issues with /tmp in RAM

By default, the files /tmp folder are stored in RAM, which isn't a good idea when you have less than 1Gb available in a cube. See tmpfs / armbian

You can disable this by running the following:

snippet.bash
sudo sed s/^ENABLED=true/ENABLED=false/ /etc/default/armbian-zram-config -i
sudo sed 's/^tmpfs/# tmpfs/' /etc/fstab -i

Then, reboot the cube:

snippet.bash
sudo reboot

Unable to access some websites from the cube

When your cube is connected to the Neutrinet VPN in IPv6, you might be unable to access some websites, although you are able to ping them. In addition, if you have a domain in .nohost.me or .nohost.fr, etc. your cube won't be able to update the DynDNS.

Connect with SSH to the cube:

snippet.bash
ssh admin@192.168.1.46

You need to reduce the MTU used to connect to the VPN:

snippet.bash
sudo nano /etc/openvpn/client.conf.tpl

In the section neutrinet or Custom, add the line:

mssfix 1400

Then, restart the VPN client:

snippet.bash
sudo systemctl stop openvpn@client.service
sudo systemctl start ynh-vpnclient-checker

Roundcube fails to install on Lime 1

Roundcube require more than 500M to install. On lime 1, it's necessary to add swap. You can do it by running the following :

snippet.bash
sudo fallocate -l 1G /swapfile
sudo chmod 600 /swapfile
sudo mkswap /swapfile
sudo swapon /swapfile

You can verify that swap is available :

bash sudo swapon --show

This should return a line about the swap.

Then edit your fstab file to activate the swap on startup :

snippet.bash
sudo nano /etc/fstab

Add the line :

snippet.bash
/swapfile none swap sw 0 0
en/cube/install.txt · Last modified: 2021/09/18 19:21 by celo