User Tools

Site Tools

Trace:
en:cube:install

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
en:cube:install [2019/07/09 12:23] – external edit 127.0.0.1en:cube:install [2022/09/16 13:07] (current) – [After the install] celo
Line 1: Line 1:
-====== How to install a cube ======+# Install a cube
  
-This procedure explains how to setup an Internet Cube and configure it for Neutrinet. +This procedure explains how to setup an Internet Cube (Olimex [Lime2](https://www.olimex.com/Products/OLinuXino/A20/A20-OLinuXino-LIME2/open-source-hardware) or [lime](https://www.olimex.com/Products/OLinuXino/A20/A20-OLinuXino-LIME/)) and configure it with the Neutrinet VPN.
-It is based on this document https://repo.labriqueinter.net/+
  
-What you need +## Generate the VPN certificates
-![Installationdebriquesinternet](/uploads/cube/installationdebriquesinternet.png "Installationdebriquesinternet"){.align-center}+
  
-## Neutrinet certs+In order to use our VPN, you need to follow [this registration process](en:vpn:vpn-order). You will generate a private key and obtain a personal VPN certificate. 
 + 
 +In case, for some reason, you are reinstalling a cube and you want to reuse your VPN certificate, you can find them on a running (or dead) cube as user.crt, user.key, ca-server.crt and credentials in /etc/openvpn/keys. 
 + 
 +## Generate a cube file 
 + 
 +To configure Yunohost's VPN app, you will need a cube file which contains your VPN credentials and certificates. Put all the VPN files in the same folder.  
 + 
 +You will also need a file with the credentials chosen while the registration process : 
 + 
 +```bash 
 +cd <path/to/foler> 
 +nano auth 
 +``` 
 +In the file, write your credentials, for example : 
 + 
 +```bash 
 +a.mail@address.xyz 
 +Password or Passphrase 
 +``` 
 + 
 +In the same folder, download Neutrinet's script to create a .cube : 
 +```bash 
 +wget https://git.domainepublic.net/Neutrinet/scripts/-/raw/master/cubefile/faire_un_point_cube.sh 
 +``` 
 + 
 +Run the script : 
 +```bash 
 +./faire_un_point_cube.sh  
 +```
  
-To use our VPN, you need to follow [this registration process](/vpn/order) to generate your private key and obtain your VPN certificate. 
-If, for some reason, you're reïnstalling your cube and you want to reuse your certificates, you can find them on your cube as user.crt, user.key, ca-server.crt and credentials in /etc/openvpn/keys 
  
 ## Components ## Components
  
 This is the strict minimum you need: This is the strict minimum you need:
-- a computer (preferably running a Linux/Unix/BSD system) to perform the install 
-- a A20-OLinuXino-LIME board 
-- a micro SD card where the Cube operating system (Yunohost/Debian) will be stored 
-- a MOD-WIFI-R5370-ANT WiFi Antenna 
-- a 5V DC power adapter 
-- a Neutrinet VPN account (Note : for the moment (until correction), the FQDN of the confirmation link (vpn.neutrinet.be) need to be replace by api.neutrinet.be) 
  
-You can find details about the components and buy them here+  * a computer //(preferably running a Linux/Unix/BSD system)// to perform the install 
-https://cube.neutrinet.be+  * a A20-OLinuXino-LIME board 
 +  * a microSD card where the Cube operating system (Yunohost/Debian) will be stored 
 +  * a MOD-WIFI-R5370-ANT WiFi Antenna (optional) 
 +  * a 5V DC power adapter 
 +  * a Neutrinet VPN account 
 + 
 +You can find details about the components and buy them [here](https://cube.neutrinet.be)
  
 ## Others ## Others
  
 You'll also need: You'll also need:
-- An Internet connection to download the Yunohost image. 
-- An ethernet cable to connect the Cube to your home router (e.g: your Proximus BBox) 
  
-# Install Yunohost on the SD Card+  * An Internet connection to download the Yunohost image. 
 +  * An ethernet cable to connect the Cube to your home router (i.e. your ISP internet box)
  
-In order to install the latest version of Yunohost on the SD card, we'll use a simple script that does the hard work for you.+## Install Yunohost on the SD Card
  
-## Download the script+### Download the Yunohost image
  
-Open a terminalthen:+Download the latest version of Yunohost for internet cubes (Olimex Lime1 or Lime2) from [[https://yunohost.org/en/administrate/install/hardware:internetcube]] 
 + 
 +For instancefor a Lime2 board:
 ```bash ```bash
-$ mkdir ~/internet-cube-install +wget https://build.yunohost.org/internetcube-buster-4.1.7.4_v2021.04.01-lime2-stable.img.gz
-$ cd ~/internet-cube-install +
-wget https://repo.labriqueinter.net/install-sd.sh +
-$ chmod 0755 install-sd.sh+
 ``` ```
  
-## Run the script+Import the Yunohost GPG key: 
 +```bash 
 +gpg --keyserver keyserver.ubuntu.com --recv-keys 1904C5B42E4856DCD4E9CF96360AAF3259A3E6FF 
 +```
  
-First remove the SD card from your computer if present.+Download the image's signature: 
 +```bash 
 +wget https://build.yunohost.org/internetcube-buster-4.1.7.4_v2021.04.01-lime2-stable.img.gz.sig 
 +``` 
 + 
 +Verify the image's signature: 
 +```bash 
 +gpg --verify internetcube-buster-4.1.7.4_v2021.04.01-lime2-stable.img.gz.sig 
 +``` 
 + 
 +Uncompress the Yunohost image: 
 +```bash 
 +gunzip internetcube-buster-4.1.7.4_v2021.04.01-lime2-stable.img.gz 
 +``` 
 + 
 +### Flash the SD card 
 + 
 +Read the Yunohost documentation for graphical methods: [[https://yunohost.org/en/administrate/install/hardware:internetcube#flash-the-image-type-image]] 
 + 
 +First, find the device name of your SD card: 
 +```bash 
 +lsblk 
 +``` 
 +Usually, it's `mmcblk0`
  
-In your terminal, run (add the -2 argument if you use a Lime2 and not a Lime1 and -e if you wan a fully encrypted file system:+Install the image on your SD card (all data on the SD card will be lost).
 ```bash ```bash
-$ ./install-sd.sh [-e] [-2]+sudo dd if=internetcube-buster-4.1.7.4_v2021.04.01-lime2-stable.img of=/dev/mmcblk0 status=progress
 ``` ```
-And follow the on screen instructions. +:!: Ensure that the SD card is *not* mounted during the copy process!
-It will: +
-- detect your SD card +
-- download the latest Yunohost image +
-- verify its integrity +
-- install the image on your SD card (all data on the SD card will be lost)+
  
 Remove the SD card from your computer when it's done. Remove the SD card from your computer when it's done.
  
-# Start your Cube+## Start your Cube
  
-## Prepare it+### Prepare it
  
 - Make sure the Cube is *not* connected to a power source (e.g: the power cable should be unplugged) - Make sure the Cube is *not* connected to a power source (e.g: the power cable should be unplugged)
 - Insert the WiFi antenna into the USB port of the Cube's board - Insert the WiFi antenna into the USB port of the Cube's board
 - Insert the SD card into your Cube - Insert the SD card into your Cube
-- Connect your Cube to an ethernet cable that is connected to your home router (e.g: your Proximus BBox)+- Connect your Cube to an ethernet cable that is connected to your home router (i.your ISP internet box)
 - Make sure your computer is connected (via WiFi or ethernet) to your home router too (you will connect to your Cube via the local network) - Make sure your computer is connected (via WiFi or ethernet) to your home router too (you will connect to your Cube via the local network)
  
-## Boot it+### Boot it
  
 - Connect the power cable to the Cube to start it - Connect the power cable to the Cube to start it
 - Wait a couple of minutes to let the Cube start and connect to the network - Wait a couple of minutes to let the Cube start and connect to the network
  
-## Find it on the network+### Find it on the network
  
 In order to connect to your Cube, you need to find its IP address on your local network. In order to connect to your Cube, you need to find its IP address on your local network.
Line 83: Line 127:
 In your terminal, run: In your terminal, run:
 ```bash ```bash
-./install-sd.sh -l+for interface in $(ip link show up | grep "state UP" | cut -d ':' -f 2); do 
 +  sudo arp-scan -l --interface "$interface" | grep -P '\t02' | cut -f 1 
 +done
 ``` ```
  
-The output should look like this:+The output should give you a list of IP addresses:
 ``` ```
-Internet Cubes found on the network: +192.168.1.46
- +
-  1. YunoHost Admin:    https://192.168.1.46 +
-     SSH Access:        ssh root@192.168.1.46 +
-     HyperCube Debug:   http://192.168.1.46:2468/install.html+
 ``` ```
  
-In this example, the IP address of your Cube on the local network is: +These are IP addresses of Internet Cubes connected on the local network.
-192.168.1.46+
  
-If the script cannot find your cube, try again a couple of minutes later.+If you cannot find your cube, try again a couple of minutes later.
  
-Connect to your Cube via SSH+## Run the Internet Cube installer
  
-To connect to your Cube as root, in your terminal, run:+Connect to https://192.168.1.46 
 +(Please replace `192.168.1.46` with the IP address of your Cube found in the previous step) 
 + 
 +Provide the following details: 
 +  * The main domain name 
 +  * First user name 
 +  * First user password (this will be your admin password as well) 
 +  * Your cube file generated in a previous step 
 +  * Your Wifi hotspot credentials (optional) 
 + 
 +You will be able to change your passwords later on if you want. 
 + 
 +### Install the Neutrinet app 
 + 
 +Your VPN certificate will be valid for 1 year. 
 + 
 +Connect to your Cube with SSH:
 ```bash ```bash
-ssh root@192.168.1.46+ssh admin@192.168.1.46
 ``` ```
 (Please replace 192.168.1.46 with the IP address of your Cube found in the previous step) (Please replace 192.168.1.46 with the IP address of your Cube found in the previous step)
-The root password of your Cube is: 
-olinux 
  
-You'll be asked to change it. Please choose a strong password and do not loose it. 
  
-## Configure your Cube for use with Neutrinet+Install the Neutrinet app for Yunohost in order to let the cube automatically renew the certificate before expiration: 
 +```bash 
 +sudo yunohost app install neutrinet 
 +``` 
 +You can keep the default values. 
 + 
 +## Configure the DNS records of your domain 
 + 
 +See [this page](dns). 
 + 
 +## Configure IPv6 for the Hotspot Wifi 
 + 
 +If you installed the hotspot Wifi, you need an extra step to configure IPv6. 
 + 
 +Connect to https://user.neutrinet.be/ and enter your VPN credentials. You can find them in your cube file or in `/etc/openvpn/keys/credentials` on your internet cube. 
 + 
 +Go to your client details by clicking on the entry with mail address. 
 + 
 +You should see IPv6 subnet lease (the row with a `/64` IPv6).  
 + 
 +In case you don't have a IPv6 subnet lease yet, click on `Modify IP lease assignment`. 
 + 
 +Then click on your mail address and click `Add IPv6 subnet lease`. 
 + 
 +Choose a range of 64, and click on the `Assign` button. 
 + 
 +You can then go back to the home page to see your new IPv6 subnet lease. 
 + 
 +Connect to Wifi Hotspot admin of your internet cube: https://192.168.1.46/wifiadmin/ 
 + 
 +Then, under the tab `IPv6`, paste the IPv6 subnet lease to the delegated prefix field.  
 + 
 +Click on the button `Save and reload` to apply your changes. 
 + 
 +## Troubleshootings 
 + 
 +If you have issues, or maybe you were able to find a fix for an issue, do not hesitate to contact us : https://chat.neutrinet.be 
 + 
 +### During the install 
 + 
 +#### Debian repositories changed from stable to oldstable 
 + 
 +See also https://github.com/YunoHost/issues/issues/1852 
 + 
 +At the very first step of the internet cube installer, the install is stuck with the following error: 
 +``` 
 +E: Repository 'http://deb.debian.org/debian buster InRelease' changed its 'Suite' value from 'stable' to 'oldstable' 
 +E: Repository 'http://security.debian.org buster/updates InRelease' changed its 'Suite' value from 'stable' to 'oldstable' 
 +E: Repository 'http://deb.debian.org/debian buster-updates InRelease' changed its 'Suite' value from 'stable-updates' to 'oldstable-updates' 
 +Command 'DEBIAN_FRONTEND=noninteractive APT_LISTCHANGES_FRONTEND=none LC_ALL=C apt-get -o=Acquire::Retries=3 -o=Dpkg::Use-Pty=0 --quiet --assume-yes update &>> ./data/upgrade.logs' returned non-zero exit status 100. 
 +```
  
-Now that you're connected to your Cube via SSH, you will download the configuration script and run it:+Connect with SSH to your cube with the root account:
 ```bash ```bash
-root@olinux:~# wget https://raw.githubusercontent.com/labriqueinternet/configuration_scripts/master/neutrinet.sh +ssh root@192.168.1.46
-root@olinux:~# chmod 0755 neutrinet.sh +
-root@olinux:~# ./neutrinet.sh+
 ``` ```
 +Enter `yunohost` as password.
  
-And follow the on screen instructions. +Then, just run: 
-Important: at some point during the installation, the script will prompt your for an "Administration password". This password is: +```bash 
-neutrinet+apt update 
 +``` 
 +And then answer yes to the questions.
  
-It will: +#### VPN install failed
-- ask you for: +
-  - a Main domain name. If you choose example.com, you'll access your cube via https://example.com +
-  - a Username, used to connect to the user interface and access your apps +
-  - your Firstname/Lastname, used to send emails +
-  - an Email. It must contain the domain previously entered as second part, e.g: jon@example.com +
-  - VPN client certificate. This is the content of the client.crt file you download. +
-  - VPN client key. This is the content of the client.key file you download. +
-  - CA server certificate. This is the content of the ca.crt file you download. +
-  - VPN username/password. Can be found in the auth file you downloaded. +
-  - IPv6 delegated prefix. If you don't have one, leave it blank (only necessary if you want to use IPv6) +
-  - WiFi AP SSID. This is the name of the WiFi network created by your Cube, as it will appear in the available WiFi list of your computer. +
-  - The Administration password. This password is: neutrinet +
-- update the system +
-- finish the Yunohost configuration +
-install the following Yunohost apps: +
-  - vpnclient: to connect to the Neutrinet VPN +
-  - hotspot: to create a WiFi network +
-  - doctorcube: to help fix the Cube in some situations +
-  - neutrinet_ynh: to help fix the outdated certificate issue+
  
-## Change all passwords+See also https://github.com/labriqueinternet/install/issues/4
  
-Those passwords have been set to 'neutrinet(without quotes) during the install process.+In case there are special characters in your VPN account password:, the install will fail with the following error: 
 +``` 
 +Running: yunohost app addaccess vpnclient -u '******' 
 +'yunohost app addaccess' is deprecated and will be removed in the future 
 +'yunohost app addaccess' is deprecated and will be removed in the future 
 +allowed_users:  
 +  vpnclient: ****** 
 +Running: yunohost app setting vpnclient service_enabled -v 1 
 +Running: ynh-vpnclient-loadcubefile.sh -u '******' -p '[REDACTED]' -c /tmp/config.cube 
 +[VPN] Error: Configuration updated but service reload failed 
 +Command 'ynh-vpnclient-loadcubefile.sh -u '******' -p '[REDACTED]' -c /tmp/config.cube &>> ./data/configure_vpnclient.logs' returned non-zero exit status 1. 
 +```
  
-- Administration password: https://example.com/yunohost/admin/#/tools/adminpw +Connect to your internet cube with the admin account
-- User passwordhttps://example.com/yunohost/sso/password.html +```bash 
-- WiFi Hotspot password: https://example.com/wifiadmin/ +ssh admin@192.168.1.46 
-- root password: +``` 
-  ``` +Enter your admin password.
-  ssh root@example.com +
-  $ passwd +
-  ``` +
  
-# Configure the DNS records of your domain+Then, run the command that failed: 
 +```bash 
 +sudo ynh-vpnclient-loadcubefile.sh -u "<username>" -p "<password>" -c /tmp/config.cube 
 +``` 
 +(Please replace `<username>` and `<password>` with your credentials.)
  
-See [this page](dns).+:!: Make sure to keep the quotes! 
 + 
 +On the internet cube installer, retry the last step by clicking on the yellow button. 
 + 
 +#### The loading bar freeze 
 + 
 +If the loading bar freeze during the install, set the debug mode button to up. 
 + 
 +You will then see the details of the install and what the install procedure is doing. 
 + 
 +#### iptables/nftables doesn't seem to be working 
 + 
 +See https://chat.neutrinet.be/api/v4/files/3wxxx14t7fg6xjomitpyojk4fy/preview 
 + 
 +This is due to a kernel update: you just need to reboot the cube. 
 + 
 +Then, connect to the internet cube installer and retry the last step. 
 + 
 +### After the install 
 + 
 +#### Issues with /tmp in RAM 
 + 
 +By default, the files `/tmp` folder are stored in RAM, which isn't a good idea when you have less than 1Gb available in a cube. See [tmpfs / armbian](https://forum.armbian.com/topic/10977-tmp-gets-eventually-full-how-to-purge-it/) 
 + 
 +You can disable this by running the following: 
 +```bash 
 +sudo sed s/^ENABLED=true/ENABLED=false/ /etc/default/armbian-zram-config -i 
 +sudo sed s/^ENABLED=true/ENABLED=false/ /etc/default/armbian-ramlog -i 
 +sudo sed 's/^tmpfs/# tmpfs/' /etc/fstab -i 
 +``` 
 + 
 +Then, reboot the cube: 
 +```bash 
 +sudo reboot 
 +``` 
 + 
 +#### Unable to access some websites from the cube 
 + 
 +When your cube is connected to the Neutrinet VPN in IPv6, you might be unable to access some websites, although you are able to ping them. In addition, if you have a domain in .nohost.me or .nohost.fr, etc. your cube won't be able to update the DynDNS.  
 + 
 +Connect with SSH to the cube: 
 +```bash 
 +ssh admin@192.168.1.46 
 +``` 
 + 
 +You need to reduce the MTU used to connect to the VPN: 
 +```bash 
 +sudo nano /etc/openvpn/client.conf.tpl 
 +``` 
 +In the section `neutrinet` or `Custom`, add the line: 
 +``` 
 +mssfix 1400 
 +``` 
 + 
 +Then, restart the VPN client: 
 +```bash 
 +sudo systemctl stop openvpn@client.service 
 +sudo systemctl start ynh-vpnclient-checker 
 +``` 
 + 
 +#### Roundcube fails to install on Lime 1 
 + 
 +Roundcube require more than 500M to install. On lime 1, it's necessary to add swap. You can do it by running the following : 
 + 
 +```bash 
 +sudo fallocate -l 1G /swapfile 
 +sudo chmod 600 /swapfile 
 +sudo mkswap /swapfile 
 +sudo swapon /swapfile 
 +``` 
 +You can verify that swap is available : 
 +  
 +```bash 
 +sudo swapon --show 
 +``` 
 + 
 +This should return a line about the swap. 
 + 
 +Then edit your fstab file to activate the swap on startup : 
 + 
 +```bash 
 +sudo nano /etc/fstab 
 +``` 
 + 
 +Add the line : 
 +```bash 
 +/swapfile none swap sw 0 0 
 +```
  
-# Problems 
-We try to keep a list of issues we face at https://wiki.neutrinet.be/cube/problems  
-If you have issues, or maybe you were able to find a fix for an issue, do not hesitate to contact us. 
en/cube/install.1562667834.txt.gz · Last modified: 2019/10/13 15:01 (external edit)