User Tools

Site Tools


en:cube:install

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
en:cube:install [2019/07/09 22:58] tierceen:cube:install [2022/09/16 13:07] (current) – [After the install] celo
Line 1: Line 1:
 # Install a cube # Install a cube
  
-FIXME +This procedure explains how to setup an Internet Cube (Olimex [Lime2](https://www.olimex.com/Products/OLinuXino/A20/A20-OLinuXino-LIME2/open-source-hardware) or [lime](https://www.olimex.com/Products/OLinuXino/A20/A20-OLinuXino-LIME/)) and configure it with the Neutrinet VPN.
- +
-This procedure explains how to setup an Internet Cube and configure it for Neutrinet. +
-It is based on this document https://repo.labriqueinter.net/+
  
 ## Generate the VPN certificates ## Generate the VPN certificates
  
-To use our VPN, you need to follow [this registration process](en:vpn:order) to generate the private key and obtain a personnal VPN certificate. There it also a [python script](https://github.com/Neutrinet/scripts/tree/master/vpn). //(Both can be touchy)//+In order to use our VPN, you need to follow [this registration process](en:vpn:vpn-order). You will generate private key and obtain a personal VPN certificate.
  
-If, for some reason, you're re-installing a cube and you want to re-use a certificate, you can find them on a running (or dead) cube as user.crt, user.key, ca-server.crt and credentials in /etc/openvpn/keys.+In case, for some reason, you are reinstalling a cube and you want to reuse your VPN certificate, you can find them on a running (or dead) cube as user.crt, user.key, ca-server.crt and credentials in /etc/openvpn/keys. 
 + 
 +## Generate a cube file 
 + 
 +To configure Yunohost's VPN app, you will need a cube file which contains your VPN credentials and certificates. Put all the VPN files in the same folder.  
 + 
 +You will also need a file with the credentials chosen while the registration process : 
 + 
 +```bash 
 +cd <path/to/foler> 
 +nano auth 
 +``` 
 +In the file, write your credentials, for example : 
 + 
 +```bash 
 +a.mail@address.xyz 
 +Password or Passphrase 
 +``` 
 + 
 +In the same folder, download Neutrinet's script to create a .cube : 
 +```bash 
 +wget https://git.domainepublic.net/Neutrinet/scripts/-/raw/master/cubefile/faire_un_point_cube.sh 
 +``` 
 + 
 +Run the script : 
 +```bash 
 +./faire_un_point_cube.sh  
 +```
  
  
Line 20: Line 44:
   * a A20-OLinuXino-LIME board   * a A20-OLinuXino-LIME board
   * a microSD card where the Cube operating system (Yunohost/Debian) will be stored   * a microSD card where the Cube operating system (Yunohost/Debian) will be stored
-  * a MOD-WIFI-R5370-ANT WiFi Antenna+  * a MOD-WIFI-R5370-ANT WiFi Antenna (optional)
   * a 5V DC power adapter   * a 5V DC power adapter
-  * a Neutrinet VPN account (Note : for the moment (until correction), the FQDN of the confirmation link (vpn.neutrinet.be) need to be replace by api.neutrinet.be)+  * a Neutrinet VPN account
  
 You can find details about the components and buy them [here](https://cube.neutrinet.be) You can find details about the components and buy them [here](https://cube.neutrinet.be)
Line 31: Line 55:
  
   * An Internet connection to download the Yunohost image.   * An Internet connection to download the Yunohost image.
-  * An ethernet cable to connect the Cube to your home router (e.g: your Proximus BBox)+  * An ethernet cable to connect the Cube to your home router (i.e. your ISP internet box)
  
 ## Install Yunohost on the SD Card ## Install Yunohost on the SD Card
  
-In order to install the latest version of Yunohost on the SD card, we'll use a simple script that does the hard work for you.+### Download the Yunohost image
  
-### Download the script+Download the latest version of Yunohost for internet cubes (Olimex Lime1 or Lime2) from [[https://yunohost.org/en/administrate/install/hardware:internetcube]]
  
-Open a terminalthen:+For instancefor a Lime2 board:
 ```bash ```bash
-$ mkdir ~/internet-cube-install +wget https://build.yunohost.org/internetcube-buster-4.1.7.4_v2021.04.01-lime2-stable.img.gz
-$ cd ~/internet-cube-install +
-wget https://repo.labriqueinter.net/install-sd.sh +
-$ chmod 0755 install-sd.sh+
 ``` ```
  
-### Run the script+Import the Yunohost GPG key: 
 +```bash 
 +gpg --keyserver keyserver.ubuntu.com --recv-keys 1904C5B42E4856DCD4E9CF96360AAF3259A3E6FF 
 +```
  
-First remove the SD card from your computer if present.+Download the image's signature: 
 +```bash 
 +wget https://build.yunohost.org/internetcube-buster-4.1.7.4_v2021.04.01-lime2-stable.img.gz.sig 
 +```
  
-In your terminal, run (add the -2 argument if you use a Lime2 and not a Lime1 and -e if you wan a fully encrypted file system) :+Verify the image's signature:
 ```bash ```bash
-$ ./install-sd.sh [-e] [-2]+gpg --verify internetcube-buster-4.1.7.4_v2021.04.01-lime2-stable.img.gz.sig
 ``` ```
-And follow the on screen instructions. + 
-It will+Uncompress the Yunohost image
-detect your SD card +```bash 
-- download the latest Yunohost image +gunzip internetcube-buster-4.1.7.4_v2021.04.01-lime2-stable.img.gz 
-verify its integrity +``` 
-install the image on your SD card (all data on the SD card will be lost)+ 
 +### Flash the SD card 
 + 
 +Read the Yunohost documentation for graphical methods: [[https://yunohost.org/en/administrate/install/hardware:internetcube#flash-the-image-type-image]] 
 + 
 +First, find the device name of your SD card: 
 +```bash 
 +lsblk 
 +``` 
 +Usually, it's `mmcblk0` 
 + 
 +Install the image on your SD card (all data on the SD card will be lost)
 +```bash 
 +sudo dd if=internetcube-buster-4.1.7.4_v2021.04.01-lime2-stable.img of=/dev/mmcblk0 status=progress 
 +``` 
 +:!: Ensure that the SD card is *not* mounted during the copy process!
  
 Remove the SD card from your computer when it's done. Remove the SD card from your computer when it's done.
Line 71: Line 113:
 - Insert the WiFi antenna into the USB port of the Cube's board - Insert the WiFi antenna into the USB port of the Cube's board
 - Insert the SD card into your Cube - Insert the SD card into your Cube
-- Connect your Cube to an ethernet cable that is connected to your home router (e.g: your Proximus BBox)+- Connect your Cube to an ethernet cable that is connected to your home router (i.your ISP internet box)
 - Make sure your computer is connected (via WiFi or ethernet) to your home router too (you will connect to your Cube via the local network) - Make sure your computer is connected (via WiFi or ethernet) to your home router too (you will connect to your Cube via the local network)
  
Line 85: Line 127:
 In your terminal, run: In your terminal, run:
 ```bash ```bash
-./install-sd.sh -l+for interface in $(ip link show up | grep "state UP" | cut -d ':' -f 2); do 
 +  sudo arp-scan -l --interface "$interface" | grep -P '\t02' | cut -f 1 
 +done
 ``` ```
  
-The output should look like this:+The output should give you a list of IP addresses:
 ``` ```
-Internet Cubes found on the network: +192.168.1.46
- +
-  1. YunoHost Admin:    https://192.168.1.46 +
-     SSH Access:        ssh root@192.168.1.46 +
-     HyperCube Debug:   http://192.168.1.46:2468/install.html+
 ``` ```
  
-In this example, the IP address of your Cube on the local network is: +These are IP addresses of Internet Cubes connected on the local network.
-192.168.1.46+
  
-If the script cannot find your cube, try again a couple of minutes later.+If you cannot find your cube, try again a couple of minutes later.
  
-Connect to your Cube via SSH+## Run the Internet Cube installer
  
-To connect to your Cube as root, in your terminal, run:+Connect to https://192.168.1.46 
 +(Please replace `192.168.1.46` with the IP address of your Cube found in the previous step) 
 + 
 +Provide the following details: 
 +  * The main domain name 
 +  * First user name 
 +  * First user password (this will be your admin password as well) 
 +  * Your cube file generated in a previous step 
 +  * Your Wifi hotspot credentials (optional) 
 + 
 +You will be able to change your passwords later on if you want. 
 + 
 +### Install the Neutrinet app 
 + 
 +Your VPN certificate will be valid for 1 year. 
 + 
 +Connect to your Cube with SSH:
 ```bash ```bash
-ssh root@192.168.1.46+ssh admin@192.168.1.46
 ``` ```
 (Please replace 192.168.1.46 with the IP address of your Cube found in the previous step) (Please replace 192.168.1.46 with the IP address of your Cube found in the previous step)
-The root password of your Cube is: 
-olinux 
  
-You'll be asked to change it. Please choose a strong password and do not loose it. 
  
-## Configure your Cube for use with Neutrinet+Install the Neutrinet app for Yunohost in order to let the cube automatically renew the certificate before expiration: 
 +```bash 
 +sudo yunohost app install neutrinet 
 +``` 
 +You can keep the default values. 
 + 
 +## Configure the DNS records of your domain 
 + 
 +See [this page](dns). 
 + 
 +## Configure IPv6 for the Hotspot Wifi 
 + 
 +If you installed the hotspot Wifi, you need an extra step to configure IPv6. 
 + 
 +Connect to https://user.neutrinet.be/ and enter your VPN credentials. You can find them in your cube file or in `/etc/openvpn/keys/credentials` on your internet cube. 
 + 
 +Go to your client details by clicking on the entry with mail address. 
 + 
 +You should see IPv6 subnet lease (the row with a `/64` IPv6).  
 + 
 +In case you don't have a IPv6 subnet lease yet, click on `Modify IP lease assignment`. 
 + 
 +Then click on your mail address and click `Add IPv6 subnet lease`. 
 + 
 +Choose a range of 64, and click on the `Assign` button. 
 + 
 +You can then go back to the home page to see your new IPv6 subnet lease. 
 + 
 +Connect to Wifi Hotspot admin of your internet cube: https://192.168.1.46/wifiadmin/ 
 + 
 +Then, under the tab `IPv6`, paste the IPv6 subnet lease to the delegated prefix field.  
 + 
 +Click on the button `Save and reload` to apply your changes. 
 + 
 +## Troubleshootings 
 + 
 +If you have issues, or maybe you were able to find a fix for an issue, do not hesitate to contact us : https://chat.neutrinet.be 
 + 
 +### During the install 
 + 
 +#### Debian repositories changed from stable to oldstable 
 + 
 +See also https://github.com/YunoHost/issues/issues/1852 
 + 
 +At the very first step of the internet cube installer, the install is stuck with the following error: 
 +``` 
 +E: Repository 'http://deb.debian.org/debian buster InRelease' changed its 'Suite' value from 'stable' to 'oldstable' 
 +E: Repository 'http://security.debian.org buster/updates InRelease' changed its 'Suite' value from 'stable' to 'oldstable' 
 +E: Repository 'http://deb.debian.org/debian buster-updates InRelease' changed its 'Suite' value from 'stable-updates' to 'oldstable-updates' 
 +Command 'DEBIAN_FRONTEND=noninteractive APT_LISTCHANGES_FRONTEND=none LC_ALL=C apt-get -o=Acquire::Retries=3 -o=Dpkg::Use-Pty=0 --quiet --assume-yes update &>> ./data/upgrade.logs' returned non-zero exit status 100. 
 +```
  
-Now that you're connected to your Cube via SSH, you will download the configuration script and run it:+Connect with SSH to your cube with the root account:
 ```bash ```bash
-root@olinux:~# wget https://raw.githubusercontent.com/labriqueinternet/configuration_scripts/master/neutrinet.sh +ssh root@192.168.1.46
-root@olinux:~# chmod 0755 neutrinet.sh +
-root@olinux:~# ./neutrinet.sh+
 ``` ```
 +Enter `yunohost` as password.
  
-And follow the on screen instructions. +Then, just run: 
-Important: at some point during the installation, the script will prompt your for an "Administration password". This password is: +```bash 
-neutrinet+apt update 
 +``` 
 +And then answer yes to the questions.
  
-It will: +#### VPN install failed
-- ask you for: +
-  - a Main domain name. If you choose example.com, you'll access your cube via https://example.com +
-  - a Username, used to connect to the user interface and access your apps +
-  - your Firstname/Lastname, used to send emails +
-  - an Email. It must contain the domain previously entered as second part, e.g: jon@example.com +
-  - VPN client certificate. This is the content of the client.crt file you download. +
-  - VPN client key. This is the content of the client.key file you download. +
-  - CA server certificate. This is the content of the ca.crt file you download. +
-  - VPN username/password. Can be found in the auth file you downloaded. +
-  - IPv6 delegated prefix. If you don't have one, leave it blank (only necessary if you want to use IPv6) +
-  - WiFi AP SSID. This is the name of the WiFi network created by your Cube, as it will appear in the available WiFi list of your computer. +
-  - The Administration password. This password is: neutrinet +
-- update the system +
-- finish the Yunohost configuration +
-install the following Yunohost apps: +
-  - vpnclient: to connect to the Neutrinet VPN +
-  - hotspot: to create a WiFi network +
-  - doctorcube: to help fix the Cube in some situations +
-  - neutrinet_ynh: to help fix the outdated certificate issue+
  
-## Change all passwords+See also https://github.com/labriqueinternet/install/issues/4
  
-Those passwords have been set to 'neutrinet(without quotes) during the install process.+In case there are special characters in your VPN account password:, the install will fail with the following error: 
 +``` 
 +Running: yunohost app addaccess vpnclient -u '******' 
 +'yunohost app addaccess' is deprecated and will be removed in the future 
 +'yunohost app addaccess' is deprecated and will be removed in the future 
 +allowed_users:  
 +  vpnclient: ****** 
 +Running: yunohost app setting vpnclient service_enabled -v 1 
 +Running: ynh-vpnclient-loadcubefile.sh -u '******' -p '[REDACTED]' -c /tmp/config.cube 
 +[VPN] Error: Configuration updated but service reload failed 
 +Command 'ynh-vpnclient-loadcubefile.sh -u '******' -p '[REDACTED]' -c /tmp/config.cube &>> ./data/configure_vpnclient.logs' returned non-zero exit status 1. 
 +```
  
-- Administration password: https://example.com/yunohost/admin/#/tools/adminpw +Connect to your internet cube with the admin account
-- User passwordhttps://example.com/yunohost/sso/password.html +```bash 
-- WiFi Hotspot password: https://example.com/wifiadmin/ +ssh admin@192.168.1.46 
-- root password: +``` 
-  ``` +Enter your admin password.
-  ssh root@example.com +
-  $ passwd +
-  ``` +
  
-## Configure the DNS records of your domain+Then, run the command that failed: 
 +```bash 
 +sudo ynh-vpnclient-loadcubefile.sh -u "<username>" -p "<password>" -c /tmp/config.cube 
 +``` 
 +(Please replace `<username>` and `<password>` with your credentials.)
  
-See [this page](dns).+:!: Make sure to keep the quotes! 
 + 
 +On the internet cube installer, retry the last step by clicking on the yellow button. 
 + 
 +#### The loading bar freeze 
 + 
 +If the loading bar freeze during the install, set the debug mode button to up. 
 + 
 +You will then see the details of the install and what the install procedure is doing. 
 + 
 +#### iptables/nftables doesn't seem to be working 
 + 
 +See https://chat.neutrinet.be/api/v4/files/3wxxx14t7fg6xjomitpyojk4fy/preview 
 + 
 +This is due to a kernel update: you just need to reboot the cube. 
 + 
 +Then, connect to the internet cube installer and retry the last step. 
 + 
 +### After the install 
 + 
 +#### Issues with /tmp in RAM 
 + 
 +By default, the files `/tmp` folder are stored in RAM, which isn't a good idea when you have less than 1Gb available in a cube. See [tmpfs / armbian](https://forum.armbian.com/topic/10977-tmp-gets-eventually-full-how-to-purge-it/) 
 + 
 +You can disable this by running the following: 
 +```bash 
 +sudo sed s/^ENABLED=true/ENABLED=false/ /etc/default/armbian-zram-config -i 
 +sudo sed s/^ENABLED=true/ENABLED=false/ /etc/default/armbian-ramlog -i 
 +sudo sed 's/^tmpfs/# tmpfs/' /etc/fstab -i 
 +``` 
 + 
 +Then, reboot the cube: 
 +```bash 
 +sudo reboot 
 +``` 
 + 
 +#### Unable to access some websites from the cube 
 + 
 +When your cube is connected to the Neutrinet VPN in IPv6, you might be unable to access some websites, although you are able to ping them. In addition, if you have a domain in .nohost.me or .nohost.fr, etc. your cube won't be able to update the DynDNS.  
 + 
 +Connect with SSH to the cube: 
 +```bash 
 +ssh admin@192.168.1.46 
 +``` 
 + 
 +You need to reduce the MTU used to connect to the VPN: 
 +```bash 
 +sudo nano /etc/openvpn/client.conf.tpl 
 +``` 
 +In the section `neutrinet` or `Custom`, add the line: 
 +``` 
 +mssfix 1400 
 +``` 
 + 
 +Then, restart the VPN client: 
 +```bash 
 +sudo systemctl stop openvpn@client.service 
 +sudo systemctl start ynh-vpnclient-checker 
 +``` 
 + 
 +#### Roundcube fails to install on Lime 1 
 + 
 +Roundcube require more than 500M to install. On lime 1, it's necessary to add swap. You can do it by running the following : 
 + 
 +```bash 
 +sudo fallocate -l 1G /swapfile 
 +sudo chmod 600 /swapfile 
 +sudo mkswap /swapfile 
 +sudo swapon /swapfile 
 +``` 
 +You can verify that swap is available : 
 +  
 +```bash 
 +sudo swapon --show 
 +``` 
 + 
 +This should return a line about the swap. 
 + 
 +Then edit your fstab file to activate the swap on startup : 
 + 
 +```bash 
 +sudo nano /etc/fstab 
 +``` 
 + 
 +Add the line : 
 +```bash 
 +/swapfile none swap sw 0 0 
 +```
  
-## Problems 
-We try to keep a list of issues we face at https://wiki.neutrinet.be/cube/problems  
-If you have issues, or maybe you were able to find a fix for an issue, do not hesitate to contact us. 
en/cube/install.1562705922.txt.gz · Last modified: 2019/10/13 15:01 (external edit)