User Tools

Site Tools


en:cube:install

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
en:cube:install [2021/06/08 20:46] – correction lien image brique internet hgoen:cube:install [2022/09/16 13:07] (current) – [After the install] celo
Line 1: Line 1:
 # Install a cube # Install a cube
  
-This procedure explains how to setup an Internet Cube and configure it with the Neutrinet VPN.+This procedure explains how to setup an Internet Cube (Olimex [Lime2](https://www.olimex.com/Products/OLinuXino/A20/A20-OLinuXino-LIME2/open-source-hardware) or [lime](https://www.olimex.com/Products/OLinuXino/A20/A20-OLinuXino-LIME/)) and configure it with the Neutrinet VPN.
  
 ## Generate the VPN certificates ## Generate the VPN certificates
  
-In order to use our VPN, you need to follow [this registration process](en:vpn:order). You will generate a private key and obtain a personal VPN certificate.+In order to use our VPN, you need to follow [this registration process](en:vpn:vpn-order). You will generate a private key and obtain a personal VPN certificate.
  
 In case, for some reason, you are reinstalling a cube and you want to reuse your VPN certificate, you can find them on a running (or dead) cube as user.crt, user.key, ca-server.crt and credentials in /etc/openvpn/keys. In case, for some reason, you are reinstalling a cube and you want to reuse your VPN certificate, you can find them on a running (or dead) cube as user.crt, user.key, ca-server.crt and credentials in /etc/openvpn/keys.
 +
 +## Generate a cube file
 +
 +To configure Yunohost's VPN app, you will need a cube file which contains your VPN credentials and certificates. Put all the VPN files in the same folder. 
 +
 +You will also need a file with the credentials chosen while the registration process :
 +
 +```bash
 +cd <path/to/foler>
 +nano auth
 +```
 +In the file, write your credentials, for example :
 +
 +```bash
 +a.mail@address.xyz
 +Password or Passphrase
 +```
 +
 +In the same folder, download Neutrinet's script to create a .cube :
 +```bash
 +wget https://git.domainepublic.net/Neutrinet/scripts/-/raw/master/cubefile/faire_un_point_cube.sh
 +```
 +
 +Run the script :
 +```bash
 +./faire_un_point_cube.sh 
 +```
 +
  
 ## Components ## Components
Line 33: Line 61:
 ### Download the Yunohost image ### Download the Yunohost image
  
-Download the latest version of Yunohost for internet cubes (Olimex Lime1 or Lime2) from https://yunohost.org/fr/install/hardware:internetcube+Download the latest version of Yunohost for internet cubes (Olimex Lime1 or Lime2) from [[https://yunohost.org/en/administrate/install/hardware:internetcube]]
  
-For instance:+For instance, for a Lime2 board:
 ```bash ```bash
-wget https://build.yunohost.org/yunohost-buster-4.1.7.1-lime1-stable.img.zip+wget https://build.yunohost.org/internetcube-buster-4.1.7.4_v2021.04.01-lime2-stable.img.gz
 ``` ```
  
-Download the GPG key of Yunohost:+Import the Yunohost GPG key:
 ```bash ```bash
 gpg --keyserver keyserver.ubuntu.com --recv-keys 1904C5B42E4856DCD4E9CF96360AAF3259A3E6FF gpg --keyserver keyserver.ubuntu.com --recv-keys 1904C5B42E4856DCD4E9CF96360AAF3259A3E6FF
 ``` ```
  
-Download the GPG signature:+Download the image'signature:
 ```bash ```bash
-wget https://build.yunohost.org/yunohost-buster-4.1.7.1-lime1-stable.img.zip.sig+wget https://build.yunohost.org/internetcube-buster-4.1.7.4_v2021.04.01-lime2-stable.img.gz.sig
 ``` ```
  
-Verify the GPG signature:+Verify the image'signature:
 ```bash ```bash
-gpg --verify yunohost-buster-4.1.7.1-lime1-stable.img.zip.sig+gpg --verify internetcube-buster-4.1.7.4_v2021.04.01-lime2-stable.img.gz.sig
 ``` ```
  
 Uncompress the Yunohost image: Uncompress the Yunohost image:
 ```bash ```bash
-unzip yunohost-buster-4.1.7.1-lime1-stable.img.zip+gunzip internetcube-buster-4.1.7.4_v2021.04.01-lime2-stable.img.gz
 ``` ```
  
-/!\ For lime1 board, the image filename will look like this (note the `lime` instead of `lime1`): +### Flash the SD card
-``` +
-yunohost-buster-4.1.7.1-lime-stable.img +
-```+
  
-### Flash the SD card+Read the Yunohost documentation for graphical methods: [[https://yunohost.org/en/administrate/install/hardware:internetcube#flash-the-image-type-image]]
  
 First, find the device name of your SD card: First, find the device name of your SD card:
Line 75: Line 100:
 Install the image on your SD card (all data on the SD card will be lost). Install the image on your SD card (all data on the SD card will be lost).
 ```bash ```bash
-sudo dd if=yunohost-buster-4.1.7.1-lime-stable.img of=/dev/mmcblk0 status=progress+sudo dd if=internetcube-buster-4.1.7.4_v2021.04.01-lime2-stable.img of=/dev/mmcblk0 status=progress
 ``` ```
 +:!: Ensure that the SD card is *not* mounted during the copy process!
  
 Remove the SD card from your computer when it's done. Remove the SD card from your computer when it's done.
Line 101: Line 127:
 In your terminal, run: In your terminal, run:
 ```bash ```bash
-./install-sd.sh -l+for interface in $(ip link show up | grep "state UP" | cut -d ':' -f 2); do 
 +  sudo arp-scan -l --interface "$interface" | grep -P '\t02' | cut -f 1 
 +done
 ``` ```
  
-The output should look like this:+The output should give you a list of IP addresses:
 ``` ```
-Internet Cubes found on the network: +192.168.1.46
- +
-  1. YunoHost Admin:    https://192.168.1.46 +
-     SSH Access:        ssh root@192.168.1.46 +
-     HyperCube Debug:   http://192.168.1.46:2468/install.html+
 ``` ```
  
-In this example, the IP address of your Cube on the local network is: +These are IP addresses of Internet Cubes connected on the local network.
-192.168.1.46+
  
-If the script cannot find your cube, try again a couple of minutes later.+If you cannot find your cube, try again a couple of minutes later.
  
-## Run the Yunohost postinstall+## Run the Internet Cube installer
  
 Connect to https://192.168.1.46 Connect to https://192.168.1.46
-(Please replace 192.168.1.46 with the IP address of your Cube found in the previous step)+(Please replace `192.168.1.46with the IP address of your Cube found in the previous step)
  
-Start the Yunohost postinstall and provide+Provide the following details
-The main domain name +  The main domain name 
-- The admin password +  * First user name 
-You will be able to change the admin password later on if you want.+  * First user password (this will be your admin password as well) 
 +  * Your cube file generated in a previous step 
 +  * Your Wifi hotspot credentials (optional)
  
-### Create the first user+You will be able to change your passwords later on if you want.
  
-In the admin panel, go to Users and create the first user by providing: +### Install the Neutrinet app
-- username +
-- firstname +
-- lastname +
-- password +
-This user is a bit special because it will be linked to the root@domain.tld mail address.+
  
-### Install the VPN client +Your VPN certificate will be valid for 1 year.
- +
-In the admin panel, go to Applications and click on the Install button. +
- +
-Search for `VPN Client` app, then install it.+
  
-Connect to your Cube via SSH as admin:+Connect to your Cube with SSH:
 ```bash ```bash
 ssh admin@192.168.1.46 ssh admin@192.168.1.46
 ``` ```
 (Please replace 192.168.1.46 with the IP address of your Cube found in the previous step) (Please replace 192.168.1.46 with the IP address of your Cube found in the previous step)
-The admin password of your Cube is the same as the one for the admin panel. 
  
-Copy the .cube file you generated earlier. From your machine, run:+ 
 +Install the Neutrinet app for Yunohost in order to let the cube automatically renew the certificate before expiration:
 ```bash ```bash
-scp neutrinet.cube admin@192.168.1.46:/tmp/neutrinet.cube+sudo yunohost app install neutrinet 
 +``` 
 +You can keep the default values. 
 + 
 +## Configure the DNS records of your domain 
 + 
 +See [this page](dns). 
 + 
 +## Configure IPv6 for the Hotspot Wifi 
 + 
 +If you installed the hotspot Wifi, you need an extra step to configure IPv6. 
 + 
 +Connect to https://user.neutrinet.be/ and enter your VPN credentials. You can find them in your cube file or in `/etc/openvpn/keys/credentials` on your internet cube. 
 + 
 +Go to your client details by clicking on the entry with mail address. 
 + 
 +You should see IPv6 subnet lease (the row with a `/64` IPv6).  
 + 
 +In case you don't have a IPv6 subnet lease yet, click on `Modify IP lease assignment`. 
 + 
 +Then click on your mail address and click `Add IPv6 subnet lease`. 
 + 
 +Choose a range of 64, and click on the `Assign` button. 
 + 
 +You can then go back to the home page to see your new IPv6 subnet lease. 
 + 
 +Connect to Wifi Hotspot admin of your internet cube: https://192.168.1.46/wifiadmin/ 
 + 
 +Then, under the tab `IPv6`, paste the IPv6 subnet lease to the delegated prefix field.  
 + 
 +Click on the button `Save and reload` to apply your changes. 
 + 
 +## Troubleshootings 
 + 
 +If you have issues, or maybe you were able to find a fix for an issue, do not hesitate to contact us : https://chat.neutrinet.be 
 + 
 +### During the install 
 + 
 +#### Debian repositories changed from stable to oldstable 
 + 
 +See also https://github.com/YunoHost/issues/issues/1852 
 + 
 +At the very first step of the internet cube installer, the install is stuck with the following error: 
 +``` 
 +E: Repository 'http://deb.debian.org/debian buster InRelease' changed its 'Suite' value from 'stable' to 'oldstable' 
 +E: Repository 'http://security.debian.org buster/updates InRelease' changed its 'Suite' value from 'stable' to 'oldstable' 
 +E: Repository 'http://deb.debian.org/debian buster-updates InRelease' changed its 'Suite' value from 'stable-updates' to 'oldstable-updates' 
 +Command 'DEBIAN_FRONTEND=noninteractive APT_LISTCHANGES_FRONTEND=none LC_ALL=C apt-get -o=Acquire::Retries=3 -o=Dpkg::Use-Pty=0 --quiet --assume-yes update &>> ./data/upgrade.logs' returned non-zero exit status 100.
 ``` ```
  
-Configure the VPN client:+Connect with SSH to your cube with the root account:
 ```bash ```bash
-ynh-vpnclient-loadcubefile.sh -u raoul -c /tmp/neutrinet.cube -p neutrinet+ssh root@192.168.1.46
 ``` ```
-(Please replace raoul and neutrinet with the username and password of the first user)+Enter `yunohost` as password.
  
-Check that your cube is connected to the VPN+Then, just run
-- Run `ip afrom the cube and check if there is a `tun0interface +```bash 
-- Connect to the IP in your web browser+apt update 
 +``
 +And then answer yes to the questions.
  
-### Install the Neutrinet app+#### VPN install failed
  
-Your VPN certificate will be valid for 1 year.+See also https://github.com/labriqueinternet/install/issues/4
  
-Install the Neutrinet app for Yunohost in order to let the cube automatically renew the certificate before expiration:+In case there are special characters in your VPN account password:, the install will fail with the following error: 
 +``` 
 +Running: yunohost app addaccess vpnclient -u '******' 
 +'yunohost app addaccess' is deprecated and will be removed in the future 
 +'yunohost app addaccess' is deprecated and will be removed in the future 
 +allowed_users:  
 +  vpnclient: ****** 
 +Running: yunohost app setting vpnclient service_enabled -v 1 
 +Running: ynh-vpnclient-loadcubefile.sh -u '******' -p '[REDACTED]' -c /tmp/config.cube 
 +[VPN] Error: Configuration updated but service reload failed 
 +Command 'ynh-vpnclient-loadcubefile.sh -u '******' -p '[REDACTED]' -c /tmp/config.cube &>> ./data/configure_vpnclient.logs' returned non-zero exit status 1. 
 +``` 
 + 
 +Connect to your internet cube with the admin account:
 ```bash ```bash
-sudo yunohost app install neutrinet+ssh admin@192.168.1.46
 ``` ```
-You can keep the default values.+Enter your admin password.
  
-## Configure the DNS records of your domain+Then, run the command that failed: 
 +```bash 
 +sudo ynh-vpnclient-loadcubefile.sh -u "<username>" -p "<password>" -c /tmp/config.cube 
 +``` 
 +(Please replace `<username>` and `<password>` with your credentials.)
  
-See [this page](dns).+:!: Make sure to keep the quotes!
  
-## Troubleshootings+On the internet cube installer, retry the last step by clicking on the yellow button.
  
-### Issues with `/tmpin RAM+#### The loading bar freeze 
 + 
 +If the loading bar freeze during the install, set the debug mode button to up. 
 + 
 +You will then see the details of the install and what the install procedure is doing. 
 + 
 +#### iptables/nftables doesn't seem to be working 
 + 
 +See https://chat.neutrinet.be/api/v4/files/3wxxx14t7fg6xjomitpyojk4fy/preview 
 + 
 +This is due to a kernel update: you just need to reboot the cube. 
 + 
 +Then, connect to the internet cube installer and retry the last step. 
 + 
 +### After the install 
 + 
 +#### Issues with /tmp in RAM
  
 By default, the files `/tmp` folder are stored in RAM, which isn't a good idea when you have less than 1Gb available in a cube. See [tmpfs / armbian](https://forum.armbian.com/topic/10977-tmp-gets-eventually-full-how-to-purge-it/) By default, the files `/tmp` folder are stored in RAM, which isn't a good idea when you have less than 1Gb available in a cube. See [tmpfs / armbian](https://forum.armbian.com/topic/10977-tmp-gets-eventually-full-how-to-purge-it/)
Line 188: Line 286:
 ```bash ```bash
 sudo sed s/^ENABLED=true/ENABLED=false/ /etc/default/armbian-zram-config -i sudo sed s/^ENABLED=true/ENABLED=false/ /etc/default/armbian-zram-config -i
 +sudo sed s/^ENABLED=true/ENABLED=false/ /etc/default/armbian-ramlog -i
 sudo sed 's/^tmpfs/# tmpfs/' /etc/fstab -i sudo sed 's/^tmpfs/# tmpfs/' /etc/fstab -i
 ``` ```
-If you have issuesor maybe you were able to find fix for an issuedo not hesitate to contact us https://chat.neutrinet.be+ 
 +Then, reboot the cube: 
 +```bash 
 +sudo reboot 
 +``` 
 + 
 +#### Unable to access some websites from the cube 
 + 
 +When your cube is connected to the Neutrinet VPN in IPv6, you might be unable to access some websitesalthough you are able to ping them. In addition, if you have domain in .nohost.me or .nohost.fretc. your cube won't be able to update the DynDNS.  
 + 
 +Connect with SSH to the cube: 
 +```bash 
 +ssh admin@192.168.1.46 
 +``` 
 + 
 +You need to reduce the MTU used to connect to the VPN: 
 +```bash 
 +sudo nano /etc/openvpn/client.conf.tpl 
 +``` 
 +In the section `neutrinet` or `Custom`, add the line: 
 +``` 
 +mssfix 1400 
 +``` 
 + 
 +Then, restart the VPN client: 
 +```bash 
 +sudo systemctl stop openvpn@client.service 
 +sudo systemctl start ynh-vpnclient-checker 
 +``` 
 + 
 +#### Roundcube fails to install on Lime 1 
 + 
 +Roundcube require more than 500M to install. On lime 1, it's necessary to add swap. You can do it by running the following : 
 + 
 +```bash 
 +sudo fallocate -l 1G /swapfile 
 +sudo chmod 600 /swapfile 
 +sudo mkswap /swapfile 
 +sudo swapon /swapfile 
 +``` 
 +You can verify that swap is available : 
 +  
 +```bash 
 +sudo swapon --show 
 +``` 
 + 
 +This should return a line about the swap. 
 + 
 +Then edit your fstab file to activate the swap on startup : 
 + 
 +```bash 
 +sudo nano /etc/fstab 
 +``` 
 + 
 +Add the line : 
 +```bash 
 +/swapfile none swap sw 0 0 
 +``` 
en/cube/install.1623177995.txt.gz · Last modified: 2021/06/08 20:46 by hgo