12 063
правки
(Новая страница: «String <code>provider</code> makes <code>pppd</code> find the settings file for a specific provider in the directory <code>/etc/ppp/peers</code>, in this example…») |
|||
(не показаны 52 промежуточные версии этого же участника) | |||
Строка 143: | Строка 143: | ||
String <code>provider</code> makes <code>pppd</code> find the settings file for a specific provider in the directory <code>/etc/ppp/peers</code>, in this example it is the file <code>/etc/ppp/peers/mts</code>. For compatibility reasons, this file specifies that the modem device <code>/dev/ttyGSM</code>should be used as the modem device in the factory setting. If you have a 3G modem installed on your controller, replace it with a faster one <code>/dev/ttyACM0</code>. | String <code>provider</code> makes <code>pppd</code> find the settings file for a specific provider in the directory <code>/etc/ppp/peers</code>, in this example it is the file <code>/etc/ppp/peers/mts</code>. For compatibility reasons, this file specifies that the modem device <code>/dev/ttyGSM</code>should be used as the modem device in the factory setting. If you have a 3G modem installed on your controller, replace it with a faster one <code>/dev/ttyACM0</code>. | ||
To ensure that the controller does not stop trying to communicate when the connection is lost, the options in the provider settings file <code>/etc/ppp/peers/</code> must be uncommented | |||
<pre> | <pre> | ||
persist | persist | ||
maxfail 0 | maxfail 0 | ||
</pre> | </pre> | ||
The packet data Protocol parameters and connection numbers for each provider are stored in the /etc/chatscripts directory. In most cases, you do not have to change anything in these files. | |||
== PPP | == PPP is for a primary and backup Internet access == | ||
The easiest way to provide access to the Internet, if ppp0 — the only WAN-interface. The ppp0 interface is configured as described above, and then, with the <code>ifup ppp0</code> command, an Internet connection is established through the network of the cellular operator. | |||
Difficulties begin when the controller is connected to Ethernet and has a default gateway in one network, and also connects to a cellular data network. | |||
In this configuration, we are faced with the following feature: the PPP Protocol provides a point-to-point connection and does not assume a default gateway. | |||
In the case of a PPP connection where there is no default gateway (for example, we have not connected an Ethernet cable), pppd will add the IP address of the ppp partner as the default gateway to the routing table in the system. If a default gateway is already specified, a new default gateway is not added to the routing table. And then when the main Ethernet channel falls, the Internet connection is lost, despite the active connection. In this case, you must add a second default gateway through the ppp0 interface. The metric of any new gateway must be different from the metrics available, so we explicitly specify the metric when creating a new default gateway. | |||
To ensure failover of connections we need to provide for any procedure for raising and fall of the interfaces. The task is to provide communication regardless of the order of raising the interfaces and switching when one of them crushes. | |||
The default gateway with metric 0 in the routing table is created for the eth0 interface, which we will consider to be the primary interface for Internet access. Set the default gateway via the ppp0 interface to 100 metric (or any metric other than 0). | |||
The daemon uses the <code>/etc/ppp/ip-up directory to execute commands after any ppp interface is initialized.d</code>. The name of the ppp interface is also passed to the script as command-line parameters (in our case, there is only one such interface — ppp0). | |||
Create the add_routes script in the <code>/etc/ppp/ip-up directory.d</code> and make it executable (<code>chmod +x /etc/ppp/ip-up.d/add_routes</code>): | |||
<pre> | <pre> | ||
#!/bin/sh | #!/bin/sh | ||
Строка 173: | Строка 173: | ||
route add default dev ppp0 metric 100 2>/dev/null | route add default dev ppp0 metric 100 2>/dev/null | ||
</pre> | </pre> | ||
The first command removes the default gateway, in case it was created with metric 0. The second adds a default gateway with a metric of 100 for the ppp0 interface. | |||
Therefore, we have two default gateways with different metrics: | |||
[[Special:MyLanguage/Файл:Two_def_gateways.png|||| ]] | [[Special:MyLanguage/Файл:Two_def_gateways.png|||| ]] | ||
If one of them falls, the traffic will be transmitted through the other and Vice versa. | |||
Start ping 8.8.8.8 and then remove and insert the RJ-45 plug: | |||
[[Special:MyLanguage/Файл:Channel_switch.png|||| ]] | [[Special:MyLanguage/Файл:Channel_switch.png|||| ]] | ||
Sometimes there is a problem with the availability of provider DNS servers. For all connections prescribe public servers from Google and OpenDNS. | |||
"'eth0:"' From <code>/etc/dhcp/dhclient.conf</code> remove the <code>domain-name-servers</code> parameter from the request parameter, and after the request parameter specify the open DNS servers Google and OpenDNS: | |||
<pre>prepend domain-name-servers 8.8.4.4, 8.8.8.8, 208.67.222.222, 208.67.220.220;</pre> | <pre>prepend domain-name-servers 8.8.4.4, 8.8.8.8, 208.67.222.222, 208.67.220.220;</pre> | ||
"'ppp0:"' In the <code>/etc/ppp/ip-up directory.d</code> create a script (and give it execute permissions) that will add Google DNS servers and OpenDNS to the <code>resolv file.conf</code> when the interface is up. | |||
<pre> | <pre> | ||
Строка 207: | Строка 207: | ||
== VPN == | == VPN == | ||
For remote access to the controller we will use OpenVPN. It is assumed that the server is already present and configured, you must install and configure the client on the controller. | |||
To ensure greater reliability, two server processes are started on a server with 2 IP addresses, one of which listens on port 1194 TCP on IP1 and the other - on port 1194 UDP on IP2. (This is optional, you can use a single server process). | |||
On the controller, we enable 2 OpenVPN clients and explicitly set the route for IP2 via the <code>ppp0</code> interface for one of them. | |||
OpenVPN installation is standard, using <code>open-rsa</code>. | |||
To do this, install <code>openvpn</code> and <code>easy-rsa</code>on the controller: | |||
<pre>apt-get install openvpn easy-rsa</pre> | <pre>apt-get install openvpn easy-rsa</pre> | ||
Copy | |||
<pre>cp -R /usr/share/easy-rsa /etc/openvpn/</pre> | <pre>cp -R /usr/share/easy-rsa /etc/openvpn/</pre> | ||
Copy the CA certificate <code>ca.crt</code> to the controller in <code>/etc/openvpn/easy-rsa/keys</code> folder | |||
In the folder | |||
<code>/etc/openvpn/easy-rsa</code> | <code>/etc/openvpn/easy-rsa</code> | ||
create a subfolder <code>keys</code>: | |||
<pre>mkdir keys && chmod 600 keys && cd keys</pre> | <pre>mkdir keys && chmod 600 keys && cd keys</pre> | ||
Create a certificate signing request (with the name corresponding to the serial number of the controller, in this case that's A7ZO7UCC): | |||
<pre> | <pre> | ||
cd /etc/openvpn/easy-rsa/ | cd /etc/openvpn/easy-rsa/ | ||
Строка 237: | Строка 237: | ||
./build-req A7ZO7UCC | ./build-req A7ZO7UCC | ||
</pre> | </pre> | ||
Copy the received request <code>A7ZO7UCC.csr</code> to the server in an arbitrary directory and sign it. | |||
<pre> | <pre> | ||
cd /etc/openvpn/easy-rsa | cd /etc/openvpn/easy-rsa | ||
Строка 243: | Строка 243: | ||
./sign-req /root/certs/A7ZO7UCC | ./sign-req /root/certs/A7ZO7UCC | ||
</pre> | </pre> | ||
Signed <code>A7ZO7UCC certificate.crt</code> copy to the controller in the directory <code>/etc/openvpn/easy-rsa/keys</code>. | |||
On the server in the configuration file (<code>/etc/vpn/server.conf</code>) see which client-address match file is specified in the <code>ifconfig-pool-persist < /code> parameter and add the address for the client-controller from the network address range described in the <code>server</code> parameter of the configuration file to this file. | |||
For example, | |||
<pre> | <pre> | ||
service openvpn stop | service openvpn stop | ||
mcedit /etc/openvpn/ipp.txt | mcedit /etc/openvpn/ipp.txt | ||
</pre> | </pre> | ||
Add the line <code>A7ZO7UCC,10.8.0.48</code> | |||
<pre>service openvpn start</pre> | <pre>service openvpn start</pre> | ||
For the second server instance, we perform the same operation with its configuration files, the IP addresses should be different, for example, add an entry | |||
<code>A7ZO7UCC,10.9.0.48</code> | <code>A7ZO7UCC,10.9.0.48</code> | ||
The configuration files for the client on the controller for the two connections will be stored in the <code>/etc/openvpn/client files.conf</code> and <code>/etc/openvpn/client1.conf</code>. | |||
Contents of the client configuration file: | |||
<pre> | <pre> | ||
client | client | ||
Строка 279: | Строка 279: | ||
link-mtu 1542 | link-mtu 1542 | ||
keysize 128 | keysize 128 | ||
#keysize 128 - | #keysize 128 - for compatibility with existing clients | ||
</pre> | </pre> | ||
In the configuration file of the second vpn connection, <code>CLIENT1.conf</code> replace <code>proto udp</code> with <code>proto tcp</code> and specify the second IP address of the server in the <code>remote</code>parameter. | |||
Startup of the OpenVPN service on the controller is enabled by the command: | |||
<pre>update-rc.d openvpn defaults</pre> | <pre>update-rc.d openvpn defaults</pre> | ||
Check server availability | |||
<code>ping 10.8.0.1</code> | <code>ping 10.8.0.1</code> | ||
Строка 293: | Строка 293: | ||
== AutoSSH == | == AutoSSH == | ||
Another fallback controller connection will be based on the <code>AutoSSH</code>. The mechanism of work is as follows: SSH-connection from the controller to the server is established, and the ssh-port of the controller is forwarded to one of the free ports on the localhost server. Service аutossh ensures that the ssh connection is not broken, and in case of the gap restores it. Recovery is not instantaneous — for a while, the port used on the server's <code>localhost</code> is held by the <code>sshd</code>daemon. | |||
Install on the controller <code>apt-get install autossh</code>. Generate a key pair for the user <code>root</code>: | |||
<pre>ssh-keygen </pre> | <pre>ssh-keygen </pre> | ||
Password is empty. | |||
To maintain remote connections, create a user <code>remote</code> on the server with the shell <code>/bin/false</code>: | |||
< | <заранее>команду adduser --Home /для дома/дистанционный --оболочку /bin/false в удаленных и </pre> | ||
Here, in file <code>/home/remote/.ssh/authorized_keys</code> on the server, we add key created on the controller <code>/root/.ssh/id_rsa.pub</code> with the preamble | |||
<code>no-agent-forwarding,no-X11-forwarding,permitopen="localhost:62001" </code> | <code>no-agent-forwarding,no-X11-forwarding,permitopen="localhost:62001" </code> | ||
this will provide additional security for the server when the controller is connected. Port 62001 is the port of the localhost server to which the ssh port of this controller will be redirected. | |||
The first time we connect from the controller to the server manually: | |||
<pre>ssh remote@vpn.mydomain.com </pre> | <pre>ssh remote@vpn.mydomain.com </pre> | ||
On the controller, create a file <code>\etc\systemd\system\autossh.service</code> to run it <code>autossh</code> as a service: | |||
Строка 335: | Строка 335: | ||
WantedBy=multi-user.target | WantedBy=multi-user.target | ||
</pre> | </pre> | ||
Add service to autorun on the controller | |||
<pre>systemctl enable autossh.service</pre> | <pre>systemctl enable autossh.service</pre> | ||
After starting the service, we can connect to the controller on the server using the command | |||
<pre>ssh 127.0.0.1 -p 62001</pre> | <pre>ssh 127.0.0.1 -p 62001</pre> | ||
== | == Data transfer from controller to the cloud == | ||
To send MQTT messages from the controller to the cloud service, the MQTT bridge is used, the configuration of which is configured on the controller in the file <code>\mnt\data\etc\mosquito\conf.d\bridge.conf</code> | |||
<pre> | <pre> | ||
connection wb_devices_cloud.wb_A7ZO7UCC | connection wb_devices_cloud.wb_A7ZO7UCC | ||
Строка 359: | Строка 359: | ||
</pre> | </pre> | ||
Then run the command | |||
<pre> | <pre> | ||
Строка 366: | Строка 366: | ||
If you want to transfer data to multiple servers at the same time, create multiple <code>connection</code>partitions. | |||
== | == Possible GPRS connection problems == | ||
There can be several possible reasons for the lack of GPRS connection. | |||
* | * The paid traffic limit has ended. | ||
* | * Low voltage, poor contact to the antenna. | ||
* | * SIM cards of some operators are designed only for 4G-network, 3G-connection to install them will not work. | ||
* | * Check if the SIM card is inserted correctly into the slot. | ||
* | * The SIM card may not be working. | ||
* | * Your data plan does not include packet data. | ||
Before you go to your personal account and call the provider, you can perform a number of simple checks. | |||
Run the command | |||
<pre>gammu networkinfo</pre> | <pre>gammu networkinfo</pre> | ||
Строка 396: | Строка 396: | ||
</pre> | </pre> | ||
It is important that the controller is connected to the packet data network <pre>(GPRS : attached)</pre> and GPRS connection is established. | |||
Then evaluate the signal strength in minicom with <code>AT+CSQ</code> | |||
You will get the result as <code>13.99</code> | |||
The first digit shows the signal strength: > 9 — satisfactory, > 14 — good, > 19 — excellent. Low and unstable CSQ values mean that the antenna is poorly positioned, carelessly connected, radio placement is unfavorable. | |||
If both checks are passed, but there is no connection, contact your provider (check in your personal account), you can check the SIM card in your smartphone. |
правки