Wirenboard6:InstallingOnTheRemoteSite/en: различия между версиями

== PPP is for a primary and backup Internet access ==

The easiest way to provide access to the Internet, if ppp0 — the only WAN-interface. The ppp0 interface is configured as described above, and then, with the <code>ifup ppp0</code> command, an Internet connection is established through the network of the cellular operator.  

Difficulties begin when the controller is connected to Ethernet and has a default gateway in one network, and also connects to a cellular data network.  

In this configuration, we are faced with the following feature: the PPP Protocol provides a point-to-point connection and does not assume a default gateway.  

In the case of a PPP connection where there is no default gateway (for example, we have not connected an Ethernet cable), pppd will add the IP address of the ppp partner as the default gateway to the routing table in the system. If a default gateway is already specified, a new default gateway is not added to the routing table. And then when the main Ethernet channel falls, the Internet connection is lost, despite the active connection. In this case, you must add a second default gateway through the ppp0 interface. The metric of any new gateway must be different from the metrics available, so we explicitly specify the metric when creating a new default gateway.  

To ensure failover of connections we need to provide for any procedure for raising and fall of the interfaces. The task is to provide communication regardless of the order of raising the interfaces and switching when one of them crushes.  

The default gateway with metric 0 in the routing table is created for the eth0 interface, which we will consider to be the primary interface for Internet access. Set the default gateway via the ppp0 interface to 100 metric (or any metric other than 0).

The daemon uses the <code>/etc/ppp/ip-up directory to execute commands after any ppp interface is initialized.d</code>. The name of the ppp interface is also passed to the script as command-line parameters (in our case, there is only one such interface — ppp0).

Create the add_routes script in the <code>/etc/ppp/ip-up directory.d</code> and make it executable (<code>chmod +x /etc/ppp/ip-up.d/add_routes</code>):

The first command removes the default gateway, in case it was created with metric 0. The second adds a default gateway with a metric of 100 for the ppp0 interface.

Therefore, we have two default gateways with different metrics:

If one of them falls, the traffic will be transmitted through the other and Vice versa.

Start ping 8.8.8.8 and then remove and insert the RJ-45 plug:  

Sometimes there is a problem with the availability of provider DNS servers. For all connections prescribe public servers from Google and OpenDNS.

"'eth0:"' From <code>/etc/dhcp/dhclient.conf</code> remove the <code>domain-name-servers</code> parameter from the request parameter, and after the request parameter specify the open DNS servers Google and OpenDNS:  

"'ppp0:"' In the <code>/etc/ppp/ip-up directory.d</code> create a script (and give it execute permissions) that will add Google DNS servers and OpenDNS to the <code>resolv file.conf</code> when the interface is up.

For remote access to the controller we will use OpenVPN. It is assumed that the server is already present and configured, you must install and configure the client on the controller.  

To ensure greater reliability, two server processes are started on a server with 2 IP addresses, one of which listens on port 1194 TCP on IP1 and the other - on port 1194 UDP on IP2. (This is optional, you can use a single server process).

On the controller, we enable 2 OpenVPN clients and explicitly set the route for IP2 via the <code>ppp0</code> interface for one of them.  

OpenVPN installation is standard, using <code>open-rsa</code>.

To do this, install <code>openvpn</code> and <code>easy-rsa</code>on the controller:

Copy the CA certificate <code>ca.crt</code> to the controller in <code>/etc/openvpn/easy-rsa/keys</code> folder

create a subfolder <code>keys</code>:

Create a certificate signing request (with the name corresponding to the serial number of the controller, in this case that's A7ZO7UCC):

Copy the received request <code>A7ZO7UCC.csr</code> to the server in an arbitrary directory and sign it.   

Signed <code>A7ZO7UCC certificate.crt</code> copy to the controller in the directory <code>/etc/openvpn/easy-rsa/keys</code>.

On the server in the configuration file (<code>/etc/vpn/server.conf</code>) see which client-address match file is specified in the <code>ifconfig-pool-persist < /code> parameter and add the address for the client-controller from the network address range described in the <code>server</code> parameter of the configuration file to this file.

For example,  

Add the line <code>A7ZO7UCC,10.8.0.48</code>

For the second server instance, we perform the same operation with its configuration files, the IP addresses should be different, for example, add an entry

The configuration files for the client on the controller for the two connections will be stored in the <code>/etc/openvpn/client files.conf</code> and <code>/etc/openvpn/client1.conf</code>.

Contents of the client configuration file:

#keysize 128 - for compatibility with existing clients

In the configuration file of the second vpn connection, <code>CLIENT1.conf</code> replace <code>proto udp</code> with <code>proto tcp</code> and specify the second IP address of the server in the <code>remote</code>parameter.  

Startup of the OpenVPN service on the controller is enabled by the command:

Another fallback controller connection will be based on the <code>AutoSSH</code>. The mechanism of work is as follows: SSH-connection from the controller to the server is established, and the ssh-port of the controller is forwarded to one of the free ports on the localhost server. Service аutossh ensures that the ssh connection is not broken, and in case of the gap restores it. Recovery is not instantaneous — for a while, the port used on the server's <code>localhost</code> is held by the <code>sshd</code>daemon.  

Install on the controller <code>apt-get install autossh</code>. Generate a key pair for the user <code>root</code>:

Password is empty.

To maintain remote connections, create a user <code>remote</code> on the server with the shell <code>/bin/false</code>:  

<заранее>команду adduser --Home /для дома/дистанционный --оболочку /bin/false в удаленных и </pre>

Here, in file <code>/home/remote/.ssh/authorized_keys</code> on the server, we add key created on the controller <code>/root/.ssh/id_rsa.pub</code> with the preamble

this will provide additional security for the server when the controller is connected. Port 62001 is the port of the localhost server to which the ssh port of this controller will be redirected.  

The first time we connect from the controller to the server manually:

On the controller, create a file <code>\etc\systemd\system\autossh.service</code> to run it <code>autossh</code> as a service:

== Data transfer from controller to the cloud ==

To send MQTT messages from the controller to the cloud service, the MQTT bridge is used, the configuration of which is configured on the controller in the file <code>\mnt\data\etc\mosquito\conf.d\bridge.conf</code>

If you want to transfer data to multiple servers at the same time, create multiple <code>connection</code>partitions.

== Possible GPRS connection problems ==

There can be several possible reasons for the lack of GPRS connection.  

* The paid traffic limit has ended.  

* Low voltage, poor contact to the antenna.  

* SIM cards of some operators are designed only for 4G-network, 3G-connection to install them will not work.  

* Check if the SIM card is inserted correctly into the slot.  

* The SIM card may not be working.  

* Your data plan does not include packet data.  

Before you go to your personal account and call the provider, you can perform a number of simple checks.

It is important that the controller is connected to the packet data network <pre>(GPRS : attached)</pre> and GPRS connection is established.  

Then evaluate the signal strength in minicom with <code>AT+CSQ</code>

You will get the result as <code>13.99</code>

The first digit shows the signal strength: > 9 — satisfactory, > 14 — good, > 19 — excellent. Low and unstable CSQ values mean that the antenna is poorly positioned, carelessly connected, radio placement is unfavorable.

If both checks are passed, but there is no connection, contact your provider (check in your personal account), you can check the SIM card in your smartphone.