Debianizing the Star64 board

Note: I’ve taken out the IPv6 pieces here and moved them to a dedicated blog article.

Since the beginning of 2024, I run my own router. I’m using NTT flets GBit fiber as physical provider, and Biglobe as ISP ontop - other ISP’s do the IPv6 things differently. I started with 2 OpenWRT routers, after both of them went defective, I run the Star64 RISC-V board as router, with this functionality:

  • Talking PPPoE with the ISP, and provide IPv4 NATing for the LAN systems, currently the Thinkpad T590
  • Wireless access AP for my mobile phone and other devices like smartplugs and Thinkpads
  • Nginx/PHP hosting Librespeed, allowing to quickly verify bandwidth and latency to LAN and Wifi clients
  • IPv6 access to the LAN

The Star64 here is running Linux from an NVMe card, plugged into a PCIe card, plugged into the PCIe slot of the Star64. This became possible after a firmware update. Until now I was running a distro based on “Ubuntu 23.04 (Lunar Lobster)” - which is no longer receiving updates. Time to upgrade to Debian.

Installing Debian

My old setup was on an NVMe, with a single GPT partition, with ext4 file system. I have a USB3 connected NVMe enclosure and another NVMe, which I could mount on the running system and setup the new distro. Then did shutdown the star64, swap both NVMe’s, and boot from the new system. For debugging, that was done several times. I also needed the serial console access to the Star64 for debugging when no network is available.

Why Debian as new distro? Because it’s just uncomplicated for updating to new major or minor versions. First issue: to find mirrors with RISC-V. Ideally I wanted to install Debian 12/Bookworm, as I do not need latest features, wanted rather stability and packages not much in flux/frequently updated. I experimented with debootstrap to get a basic Debian system together: available on the old Ubuntu, also as package on Fedora 40. The Fedora package worked well, and I found RISC-V available as Debian sid (unstable) and Trixie, the Debian testing variant right now. Creating partition, file system:

# parted /dev/sda mklabel gpt
# partprobe
# parted /dev/sda mkpart primary ext4
Start? 1
End? -1
# mkfs.ext4 -L trixie /dev/sda1
# mkdir -p /mnt/tmp
# mount /dev/sda1 /mnt/tmp

I run debootstrap on Fedora, then tar up the file system, and untar it to the new NVMe:

# debootstrap --arch=riscv64 sid debian-sid/ http://mirror.23m.com/debian/
# debootstrap --arch=riscv64 testing debian-testing/ http://mirror.23m.com/debian/
debootstrap --arch=riscv64 trixie debian-trixie/ http://mirror.23m.com/debian/

tar cfP debian-trixie-riscv.tar debian-trixie
scp debian-trixie-riscv.tar star:

# On the Star64:
cd /mnt/tmp && tar xfP /home/chris/debian-trixie.tar
mv debian-trixie/* . && rmdir debian-trixie/

mount proc /mnt/tmp/proc -t proc
mount sysfs /mnt/tmp/sys -t sysfs
cp /etc/hosts /etc/fstab /mnt/tmp/etc/
cp -r /boot /mnt/tmp/
cp -r /usr/lib/modules /mnt/tmp/usr/lib/
sync
blkid

chroot /mnt/tmp /bin/bash
echo 'nameserver 8.8.8.8' >/etc/resolv.conf
echo star64.local >/etc/hostname

# configure LABEL=trixie of rootfs for boot and in fstab.
# For extlinux.conf, I also removed "net.ifnames=0" which was
# used by the old distro.
vi /etc/fstab
vi /boot/extlinux/extlinux.conf
apt update && apt dist-upgrade
apt install ntpdate openssh-server sudo lsof strace pppoeconf \
    iptables binutils rsyslog tcpdump

useradd -m chris
usermod -s /usr/bin/bash chris
passwd
passwd chris

# I prefer a nondefault SSH port
vi /etc/ssh/sshd_config

echo 'export EDITOR=vi' >>/etc/bash.bashrc
echo "alias su='sudo su -'" >>/etc/bash.bashrc

Basic network setup

With that, we can swap both NVMe and boot from the new system. No network configured right now, so access via serial console, details here. On the Ubuntu based distro I used NetworkManager, some pros and cons:

  • pro: the setup of the Wifi AP is extremely easy
  • con: I did not get pppoe properly setup with NetworkManager

The Debian suggestion seems to be systemd-networkd right now, so going with that. My ethernet devices appear as “end0” and “end1”, and wifi as “wlx14f5f9517bcc”.

# Remove the old interfaces file out of the way
mv /etc/network/interfaces /etc/network/interfaces.save
systemctl enable systemd-networkd
cd /etc/systemd/network
vi end1.network
cat end1.network
[Match]
Name=end1

[Network]
Description=Link to the LAN for my clients

[Address]
Address=fc00::1/64

[Address]
Address=192.168.1.1/24

This the LAN facing interface, just setting a static v4 and v6 address. After rebooting, this becomes active, “networkctl” and “ip addr s” confirm.

PPPoE and NAT setup

The pppoeconf tool does the setup for us - it’s working outside of systemd-networkd and setting up pieces in /etc/network/interfaces, so pppoe is started after reboots.

pppoeconf
# At this point we have internet access, and can set our clock:
ntpdate ntp1.ptb.de

Setting up IPv4 NAT for the LAN clients, and Wifi clients on 192.168.5.0/24 network:

echo 'net.ipv4.ip_forward = 1' >/etc/sysctl.d/20-cust.conf
echo 'net.ipv6.conf.all.forwarding = 1' >>/etc/sysctl.d/20-cust.conf
sysctl -p /etc/sysctl.d/20-cust.conf
iptables -t nat -o ppp0 -A POSTROUTING -s 192.168.1.0/24 -j MASQUERADE
iptables -t nat -o ppp0 -A POSTROUTING -s 192.168.5.0/24 -j MASQUERADE
# Adding the last 2 commands to /etc/rc.local to survive reboots
vi /etc/rc.local

Manual triggering of the PPPoE session with “pon dsl-provider” and “poff” works then. The user/password for the pppoeconf tool are the ones used for the data ISP, here Biglobe. pppoe is then getting listed by networkctl, but is not fully managed by systemd-networkd:

$ networkctl
IDX LINK            TYPE     OPERATIONAL SETUP
  1 lo              loopback carrier     unmanaged
  2 end0            ether    routable    configured
  3 end1            ether    routable    configured
  4 wlx14f5f9517bcc wlan     routable    configured
  5 ppp0            ppp      routable    unmanaged

5 links listed.

Wifi AP

With NetworkManagers, this is as easy as just defining a new connection with “nmcli” and parameters. On Debian, I use now a dedicated dhcpd and hostapd.

apt install isc-dhcp-server hostapd 
[root@star64 60c network]$ cat /etc/dhcp/dhcpd.conf
ddns-update-style none;
subnet 192.168.5.0 netmask 255.255.255.0 {
  interface wlx14f5f9517bcc; # your interface name here
  range 192.168.5.10 192.168.5.20; # desired ip range
  option routers 192.168.5.1;
  option subnet-mask 255.255.255.0;
  option broadcast-address 192.168.5.255;
  option domain-name-servers 8.8.8.8;
}
[root@star64 60c network]$ cat /etc/hostapd/hostapd.conf
interface=wlx14f5f9517bcc
channel=6
ieee80211n=1
hw_mode=g
ssid=fluxnet-iot-ap
wpa=2
wpa_passphrase=somepassphrase
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP
auth_algs=1
[root@star64 60c network]$ echo 'INTERFACESv4="wlx14f5f9517bcc"' >>\
    /etc/default/isc-dhcp-server
[root@star64 60c network]$ systemctl enable --now hostapd isc-dhcp-server

Nebula

After compiling an own kernel for the Star64, I also have now the tun kernel module which was missing so far, and can run the Nebula client on the system.


Last modified on 2024-09-29