NanoPi R4S + OpenWrtã§v6プラス固定IPを使ã£ã¦ã¿ã‚‹
- NanoPi R4S
- OpenWrt
- åˆæœŸè¨å®š
- パッケージã®æ›´æ–°ãƒ»è¿½åŠ
- IPv6パススルーã®è¨å®š
- WAN6ã®ã‚¤ãƒ³ã‚¿ãƒ¼ãƒ•ã‚§ã‚¤ã‚¹IDã®å›ºå®šåŒ–
- IPv4 over IPv6ã®è¨å®š
- スナップショットã®ã‚¢ãƒƒãƒ—グレード
- 速度測定
NanoPi R4S
Gigabit LAN x 2 ã§æ˜ åƒå‡ºåŠ›ãªã—ã¨ã„ã†ãƒŸãƒ‹ãƒ«ãƒ¼ã‚¿ã«ç‰¹åŒ–ã—ãŸã‚ˆã†ãªãƒ‡ãƒã‚¤ã‚¹ã§4G RAMモデルã¨1G RAMモデルãŒã‚ã‚Šã€ä»Šå›žã¯4Gã§ã‚±ãƒ¼ã‚¹ä»˜ãを購入ã—ãŸã€‚
ストレージã¯SBCらã—ãmicro SDカードã§ã€ç„¡ç·šLANã¯ã¤ã„ã¦ã„ãªã„。
CPUã¯Rockchipã®armv8ã§RK3399ã¨ã„ã†ã‚‚ã®ã‚‰ã—ã„。
OpenWrt
市販ã®ãƒ«ãƒ¼ã‚¿ã§å‹•ä½œã§ãã‚‹ã»ã©è»½é‡ãªLinux distributionã§ã€å¸‚販ã®ãƒ«ãƒ¼ã‚¿ã®çœŸã®åŠ›ã‚’解放ã™ã‚‹ã‚‰ã—ã„。
ã—ã‹ã—残念ãªãŒã‚‰ã€NanoPi R4Så‘ã‘ã«ã¯stable releaseã•ã‚Œã¦ãŠã‚‰ãšé–‹ç™ºç‰ˆã®snapshotを使ã†å¿…è¦ãŒã‚る。
追記 2022/9/6 22.03ãŒãƒªãƒªãƒ¼ã‚¹ã•ã‚Œã€NanoPi R4Så‘ã‘ã®ã‚¤ãƒ¡ãƒ¼ã‚¸ãŒstable releaseã¨ã—ã¦å‡ºã¾ã—ãŸã€‚
åˆæœŸè¨å®š
OS書ãè¾¼ã¿
downloads.openwrt.org
ã‹ã‚‰
openwrt-22.03.0-rockchip-armv8-friendlyarm_nanopi-r4s-squashfs-sysupgrade.img.gz
をダウンãƒãƒ¼ãƒ‰ã—ã€é©å½“ãªãƒ©ã‚¤ã‚¿ãƒ¼ã§microSDã«æ›¸ã込む。
microSDã‚’NanoPiã«æŒ¿ã—é›»æºã‚’ã¤ã‘ã¦LANãƒãƒ¼ãƒˆã¨PCを有線ã§ç¹‹ãã¨ã€DHCPã§192.168.1.0/24ã®ã‚¢ãƒ‰ãƒ¬ã‚¹ãŒé™ã£ã¦ãる。
$ ssh [email protected]
sshã§ç¹‹ãã¨ãƒ‘スワードãªã—ã«ãƒã‚°ã‚¤ãƒ³ã§ãã‚‹ã®ã§ã€ã™ã‹ã•ãš
root@OpenWrt:~# passwd
パスワードã®è¨å®šã‚’ã™ã‚‹ã€‚
一旦exitã§PCã«æˆ»ã‚Šssh-keyã®è¨å®šã‚’ã™ã‚‹(OpenWrtã§ä½¿ã‚ã‚Œã¦ã„ã‚‹SSHサーãƒã§ã‚ã‚‹dropbearã¯yubikeyã§ä½¿ã£ã¦ã‚‹ecdsaã«å¯¾å¿œã—ã¦ã„ãªã„ãŸã‚ã€æ–°ãŸã«ed25519ã§éµã‚’作る必è¦ãŒã‚ã‚Šã€ã“ã“ã§çµæ§‹ãƒãƒžã£ãŸâ€¦)。
ssh-copy-idを使ã†ã¨dropbearã«åˆã‚ã›ãŸè¨å®šã‚’ã—ã¦ãれるã®ã§ä¾¿åˆ©(~/.ssh/authorized_keyã§ã¯ãªã/etc/dropbear/authorized_keysã«è¿½è¨˜ã™ã‚‹å¿…è¦ãŒã‚ã‚‹)。
$ cd ~/.ssh $ ssh-keygen -t ed25519 $ ssh-copy-id -i id_ed25519 [email protected]
ã“ã‚Œã§
$ ssh [email protected]
ã§ãƒ‘スワードãªã—ã§ãƒã‚°ã‚¤ãƒ³ã§ãるよã†ã«ãªã£ãŸã€‚
ãƒãƒƒãƒˆãƒ¯ãƒ¼ã‚¯ã®åˆæœŸè¨å®š
OpenWrtã§ã¯å„種è¨å®šã¯/etc/config/以下ã«ä¿å˜ã•ã‚Œã¦ãŠã‚Šuciコマンドã§æ“作ã™ã‚‹ã“ã¨ãŒã§ãる。
例ãˆã°ãƒãƒƒãƒˆãƒ¯ãƒ¼ã‚¯ã«é–¢ã™ã‚‹è¨å®šã¯/etc/config/networkã«ã‚ã‚Šã€åˆæœŸçŠ¶æ…‹ã§ã¯ã“ã®ã‚ˆã†ã«ãªã£ã¦ã‚‹
root@OpenWrt:~# cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd56:d548:f6c2::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth1'
config device
option name 'eth1'
option macaddr 'ab:cd:ef:gh:ij:kl'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
config device
option name 'eth0'
option macaddr '12:34:56:78:90:ab'
config interface 'wan'
option device 'eth0'
option proto 'dhcp'
config interface 'wan6'
option device 'eth0'
option proto 'dhcpv6'
ã“ã®ãƒ•ã‚¡ã‚¤ãƒ«ã‚’uciコマンド経由ã§è¦‹ã‚‹ã¨
root@OpenWrt:~# uci show network network.loopback=interface network.loopback.device='lo' network.loopback.proto='static' network.loopback.ipaddr='127.0.0.1' network.loopback.netmask='255.0.0.0' network.globals=globals network.globals.ula_prefix='fd56:d548:f6c2::/48' network.@device[0]=device network.@device[0].name='br-lan' network.@device[0].type='bridge' network.@device[0].ports='eth1' network.@device[1]=device network.@device[1].name='eth1' network.@device[1].macaddr='ab:cd:ef:gh:ij:kl' network.lan=interface network.lan.device='br-lan' network.lan.proto='static' network.lan.ipaddr='192.168.1.1' network.lan.netmask='255.255.255.0' network.lan.ip6assign='60' network.@device[2]=device network.@device[2].name='eth0' network.@device[2].macaddr='12:34:56:78:90:ab' network.wan=interface network.wan.device='eth0' network.wan.proto='dhcp' network.wan6=interface network.wan6.device='eth0' network.wan6.proto='dhcpv6'
ã“ã®ã‚ˆã†ã«ãªã‚‹ã€‚
OpenWrtã¯ãƒ‡ãƒ•ã‚©ãƒ«ãƒˆã§LANデãƒã‚¤ã‚¹ã¨WLANデãƒã‚¤ã‚¹ã‚’ブリッジã—ã¦ã„ã‚‹ãŸã‚ã€br-lanã¨ã„ã†ãƒ‡ãƒã‚¤ã‚¹ãŒå®šç¾©ã•ã‚Œã¦ãŠã‚Šã€ãã‚ŒãŒlanインターフェイスã¨ãªã£ã¦ã„る。
ã—ã‹ã—ã€NanoPi R4Sã«ã¯WLANデãƒã‚¤ã‚¹ã¯ãªã„ãŸã‚ã“ã®ãƒ–リッジデãƒã‚¤ã‚¹ã‚’削除ã—ã¦ãŠã。
ファイルを直接編集ã—ã¦ã‚‚ã„ã„ã—uciコマンドã§è¨å®šã—ã¦ã‚‚ã„ã„ãŒã€ä»Šå›žã¯uciコマンドã§è¨å®šã‚’è¡Œã†ã€‚
ã¤ã„ã§ã«lanã«ã‚ã‚‹ipv6ã®è¨å®šã‚‚消ã—ã¦ãŠã。
root@OpenWrt:~# uci delete network.@device[0] root@OpenWrt:~# uci set network.lan.device=eth1 root@OpenWrt:~# uci delete network.lan.ip6assign='60' root@OpenWrt:~# uci show network network.loopback=interface network.loopback.device='lo' network.loopback.proto='static' network.loopback.ipaddr='127.0.0.1' network.loopback.netmask='255.0.0.0' network.globals=globals network.globals.ula_prefix='fd56:d548:f6c2::/48 network.@device[0]=device network.@device[0].name='eth1' network.@device[0].macaddr='ab:cd:ef:gh:ij:kl' network.lan=interface network.lan.device='eth1' network.lan.proto='static' network.lan.ipaddr='192.168.1.1' network.lan.netmask='255.255.255.0' network.@device[1]=device network.@device[1].name='eth0' network.@device[1].macaddr='12:34:56:78:90:ab' network.wan=interface network.wan.device='eth0' network.wan.proto='dhcp' network.wan6=interface network.wan6.device='eth0' network.wan6.proto='dhcpv6
commitã‚’è¡Œã†ã“ã¨ã«ã‚ˆã‚Šè¨å®šãƒ•ã‚¡ã‚¤ãƒ«ãŒæ›´æ–°ã•ã‚Œã‚‹ã€‚
root@OpenWrt:~# uci commit network
root@OpenWrt:~# cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd56:d548:f6c2::/48'
config device
option name 'eth1'
option macaddr 'ab:cd:ef:gh:ij:kl'
config interface 'lan'
option device 'eth1'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
config device
option name 'eth0'
option macaddr '12:34:56:78:90:ab'
config interface 'wan'
option device 'eth0'
option proto 'dhcp'
config interface 'wan6'
option device 'eth0'
option proto 'dhcpv6'
パッケージã®æ›´æ–°ãƒ»è¿½åŠ
ã“ã“ã§NanoPiã®WANãƒãƒ¼ãƒˆã«æ—¢å˜ã‚¤ãƒ³ã‚¿ãƒ¼ãƒãƒƒãƒˆ(DHCPã§ã‚¢ãƒ‰ãƒ¬ã‚¹ãŒå‰²ã‚Šå½“ã¦ã‚‰ã‚Œã‚‹)を接続ã™ã‚‹ã€‚
# åˆå›žã¯è¨¼æ˜Žæ›¸ãŒåˆ‡ã‚Œã¦ãŸã‚Šã™ã‚‹ãŸã‚ãƒã‚§ãƒƒã‚¯ã‚’ã›ãšã«è¡Œã† root@OpenWrt:~# opkg update --no-check-certificate # Webインターフェイス root@OpenWrt:~# opkg install luci-ssl
IPIP6パッケージã®ä½œæˆ
v6プラス固定IPã§ä½¿ç”¨ã™ã‚‹IPIP6トンãƒãƒ«ã«é–¢ã™ã‚‹ãƒ‘ッケージã¯å…¬å¼ã«ã¯ãªã„ãŸã‚〠github.com ã“ã¡ã‚‰ã‚’使用ã•ã›ã¦ã„ãŸã ã„ãŸã€‚
カスタムビルドã™ã‚‹ã®ã¯ã‹ãªã‚Šæ‰‹é–“ãªã®ã§ãƒ‘ッケージを手作りã™ã‚‹ã“ã¨ã«ã—ãŸã€‚
# ipip6ãƒ‘ãƒƒã‚±ãƒ¼ã‚¸ä½œæˆ $ mkdir ipip6 $ cd ipip6 ## control.tar.gzã®ä½œæˆ $ mkdir control $ cd control $ cat << EOS > ./control Package: ipip6 Version: 0.1 Depends: libc, kmod-ip6-tunnel, resolveip Source: feeds/base/package/network/ipv6/ipip6 SourceName: ipip6 License: GPL-2.0 Section: net SourceDateEpoch: 1641284700 Maintainer: kenjiuno <[email protected]> Architecture: all Installed-Size: 2716 Description: Provides support for ipip6 (RFC2473) in /etc/config/network. EOS $ cat << EOS > ./postinst #!/bin/sh [ "${IPKG_NO_SCRIPT}" = "1" ] && exit 0 [ -s ${IPKG_INSTROOT}/lib/functions.sh ] || exit 0 . ${IPKG_INSTROOT}/lib/functions.sh default_postinst $0 $@ EOS $ cat << EOS > ./postinst-pkg [ -n "${IPKG_INSTROOT}" ] || { rm -f /tmp/luci-indexcache rm -rf /tmp/luci-modulecache/ killall -HUP rpcd 2>/dev/null exit 0 } EOS $ cat << EOS > ./prerm #!/bin/sh [ -s ${IPKG_INSTROOT}/lib/functions.sh ] || exit 0 . ${IPKG_INSTROOT}/lib/functions.sh default_prerm $0 $@ EOS $ chmod +x postinst postinst-pkg prerm $ tar --numeric-owner --group=0 --owner=0 -czf ../control.tar.gz ./ $ cd .. ## data.tar.gzã®ä½œæˆ $ mkdir data $ cd data $ mkdir -p ./lib/netifd/proto $ mkdir -p ./www/luci-static/resources/protocol $ wget -O ./lib/netifd/proto/ipip6.sh https://github.com/HiraokaHyperTools/openwrt-ipip6/raw/main/net/ipv6/ipip6/files/ipip6.sh $ wget -O ./www/luci-static/resources/protocol/ipip6.js https://github.com/HiraokaHyperTools/openwrt-ipip6/raw/main/net/ipv6/ipip6/files/ipip6.js $ chmod +x ./lib/netifd/proto/ipip6.sh $ tar --numeric-owner --group=0 --owner=0 -czf ../data.tar.gz ./ $ cd .. ## debian-binaryã®ä½œæˆ $ cat << EOS > ./debian-binary 2.0 EOS ## ipip6_0.1_all.ipkã®ä½œæˆ $ tar --numeric-owner --group=0 --owner=0 -czf ./ipip6_0.1_all.tar.gz ./debian-binary ./data.tar.gz ./control.tar.gz $ mv ipip6_0.1_all.tar.gz ../ipip6_0.1_all.ipk
出æ¥ä¸ŠãŒã£ãŸã€ipip6_0.1_all.ipkã‚’NanoPiã«æŒã£ã¦ã„ãã€ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«ã™ã‚‹ã€‚
root@OpenWrt:~# opkg install ./ipip6_0.1_all.ipk
ã“ã“ã§NanoPiã‚’å†èµ·å‹•ã—ã€WANã«æŒ¿ã—ã¦ã„ãŸã‚±ãƒ¼ãƒ–ルをONUç›´çµã¸ã¨å¤‰ãˆã‚‹ã€‚
IPv6パススルーã®è¨å®š
Webインターフェイス(https://192.168.1.1)ã‚’é–‹ãã€Network->Interfaceã«ã„ãWAN6ã‚’Editã™ã‚‹ã€‚
DHCP Serverã®ã‚¿ãƒ–ã«è¡Œãã€Set up DHCP Serverを押ã™ã€‚
IPv6 Settingsã®ã‚¿ãƒ–ã«è¡Œãã€Designated masterã«ãƒã‚§ãƒƒã‚¯ã‚’入れã€å…¨ã¦relay modeã«ã™ã‚‹ã€‚
åŒæ§˜ã«LANã‚‚è¨å®šã™ã‚‹ã€‚
今度ã¯DHCPv6 Serviceã®ã¿server modeã«ã—ã€ãれ以外ã¯relay modeã«ã™ã‚‹ã€‚
Announced IPv6 DNS serversã«Public DNSサーãƒã®IPv6アドレスを入れる。
- 2001:4860:4860::8888 # Google
- 2606:4700:4700::1111 # CloudFlare
NDP-Proxy slaveã«ã¯ãƒã‚§ãƒƒã‚¯ã‚’入れãªã„
次ã«Advanced Settingsã®ã‚¿ãƒ–ã«è¡ŒãDHCPä¼ãˆã‚‹DNSサーãƒã®è¨å®šã‚’ã™ã‚‹
。
DHCP-Optionsã®ã¨ã“ã‚ã« 6,8.8.8.8,1.1.1.1ã¨å…¥ã‚Œã‚‹ã€‚
6ãŒDNSã®è¨å®šã§ãれ以é™ã«ã‚³ãƒ³ãƒžåŒºåˆ‡ã‚Šã§ã€ã‚¢ãƒ‰ãƒ¬ã‚¹ã‚’入れる。
ã“ã‚Œã§LANå´ã«ã¤ãªã’ãŸPCã‹ã‚‰IPv6アクセスãŒå¯èƒ½ã¨ãªã‚‹ã€‚
WAN6ã®ã‚¤ãƒ³ã‚¿ãƒ¼ãƒ•ã‚§ã‚¤ã‚¹IDã®å›ºå®šåŒ–
固定IPサービスã®IPIP6トンãƒãƒ«ã‚’張るã«ã¯ãƒãƒ¼ã‚«ãƒ«ï¼ˆè‡ªèº«ï¼‰ã®IPv6アドレスã®ã‚¤ãƒ³ã‚¿ãƒ¼ãƒ•ã‚§ã‚¤ã‚¹IDãŒæŒ‡å®šã•ã‚ŒãŸã‚‚ã®ã§ãªã„ã¨ã„ã‘ãªã„ã®ã§ä¸Šæ›¸ãã™ã‚‹ã€‚
root@OpenWrt:~# uci set network.wan6.ifaceid='::[ISPã‹ã‚‰é€šçŸ¥ã•ã‚ŒãŸã‚¤ãƒ³ã‚¿ãƒ¼ãƒ•ã‚§ã‚¤ã‚¹ID]' root@OpenWrt:~# uci commit network
IPv4 over IPv6ã®è¨å®š
Add new interface...を押ã—ã€Protocolã‚’ IPv4 over IPv6 (ipip6)ã‚’é¸æŠžã™ã‚‹ã€‚
Tunnel remote IPv6 addressã«v6プラスã®BRã®ã‚¢ãƒ‰ãƒ¬ã‚¹ã‚’入れる。
Your global IPv4 addressã«ã¯ISPã‹ã‚‰é€šçŸ¥ã•ã‚ŒãŸå›ºå®šIPv4アドレスを入れる。
Local IPv6 addressã¯ç©ºã«ã™ã‚‹ï¼ˆã‚¹ã‚¯ãƒªãƒ¼ãƒ³ã‚·ãƒ§ãƒƒãƒˆã§ã¯ä¾‹ç¤ºç”¨ã‚¢ãƒ‰ãƒ¬ã‚¹ã‚’入れã¦ã‚る)。
Firewall Settingsã®ã‚¿ãƒ–ã§wanゾーンã«é©å¿œã™ã‚‹ã€‚
ã“ã‚Œã§ã€IPv4ã§ã®ã‚¢ã‚¯ã‚»ã‚¹ãŒå¯èƒ½ã¨ãªã‚‹ã€‚
スナップショットã®ã‚¢ãƒƒãƒ—グレード
アップグレードを行ã†ã¨è¨å®šã¯ä¿æŒã•ã‚Œã‚‹ãŒã€ãƒ‘ッケージã¯åˆæœŸçŠ¶æ…‹ã«ãªã‚‹ã®ã§å†åº¦ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«ã™ã‚‹ã€‚
root@OpenWrt:~# wget https://downloads.openwrt.org/releases/22.03.0/targets/rockchip/armv8/openwrt-22.03.0-rockchip-armv8-friendlyarm_nanopi-r4s-squashfs-sysupgrade.img.gz root@OpenWrt:~# sysupgrade -v ./openwrt-22.03.0-rockchip-armv8-friendlyarm_nanopi-r4s-squashfs-sysupgrade.img.gz # å†èµ·å‹•ãŒã‹ã‹ã‚Šæ›´æ–°ã•ã‚Œã‚‹ root@OpenWrt:~# opkg update root@OpenWrt:~# wget https://static.akashisn.info/packages/openwrt/ipip6_0.1_all.ipk root@OpenWrt:~# opkg install ./ipip6_0.1_all.ipk root@OpenWrt:~# opkg install luci-ssl luci-i18n-base-ja luci-i18n-firewall-ja luci-i18n-opkg-ja # 以下ãŠå¥½ã¿ã§ root@OpenWrt:~# opkg install map ds-lite iptables-mod-ipopt root@OpenWrt:~# opkg install ca-certificates root@OpenWrt:~# opkg install qrencode wireguard-tools luci-proto-wireguard luci-app-wireguard luci-i18n-wireguard-ja root@OpenWrt:~# opkg install openvpn-openssl kmod-ovpn-dco openvpn-easy-rsa luci-app-openvpn luci-i18n-openvpn-ja root@OpenWrt:~# opkg install ddns-scripts-cloudflare luci-app-ddns luci-i18n-ddns-ja root@OpenWrt:~# opkg install acme acme-dnsapi luci-app-acme luci-i18n-acme-ja root@OpenWrt:~# reboot
速度測定
2スレッドã—ã‹ä½¿ã‚ã‚Œã¦ã„ãªã„よã†ã ãŒã€
å分ã«é€Ÿåº¦ãŒå‡ºã¦ã„る。
