Changes between Version 10 and Version 11 of Internal/Soekris


Ignore:
Timestamp:
Sep 20, 2006, 9:16:38 PM (15 years ago)
Author:
Joseph F. Miklojcik III
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Internal/Soekris

    v10 v11  
    99On the other hand, all five ethernet (NatSemi) devices are fully supported pretty much everywhere.
    1010
    11 You will want a paperclip.  You're going to be hitting that reset switch a lot.
     11You will want a paperclip.  You're going to be poking that reset switch a lot.
    1212
    1313== connect a console ==
    1414
    15 Get a linux laptop with a serial port.  Connect the Soekris serial port to it using a crossover serial cable.  There are a billion of these, unused, floating around ORBIT.  They have "X OVER" written on them.
     15Get a linux laptop with a serial port.  Connect the Soekris serial port to it using a crossover serial cable.  There are a lot of these, unused, floating around ORBIT.  They have "X OVER" written on them.
    1616
    1717Run minicom in a terminal window that can handle vt102 (any of them can).  Minicom should be set for 9600 baud, 8 databits, no parity, 1 stop bit, no flow control.  Turn hardware flow control off in minicom.  The UNIX device for talking to the console is almost certainly /dev/ttyS0.
     
    2121== configure the Soekris net4801 BIOS ==
    2222
    23 Look at the banner from when the net4801 boots.  Get the BIOS version and check it against the Soekris web site.
     23Look at the banner from when the net4801 boots.  Get the BIOS version and check it against the Soekris web site.  Make sure you have the latest.
    2424
    2525Hit C-p as it is booting to get to a BIOS prompt.
     
    2727Issue these commands at the BIOS prompt, filling in today's date and the current time.
    2828
     29{{{
    2930date YYYY/MM/DD
    30 
    3131time HH:MM:SS
    32 
    3332set ConSpeed=9600
     33}}}
    3434
    3535The only reliable way to obtain the MAC address of 'Eth 0', without having an operating system already loaded, is to watch the diagnostic output of
    3636
     37{{{
    3738boot f0
     39}}}
    3840
    3941== net install ==
    4042
    41 The netboot image for debian is already around.  You need
     43The netboot image for debian is already around.  You might need
    4244
    43 wget http://centerclick.org/net4801/pxelinux/pxelinux.0.gz
     45http://centerclick.org/net4801/pxelinux/pxelinux.0.gz
    4446
    45 as opposed to the pxelinux.bin that's already around.  You need to make a link in pxelinux.cfg to an appropriate pxelinux configuration file, namely the one for serial.  To the end of the 'install' image you want to add:
     47as opposed to the pxelinux.bin that's already around.  The pxelinux.0 that comes with the net-install.tar.gz from debian works, but does not print banners to minicom properly.  You need to make a link in pxelinux.cfg to an appropriate pxelinux configuration file, namely the one for serial.  To the end of the 'install' image you want to add:
    4648
     49{{{
    4750DEBIAN_FRONTEND=text
     51}}}
    4852
    4953(we did this, so it's probably already there.)
     
    6973Get the tarball, untar it on your linux laptop as root like this:
    7074
     75{{{
    7176sudo tar --numeric-owner -zxvf voyage-0.2pre4.tar.gz
     77}}}
    7278
    7379Attach the CF card.  If it gets automounted, unmount it.  Cd into the untarred directory and run voyage.update as root.  The CF card is likely to be /dev/sdb.  On an Ubuntu box you can use /media/usbdisk as the mount point.  When this finishes, move the CF card into the Soekris net4801, and reboot it.
     
    7783Log in as root.  The default root password is, predictably, 'voyage'.  Voyage linux tries to be cute by mounting everything read only, so you need to remount the root partition as read write, like this:
    7884
     85{{{
    7986mount -o remount,rw /
     87}}}
    8088
    8189Now you can and should change the root password.
     
    8795Run
    8896
     97{{{
    8998apt-get update
    90 
    9199apt-get upgrade
     100}}}
    92101
    93102as usual.
     
    99108http://tldp.org/HOWTO/ppp-ssh
    100109
     110The idea is:
    101111
     1121. Create a vpn account on the landing.
     1132. Allow the vpn account on the landing to run pppd as root, by configuring /etc/sudoers with lines like these
     114{{{
     115Cmnd_Alias VPN=/usr/bin/pppd
     116vpn: ALL=NOPASSWD: VPN
     117}}}
     1183. Allow the vpn client to log in to the vpn account on the landing using an ssh key with no password.
     1194. Run a script like the following on the landing.
     120{{{
     121#!/bin/bash
     122case "$1" in
     123  start)
     124    /usr/sbin/pppd updetach noauth passive pty "ssh vpn@${LANDING} -o Batchmode=yes sudo /usr/sbin/pppd nodetach notty noauth" ipparam vpn ${LANDING_IP}:${CLIENT_IP}
     125    ;;
     126  stop)
     127    killall -9 pppd
     128    ;;
     129  *)
     130    echo please stop or start
     131    exit 1
     132    ;;
     133esac
     134exit 0
     135}}}
     1365. Change iptables so that the traffic incoming