| Version 11 (modified by , 18 years ago) ( diff ) |
|---|
Soekris net4801 hardware
http://soekris.com/Manuals/net4801_manual.pdf
There are no linux nor BSD drivers for the vpn1411 device we had hoped to use.
http://lists.soekris.com/pipermail/soekris-tech/2006-June/010523.html
On the other hand, all five ethernet (NatSemi) devices are fully supported pretty much everywhere.
You will want a paperclip. You're going to be poking that reset switch a lot.
connect a console
Get a linux laptop with a serial port. Connect the Soekris serial port to it using a crossover serial cable. There are a lot of these, unused, floating around ORBIT. They have "X OVER" written on them.
Run minicom in a terminal window that can handle vt102 (any of them can). Minicom should be set for 9600 baud, 8 databits, no parity, 1 stop bit, no flow control. Turn hardware flow control off in minicom. The UNIX device for talking to the console is almost certainly /dev/ttyS0.
Minicom and the Soekris console driver seem a little fragile. If you do wind up dumping junk to the serial port (as will be the case if you run pppd carelessly), you may gum it up so badly that you need to reboot.
configure the Soekris net4801 BIOS
Look at the banner from when the net4801 boots. Get the BIOS version and check it against the Soekris web site. Make sure you have the latest.
Hit C-p as it is booting to get to a BIOS prompt.
Issue these commands at the BIOS prompt, filling in today's date and the current time.
date YYYY/MM/DD time HH:MM:SS set ConSpeed=9600
The only reliable way to obtain the MAC address of 'Eth 0', without having an operating system already loaded, is to watch the diagnostic output of
boot f0
net install
The netboot image for debian is already around. You might need
http://centerclick.org/net4801/pxelinux/pxelinux.0.gz
as opposed to the pxelinux.bin that's already around. The pxelinux.0 that comes with the net-install.tar.gz from debian works, but does not print banners to minicom properly. You need to make a link in pxelinux.cfg to an appropriate pxelinux configuration file, namely the one for serial. To the end of the 'install' image you want to add:
DEBIAN_FRONTEND=text
(we did this, so it's probably already there.)
We tried this in several different ways with a remarkable number of pre-compiled pxelinux.0 files, but the net install could never find the CF disk. Eventually we gave up and moved to pre-loading the CF.
Voyage Linux
Voyage Linux is Debian with enough removed so it will fit in 64Mb.
http://www.voyage.hk/software/voyage.html
The "Kingston Elite Pro" CF card is reported by the 4801 as
Pri Sla SAMSUNG CF/ATA LBA Xlt 1012-32-63
The SimpleTech CF card is
Pri Mas Hitachi XX.V.3.7.0.0 LBA 993-16-63
The Kingston has an extremely different geometry when connected to my laptop through an IOMEGA USB media adapter. Nor can I adjust the reported geometry in fdisk. So you can't use it to hold bootable images. I have no idea why the Kingston shows up as a slave.
Get the tarball, untar it on your linux laptop as root like this:
sudo tar --numeric-owner -zxvf voyage-0.2pre4.tar.gz
Attach the CF card. If it gets automounted, unmount it. Cd into the untarred directory and run voyage.update as root. The CF card is likely to be /dev/sdb. On an Ubuntu box you can use /media/usbdisk as the mount point. When this finishes, move the CF card into the Soekris net4801, and reboot it.
LILO may be less than perfect at
Log in as root. The default root password is, predictably, 'voyage'. Voyage linux tries to be cute by mounting everything read only, so you need to remount the root partition as read write, like this:
mount -o remount,rw /
Now you can and should change the root password.
Change /etc/rc2.d/S99voyage so that the commands that keep remounting / ro are disabled.
Note that things like /root are normally linked to /rw/root, which is a tmpfs. It's all very cute, but you probably want to disable it.
Run
apt-get update apt-get upgrade
as usual.
PPP/SSH client configuration
General instructions can be found at
http://tldp.org/HOWTO/ppp-ssh
The idea is:
- Create a vpn account on the landing.
- Allow the vpn account on the landing to run pppd as root, by configuring /etc/sudoers with lines like these
Cmnd_Alias VPN=/usr/bin/pppd vpn: ALL=NOPASSWD: VPN
- Allow the vpn client to log in to the vpn account on the landing using an ssh key with no password.
- Run a script like the following on the landing.
#!/bin/bash case "$1" in start) /usr/sbin/pppd updetach noauth passive pty "ssh vpn@${LANDING} -o Batchmode=yes sudo /usr/sbin/pppd nodetach notty noauth" ipparam vpn ${LANDING_IP}:${CLIENT_IP} ;; stop) killall -9 pppd ;; *) echo please stop or start exit 1 ;; esac exit 0 - Change iptables so that the traffic incoming
