Skip to content
linux-nerds.org

linux-nerds.org
  1. Übersicht
  2. Linux
  3. Wireguard
  4. Wireguard

Wireguard

Verschoben Wireguard
  • FrankMF

    Diese Anleitung ignoriert ein paar Sicherheitseinstellungen. Einige Daten dürfen nicht von anderen einsehbar sein. Dazu bitte die Anleitung von wireguard beachten! Das hier ist ein Test im lokalen Netz, da interessiert mich das nicht so sehr. Im "bösen" Internet bitte unbedingt beachten!

    In letzter Zeit liest man immer von Wireguard und das es bald evt. in den Kernel aufgenommen wird. Das macht doch jemanden wie mich furchtbar neugierig.

    Was kann man mit einem VPN-Tunnel anstellen?

    • Man verbindet zwei unterschiedliche Standorte zu einem Netz
    • Man möchte evt. seine eigene IP-Adresse tarnen
    • Man möchte auf sein Heimnetzwerk von unterwegs aus drauf zugreifen
    • Man möchte zwei Server verbinden, die dann z.B. die Redis-Datenbank in Master/Slave Modus betreiben
      und vieles andere

    Dann geht es mal ans Ausprobieren, wie immer auf einem ROCKPro64 bzw. zwei 😉

    Installation Kernel-Modul

    Dieser Teil ist überflüssig geworden mit dem Release RC12, bitte den nächsten Beitrag von mir lesen.

    Wir brauchen für Wireguard ein Kernelmodul, das aber nicht vorhanden ist. Dann bauen wir das mal selber.

    sudo apt-get install libmnl-dev libelf-dev linux-headers-$(uname -r) build-essential pkg-config
git clone https://git.zx2c4.com/WireGuard
cd WireGuard/src
make
sudo make install

    Konfiguration Tunnel

    Danach ist alles vorhanden, was wir benötigen. In diesem Beispiel wollen wir eine Peer-to-Peer Verbindung aufbauen.

    Peer-to-Peer Tunnel

    RP64 Nr.1

    • LAN Adresse: 192.168.3.208
    • Wireguard IP 192.168.10.1

    RP64 Nr.2

    • LAN Adresse: 192.168.3.14
    • Wireguard IP 192.168.10.2

    Unter /etc/wireguard legt man alle Keys und Konfigdateien ab.

    cd /etc/wireguard

    Der Ordner ist standardmäßig leer!

    Keys erzeugen:

    private.key erzeugen

    root@rp64_nextcloud:/etc/wireguard# wg genkey > private.key
Warning: writing to world accessible file.
Consider setting the umask to 077 and trying again.

    public.key erzeugen

    root@rp64_nextcloud:/etc/wireguard# wg pubkey > public.key < private.key

    psk.key erzeugen

    root@rp64_nextcloud:/etc/wireguard# wg genpsk > psk.key

    Schnittstelle erzeugen

    sudo ip link add wg0 type wireguard
sudo ip addr add 192.168.10.1/24 dev wg0

    Ausgabe: Nur Schnittstelle angelegt

    root@rp64_nextcloud:/etc/wireguard# wg
interface: wg0

    Key hinzufügen

    cd /etc/wireguard
wg set wg0 private-key ./private.key

    Ausgabe: Key hinzugefügt!

    root@rp64_nextcloud:/etc/wireguard# wg
interface: wg0
public key: gqiCgt5+X3na+wZ1e9gnR1pTujFO3jIudnwDIttDPEo=
private key: (hidden)

    Schnittstelle IP-Adresse löschen

    Falls man sich mal vertan hat, kann man hiermit alle IP-Adressen einer Schnittstelle löschen.

    ip addr flush dev wg0

    Schnittstelle aktivieren

    ip link set wg0 up

    Wenn man das vergisst, wird einem beim Befehl wg kein Port angezeigt.

    Nicht richtig

    interface: wg0
  public key: gqiCgt5+X3na+wZ1e9gnR1pTujFO3jIudnwDIttDPEo=
  private key: (hidden)

    Korrekt

    interface: wg0
  public key: gqiCgt5+X3na+wZ1e9gnR1pTujFO3jIudnwDIttDPEo=
  private key: (hidden)
  listening port: 35866

    Peer bekanntmachen

    wg set wg0 peer zj1ajjcBhgFSe+NUHtnTNQ4+emsVgHDPVOeQHVKK4U4= allowed-ips 192.168.10.2/32 endpoint 192.168.3.14:53751
    • wg = Programm wireguard
    • set = Befehl
    • wg0 = Interface
    • peer = Peer to Peer Verbindung
    • PUBLICKEY = Den public.key vom ZIEL
    • allowed-ips IP-Adresse des Ziels, hier 192.168.10.2 gewählt
    • endpoint 192.168.3.14:PORT / LAN IP Schnittstelle und PORT

    Das ganze ist dann auf beiden Rechner auszuführen, nicht besonders viel Arbeit wenn man es einmal verstanden hat. Ich habe hier nur die Schritte auf dem einen Rechner aufgelistet.

    Test

    Ping Test RP Nr. 1

    root@rp64_nextcloud:/etc/wireguard# ping 192.168.10.2
PING 192.168.10.2 (192.168.10.2) 56(84) bytes of data.
64 bytes from 192.168.10.2: icmp_seq=1 ttl=64 time=2.50 ms
64 bytes from 192.168.10.2: icmp_seq=2 ttl=64 time=2.99 ms
64 bytes from 192.168.10.2: icmp_seq=3 ttl=64 time=2.75 ms
64 bytes from 192.168.10.2: icmp_seq=4 ttl=64 time=2.59 ms
64 bytes from 192.168.10.2: icmp_seq=5 ttl=64 time=2.91 ms
^C
--- 192.168.10.2 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4007ms
rtt min/avg/max/mdev = 2.509/2.755/2.998/0.194 ms

    Ping Test RP Nr. 2

    root@rockpro64:/etc/wireguard# ping 192.168.10.1
PING 192.168.10.1 (192.168.10.1) 56(84) bytes of data.
64 bytes from 192.168.10.1: icmp_seq=1 ttl=64 time=2.95 ms
64 bytes from 192.168.10.1: icmp_seq=2 ttl=64 time=2.83 ms
64 bytes from 192.168.10.1: icmp_seq=3 ttl=64 time=2.43 ms
^C
--- 192.168.10.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 2.430/2.740/2.958/0.225 ms

    Nach erfolgreichem Pingtest, kann man mit dem Befehl wg sehen, wie viel Daten man transferiert hat.

    root@rp_64_test:/etc/wireguard# wg
interface: wg0
  public key: zj1ajjcBhgFSe+NUHtnTNQ4+emsVgHDPVOeQHVKK4U4=
  private key: (hidden)
  listening port: 41908

peer: gqiCgt5+X3na+wZ1e9gnR1pTujFO3jIudnwDIttDPEo=
  endpoint: 192.168.3.208:35866
  allowed ips: 192.168.10.1/32
  latest handshake: 52 seconds ago
  transfer: 4.84 KiB received, 4.93 KiB sent

    Iperf3

    Iperf3 Test RP Nr. 1 (Server)

    root@rp64_nextcloud:/etc/wireguard# iperf3 -B 192.168.10.1 -s
-----------------------------------------------------------
Server listening on 5201
-----------------------------------------------------------
Accepted connection from 192.168.10.2, port 32876
[  5] local 192.168.10.1 port 5201 connected to 192.168.10.2 port 32878
[ ID] Interval           Transfer     Bandwidth
[  5]   0.00-1.00   sec  75.5 MBytes   633 Mbits/sec                  
[  5]   1.00-2.00   sec   106 MBytes   891 Mbits/sec                  
[  5]   2.00-3.00   sec   107 MBytes   895 Mbits/sec                  
[  5]   3.00-4.00   sec   107 MBytes   901 Mbits/sec                  
[  5]   4.00-5.00   sec   107 MBytes   900 Mbits/sec                  
[  5]   5.00-6.00   sec   107 MBytes   899 Mbits/sec                  
[  5]   6.00-7.00   sec   107 MBytes   901 Mbits/sec                  
[  5]   7.00-8.00   sec   107 MBytes   895 Mbits/sec                  
[  5]   8.00-9.00   sec   107 MBytes   896 Mbits/sec                  
[  5]   9.00-10.00  sec   107 MBytes   897 Mbits/sec                  
[  5]  10.00-10.02  sec  1.91 MBytes   893 Mbits/sec                  
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bandwidth
[  5]   0.00-10.02  sec  0.00 Bytes  0.00 bits/sec                  sender
[  5]   0.00-10.02  sec  1.02 GBytes   871 Mbits/sec                  receiver
-----------------------------------------------------------
Server listening on 5201
-----------------------------------------------------------
^Ciperf3: interrupt - the server has terminated

    Iperf3 Test RP Nr. 2 (Client)

    root@rockpro64:/etc/wireguard# iperf3 -c 192.168.10.1
Connecting to host 192.168.10.1, port 5201
[  4] local 192.168.10.2 port 32878 connected to 192.168.10.1 port 5201
[ ID] Interval           Transfer     Bandwidth       Retr  Cwnd
[  4]   0.00-1.00   sec  80.3 MBytes   673 Mbits/sec    3   1.52 MBytes       
[  4]   1.00-2.00   sec   106 MBytes   889 Mbits/sec    1    910 KBytes       
[  4]   2.00-3.00   sec   106 MBytes   891 Mbits/sec    0   1.01 MBytes       
[  4]   3.00-4.00   sec   108 MBytes   910 Mbits/sec    0   1.11 MBytes       
[  4]   4.00-5.00   sec   107 MBytes   899 Mbits/sec    0   1.21 MBytes       
[  4]   5.00-6.00   sec   107 MBytes   900 Mbits/sec    0   1.30 MBytes       
[  4]   6.00-7.00   sec   107 MBytes   900 Mbits/sec    0   1.39 MBytes       
[  4]   7.00-8.00   sec   106 MBytes   891 Mbits/sec    1    811 KBytes       
[  4]   8.00-9.00   sec   107 MBytes   900 Mbits/sec    0    942 KBytes       
[  4]   9.00-10.00  sec   107 MBytes   896 Mbits/sec    0   1.04 MBytes       
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bandwidth       Retr
[  4]   0.00-10.00  sec  1.02 GBytes   875 Mbits/sec    5             sender
[  4]   0.00-10.00  sec  1.02 GBytes   872 Mbits/sec                  receiver

iperf Done.

    Iperf3 normales LAN

    root@rp64_nextcloud:/etc/wireguard# iperf3 -s
-----------------------------------------------------------
Server listening on 5201
-----------------------------------------------------------
Accepted connection from 192.168.3.14, port 39548
[  5] local 192.168.3.208 port 5201 connected to 192.168.3.14 port 39550
[ ID] Interval           Transfer     Bandwidth
[  5]   0.00-1.00   sec   110 MBytes   925 Mbits/sec                  
[  5]   1.00-2.00   sec   112 MBytes   942 Mbits/sec                  
[  5]   2.00-3.00   sec   112 MBytes   940 Mbits/sec                  
[  5]   3.00-4.00   sec   112 MBytes   940 Mbits/sec                  
[  5]   4.00-5.00   sec   112 MBytes   939 Mbits/sec                  
[  5]   5.00-6.00   sec   112 MBytes   938 Mbits/sec                  
[  5]   6.00-7.00   sec   112 MBytes   938 Mbits/sec                  
[  5]   7.00-8.00   sec   112 MBytes   939 Mbits/sec                  
[  5]   8.00-9.00   sec   112 MBytes   940 Mbits/sec                  
[  5]   9.00-10.00  sec   111 MBytes   927 Mbits/sec                  
[  5]  10.00-10.02  sec  1.97 MBytes   924 Mbits/sec                  
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bandwidth
[  5]   0.00-10.02  sec  0.00 Bytes  0.00 bits/sec                  sender
[  5]   0.00-10.02  sec  1.09 GBytes   937 Mbits/sec                  receiver
-----------------------------------------------------------
Server listening on 5201
-----------------------------------------------------------
Accepted connection from 192.168.3.14, port 39552
[  5] local 192.168.3.208 port 5201 connected to 192.168.3.14 port 39554
[ ID] Interval           Transfer     Bandwidth       Retr  Cwnd
[  5]   0.00-1.00   sec   114 MBytes   958 Mbits/sec    0   1.36 MBytes       
[  5]   1.00-2.00   sec   112 MBytes   943 Mbits/sec    0   1.36 MBytes       
[  5]   2.00-3.00   sec   111 MBytes   936 Mbits/sec    0   1.84 MBytes       
[  5]   3.00-4.00   sec   111 MBytes   933 Mbits/sec    0   1.84 MBytes       
[  5]   4.00-5.00   sec   108 MBytes   901 Mbits/sec    0   1.84 MBytes       
[  5]   5.00-6.00   sec   111 MBytes   934 Mbits/sec    0   1.84 MBytes       
[  5]   6.00-7.00   sec   112 MBytes   944 Mbits/sec    0   1.84 MBytes       
[  5]   7.00-8.00   sec   112 MBytes   944 Mbits/sec    0   1.84 MBytes       
[  5]   8.00-9.00   sec   112 MBytes   943 Mbits/sec    0   1.84 MBytes       
[  5]   9.00-10.00  sec   111 MBytes   934 Mbits/sec    0   1.84 MBytes       
[  5]  10.00-10.01  sec  1.25 MBytes  1.15 Gbits/sec    0   1.84 MBytes       
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bandwidth       Retr
[  5]   0.00-10.01  sec  1.09 GBytes   937 Mbits/sec    0             sender
[  5]   0.00-10.01  sec  0.00 Bytes  0.00 bits/sec                  receiver
-----------------------------------------------------------
Server listening on 5201
-----------------------------------------------------------

    Fazit

    Ultra coole Sache 🙂 Ich habe noch nie so schnell einen Tunnel aufgebaut! Meine Erinnerungen an OpenVPN kommen da hoch, was war das ein Gefummel bis da mal eine Verbindung stand. Die Perfomance der Verbindung war ebenfalls überraschend schnell. Bitte beachten, das war ein Test zweier ROCKPro64 in meinem lokalem Netz. Ein Test in der freien Wildbahn folgt aber! 😉

    Und zum Schluss folgender Hinweis der wireguard Webseite!

    WireGuard is not yet complete. You should not rely on this code. It has not undergone proper degrees of security auditing and the protocol is still subject to change. We're working toward a stable 1.0 release, but that time has not yet come. There are experimental snapshots tagged with "0.0.YYYYMMDD", but these should not be considered real releases and they may contain security vulnerabilities (which would not be eligible for CVEs, since this is pre-release snapshot software). If you are packaging WireGuard, you must keep up to date with the snapshots.

    Im Fediverse -> @FrankM@nrw.social

    1. NanoPi R5S
    2. Quartz64 Model B, 4GB RAM
    3. Quartz64 Model A, 4GB RAM
    4. RockPro64 v2.1
    0
  • FrankMF

    So, gibt was Neues 🙂 Kamil hat mit dem Release RC12 ein paar Dinge verbessert.

    Software

    root@rockpro64:~# uname -a
Linux rockpro64 4.4.167-1189-rockchip-ayufan-gea9ef7a80268 #1 SMP Tue May 28 14:37:31 UTC 2019 aarch64 aarch64 aarch64 GNU/Linux

    https://github.com/ayufan-rock64/linux-build/releases/download/0.8.0rc12/bionic-minimal-rockpro64-0.8.0rc12-1132-arm64.img.xz

    ## Wireguard

Installing Wireguard is very simple with DKMS and makes Wireguard to be auto-updated
after kernel change.

Following the documentation from https://www.wireguard.com/install/:

```bash
sudo add-apt-repository ppa:wireguard/wireguard
sudo apt-get install python wireguard
```

    Ok, DKMS !?

    DKMS 🇬🇧 steht für Dynamic Kernel Module Support. Das von Dell entwickelte Hilfsprogramm überwacht, ob zusätzliche >Kernelmodule manuell installiert wurden und aktualisiert die Module immer dann, wenn ein neuer oder aktualisierter Kernel installiert wird. Dies ist insofern praktisch, dass das Kompilieren des Kernelmoduls nicht immer von Hand durchgeführt werden muss, wenn der Kernel aktualisiert wurde.
    Quelle: https://wiki.ubuntuusers.de/DKMS/

    So für mich als normaler User, ich muss mir Wireguard jetzt nicht mehr bauen, sondern kann es ganz bequem installieren. Die dazu benötigten Befehle stehen weiter oben.

    Repository adden

    rock64@rockpro64:~$ sudo add-apt-repository ppa:wireguard/wireguard
 WireGuard is a novel VPN that runs inside the Linux Kernel. This is the Ubuntu packaging for WireGuard. More info may be found at its website, listed below.

More info: https://www.wireguard.com/
Packages: wireguard wireguard-tools wireguard-dkms

Install with: $ apt install wireguard

For help, please contact <email address hidden>
 More info: https://launchpad.net/~wireguard/+archive/ubuntu/wireguard
Press [ENTER] to continue or Ctrl-c to cancel adding it.

    Wireguard installieren

    rock64@rockpro64:~$ sudo apt-get install python wireguard
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following additional packages will be installed:
  dkms libpython-stdlib libpython2.7-minimal libpython2.7-stdlib python-minimal python2.7 python2.7-minimal wireguard-dkms wireguard-tools
Suggested packages:
  python3-apport menu python-doc python-tk python2.7-doc binfmt-support
Recommended packages:
  fakeroot
The following NEW packages will be installed:
  dkms libpython-stdlib libpython2.7-minimal libpython2.7-stdlib python python-minimal python2.7 python2.7-minimal wireguard wireguard-dkms
  wireguard-tools
0 upgraded, 11 newly installed, 0 to remove and 0 not upgraded.
Need to get 4451 kB of archives.
After this operation, 21.4 MB of additional disk space will be used.
Do you want to continue? [Y/n] 
Get:1 http://ppa.launchpad.net/wireguard/wireguard/ubuntu bionic/main arm64 wireguard-dkms all 0.0.20190406-wg1~bionic [553 kB]
Get:2 http://ports.ubuntu.com/ubuntu-ports bionic-security/main arm64 libpython2.7-minimal arm64 2.7.15~rc1-1ubuntu0.1 [334 kB]
Get:3 http://ports.ubuntu.com/ubuntu-ports bionic-security/main arm64 python2.7-minimal arm64 2.7.15~rc1-1ubuntu0.1 [1142 kB]
Get:4 http://ppa.launchpad.net/wireguard/wireguard/ubuntu bionic/main arm64 wireguard-tools arm64 0.0.20190406-wg1~bionic [84.1 kB]
Get:5 http://ports.ubuntu.com/ubuntu-ports bionic/main arm64 python-minimal arm64 2.7.15~rc1-1 [28.1 kB]
Get:6 http://ports.ubuntu.com/ubuntu-ports bionic-security/main arm64 libpython2.7-stdlib arm64 2.7.15~rc1-1ubuntu0.1 [1851 kB]
Get:7 http://ppa.launchpad.net/wireguard/wireguard/ubuntu bionic/main arm64 wireguard all 0.0.20190406-wg1~bionic [4168 B]
Get:8 http://ports.ubuntu.com/ubuntu-ports bionic-security/main arm64 python2.7 arm64 2.7.15~rc1-1ubuntu0.1 [238 kB]
Get:9 http://ports.ubuntu.com/ubuntu-ports bionic/main arm64 libpython-stdlib arm64 2.7.15~rc1-1 [7620 B]
Get:10 http://ports.ubuntu.com/ubuntu-ports bionic/main arm64 python arm64 2.7.15~rc1-1 [140 kB]
Get:11 http://ports.ubuntu.com/ubuntu-ports bionic-updates/main arm64 dkms all 2.3-3ubuntu9.2 [68.0 kB]
Fetched 4451 kB in 1s (6651 kB/s)
Selecting previously unselected package libpython2.7-minimal:arm64.
(Reading database ... 47070 files and directories currently installed.)
Preparing to unpack .../0-libpython2.7-minimal_2.7.15~rc1-1ubuntu0.1_arm64.deb ...
Unpacking libpython2.7-minimal:arm64 (2.7.15~rc1-1ubuntu0.1) ...
Selecting previously unselected package python2.7-minimal.
Preparing to unpack .../1-python2.7-minimal_2.7.15~rc1-1ubuntu0.1_arm64.deb ...
Unpacking python2.7-minimal (2.7.15~rc1-1ubuntu0.1) ...
Selecting previously unselected package python-minimal.
Preparing to unpack .../2-python-minimal_2.7.15~rc1-1_arm64.deb ...
Unpacking python-minimal (2.7.15~rc1-1) ...
Selecting previously unselected package libpython2.7-stdlib:arm64.
Preparing to unpack .../3-libpython2.7-stdlib_2.7.15~rc1-1ubuntu0.1_arm64.deb ...
Unpacking libpython2.7-stdlib:arm64 (2.7.15~rc1-1ubuntu0.1) ...
Selecting previously unselected package python2.7.
Preparing to unpack .../4-python2.7_2.7.15~rc1-1ubuntu0.1_arm64.deb ...
Unpacking python2.7 (2.7.15~rc1-1ubuntu0.1) ...
Selecting previously unselected package libpython-stdlib:arm64.
Preparing to unpack .../5-libpython-stdlib_2.7.15~rc1-1_arm64.deb ...
Unpacking libpython-stdlib:arm64 (2.7.15~rc1-1) ...
Setting up libpython2.7-minimal:arm64 (2.7.15~rc1-1ubuntu0.1) ...
Setting up python2.7-minimal (2.7.15~rc1-1ubuntu0.1) ...
Linking and byte-compiling packages for runtime python2.7...
Setting up python-minimal (2.7.15~rc1-1) ...
Selecting previously unselected package python.
(Reading database ... 47818 files and directories currently installed.)
Preparing to unpack .../python_2.7.15~rc1-1_arm64.deb ...
Unpacking python (2.7.15~rc1-1) ...
Selecting previously unselected package dkms.
Preparing to unpack .../dkms_2.3-3ubuntu9.2_all.deb ...
Unpacking dkms (2.3-3ubuntu9.2) ...
Selecting previously unselected package wireguard-dkms.
Preparing to unpack .../wireguard-dkms_0.0.20190406-wg1~bionic_all.deb ...
Unpacking wireguard-dkms (0.0.20190406-wg1~bionic) ...
Selecting previously unselected package wireguard-tools.
Preparing to unpack .../wireguard-tools_0.0.20190406-wg1~bionic_arm64.deb ...
Unpacking wireguard-tools (0.0.20190406-wg1~bionic) ...
Selecting previously unselected package wireguard.
Preparing to unpack .../wireguard_0.0.20190406-wg1~bionic_all.deb ...
Unpacking wireguard (0.0.20190406-wg1~bionic) ...
Processing triggers for mime-support (3.60ubuntu1) ...
Setting up wireguard-tools (0.0.20190406-wg1~bionic) ...
Setting up dkms (2.3-3ubuntu9.2) ...
Setting up libpython2.7-stdlib:arm64 (2.7.15~rc1-1ubuntu0.1) ...
Setting up wireguard-dkms (0.0.20190406-wg1~bionic) ...
Loading new wireguard-0.0.20190406 DKMS files...
Building for 4.4.167-1189-rockchip-ayufan-gea9ef7a80268
Building initial module for 4.4.167-1189-rockchip-ayufan-gea9ef7a80268
Done.

wireguard:
Running module version sanity check.
 - Original module
   - No original module exists within this kernel
 - Installation
   - Installing to /lib/modules/4.4.167-1189-rockchip-ayufan-gea9ef7a80268/updates/dkms/

depmod...

DKMS: install completed.
Setting up python2.7 (2.7.15~rc1-1ubuntu0.1) ...
Setting up libpython-stdlib:arm64 (2.7.15~rc1-1) ...
Setting up wireguard (0.0.20190406-wg1~bionic) ...
Setting up python (2.7.15~rc1-1) ...

    Danach ein Reboot und wie im ersten Beitrag beschrieben installieren.

    ROCKPro64 Nr.1

    root@rp64_nextcloud:/etc/wireguard# wg
interface: wg0
  public key: gqiCgt5+X3na+wZ1e9gnR1pTujFO3jIudnwDIttDPEo=
  private key: (hidden)
  listening port: 53984

peer: WU2zYy8EcQvGT2SlqcbY8O8DN1o28TlOT/9yS1+tcAk=
  endpoint: 192.168.3.18:34774
  allowed ips: 192.168.10.2/32
root@rp64_nextcloud:/etc/wireguard# ping 192.168.10.2
PING 192.168.10.2 (192.168.10.2) 56(84) bytes of data.
64 bytes from 192.168.10.2: icmp_seq=1 ttl=64 time=15.2 ms
64 bytes from 192.168.10.2: icmp_seq=2 ttl=64 time=2.22 ms
64 bytes from 192.168.10.2: icmp_seq=3 ttl=64 time=2.42 ms
^C
--- 192.168.10.2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 2.221/6.629/15.247/6.094 ms

    ROCKPro64 Nr.2

    root@rockpro64:~# wg
interface: wg0
  public key: WU2zYy8EcQvGT2SlqcbY8O8DN1o28TlOT/9yS1+tcAk=
  private key: (hidden)
  listening port: 34774

peer: gqiCgt5+X3na+wZ1e9gnR1pTujFO3jIudnwDIttDPEo=
  endpoint: 192.168.3.208:53984
  allowed ips: 192.168.10.1/32
root@rockpro64:~# ping 192.168.10.1
PING 192.168.10.1 (192.168.10.1) 56(84) bytes of data.
64 bytes from 192.168.10.1: icmp_seq=1 ttl=64 time=3.16 ms
64 bytes from 192.168.10.1: icmp_seq=2 ttl=64 time=2.54 ms
64 bytes from 192.168.10.1: icmp_seq=3 ttl=64 time=2.51 ms
^C
--- 192.168.10.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 2.514/2.740/3.163/0.299 ms

    Fazit

    Tunnel steht, Ping Test erfolgreich.

    Im Fediverse -> @FrankM@nrw.social

    1. NanoPi R5S
    2. Quartz64 Model B, 4GB RAM
    3. Quartz64 Model A, 4GB RAM
    4. RockPro64 v2.1
    0
  • FrankMF

    Was machen, damit Wireguard auch einen Neustart übersteht?

    Das Image von Kamil basiert auf einem Ubuntu Minimal und nutzt systemd.

    Wir brauchen zwei Dateien, das Beispiel bezieht sich auf den Rechner Nr.2

    /etc/systemd/network/wg0.network

    [Match]
Name=wg0

[Network]
Address=192.168.10.2
#Address=2001:db8:1234:5678::1

    /etc/systemd/network/wg0.netdev

    [NetDev]
Name=wg0
Kind=wireguard
Description=Wireguard tunnel

[WireGuard]
PrivateKey=<PrivateKey Rechner Nr.2>
ListenPort=34774

[WireGuardPeer]
PublicKey=<PublicKey Rechner Nr.1>
AllowedIPs=192.168.10.1/32
#AllowedIPs=
Endpoint=192.168.3.208:53984

    Danach

    systemctl daemon-reload
systemctl start systemd-networkd

    Einmal durchstarten

    reboot

    Danach müßte der Tunnel wg0 automatisch gestartet sein. Kontrollieren mit

    sudo wg

    Ausgabe:

    root@rockpro64:~# wg
interface: wg0
  public key: WU2zYy8EcQvGT2SlqcbY8O8DN1o28TlOT/9yS1+tcAk=
  private key: (hidden)
  listening port: 34774

peer: gqiCgt5+X3na+wZ1e9gnR1pTujFO3jIudnwDIttDPEo=
  endpoint: 192.168.3.208:53984
  allowed ips: 192.168.10.1/32
  latest handshake: 9 minutes, 49 seconds ago
  transfer: 1.28 KiB received, 1.30 KiB sent

    Tunnel testen mit

    root@rockpro64:~# ping 192.168.10.1
PING 192.168.10.1 (192.168.10.1) 56(84) bytes of data.
64 bytes from 192.168.10.1: icmp_seq=1 ttl=64 time=14.4 ms
64 bytes from 192.168.10.1: icmp_seq=2 ttl=64 time=2.82 ms

--- 192.168.10.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1002ms
rtt min/avg/max/mdev = 2.828/8.662/14.497/5.835 ms

    Den Daemon von systemd kontrollieren

    root@rockpro64:~# networkctl status wg0
● 4: wg0
       Link File: /lib/systemd/network/99-default.link
    Network File: /etc/systemd/network/wg0.network
            Type: none
           State: routable (configured)
         Address: 192.168.10.2

    Im Fediverse -> @FrankM@nrw.social

    1. NanoPi R5S
    2. Quartz64 Model B, 4GB RAM
    3. Quartz64 Model A, 4GB RAM
    4. RockPro64 v2.1
    0
  • FrankMF

    Etwas schnellerer Weg den Tunnel aufzubauen, Voraussetzung

    • wireguard modul installiert
    • Keys erzeugt

    Danach dann einfach

    ip link add wg0 type wireguard
wg setconf wg0 /etc/wireguard/wg0.conf

    Datei /etc/wireguard/wg0.conf

    [Interface]
PrivateKey = <Private Key>
ListenPort = 60563

[Peer]
PublicKey = <Public Key Ziel>
Endpoint = <IPv4 Adresse Zielrechner>:58380
AllowedIPs = 10.10.0.1/32

    Die Rechte der Dateien von wireguard müssen eingeschränkt werden.

    sudo chmod 0600 /etc/wireguard/wg0.conf

    Das ganze per rc.local beim Booten laden. Datei /root/wireguard_start.sh

    ###############################################################################################
#       Autor: Frank Mankel
#       Startup-Script
#       Wireguard
#       Kontakt: frank.mankel@gmail.com
#
###############################################################################################

ip link add wg0 type wireguard
ip address add dev wg0 10.10.0.1/8
wg setconf wg0 /etc/wireguard/wg0.conf
ip link set up dev wg0

    Danach Datei ausführbar machen

    chmod +x /root/wireguard_start.sh

    In rc.local

    /root/wireguard_start.sh

    eintragen - Fertig!

    Im Fediverse -> @FrankM@nrw.social

    1. NanoPi R5S
    2. Quartz64 Model B, 4GB RAM
    3. Quartz64 Model A, 4GB RAM
    4. RockPro64 v2.1
    0

  • FrankMF

    Wireguard auf dem Smartphone

    Wireguard
    1
    0 Stimmen
    1 Beiträge
    194 Aufrufe
    Niemand hat geantwortet
  • FrankMF

    Ubiquiti ER-X - iperf

    Verschoben OpenWRT & Ubiquiti ER-X
    2
    0 Stimmen
    2 Beiträge
    252 Aufrufe
    FrankMF

    Hier noch ein Test von DMZ / LAN und andersrum.

    frank@frank-MS-7C37:~$ iperf3 -c 192.168.5.15 Connecting to host 192.168.5.15, port 5201 [ 5] local 192.168.3.213 port 44052 connected to 192.168.5.15 port 5201 [ ID] Interval Transfer Bitrate Retr Cwnd [ 5] 0.00-1.00 sec 114 MBytes 952 Mbits/sec 314 153 KBytes [ 5] 1.00-2.00 sec 112 MBytes 937 Mbits/sec 259 205 KBytes [ 5] 2.00-3.00 sec 111 MBytes 929 Mbits/sec 210 212 KBytes [ 5] 3.00-4.00 sec 111 MBytes 934 Mbits/sec 235 202 KBytes [ 5] 4.00-5.00 sec 112 MBytes 936 Mbits/sec 263 153 KBytes [ 5] 5.00-6.00 sec 111 MBytes 935 Mbits/sec 255 209 KBytes [ 5] 6.00-7.00 sec 112 MBytes 937 Mbits/sec 313 129 KBytes [ 5] 7.00-8.00 sec 111 MBytes 932 Mbits/sec 296 209 KBytes [ 5] 8.00-9.00 sec 111 MBytes 934 Mbits/sec 258 208 KBytes [ 5] 9.00-10.00 sec 111 MBytes 934 Mbits/sec 292 201 KBytes - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bitrate Retr [ 5] 0.00-10.00 sec 1.09 GBytes 936 Mbits/sec 2695 sender [ 5] 0.00-10.00 sec 1.09 GBytes 935 Mbits/sec receiver iperf Done. frank@frank-MS-7C37:~$ iperf3 -R -c 192.168.5.15 Connecting to host 192.168.5.15, port 5201 Reverse mode, remote host 192.168.5.15 is sending [ 5] local 192.168.3.213 port 44058 connected to 192.168.5.15 port 5201 [ ID] Interval Transfer Bitrate [ 5] 0.00-1.00 sec 109 MBytes 911 Mbits/sec [ 5] 1.00-2.00 sec 109 MBytes 912 Mbits/sec [ 5] 2.00-3.00 sec 109 MBytes 912 Mbits/sec [ 5] 3.00-4.00 sec 109 MBytes 912 Mbits/sec [ 5] 4.00-5.00 sec 109 MBytes 912 Mbits/sec [ 5] 5.00-6.00 sec 108 MBytes 903 Mbits/sec [ 5] 6.00-7.00 sec 109 MBytes 912 Mbits/sec [ 5] 7.00-8.00 sec 109 MBytes 912 Mbits/sec [ 5] 8.00-9.00 sec 109 MBytes 912 Mbits/sec [ 5] 9.00-10.00 sec 109 MBytes 912 Mbits/sec - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bitrate Retr [ 5] 0.00-10.00 sec 1.06 GBytes 913 Mbits/sec 114 sender [ 5] 0.00-10.00 sec 1.06 GBytes 911 Mbits/sec receiver iperf Done.
  • FrankMF

    Wireguard - Client installieren

    Wireguard
    3
    0 Stimmen
    3 Beiträge
    475 Aufrufe
    FrankMF

    Ich kann dir nicht ganz folgen. Mein Wireguard Server ist eine VM im Netz. Mein Smartphone baut zu diesem eine Verbindung auf und ich habe mal eben nachgeschaut, was da so geht. Mein Smartphone ist aktuell im meinem WLan angemeldet.

    6e0016dc-7e11-41e1-bba2-e52a3f1348df-image.png

    iperf3 -s -B 10.10.1.1 ----------------------------------------------------------- Server listening on 5201 ----------------------------------------------------------- Accepted connection from 10.10.1.10, port 44246 [ 5] local 10.10.1.1 port 5201 connected to 10.10.1.10 port 44248 [ ID] Interval Transfer Bitrate [ 5] 0.00-1.00 sec 4.98 MBytes 41.7 Mbits/sec [ 5] 1.00-2.00 sec 5.52 MBytes 46.3 Mbits/sec [ 5] 2.00-3.00 sec 4.80 MBytes 40.3 Mbits/sec [ 5] 3.00-4.00 sec 4.17 MBytes 35.0 Mbits/sec [ 5] 4.00-5.00 sec 5.04 MBytes 42.3 Mbits/sec [ 5] 5.00-6.00 sec 5.43 MBytes 45.6 Mbits/sec [ 5] 6.00-7.00 sec 5.75 MBytes 48.3 Mbits/sec [ 5] 7.00-8.00 sec 5.70 MBytes 47.8 Mbits/sec [ 5] 8.00-9.00 sec 5.73 MBytes 48.1 Mbits/sec [ 5] 9.00-10.00 sec 5.65 MBytes 47.4 Mbits/sec [ 5] 10.00-10.04 sec 206 KBytes 46.5 Mbits/sec - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bitrate [ 5] 0.00-10.04 sec 53.0 MBytes 44.3 Mbits/sec receiver ----------------------------------------------------------- Server listening on 5201 ----------------------------------------------------------- Accepted connection from 10.10.1.10, port 44250 [ 5] local 10.10.1.1 port 5201 connected to 10.10.1.10 port 44252 [ ID] Interval Transfer Bitrate Retr Cwnd [ 5] 0.00-1.00 sec 4.80 MBytes 40.2 Mbits/sec 0 253 KBytes [ 5] 1.00-2.00 sec 14.7 MBytes 123 Mbits/sec 181 379 KBytes [ 5] 2.00-3.00 sec 9.68 MBytes 81.2 Mbits/sec 58 294 KBytes [ 5] 3.00-4.00 sec 8.88 MBytes 74.5 Mbits/sec 1 227 KBytes [ 5] 4.00-5.00 sec 7.76 MBytes 65.1 Mbits/sec 0 245 KBytes [ 5] 5.00-6.00 sec 8.88 MBytes 74.5 Mbits/sec 0 266 KBytes [ 5] 6.00-7.00 sec 9.81 MBytes 82.3 Mbits/sec 0 289 KBytes [ 5] 7.00-8.00 sec 7.82 MBytes 65.6 Mbits/sec 35 235 KBytes [ 5] 8.00-9.00 sec 5.59 MBytes 46.9 Mbits/sec 4 186 KBytes [ 5] 9.00-10.00 sec 6.64 MBytes 55.7 Mbits/sec 0 207 KBytes - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bitrate Retr [ 5] 0.00-10.04 sec 84.6 MBytes 70.6 Mbits/sec 279 sender ----------------------------------------------------------- Server listening on 5201 ----------------------------------------------------------- ^Ciperf3: interrupt - the server has terminated

    Im zweiten Teil ist der Wireguard Server der Sender.

    Bis jetzt hatte ich eigentlich nie Probleme, auch nicht unterwegs. Aber, ich gehe davon aus, das ich dich nicht 100% verstanden habe 😉

  • FrankMF

    Wireguard - Nach Kernel-Update ohne Funktion

    Wireguard
    1
    0 Stimmen
    1 Beiträge
    299 Aufrufe
    Niemand hat geantwortet
  • FrankMF

    ROCKPro64 - Youtube 1080p & Netflix

    ROCKPro64
    1
    0 Stimmen
    1 Beiträge
    310 Aufrufe
    Niemand hat geantwortet
  • FrankMF

    Wireguard - Failed to parse netdev kind, ignoring: wireguard

    Wireguard
    1
    0 Stimmen
    1 Beiträge
    325 Aufrufe
    Niemand hat geantwortet
  • FrankMF

    ROCKPro64 - PCIe SATA-Karte macht immer mal Probleme

    ROCKPro64
    2
    0 Stimmen
    2 Beiträge
    485 Aufrufe
    FrankMF

    Das ist das Ergebnis des Stresstests 😞

    [ 2461.489468] ata2.00: exception Emask 0x10 SAct 0xffffffff SErr 0x400000 action 0x6 frozen [ 2461.490206] ata2.00: irq_stat 0x08000000, interface fatal error [ 2461.490732] ata2: SError: { Handshk } [ 2461.491062] ata2.00: failed command: WRITE FPDMA QUEUED [ 2461.491532] ata2.00: cmd 61/40:00:f8:a6:64/05:00:84:00:00/40 tag 0 ncq dma 688128 out res 40/00:50:00:28:66/00:00:84:00:00/40 Emask 0x10 (ATA bus error) [ 2461.492993] ata2.00: status: { DRDY } [ 2461.493327] ata2.00: failed command: WRITE FPDMA QUEUED [ 2461.493796] ata2.00: cmd 61/c0:08:38:ac:64/03:00:84:00:00/40 tag 1 ncq dma 491520 out res 40/00:50:00:28:66/00:00:84:00:00/40 Emask 0x10 (ATA bus error) [ 2461.495181] ata2.00: status: { DRDY } [ 2461.495507] ata2.00: failed command: WRITE FPDMA QUEUED [ 2461.496276] ata2.00: cmd 61/c0:10:a0:f5:64/02:00:84:00:00/40 tag 2 ncq dma 360448 out res 40/00:50:00:28:66/00:00:84:00:00/40 Emask 0x10 (ATA bus error) [ 2461.497697] ata2.00: status: { DRDY } [ 2461.498029] ata2.00: failed command: WRITE FPDMA QUEUED [ 2461.498497] ata2.00: cmd 61/40:18:60:f8:64/05:00:84:00:00/40 tag 3 ncq dma 688128 out res 40/00:50:00:28:66/00:00:84:00:00/40 Emask 0x10 (ATA bus error) [ 2461.499886] ata2.00: status: { DRDY } [ 2461.500213] ata2.00: failed command: WRITE FPDMA QUEUED [ 2461.500681] ata2.00: cmd 61/c0:20:a0:fd:64/02:00:84:00:00/40 tag 4 ncq dma 360448 out res 40/00:50:00:28:66/00:00:84:00:00/40 Emask 0x10 (ATA bus error) [ 2461.502087] ata2.00: status: { DRDY } [ 2461.502416] ata2.00: failed command: WRITE FPDMA QUEUED [ 2461.502884] ata2.00: cmd 61/40:28:60:00:65/05:00:84:00:00/40 tag 5 ncq dma 688128 out res 40/00:50:00:28:66/00:00:84:00:00/40 Emask 0x10 (ATA bus error) [ 2461.505026] ata2.00: status: { DRDY } [ 2461.505378] ata2.00: failed command: WRITE FPDMA QUEUED [ 2461.505852] ata2.00: cmd 61/c0:30:a0:05:65/02:00:84:00:00/40 tag 6 ncq dma 360448 out res 40/00:50:00:28:66/00:00:84:00:00/40 Emask 0x10 (ATA bus error) [ 2461.507244] ata2.00: status: { DRDY } [ 2461.507572] ata2.00: failed command: WRITE FPDMA QUEUED [ 2461.508040] ata2.00: cmd 61/40:38:60:08:65/05:00:84:00:00/40 tag 7 ncq dma 688128 out res 40/00:50:00:28:66/00:00:84:00:00/40 Emask 0x10 (ATA bus error) [ 2461.509472] ata2.00: status: { DRDY } [ 2461.509808] ata2.00: failed command: WRITE FPDMA QUEUED [ 2461.510277] ata2.00: cmd 61/a0:40:a0:0d:65/02:00:84:00:00/40 tag 8 ncq dma 344064 out res 40/00:50:00:28:66/00:00:84:00:00/40 Emask 0x10 (ATA bus error) [ 2461.511667] ata2.00: status: { DRDY } [ 2461.511994] ata2.00: failed command: WRITE FPDMA QUEUED [ 2461.512461] ata2.00: cmd 61/40:48:00:20:66/05:00:84:00:00/40 tag 9 ncq dma 688128 out res 40/00:50:00:28:66/00:00:84:00:00/40 Emask 0x10 (ATA bus error) [ 2461.514503] ata2.00: status: { DRDY } [ 2461.514850] ata2.00: failed command: WRITE FPDMA QUEUED [ 2461.515322] ata2.00: cmd 61/40:50:00:28:66/05:00:84:00:00/40 tag 10 ncq dma 688128 out res 40/00:50:00:28:66/00:00:84:00:00/40 Emask 0x10 (ATA bus error) [ 2461.516721] ata2.00: status: { DRDY } [ 2461.517084] ata2.00: failed command: WRITE FPDMA QUEUED [ 2461.517562] ata2.00: cmd 61/c0:58:40:2d:66/02:00:84:00:00/40 tag 11 ncq dma 360448 out res 40/00:50:00:28:66/00:00:84:00:00/40 Emask 0x10 (ATA bus error) [ 2461.519253] ata2.00: status: { DRDY } [ 2461.519595] ata2.00: failed command: WRITE FPDMA QUEUED [ 2461.520066] ata2.00: cmd 61/40:60:f8:9e:64/05:00:84:00:00/40 tag 12 ncq dma 688128 out res 40/00:50:00:28:66/00:00:84:00:00/40 Emask 0x10 (ATA bus error) [ 2461.521504] ata2.00: status: { DRDY } [ 2461.521840] ata2.00: failed command: WRITE FPDMA QUEUED [ 2461.522309] ata2.00: cmd 61/c0:68:38:a4:64/02:00:84:00:00/40 tag 13 ncq dma 360448 out res 40/00:50:00:28:66/00:00:84:00:00/40 Emask 0x10 (ATA bus error) [ 2461.523706] ata2.00: status: { DRDY } [ 2461.524033] ata2.00: failed command: WRITE FPDMA QUEUED [ 2461.524501] ata2.00: cmd 61/40:70:f8:af:64/05:00:84:00:00/40 tag 14 ncq dma 688128 out res 40/00:50:00:28:66/00:00:84:00:00/40 Emask 0x10 (ATA bus error) [ 2461.525925] ata2.00: status: { DRDY } [ 2461.526256] ata2.00: failed command: WRITE FPDMA QUEUED [ 2461.526725] ata2.00: cmd 61/c0:78:38:b5:64/02:00:84:00:00/40 tag 15 ncq dma 360448 out res 40/00:50:00:28:66/00:00:84:00:00/40 Emask 0x10 (ATA bus error) [ 2461.528122] ata2.00: status: { DRDY } [ 2461.528449] ata2.00: failed command: WRITE FPDMA QUEUED [ 2461.528939] ata2.00: cmd 61/40:80:f8:b7:64/05:00:84:00:00/40 tag 16 ncq dma 688128 out res 40/00:50:00:28:66/00:00:84:00:00/40 Emask 0x10 (ATA bus error) [ 2461.530339] ata2.00: status: { DRDY } [ 2461.530667] ata2.00: failed command: WRITE FPDMA QUEUED [ 2461.531136] ata2.00: cmd 61/c0:88:38:bd:64/02:00:84:00:00/40 tag 17 ncq dma 360448 out res 40/00:50:00:28:66/00:00:84:00:00/40 Emask 0x10 (ATA bus error) [ 2461.532532] ata2.00: status: { DRDY } [ 2461.532880] ata2.00: failed command: WRITE FPDMA QUEUED [ 2461.533357] ata2.00: cmd 61/40:90:f8:bf:64/05:00:84:00:00/40 tag 18 ncq dma 688128 out res 40/00:50:00:28:66/00:00:84:00:00/40 Emask 0x10 (ATA bus error) [ 2461.534754] ata2.00: status: { DRDY } [ 2461.535081] ata2.00: failed command: WRITE FPDMA QUEUED [ 2461.535549] ata2.00: cmd 61/c0:98:38:c5:64/02:00:84:00:00/40 tag 19 ncq dma 360448 out res 40/00:50:00:28:66/00:00:84:00:00/40 Emask 0x10 (ATA bus error) [ 2461.536970] ata2.00: status: { DRDY } [ 2461.537301] ata2.00: failed command: WRITE FPDMA QUEUED [ 2461.537769] ata2.00: cmd 61/40:a0:f8:c7:64/05:00:84:00:00/40 tag 20 ncq dma 688128 out res 40/00:50:00:28:66/00:00:84:00:00/40 Emask 0x10 (ATA bus error) [ 2461.539165] ata2.00: status: { DRDY } [ 2461.539491] ata2.00: failed command: WRITE FPDMA QUEUED [ 2461.539960] ata2.00: cmd 61/c0:a8:38:cd:64/02:00:84:00:00/40 tag 21 ncq dma 360448 out res 40/00:50:00:28:66/00:00:84:00:00/40 Emask 0x10 (ATA bus error) [ 2461.541381] ata2.00: status: { DRDY } [ 2461.541713] ata2.00: failed command: WRITE FPDMA QUEUED [ 2461.542182] ata2.00: cmd 61/40:b0:f8:cf:64/05:00:84:00:00/40 tag 22 ncq dma 688128 out res 40/00:50:00:28:66/00:00:84:00:00/40 Emask 0x10 (ATA bus error) [ 2461.543577] ata2.00: status: { DRDY } [ 2461.543905] ata2.00: failed command: WRITE FPDMA QUEUED [ 2461.544374] ata2.00: cmd 61/40:b8:f8:d7:64/05:00:84:00:00/40 tag 23 ncq dma 688128 out res 40/00:50:00:28:66/00:00:84:00:00/40 Emask 0x10 (ATA bus error) [ 2461.545790] ata2.00: status: { DRDY } [ 2461.546120] ata2.00: failed command: WRITE FPDMA QUEUED [ 2461.546589] ata2.00: cmd 61/c0:c0:38:dd:64/02:00:84:00:00/40 tag 24 ncq dma 360448 out res 40/00:50:00:28:66/00:00:84:00:00/40 Emask 0x10 (ATA bus error) [ 2461.547987] ata2.00: status: { DRDY } [ 2461.548314] ata2.00: failed command: WRITE FPDMA QUEUED [ 2461.548782] ata2.00: cmd 61/a8:c8:f8:df:64/05:00:84:00:00/40 tag 25 ncq dma 741376 out res 40/00:50:00:28:66/00:00:84:00:00/40 Emask 0x10 (ATA bus error) [ 2461.550198] ata2.00: status: { DRDY } [ 2461.550530] ata2.00: failed command: WRITE FPDMA QUEUED [ 2461.550999] ata2.00: cmd 61/c0:d0:a0:e5:64/02:00:84:00:00/40 tag 26 ncq dma 360448 out res 40/00:50:00:28:66/00:00:84:00:00/40 Emask 0x10 (ATA bus error) [ 2461.552396] ata2.00: status: { DRDY } [ 2461.552723] ata2.00: failed command: WRITE FPDMA QUEUED [ 2461.553208] ata2.00: cmd 61/40:d8:60:e8:64/05:00:84:00:00/40 tag 27 ncq dma 688128 out res 40/00:50:00:28:66/00:00:84:00:00/40 Emask 0x10 (ATA bus error) [ 2461.554607] ata2.00: status: { DRDY } [ 2461.554935] ata2.00: failed command: WRITE FPDMA QUEUED [ 2461.555404] ata2.00: cmd 61/c0:e0:a0:ed:64/02:00:84:00:00/40 tag 28 ncq dma 360448 out res 40/00:50:00:28:66/00:00:84:00:00/40 Emask 0x10 (ATA bus error) [ 2461.556800] ata2.00: status: { DRDY } [ 2461.557145] ata2.00: failed command: WRITE FPDMA QUEUED [ 2461.557617] ata2.00: cmd 61/40:e8:60:f0:64/05:00:84:00:00/40 tag 29 ncq dma 688128 out res 40/00:50:00:28:66/00:00:84:00:00/40 Emask 0x10 (ATA bus error) [ 2461.559012] ata2.00: status: { DRDY } [ 2461.559340] ata2.00: failed command: WRITE FPDMA QUEUED [ 2461.559807] ata2.00: cmd 61/c0:f0:38:d5:64/02:00:84:00:00/40 tag 30 ncq dma 360448 out res 40/00:50:00:28:66/00:00:84:00:00/40 Emask 0x10 (ATA bus error) [ 2461.561221] ata2.00: status: { DRDY } [ 2461.561552] ata2.00: failed command: WRITE FPDMA QUEUED [ 2461.562021] ata2.00: cmd 61/c0:f8:40:25:66/02:00:84:00:00/40 tag 31 ncq dma 360448 out res 40/00:50:00:28:66/00:00:84:00:00/40 Emask 0x10 (ATA bus error) [ 2461.563416] ata2.00: status: { DRDY } [ 2461.563752] ata2: hard resetting link [ 2471.561504] ata2: softreset failed (1st FIS failed) [ 2471.561959] ata2: hard resetting link [ 2481.560785] ata2: softreset failed (1st FIS failed) [ 2481.561238] ata2: hard resetting link [ 2516.561654] ata2: softreset failed (1st FIS failed) [ 2516.562109] ata2: limiting SATA link speed to 3.0 Gbps [ 2516.562113] ata2: hard resetting link [ 2521.561261] ata2: softreset failed (1st FIS failed) [ 2521.561715] ata2: reset failed, giving up [ 2521.562074] ata2.00: disabled [ 2521.562575] ata2: EH complete [ 2521.562677] sd 1:0:0:0: [sdb] tag#18 UNKNOWN(0x2003) Result: hostbyte=0x04 driverbyte=0x00 [ 2521.562686] sd 1:0:0:0: [sdb] tag#18 CDB: opcode=0x35 35 00 00 00 00 00 00 00 00 00 [ 2521.562701] print_req_error: I/O error, dev sdb, sector 0 [ 2521.562791] sd 1:0:0:0: [sdb] tag#20 UNKNOWN(0x2003) Result: hostbyte=0x04 driverbyte=0x00 [ 2521.562802] sd 1:0:0:0: [sdb] tag#19 UNKNOWN(0x2003) Result: hostbyte=0x04 driverbyte=0x00 [ 2521.562873] sd 1:0:0:0: [sdb] tag#19 CDB: opcode=0x2a 2a 00 84 66 25 40 00 02 c0 00 [ 2521.562888] print_req_error: I/O error, dev sdb, sector 2221286720 [ 2521.563107] sd 1:0:0:0: [sdb] tag#21 UNKNOWN(0x2003) Result: hostbyte=0x04 driverbyte=0x00 [ 2521.563126] sd 1:0:0:0: [sdb] tag#21 CDB: opcode=0x2a 2a 00 84 64 f0 60 00 05 40 00 [ 2521.563138] print_req_error: I/O error, dev sdb, sector 2221207648 [ 2521.563422] sd 1:0:0:0: [sdb] tag#22 UNKNOWN(0x2003) Result: hostbyte=0x04 driverbyte=0x00 [ 2521.563772] sd 1:0:0:0: [sdb] tag#20 CDB: opcode=0x2a 2a 00 84 64 d5 38 00 02 c0 00 [ 2521.564326] print_req_error: I/O error, dev sdb, sector 2221200696 [ 2521.564337] sd 1:0:0:0: [sdb] tag#22 CDB: opcode=0x2a 2a 00 84 64 ed a0 00 02 c0 00 [ 2521.564896] print_req_error: I/O error, dev sdb, sector 2221206944 [ 2521.565088] sd 1:0:0:0: [sdb] tag#26 UNKNOWN(0x2003) Result: hostbyte=0x04 driverbyte=0x00 [ 2521.565469] sd 1:0:0:0: [sdb] tag#26 CDB: opcode=0x2a 2a 00 84 64 dd 38 00 02 c0 00 [ 2521.565483] print_req_error: I/O error, dev sdb, sector 2221202744 [ 2521.565610] sd 1:0:0:0: [sdb] tag#23 UNKNOWN(0x2003) Result: hostbyte=0x04 driverbyte=0x00 [ 2521.566056] sd 1:0:0:0: [sdb] tag#23 CDB: opcode=0x2a 2a 00 84 64 e8 60 00 05 40 00 [ 2521.566069] print_req_error: I/O error, dev sdb, sector 2221205600 [ 2521.566183] sd 1:0:0:0: [sdb] tag#29 UNKNOWN(0x2003) Result: hostbyte=0x04 driverbyte=0x00 [ 2521.566641] sd 1:0:0:0: [sdb] tag#29 CDB: opcode=0x2a 2a 00 84 64 cd 38 00 02 c0 00 [ 2521.566654] print_req_error: I/O error, dev sdb, sector 2221198648 [ 2521.566954] sd 1:0:0:0: [sdb] tag#24 UNKNOWN(0x2003) Result: hostbyte=0x04 driverbyte=0x00 [ 2521.567224] sd 1:0:0:0: [sdb] tag#24 CDB: opcode=0x2a 2a 00 84 64 e5 a0 00 02 c0 00 [ 2521.567237] print_req_error: I/O error, dev sdb, sector 2221204896 [ 2521.567459] sd 1:0:0:0: [sdb] tag#30 UNKNOWN(0x2003) Result: hostbyte=0x04 driverbyte=0x00 [ 2521.567809] sd 1:0:0:0: [sdb] tag#30 CDB: opcode=0x2a 2a 00 84 64 c7 f8 00 05 40 00 [ 2521.567821] print_req_error: I/O error, dev sdb, sector 2221197304 [ 2521.584903] md: super_written gets error=10 [ 2521.585306] md/raid1:md0: Disk failure on dm-1, disabling device. md/raid1:md0: Operation continuing on 1 devices. [ 2526.581450] scsi_io_completion_action: 41779 callbacks suppressed [ 2526.581461] sd 1:0:0:0: [sdb] tag#27 UNKNOWN(0x2003) Result: hostbyte=0x04 driverbyte=0x00 [ 2526.581467] sd 1:0:0:0: [sdb] tag#27 CDB: opcode=0x2a 2a 00 84 66 7d 50 00 00 01 00 [ 2526.581469] print_req_error: 41780 callbacks suppressed [ 2526.581471] print_req_error: I/O error, dev sdb, sector 2221309264 [ 2526.582524] sd 1:0:0:0: [sdb] tag#28 UNKNOWN(0x2003) Result: hostbyte=0x04 driverbyte=0x00 [ 2526.582530] sd 1:0:0:0: [sdb] tag#28 CDB: opcode=0x2a 2a 00 84 66 7d 51 00 00 01 00 [ 2526.582534] print_req_error: I/O error, dev sdb, sector 2221309265 [ 2526.583366] sd 1:0:0:0: [sdb] tag#29 UNKNOWN(0x2003) Result: hostbyte=0x04 driverbyte=0x00 [ 2526.583370] sd 1:0:0:0: [sdb] tag#29 CDB: opcode=0x2a 2a 00 84 66 7d 52 00 00 01 00 [ 2526.583373] print_req_error: I/O error, dev sdb, sector 2221309266 [ 2526.584113] sd 1:0:0:0: [sdb] tag#30 UNKNOWN(0x2003) Result: hostbyte=0x04 driverbyte=0x00 [ 2526.584117] sd 1:0:0:0: [sdb] tag#30 CDB: opcode=0x2a 2a 00 84 66 7d 53 00 00 01 00 [ 2526.584119] print_req_error: I/O error, dev sdb, sector 2221309267 [ 2526.584960] sd 1:0:0:0: [sdb] tag#0 UNKNOWN(0x2003) Result: hostbyte=0x04 driverbyte=0x00 [ 2526.584968] sd 1:0:0:0: [sdb] tag#0 CDB: opcode=0x2a 2a 00 84 66 7d 54 00 00 01 00 [ 2526.584971] print_req_error: I/O error, dev sdb, sector 2221309268 [ 2526.585765] sd 1:0:0:0: [sdb] tag#1 UNKNOWN(0x2003) Result: hostbyte=0x04 driverbyte=0x00 [ 2526.585769] sd 1:0:0:0: [sdb] tag#1 CDB: opcode=0x2a 2a 00 84 66 7d 55 00 00 01 00 [ 2526.585772] print_req_error: I/O error, dev sdb, sector 2221309269 [ 2526.586461] sd 1:0:0:0: [sdb] tag#2 UNKNOWN(0x2003) Result: hostbyte=0x04 driverbyte=0x00 [ 2526.586465] sd 1:0:0:0: [sdb] tag#2 CDB: opcode=0x2a 2a 00 84 66 7d 56 00 00 01 00 [ 2526.586468] print_req_error: I/O error, dev sdb, sector 2221309270 [ 2526.587144] sd 1:0:0:0: [sdb] tag#3 UNKNOWN(0x2003) Result: hostbyte=0x04 driverbyte=0x00 [ 2526.587148] sd 1:0:0:0: [sdb] tag#3 CDB: opcode=0x2a 2a 00 84 66 7d 57 00 00 01 00 [ 2526.587150] print_req_error: I/O error, dev sdb, sector 2221309271 [ 2526.587734] sd 1:0:0:0: [sdb] tag#4 UNKNOWN(0x2003) Result: hostbyte=0x04 driverbyte=0x00 [ 2526.587737] sd 1:0:0:0: [sdb] tag#4 CDB: opcode=0x2a 2a 00 84 66 7d 58 00 00 01 00 [ 2526.587739] print_req_error: I/O error, dev sdb, sector 2221309272 [ 2526.588320] sd 1:0:0:0: [sdb] tag#5 UNKNOWN(0x2003) Result: hostbyte=0x04 driverbyte=0x00 [ 2526.588323] sd 1:0:0:0: [sdb] tag#5 CDB: opcode=0x2a 2a 00 84 66 7d 59 00 00 01 00 [ 2526.588325] print_req_error: I/O error, dev sdb, sector 2221309273

    Und, wieder eine Platte im Raid1 verloren

    rock64@rockpro64v_2_1:~$ cat /proc/mdstat Personalities : [linear] [multipath] [raid0] [raid1] [raid6] [raid5] [raid4] [raid10] md0 : active raid1 dm-1[2](F) dm-0[1] 1953379392 blocks super 1.2 [2/1] [_U] bitmap: 5/15 pages [20KB], 65536KB chunk unused devices: <none>

    Leider habe ich nicht die Kenntnisse um zu erkennen, woran das liegt.

  • FrankMF

    ROCKPro64 - RP64.GPIO

    Angeheftet Verschoben Hardware
    6
    0 Stimmen
    6 Beiträge
    6k Aufrufe
    FrankMF

    Hallo zusammen,

    da ich weiß das dieser Artikel recht beliebt ist, wollen wir den heute mal aktualisieren. Vieles aus den vorherigen Beiträgen passt noch. Es gibt aber kleine Anpassungen.

    Hardware ROCKPro64v21. 2GB RAM Software Kamils Release 0.10.9 Linux rockpro64 5.6.0-1132-ayufan-g81043e6e109a #ayufan SMP Tue Apr 7 10:07:35 UTC 2020 aarch64 GNU/Linux Installation apt install python

    Danach laden wir das Projekt

    git clone https://github.com/Leapo/Rock64-R64.GPIO

    PIN Nummern anpassen

    cd Rock64-R64.GPIO/R64 nano _GPIO.py

    Datei ergänzen

    # Define GPIO arrays #ROCK_valid_channels = [27, 32, 33, 34, 35, 36, 37, 38, 64, 65, 67, 68, 69, 76, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 96, 97, 98, 100, 101, 102, 103, 104] #BOARD_to_ROCK = [0, 0, 0, 89, 0, 88, 0, 0, 64, 0, 65, 0, 67, 0, 0, 100, 101, 0, 102, 97, 0, 98, 103, 96, 104, 0, 76, 68, 69, 0, 0, 0, 38, 32, 0, 33, 37, 34, 36, 0, 35, 0, 0, 81, 82, 87, 83, 0, 0, 80, 79, 85, 84, 27, 86, 0, 0, 0, 0, 0, 0, 89, 88] #BCM_to_ROCK = [68, 69, 89, 88, 81, 87, 83, 76, 104, 98, 97, 96, 38, 32, 64, 65, 37, 80, 67, 33, 36, 35, 100, 101, 102, 103, 34, 82] ROCK_valid_channels = [52,53,152,54,50,33,48,39,41,43,155,156,125,122,121,148,147,120,36,149,153,42,45,44,124,126,123,127] BOARD_to_ROCK = [0,0,0,52,0,53,0,152,148,0,147,54,120,50,0,33,36,0,149,48,0,39,153,41,42,0,45,43,44,155,0,156,124,125,0,122,126,121,123,0,127] BCM_to_ROCK = [43,44,52,53,152,155,156,45,42,39,48,41,124,125,148,147,124,54,120,122,123,127,33,36,149,153,121,50]

    Abspeichern.

    Datei test.py anlegen

    nano test.py

    Inhalt

    #!/usr/bin/env python # Frank Mankel, 2018, LGPLv3 License # Rock 64 GPIO Library for Python # Thanks Allison! Thanks smartdave! import R64.GPIO as GPIO from time import sleep print("Output Test R64.GPIO Module...") # Set Variables var_gpio_out = 156 var_gpio_in = 155 # GPIO Setup GPIO.setwarnings(True) GPIO.setmode(GPIO.ROCK) GPIO.setup(var_gpio_out, GPIO.OUT, initial=GPIO.HIGH) # Set up GPIO as an output, with an initial state of HIGH GPIO.setup(var_gpio_in, GPIO.IN, pull_up_down=GPIO.PUD_UP) # Set up GPIO as an input, pullup enabled # Test Output print("") print("Testing GPIO Input/Output:") while True: var_gpio_state_in = GPIO.input(var_gpio_in) var_gpio_state = GPIO.input(var_gpio_out) # Return State of GPIO if var_gpio_state == 0 and var_gpio_state_in == 1: GPIO.output(var_gpio_out,GPIO.HIGH) # Set GPIO to HIGH print("Input State: " + str(var_gpio_state_in)) # Print results print("Output State IF : " + str(var_gpio_state)) # Print results else: GPIO.output(var_gpio_out,GPIO.LOW) # Set GPIO to LOW print("Input State: " + str(var_gpio_state_in)) # Print results print("Output State ELSE: " + str(var_gpio_state)) # Print results sleep(0.5) exit() Beispiel

    Bild Text

    Wenn der Taster im Bild betätigt wird, soll die LED blinken.

    Wir benutzen folgende Ein- Augänge des ROCKPro64.

    # Set Variables var_gpio_out = 156 var_gpio_in = 155

    Das heißt:

    an Pin 1 (3,3V) kommt eine Strippe des Tasters an Pin 29 (Input) kommt eine Strippe des Tasters an Pin 31 (Output) kommt der Plus-Pol der LED an Pin 39 (GND) kommt der Minus-Pol der LED

    Somit wird auf den Eingang (Pin 29) bei Betätigung des Tasters 3,3 Volt angelegt. Damit wird dann der Eingang als High (1) erkannt. Die LED wird über den Ausgang (Pin 31) gesteuert.

    Starten kann man das Script mit

    python test.py