Monday, 12 December 2022

Connecting my friend back home with Quadra

The unfortunate prolonged shortage of Raspberry Pi devices made me propose my friend to build Quadra from inovato on T95 mini available on amazon. It uses Network Manager so the policy routing configuration to connect back home is slightly different:

quadra@inovato:~$ nmcli connection show
NAME               UUID          TYPE     DEVICE
Wired connection 1 02e96ab3-xxxx ethernet eth0
quadra@inovato:~$ nmcli connection modify 02e96ab3-xxxx +ipv4.addresses 192.168.2.1/24
quadra@inovato:~$ nmcli connection modify 02e96ab3-xxx ipv4.routing-rules "priority 1 from 192.168.2.0/24 table 1"
quadra@inovato:~$ nmcli connection modify 02e96ab3-xxx ipv4.routes "192.168.2.0/24 192.168.2.1 table=1"
quadra@inovato:~$ nmcli connection modify 02e96ab3-xxx connection.autoconnect yes
quadra@inovato:~$ nmcli connection up 02e96ab3-xxx
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/6)
quadra@inovato:~$ sudo nmcli connection reload

I have struggled to configure static policy route with nmcli on zerotier interface because uuid of zerotier interface kept changing at every reboot. I ended up configuring NetworkManager dispatcher.d script as follows:

quadra@inovato:~$ sudo nano /etc/NetworkManager/dispatcher.d/10-ztrfyktzr7-up
#!/bin/bash
if [ "$1" = "ztrfyktzr7" ] && [ "$2" = "up" ]; then
  sudo /sbin/ip route add default via 192.168.191.3 table 1
fi
quadra@inovato:~$ sudo chmod 755 /etc/NetworkManager/dispatcher.d/10-ztrfyktzr7-up

To distribute destination route 192.168.2.0/24 via 192.168.191.2 I used zerotier web console manage route capability.

On both ends I enabled ipv4 routing:

quadra@inovato:~$ sudo nano /etc/sysctl.conf
net.ipv4.ip_forward=1

Finally, I configured masquerade on quadra back home. Please note the first rule is to ensure zerotier-cli can access zerotier service locally.

quadra@inovato:~$ sudo iptables -t nat -I POSTROUTING -o lo -j ACCEPT
quadra@inovato:~$ sudo iptables -t nat -I POSTROUTING -j MASQUERADE
quadra@inovato:~$ sudo iptables-save -f /etc/iptables.rules
quadra@inovato:~$ sudo nano /etc/rc.local
iptables-restore /etc/iptables.rules

UPDATE: I used some inspiration from forum.inovato.com to enable wifi access point.

https://forum.inovato.com/post/setting-up-wifi-access-point-on-t95-max-box-12520455?pid=1334656619


Posted by at No comments:
Subscribe to: Comments (Atom)