This is my first post to the Pi Forums. Comments on how to improve this or where to post this is very welcomed! Below are details on how I setup a Pi4 w/ 2GB as a Dual Band WiFi router with OpenMediaVault 5 server. Follow this guide at your own risk.
Features:
- WAN Access (Internal Ethernet Port / DHCP)
LAN Access (Bridged: USB Gigabit / 2.4Ghz / 5.0Ghz) Seamless network between wired and wireless networks.
Network Traffic Control with Cake
Guest Access (Internal 5.0Ghz)
Dual RAID 1 (mirrored) drives
Open Media Vault 5.x (At this time OVM does not run on Ubuntu Focal)
Ubuntu Server 19.10 (Eoan)
Apple TimeMachine Support
- Pi4 w/ 2GB
Vantec NexStar GX USB3.0 Dual 2.5" SATA RAID HD Enclosure
2 Seagate 2.5" 2TB Firecuda Hard Drives
2 TP-Link Archer T2U Plus USB WiFi Adapters
1 Anker USB Gigabit Ethernet adapter
SanDisk Extreme 32GB MicroSD card
2 USB power supplies (3+ amps each)
USB cables. Note: the power line on the USB cable to the HD needs to be cut; otherwise the Pi4 won't startup/reboot. Or you can use a powered hub that doesn't back-power the pi.
- PORTS:
USB 3.0 - 1 ---> Vantec Case
USB 3.0 - 2 ---> Anker USB Ethernet
USB 2.0 -1 ---> TP-Link T2U Plus
USB 2.0 -2 ---> TP-Link T2U Plus
- Download: http://cdimage.ubuntu.com/releases/eoan ... pi3.img.xz
Connect the Pi4 to a DHCP network via ethernet. Upon first boot after installing Ubuntu Server 19.10 for Raspberry pi it will self update (~30 minutes). Then login:Code: Select all
sudo apt update && sudo apt upgrade -y sudo dpkg-reconfigure locales sudo dpkg-reconfigure tzdata sudo apt install iw dkms bmon nload iptraf iotop hostapd sudo reboot now
- Install TP-Link T2U Plus Driver (rtl8812au)
Code: Select all
sudo apt-get install rtl8812au-dkms or sudo apt-get update sudo apt-get install build-essential bc libelf-dev linux-headers-`uname -r` git clone https://github.com/aircrack-ng/rtl8812au.git cd rtl8812au/ sudo ./dkms-install.sh
- Disable cloud-init & netplan:
Code: Select all
sudo touch /etc/cloud/cloud-init.disabled sudo nano /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg network: {config: disabled} sudo rm -rf /etc/netplan/*
- Set Network Interface Identities:
The problem with network interfaces is that upon reboots, their names may be switched. The following uses their MAC addresses to identify them. For each of the network interfaces (eth0, eth1, wlan0, wlan1, wlan2) rename them to something that the system does NOT use.
You may need to disable some rules:
For each interface create a file in /etc/systemd/network as exampled below:Code: Select all
cd /lib/systemd/network sudo mv 99-default.link 99-default.link.old sudo mv 73-usb-net-by-mac.link 73-usb-net-by-mac.link.old
eth0 ---> inteth0
eth1 ---> usbeth1
wlan0 ---> intwlan0
wlan1 ---> usbwlan1
wlan2 ---> usbwlan2
Code: Select all
sudo nano /etc/systemd/network/10-inteth0.link [Match] MACAddress=xx:xx:xx:xx:xx:xx [Link] Description=Internal Ethernet Name=inteth0
- Configure Network Interfaces:
WAN:Guest Network:Code: Select all
sudo nano /etc/systemd/network/50-inteth0.network [Match] Name=inteth0 [Link] RequiredForOnline=no [Network] DHCP=ipv4 IPForward=yes LinkLocalAddressing=ipv6Create Virtual Bridge:Code: Select all
sudo nano /etc/systemd/network/50-intwlan0.network [Match] Name=intwlan0 [Network] Address=192.168.50.1/24 DHCPServer=true IPMasquerade=true IPForward=true [DHCPServer] PoolOffset=100 PoolSize=100 EmitDNS=yes #DNS=8.8.8.8Bind LANs to Bridge:Code: Select all
sudo nano /etc/systemd/network/49-br0.netdev [NetDev] Name=br0 Kind=bridgeConfigure Bridge Network:Code: Select all
sudo nano /etc/systemd/network/50-usbeth1.network [Match] Name=usbeth1 [Network] Bridge=br0 sudo nano /etc/systemd/network/50-usbwlan1.network [Match] Name=usbwlan1 [Network] Bridge=br0 sudo nano /etc/systemd/network/50-usbwlan2.network [Match] Name=usbwlan2 [Network] Bridge=br0Code: Select all
sudo nano /etc/systemd/network/60-br0.network [Match] Name=br0 [Network] Address=192.168.5.1/24 DHCPServer=true IPMasquerade=true IPForward=true [DHCPServer] PoolOffset=100 PoolSize=100 EmitDNS=yes #DNS=8.8.8.8
- Configure hostapd:
ht_capab & vht_capab are essential if you want to enable fast WiFi connections. The 2.4 & 5Ghz are only the carrier bands. They do not determine connection speeds. However, different adapters have different capabilities.
To determine your WiFi Adapter's Capabilities and use the following link to help set them in your hostapd.conf file: https://w1.fi/cgit/hostap/plain/hostapd/hostapd.confGuest Network 5Ghz: (Remember to change the SSID and wpa_passphrase)Code: Select all
iw list5Ghz LAN: (Remember to change the SSID and wpa_passphrase)Code: Select all
sudo nano /etc/hostapd/hostapd-intwlan0.conf #(Raspberry PI4 Internal WiFi) #Interface interface=intwlan0 driver=nl80211 country_code=US # SSID ssid=Your SSID # Bit field: bit0 = WPA, bit1 = WPA2 wpa=2 # Set of accepted key managment algorithms wpa_key_mgmt=WPA-PSK wpa_passphrase=somethingstrong # Set of accepted cipher suites; disabling insecure TKIP rsn_pairwise=CCMP # mac address access control list macaddr_acl=0 # hostapd event logger configuration #logger_syslog=0 #logger_syslog_level=4 #logger_stdout=-1 #logger_stdout_level=0 # Operation mode (a = IEEE 802.11a (5 GHz), b = IEEE 802.11b (2.4 GHz) hw_mode=a ## QoS support wmm_enabled=1 # N ieee80211n=1 require_ht=0 ht_capab=[MAX-AMSDU-3839][HT40+][SHORT-GI-20][SHORT-GI-40][DSSS_CCK-40] # AC ieee80211ac=0 require_vht=0 ieee80211d=0 ieee80211h=0 vht_capab=[MAX-MPDU-3895][SHORT-GI-80][SU-BEAMFORMEE] vht_oper_chwidth=1 channel=36 vht_oper_centr_freq_seg0_idx=42Code: Select all
sudo nano /etc/hostapd/hostapd-usbwlan1.conf #(TP-Link T2U-Plus rtl8812au WiFi) #Interface interface=usbwlan1 bridge=br0 driver=nl80211 country_code=US # SSID ssid=UniqueSSID_5GHz # Bit field: bit0 = WPA, bit1 = WPA2 wpa=2 # Set of accepted key management algorithms wpa_key_mgmt=WPA-PSK wpa_passphrase=SomethingStronger # Set of accepted cipher suites; disabling insecure TKIP rsn_pairwise=CCMP # mac address access contorl list macaddr_acl=0 # hostapd event logger configuration #logger_syslog=0 #logger_syslog_level=4 #logger_stdout=-1 #logger_stdout_level=0 # Operation mode (a = IEEE 802.11a (5 GHz), b = IEEE 802.11b (2.4 GHz) hw_mode=a ## QoS support wmm_enabled=1 # N ieee80211n=1 require_ht=0 ht_capab=[GF][RX-STBC1][MAX-AMSDU-7935][HT40+][SHORT-GI-20][SHORT-GI-40][DSSS_CCK-40] # AC ieee80211ac=1 require_vht=0 ieee80211d=0 ieee80211h=0 vht_capab=[MAX-MPDU-11454][SHORT-GI-80][SU-BEAMFORMEE][HTC-VHT] vht_oper_chwidth=1 channel=157 vht_oper_centr_freq_seg0_idx=163
2.4Ghz LAN: (Remember to change the SSID and wpa_passphrase)Configure hostapd.service. Due to a bug in hostapd for calling multiple hostapd.conf files, we are going to edit the .service file directly. Please NOTE that software updates could easily delete your configuration. I chmod 444 the service file in hopes of preventing a write over of the file, I don't know if it will work. There's probably a better way.Code: Select all
sudo nano /etc/hostapd/hostapd-usbwlan2.conf #(TP-Link T2U-Plus rtl8812au WiFi) #Interface interface=usbwlan2 bridge=br0 driver=nl80211 country_code=US # SSID ssid=UniqueSSID # Bit field: bit0 = WPA, bit1 = WPA2 wpa=2 # Set of accepted key management algorithms wpa_key_mgmt=WPA-PSK wpa_passphrase=SomethingStonger # Set of accepted cipher suites; disabling insecure TKIP rsn_pairwise=CCMP # mac address access contorl list macaddr_acl=0 # hostapd event logger configuration #logger_syslog=0 #logger_syslog_level=4 #logger_stdout=-1 #logger_stdout_level=0 # Operation mode (a = IEEE 802.11a (5 GHz), b = IEEE 802.11b (2.4 GHz) hw_mode=g ## QoS support wmm_enabled=1 # N ieee80211n=1 require_ht=0 ht_capab=[GF][RX-STBC1][MAX-AMSDU-7935][HT40+][SHORT-GI-20][SHORT-GI-40][DSSS_CCK-40] # AC #ieee80211ac=1 #require_vht=0 ieee80211d=0 ieee80211h=0 #vht_capab=[MAX-MPDU-11454][SHORT-GI-80][SU-BEAMFORMEE][HTC-VHT] #vht_oper_chwidth=1 channel=7 #vht_oper_centr_freq_seg0_idx=163Code: Select all
sudo nano /lib/systemd/system/hostapd.service [Unit] Description=Advanced IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator After=network.target [Service] Type=forking PIDFile=/run/hostapd.pid Restart=on-failure RestartSec=2 #Environment=DAEMON_CONF=/etc/hostapd/hostapd.conf EnvironmentFile=-/etc/default/hostapd #ExecStart=/usr/sbin/hostapd -B -P /run/hostapd.pid -B $DAEMON_OPTS $DAEMON_CONF ExecStart=/usr/sbin/hostapd -B -P /run/hostapd.pid -B /etc/hostapd/hostapd-intwlan0.conf /etc/hostapd/hostapd-usbwlan1.conf /etc/hostapd/hostapd-usbwlan2.conf [Install] WantedBy=multi-user.target sudo mv /lib/systemd/system/hostapd@.service /lib/systemd/system/hostapd@.bak sudo systemctl daemon-reload sudo systemctl unmask hostapd sudo systemctl enable hostapd
- Network Traffic Shaping with Cake:
This is experimental!!! (Not required).
Adjust TrafficControl.sh to your internet upload speeds. In my case I have a 2Mbit upload.Code: Select all
sudo nano /etc/systemd/system/TrafficShaper.service [Unit] Description=Traffic Control Cake After=network.target After=systemd-user-sessions.service After=network-online.target After=hostapd.service [Service] ExecStart=/opt/TrafficControl/TrafficControl.sh [Install] WantedBy=multi-user.target sudo mkdir /opt/TrafficControl sudo nano /opt/TrafficControl/TrafficControl.sh #!/bin/bash sudo tc qdisc add root dev inteth0 cake bandwidth 2Mbit ethernet lan diffserv4 sudo iw usbwlan1 set txpower fixed 3000 #increase the 5Ghz WiFi to 30mW (Follow local laws) sudo iw usbwlan2 set txpower fixed 3000 #increase the 2.4Ghz WiFi to 30mW (Follow local laws) sudo chmod +x /opt/TrafficControl/TrafficControl.sh sudo systemctl enable TrafficShaper.service
- Reboot and verify that the the router is working as expected. At this point you should have a full functioning WiFi Router / Access Point.
Code: Select all
sudo reboot now ip a iw dev tc -s qdisc show dev inteth0
- Install OMV5:
Download the OMV install script. The script needs to be updated to work with this setup:Edit 1: change pi -> ubuntuCode: Select all
cd wget -O OMV5-Install.sh https://github.com/OpenMediaVault-Plugin-Developers/installScript/raw/master/install nano OMV5-Install.shEdit 2: Delete the following code (at the bottom of the install script):Code: Select all
if getent passwd ubuntu > /dev/null; then echo "Adding ubuntu user to ssh group ..." usermod -a -G ssh ubuntu fiCode: Select all
# remove networkmanager and dhcpcd5 then configure networkd if [ ${version} -gt 4 ]; then defLink="/etc/systemd/network/99-default.link" if [ -e "${defLink}" ]; then rm -f "${defLink}" fi nic="eth0" if grep -qw "${nic}" /proc/net/dev; then echo "Removing network-manager and dhcpcd5 ..." apt-get -y --autoremove purge network-manager dhcpcd5 echo "Disable predictive network adapter name ..." rule="/etc/udev/rules.d/80-net-setup-link.rules" if [ -e "${rule}" ]; then rm -f ${rule} fi ln -s /dev/null /etc/udev/rules.d/80-net-setup-link.rules echo "Enable and start systemd-resolved ..." systemctl enable systemd-resolved systemctl start systemd-resolved rm /etc/resolv.conf ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf echo "Configure ${nic} to use networkd ..." mkdir -p /etc/netplan cat <<EOF > "/etc/netplan/10-openmediavault-default.yaml" network: version: 2 renderer: networkd EOF cat <<EOF > "/etc/netplan/20-openmediavault-${nic,,}.yaml" network: ethernets: ${nic,,}: accept-ra: true dhcp4: true dhcp6: true EOF echo "Applying netplan ..." netplan apply echo "It is recommended to reboot and then setup the network adapter in the openmediavault web interface." fi fi
Install OMV5 (takes about 25 minutes):Finally, using the web interface log into OMV and configure the drives, drive file system, users, shares, etc... (Just remember to NOT configure the network through OMV!!!).Code: Select all
chmod +x OMV5-Install.sh sudo ./OMV5-Install.sh
https://openmediavault.readthedocs.io/en/5.x/
My personal setup. Created 2 SMB shares:
-TimeCapsule (non-browsable, Time Machine support). This creates a hidden share that Time Machine can see and backup to.
-Data (browsable). Normal shared volume.
Hints on configuring SMB Extra Options:
Binding SMB so that only LAN can see it. Guest and WAN can't access it.Code: Select all
bind interfaces only = yes interfaces = lo br0 socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=65535 SO_RCVBUF=65535 read raw = yes write raw = yes min receivefile size = 16384 write cache size = 524288 getwd cache = yes