dolphs

@Werner splendid! cheers for that

Hmmm why moving to 11 already, better wait till bullseye hit the streets imho... Perhaps you ae better off with backports? I do similar for unbound ( wireguard-tools )? eg: Last, but not least, dont know if you have emmc installed but you might test bullseye from sdcard? Compiling with EXPERT=yes, eg for rockpi-4a ( my scenario ):

looks like this helped in the end: " rockpi-4a:~:# vnstat -i wg0 --update "

Just flashed rockpi-4a current buster image and it looks like I hit " Error: Unable to read database "/var/lib/vnstat/wg0": No such file or directory Merge "eth0+wg0" failed. ", which can be shown here Also have been checking vnstat to merge wg0 but did not succeed, perhaps one can give me a hand please? TiA! These are the adapters present:

.

bumped my OpiOnePlus H6 boards to kernel 5.12 and surprise surprise , BBR is working as it should again ... I really wonder what was causing this as in kernel 5.10 and 11 I had to use westwood ( with cake )... net.core.default_qdisc = fq net.ipv4.tcp_congestion_control = bbr shows 250Mbit ( meanwhile line upgraded which is max upload speed ) root@vpn01:~# iperf3 -4 -c 192.168.10.2 -t 300 -b0 -P1 Connecting to host 192.168.10.2, port 5201 [ 5] local 192.168.20.2 port 47462 connected to 192.168.10.2 port 5201 [ ID] Interval Transfer Bitrate Retr Cwnd [ 5] 0.00-1.00 sec 28.4 MBytes 238 Mbits/sec 0 7.71 MBytes [ 5] 1.00-2.00 sec 35.0 MBytes 294 Mbits/sec 1789 1.81 MBytes [ 5] 2.00-3.00 sec 26.2 MBytes 220 Mbits/sec 3780 1.96 MBytes [ 5] 3.00-4.00 sec 30.0 MBytes 252 Mbits/sec 3389 1.66 MBytes [ 5] 4.00-5.00 sec 27.5 MBytes 231 Mbits/sec 4158 2.27 MBytes [ 5] 5.00-6.00 sec 28.8 MBytes 241 Mbits/sec 2252 5.84 MBytes [ 5] 6.00-7.00 sec 30.0 MBytes 252 Mbits/sec 2507 5.85 MBytes [ 5] 7.00-8.00 sec 26.2 MBytes 220 Mbits/sec 3921 2.12 MBytes [ 5] 8.00-9.00 sec 30.0 MBytes 252 Mbits/sec 2773 5.94 MBytes [ 5] 9.00-10.00 sec 27.4 MBytes 230 Mbits/sec 3675 2.02 MBytes [ 5] 10.00-11.00 sec 28.8 MBytes 241 Mbits/sec 3512 1.88 MBytes ^C[ 5] 11.00-11.22 sec 7.50 MBytes 289 Mbits/sec 319 2.68 MBytes - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bitrate Retr [ 5] 0.00-11.22 sec 326 MBytes 244 Mbits/sec 32075 sender

5.11 to be buried, is EOL ( already ). imho the non LTS kernels could be buried once mainline kernel hits .1 release. Thus eg. when 5.13.1 will be released bump edge kernel asap so 5.12 can be buried ( and forgotten ) ( needless to say , but "currents" should stay on LTS )

Hello to you all, Haven't read 2825 yet, will do after this but did a quick checkout and built both for H6 (opioneplus) and H616( zero2 ), : git pull sed -i 's/orange-pi-5.11/orange-pi-5.12/g' config/sources/families/include/sunxi64_common.inc ./compile.sh EXPERT=yes EXTRAWIFI=no USEALLCORES=yes compilation.log shows --- grep error output/debug/*.log output/debug/compilation.log:drivers/clk/sunxi-ng/ccu-sun50i-h6-r.c:152:27: error: redefinition of ‘sun50i_h616_r_ccu_clks’ output/debug/compilation.log:drivers/clk/sunxi-ng/ccu-sun50i-h6-r.c:178:9: error: ‘CLK_NUMBER_H616’ undeclared here (not in a function); did you mean ‘CLK_NUMBER’? output/debug/compilation.log:drivers/clk/sunxi-ng/ccu-sun50i-h6-r.c:194:35: error: redefinition of ‘sun50i_h616_r_hw_clks’ output/debug/compilation.log:drivers/clk/sunxi-ng/ccu-sun50i-h6-r.c:226:29: error: redefinition of ‘sun50i_h616_r_ccu_resets’ output/debug/compilation.log:drivers/clk/sunxi-ng/ccu-sun50i-h6-r.c:252:36: error: redefinition of ‘sun50i_h616_r_ccu_desc’ Suppose once that packaging issue is solved edge will be bumped , so sed no longer needed. cheers chaps! compilation.log

cheers for your response. eth0, eth1 solved by " extraargs=net.ifnames=0 " as @Igor pointed out in this topic I cut down iptables script to the basics as shown below , allowing SSH on eth1 only and outbound traffic goes over eth0. #!/bin/sh # Delete all existing iptables rules iptables -F # Set default chain policies to DROP all iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT DROP # Allow SSH on eth1 iptables -A INPUT -i eth1 -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -o eth1 -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT iptables -A OUTPUT -o eth1 -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -i eth1 -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT # Allow all outbound traffic eth0 iptables -I OUTPUT -o eth0 -d 0.0.0.0/0 -j ACCEPT iptables -I INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT Next part would be to update routing accordingly so outbound won't check for eth1 and go straight to eth0, etc etc

Hi, Idea is to run a wireguard server having two ethernet devices, therefore added an USB3 adapter "ASIX AX88179" to my rockpi4a. I like to allow incoming traffic, incl SSH, on "eth1". Instead, outgoing, on eth0 ( RTL8211E ) I wrote following ( preps, nmcli, iptables ) up - but perhaps there is an easier approach and I am sure I am missing other (routing) stuff, for sure the forwarding part. Anyway perhaps there is one to guide me a bit, TiA! 1/ preparations apt update && apt -y upgrade && apt -y install firmware-realtek nano /boot/armbianEnv.txt # add extraargs=net.ifnames=0 reboot 2/ nmcli stuff nmcli c mod "Wired connection 2" connection.id realtek nmcli c mod "Wired connection 1" connection.id asix nmcli c mod asix ipv6.method ignore nmcli c mod realtek ipv6.method ignore nmcli c mod asix ipv4.never-default true nmcli c up asix nmcli c up realtek 3/ iptables "hardening" # 1. Delete all existing rules iptables -F # 2. Set default chain policies to DROP all both eth0 and eth1 iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT DROP # 3. Allow SSH on eth1 iptables -A INPUT -i eth1 -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -i eth1 -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT iptables -A OUTPUT -o eth1 -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -o eth1 -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT # 4. Allow incoming Wireguard on eth1 iptables -A INPUT -i eth1 -p udp --dport 51820 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -o eth1 -p udp --sport 51820 -m state --state ESTABLISHED -j ACCEPT FORWARD? ( wg0 ) # 5. Allow outbound Wireguard on eth0 iptables -A OUTPUT -o eth0 -p udp --dport 51820 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -i eth0 -p udp --sport 51820 -m state --state ESTABLISHED -j ACCEPT FORWARD? ( wg0 ) # 6. Allow outbound http(s) on eth0 ( eg updates ) iptables -A OUTPUT -o eth0 -p tcp -m multiport --sports 80,443 -m conntrack --ctstate ESTABLISHED -j ACCEPT # iperf3 excluded for now # 7. Accept all traffic on loopback interface iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT

fantastic, thanks for your answer Igor I was already about to mess with " 73-usb-net-by-mac.rules ", but this flag works so much better! Out of the box, flashing image it shows: 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 86:67:c3:ba:43:ca brd ff:ff:ff:ff:ff:ff inet 192.168.10.188/24 brd 192.168.10.255 scope global dynamic noprefixroute eth0 valid_lft 14213sec preferred_lft 14213sec inet6 fe80::f791:3c34:96fb:aec3/64 scope link noprefixroute valid_lft forever preferred_lft forever 3: eth1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000 link/ether 00:0e:c6:67:f0:a2 brd ff:ff:ff:ff:ff:ff Now remaining to configure static address , routing etc etc. This is my test "system" , so I can configure/ test settings before applying them instantly to my R4S thanks again!

Hi, I added an USB3.0 adapter to my rockpi4a , which results in: " enx000ec667f0a2 " ( eth1 ) Since NetworkManager is being used I tried to update this name using : " nmcli c modify armbian connection.interface-name "eth1" " But alas that does not seem to be picked up while nmconnection config file has been updated: cat /etc/NetworkManager/system-connections/armbian.nmconnection [connection] id=armbian uuid=8f61a97c-d0f1-4cb2-be4a-3fe2b4c08e7c type=ethernet interface-name=eth1 <snip snip> Ideally this could be changed in armbian-config, but I realise this is a low-low rockpi-4a:system-connections:# ll total 1.0K -rw------- 1 root root 331 Feb 2 12:12 armbian.nmconnection -rw------- 1 root root 384 Feb 2 11:54 'Wired connection 2.nmconnection' That ideally gets changed to 'Wired connection 1.nmconnection' which I updated manually using " nmcli c modify armbian connection.id 'Wired connection 1' " Idea is eth0 will be used solely for outgoing traffic, while "eth1" will be used for incoming

no url to paste to, but 5.9.14 shows: root@rockpi-4a:~# cpufreq-info | grep 2.02 hardware limits: 408 MHz - 2.02 GHz available frequency steps: 408 MHz, 600 MHz, 816 MHz, 1.01 GHz, 1.20 GHz, 1.42 GHz, 1.61 GHz, 1.80 GHz, 2.02 GHz current policy: frequency should be within 408 MHz and 2.02 GHz. cpufreq stats: 408 MHz:77.49%, 600 MHz:2.96%, 816 MHz:0.26%, 1.01 GHz:0.17%, 1.20 GHz:0.13%, 1.42 GHz:0.12%, 1.61 GHz:0.04%, 1.80 GHz:0.07%, 2.02 GHz:18.76% (288) hardware limits: 408 MHz - 2.02 GHz available frequency steps: 408 MHz, 600 MHz, 816 MHz, 1.01 GHz, 1.20 GHz, 1.42 GHz, 1.61 GHz, 1.80 GHz, 2.02 GHz current policy: frequency should be within 408 MHz and 2.02 GHz. cpufreq stats: 408 MHz:77.49%, 600 MHz:2.96%, 816 MHz:0.26%, 1.01 GHz:0.17%, 1.20 GHz:0.13%, 1.42 GHz:0.12%, 1.61 GHz:0.04%, 1.80 GHz:0.07%, 2.02 GHz:18.76% (288) It is not a biggie, but just noticed and that is all. So I suppose it is a WIP and will be overlay sooner or later ( similar back then with NEO2 board : cpu-clock-1.3GHz-1.3v )

Hi, Just noticed image " Linux rockpi-4a 5.9.14-rockchip64 #20.11.4 SMP PREEMPT Tue Dec 15 08:52:20 CET 2020 aarch64 GNU/Linux " my rockpi4a runs at 2Ghz. To radxa overclocking is possible so that 2GHz is not a real surprise ... Though checked " armbianEnv.txt " but did not find any "overlays" option present overlocking this board, neither any other files in /boot ( or /boot/dtb/rockchip/overlay ). However building a custom image ( kernel 5.10 ) it is running at 1,8GHz again, how can I set this to 2GHz ? ( as a side note - tehre is no need to enable panfrost BTW as I run this as a headless server ) Thanks

tried my rockpi4a , similar results ( bad ) as H5 and H6. Once switched to legacy 4.4 kernel, things rock and faster results again. really wonder what is causing this: patch, kernel realtek driver, both / something else : lost?!