H88K在Debian下搭建路由器

发表于 | 分类于

前言说明

  1. 硬件设备用的是:Hinlink H88K V3,无线网卡:MT7916,移动模组:RM500Q-GL,NVME硬盘:Intel 760P

  2. 系统用的是 自编译修改版Armbian 24.5backport 内核支持 MT7916 网卡。RM500Q开启支持 QMI ECM MBIM RNDIS 等驱动,当前教程使用的是 ECM 模式

  3. 网口规划:变压器故障的那个 eth0 usb0 wlan0WAN,其余网口做 LAN

靠USB3旁 中间网口 靠复位键 MT7916_2.4G MT7916_5G RM500Q
eth0 eth1 eth2 wlan0 wlan1 usb0
100M 2500M 1000M 600M 2400M 5000M
WAN LAN LAN WAN LAN WAN

准备工作

  1. Linux下默认的网卡名称是随机的,为了方便后续操作先禁止网卡重命名

sudo bash -c "echo 'extraboardargs=net.ifnames=0' >> /boot/armbianEnv.txt"

  1. 开启IPv4内核转发

sudo bash -c "echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.conf"

  1. 安装所需软件

sudo apt install dnsmasq hostapd bridge-utils ifupdown iptables wireless-regdb

  1. 由于我用的是带GNOME桌面的版本,且要能在设置里操作为WAN的网卡。所以需要让NetworkManager不管理作为LAN的网卡
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
# sudo vi /etc/NetworkManager/NetworkManager.conf ,主要操作为添加keyfile插件和字段以及忽略ifupdown和dns等
[main]
dns=none			# 不让NM管理 /etc/resolv.conf
plugins=ifupdown,keyfile	# 添加 keyfile 插件

[ifupdown]
managed=false			# 不管理 ifupdown 的接口,即 /etc/network/interfaces 中声明的网络接口

[keyfile]			# 添加 keyfile 字段,将除了eth0外其他以eth开头的接口及wlan1(它的mac) 全部忽略
unmanaged-devices=interface-name:eth*,except:interface-name:eth0;interface-name:br-lan;mac:00:0a:52:08:b4:73

-----------------------------------------------------------------
systemctl reload NetworkManager			# 重新加载配置
nmcli device status				# 查看设备管理状态
nmcli device set wlan1 managed no		# 临时不管理某网卡
-----------------------------------------------------------------

leux@h88k:~$ nmcli device status
DEVICE         TYPE      STATE                   CONNECTION
usb0           ethernet  connected               有线连接
lo             loopback  connected (externally)  lo
wlan0          wifi      connected               Xiaomi_123
eth0           ethernet  unavailable             --
br-lan         bridge    unmanaged               --
eth1           ethernet  unmanaged               --
eth2           ethernet  unmanaged               --
wlan1          wifi      unmanaged               --
leux@h88k:~$

配置网桥

1
2
3
4
5
6
7
8
9
10
11
12
13
# 这里使用 ifupdown 来管理网桥,通过编辑 /etc/network/interfaces 来配置它
# 将eth1 eth2 wlan1网卡加入LAN,移动模组usb0作为WAN的出口
# bridge_ports中只需添加eth就行,wlan会在hostapd运行时加入到br-lan
# sudo vi /etc/network/interfaces
auto br-lan
iface br-lan inet static
  address 192.168.1.1
  netmask 255.255.255.0
  bridge_ports eth1 eth2
up iptables -t nat -A POSTROUTING -s 192.168.1.1/24 -o usb0 -j MASQUERADE

# 重启网络
sudo systemctl restart networking.service

配置DHCP

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
# sudo vi /etc/dnsmasq.conf ,如下为仅支持DHCPv4的配置
interface=br-lan
listen-address=127.0.0.1,192.168.1.1
server=223.5.5.5
server=223.6.6.6
dhcp-range=br-lan,192.168.1.100,192.168.1.249,255.255.255.0,24h

# 配置文件修改完成开始运行dnsmasq,然后使其开机自启dnsmasq
sudo systemctl start dnsmasq
sudo systemctl enable dnsmasq


# 如果启动dnsmasq时报53端口被占用,可先使用 sudo lsof -i :53 查看谁占用的然后关闭它
sudo systemctl stop systemd-resolved
sudo systemctl disable systemd-resolved

# 删除默认的软链接并重新写入DNS服务器,否则DNSMASQ启动会报找不到它
sudo unlink /etc/resolv.conf
sudo bash -c "echo 'nameserver 114.114.114.114' > /etc/resolv.conf"


# 查看DHCP设备租约信息
leux@h88k:~$ cat /var/lib/misc/dnsmasq.leases
1711503842 ba:c7:49:01:19:a0 192.168.1.143 Redmi-K30-Pro-Zoom-Edition 01:ba:c7:49:01:19:a0
1711472426 26:87:d5:21:47:cd 192.168.1.123 Xiaomi-12 01:26:87:d5:21:47:cd
1711497537 74:56:3c:b0:6d:e3 192.168.1.178 B650 01:74:56:3c:b0:6d:e3
租期              MAC              IP      hostname

编译HOSTAPD

  1. 由于Debian自带的hostapd不支持AX参数,所以需要重新编译替换
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
sudo apt install build-essential pkgconf libnl-genl-3-dev libssl-dev 

wget https://w1.fi/releases/hostapd-2.10.tar.gz
tar -xzvf hostapd-2.10.tar.gz
cd hostapd-2.10/hostapd/
wget -O .config https://github.com/openwrt/openwrt/raw/main/package/network/services/hostapd/files/hostapd-full.config

make hostapd hostapd_cli \
CONFIG_ACS=y CONFIG_DRIVER_NL80211=y CONFIG_DRIVER_WEXT= CONFIG_TLS=openssl \
CONFIG_IEEE80211N=y CONFIG_IEEE80211AC=y CONFIG_IEEE80211AX=y \
CONFIG_SAE=y CONFIG_OWE=y CONFIG_SUITEB192=y CONFIG_AP=y CONFIG_MESH=y 

# 给软件减肥
strip hostapd-2.10/hostapd/hostapd
strip hostapd-2.10/hostapd/hostapd_cli

# 先备份原来的再拷贝替换
sudo mv /usr/sbin/hostapd /usr/sbin/hostapd.bak
sudo mv /usr/sbin/hostapd_cli /usr/sbin/hostapd_cli.bak
sudo cp hostapd-2.10/hostapd/hostapd /usr/sbin/hostapd
sudo cp hostapd-2.10/hostapd/hostapd_cli /usr/sbin/hostapd_cli

# 将hostapd设为不更新防止编译替换过的文件被覆盖
sudo apt-mark hold hostapd

# 如果需要半静态编译,那么添加如下到:hostapd-2.10/hostapd/Makefile
CFLAGS += -static
LIBS += -l:libnl-3.a -l:libnl-genl-3.a -l:libssl.a -l:libcrypto.a

leux@B650:~/hostapd-2.10/hostapd$ ldd hostapd
        linux-vdso.so.1 (0x00007fffc334c000)
        libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x00007fcdcfee0000)
        libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007fcdcfcf0000)
        /lib64/ld-linux-x86-64.so.2 (0x00007fcdd0551000)
leux@B650:~/hostapd-2.10/hostapd$
  1. 指定hostapd的配置文件路径
1
2
# 修改 /etc/default/hostapd 中的 #DAEMON_CONF 这行为 
DAEMON_CONF="/etc/hostapd/hostapd.conf"
  1. 编辑 /etc/hostapd/hostapd.conf 文件并根据你的情况配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
# 如下适用MT7916发射5G 80MHZ开启WiFi6
driver=nl80211
country_code=CN
interface=wlan1
bridge=br-lan
hw_mode=a
channel=157

auth_algs=1
wpa=2
ssid=H88K
utf8_ssid=1
wpa_pairwise=CCMP
ignore_broadcast_ssid=0
wpa_passphrase=1234567890
wpa_key_mgmt=WPA-PSK WPA-PSK-SHA256 SAE

ieee80211w=1
ieee80211d=1
ieee80211h=1
wmm_enabled=1

tx_queue_data2_burst=2.0
ieee80211n=1
ht_capab=[HT40+][LDPC][SHORT-GI-20][SHORT-GI-40][TX-STBC][RX-STBC1][MAX-AMSDU-7935]
ieee80211ac=1
vht_oper_chwidth=1
vht_oper_centr_freq_seg0_idx=155
vht_capab=[RXLDPC][SHORT-GI-80][SHORT-GI-160][TX-STBC-2BY1][SU-BEAMFORMER][SU-BEAMFORMEE][MU-BEAMFORMER][MU-BEAMFORMEE][RX-ANTENNA-PATTERN][TX-ANTENNA-PATTERN][RX-STBC-1][SOUNDING-DIMENSION-3][BF-ANTENNA-4][VHT160][MAX-MPDU-11454][MAX-A-MPDU-LEN-EXP7]
ieee80211ax=1
he_oper_chwidth=1
he_oper_centr_freq_seg0_idx=155
he_su_beamformer=1
he_mu_beamformer=1
he_default_pe_duration=4
he_rts_threshold=1023
he_mu_edca_qos_info_param_count=0
he_mu_edca_qos_info_q_ack=0
he_mu_edca_qos_info_queue_request=0
he_mu_edca_qos_info_txop_request=0
he_mu_edca_ac_be_aifsn=8
he_mu_edca_ac_be_aci=0
he_mu_edca_ac_be_ecwmin=9
he_mu_edca_ac_be_ecwmax=10
he_mu_edca_ac_be_timer=255
he_mu_edca_ac_bk_aifsn=15
he_mu_edca_ac_bk_aci=1
he_mu_edca_ac_bk_ecwmin=9
he_mu_edca_ac_bk_ecwmax=10
he_mu_edca_ac_bk_timer=255
he_mu_edca_ac_vi_ecwmin=5
he_mu_edca_ac_vi_ecwmax=7
he_mu_edca_ac_vi_aifsn=5
he_mu_edca_ac_vi_aci=2
he_mu_edca_ac_vi_timer=255
he_mu_edca_ac_vo_aifsn=5
he_mu_edca_ac_vo_aci=3
he_mu_edca_ac_vo_ecwmin=5
he_mu_edca_ac_vo_ecwmax=7
he_mu_edca_ac_vo_timer=255
  1. 设置软件开机自启
1
2
3
4
5
6
7
8
9
10
11
12
13
# 测试配置文件是否正确以及程序是否可以正常启动
sudo hostapd -dd /etc/hostapd/hostapd.conf

# 如测试没有报错那么也可以让热点程序在后台运行
sudo hostapd -B /etc/hostapd/hostapd.conf

# 关闭其他可能占用无线的程序
sudo systemctl stop wpa_supplicant
sudo systemctl disable wpa_supplicant

# 设置热点软件开机自启
sudo systemctl unmask hostapd
sudo systemctl enable hostapd
  1. 关于MT7916开启WiFi6后80MHZ与160MHZ的配置区别
1
2
3
4
5
6
7
8
9
10
11
12
13
# 开启 80MHZ
channel=36
vht_oper_chwidth=1
vht_oper_centr_freq_seg0_idx=42
he_oper_chwidth=1
he_oper_centr_freq_seg0_idx=42

# 开启 160MHZ
channel=36
vht_oper_chwidth=2
vht_oper_centr_freq_seg0_idx=50
he_oper_chwidth=2
he_oper_centr_freq_seg0_idx=50
  1. 如果需要改为开启 2.4G 40MHZ 的话,需要修改如下选项
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
# 如下需要修改
= hw_mode=a			hw_mode=g
= channel=157			channel=1
= chanlist=157			chanlist=1
= interface=wlan1		interface=wlan0

# 如下选项全部删除
- ieee80211h=1
- tx_queue_data2_burst=2.0
- ieee80211ac=1
- vht_oper_chwidth=1
- vht_oper_centr_freq_seg0_idx=155
- vht_capab=[RXLDPC][SHORT-GI-80][SHORT-GI-160][TX-STBC-2BY1][SU-BEAMFORMER][SU-BEAMFORMEE][MU-BEAMFORMER][MU-BEAMFORMEE][RX-ANTENNA-PATTERN][TX-ANTENNA-PATTERN][RX-STBC-1][SOUNDING-DIMENSION-3][BF-ANTENNA-4][VHT160][MAX-MPDU-11454][MAX-A-MPDU-LEN-EXP7]
- he_oper_chwidth=1
- he_oper_centr_freq_seg0_idx=155

IPv6相关

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
# 想要获取5G的IPv6地址,先下载编译quectel_cm拨号工具
https://github.com/coolsnowwolf/lede/tree/master/package/wwan/app/quectel_cm_5G/src

# 拷贝编译好的程序
mv quectel-CM /usr/local/bin/
mv quectel-qmi-proxy /usr/local/bin/
mv quectel-atc-proxy /usr/local/bin/
mv quectel-mbim-proxy /usr/local/bin/

# 配置脚本来开机自启,记得修改/etc/network/interfaces中的外网出口由usb0为wwan0
# sudo vi /etc/systemd/system/quectel-cm.service
------------------------------------------------------
[Unit]
Description=Quectel-CM Service
After=network.target
Wants=network.target

[Service]
ExecStop=/bin/kill -s TERM $MAINPID
ExecStart=/usr/local/bin/quectel-CM -s ctnet -4 -6

[Install]
WantedBy=multi-user.target
------------------------------------------------------

# 启动服务和开机自启
sudo systemctl start quectel-cm
sudo systemctl enable quectel-cm


#############################################################################
# 根据以下设置,局域网内的设备可以通过IPv6访问外网,但内网设备获取的不是公网IPv6地址
------------------------------------------------------
# 首先开启内核转发IPv4和IPv6
# sudo vi /etc/sysctl.conf
net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1

------------------------------------------------------
# 将eth1 eth2网卡加入LAN,移动模组wwan0作为WAN的出口
# sudo vi /etc/network/interfaces
auto br-lan
iface br-lan inet static
  address 192.168.1.1
  bridge_ports eth1 eth2
up iptables -t nat -A POSTROUTING -s 192.168.1.1/24 -o wwan0 -j MASQUERADE

iface br-lan inet6 static
  address fd00::1
  netmask 64
up ip6tables -t nat -A POSTROUTING -s fd00::1/64 -o wwan0 -j MASQUERADE

------------------------------------------------------
# sudo vi /etc/dnsmasq.conf ,如下为同时支持DHCPv4 DHCPv6的配置
interface=br-lan
listen-address=::1,127.0.0.1,192.168.1.1
server=223.5.5.5
server=223.6.6.6
server=240C::6666
server=240C::6644
dhcp-range=br-lan,192.168.1.100,192.168.1.249,255.255.255.0,24h
enable-ra
dhcp-range=br-lan,::1,constructor:br-lan,ra-names,24h
------------------------------------------------------

# 提醒:quectel-CM 程序运行时会将获取到的DNS写入 /etc/resolv.conf 中 
# 现在可以去 https://www.test-ipv6.com 或 https://ipw.cn 测试IPv6是否可以访问了

配置Docker

  1. 安装Docker
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
# 安装需要用到的软件
sudo apt update && sudo apt install ca-certificates curl gnupg

# 卸载自带的旧版本
sudo apt remove docker.io docker-doc docker-compose podman-docker containerd runc

# 请选择从【国外官方仓库】还是【国内中科大源】下载
# DOCKER_URL=https://download.docker.com/linux/debian
# DOCKER_URL=https://mirrors.ustc.edu.cn/docker-ce/linux/debian

# 添加Docker仓库密钥
curl -fsSL $DOCKER_URL/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg

# 添加Docker软件源
echo \
  "deb [arch="$(dpkg --print-architecture)" signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] $DOCKER_URL \
  "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \
  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

# 安装最新的Docker
sudo apt update
sudo apt install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
  1. 以非root用户身份管理Docker(可选)
1
2
3
4
5
6
7
8
9
10
11
# 创建docker组并将您的用户添加到组中
sudo groupadd docker
sudo usermod -aG docker $USER

# 将Docker配置为开机自启
sudo systemctl enable docker
sudo systemctl enable containerd

# 停止Docker开机自启
sudo systemctl disable docker.service
sudo systemctl disable containerd.service
  1. 更改Docker的数据储存路径
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
# 挂载NVME硬盘,重启生效
sudo mkdir /mnt/nvme
sudo bash -c "echo '/dev/nvme0n1p1 /mnt/nvme ext4 defaults,discard 0 0' >> /etc/fstab"

# 先查看默认的数据储存路径
$ sudo docker info
......
Docker Root Dir: /var/lib/docker

# 修改镜像加速地址和数据储存路径
$ sudo vi /etc/docker/daemon.json
------------------------------------------------------
{
  "registry-mirrors": [
    "http://hub-mirror.c.163.com",
    "https://mirror.baidubce.com",
    "https://docker.nju.edu.cn",
    "https://docker.mirrors.sjtug.sjtu.edu.cn"
  ],
  "data-root": "/mnt/nvme/docker"
}
------------------------------------------------------

# 重新启动Docker服务使配置生效
sudo systemctl restart docker
  1. 运行Redroid镜像并启用GPU加速
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
# 运行大佬分享的支持GPU加速的Redroid镜像,并使其开机自启
# https://github.com/CNflysky/redroid-rk3588/blob/main/README_zh.md
sudo docker run -d --privileged --name redroid --restart=always \
-p 5555:5555 -v /mnt/nvme/data:/data cnflysky/redroid-rk3588:12.0.0-latest \
androidboot.redroid_height=1920 androidboot.redroid_width=1080 \
androidboot.redroid_fps=30 androidboot.redroid_magisk=1 \
androidboot.redroid_fake_wifi=1 androidboot.redroid_fake_wifi_ssid=CMCC

# 后期可以如下启动该镜像
sudo docker start redroid

# 通过adb连接或者使用scrcpy投屏
adb connect 192.168.1.1:5555
scrcpy --tcpip=192.168.1.1:5555 --video-codec=h265 --video-encoder='c2.rk.hevc.encoder'

# 查看日志
docker exec redroid logcat -d		# 查看日志
docker exec redroid logcat -c		# 清理日志

# 查看容器信息
sudo docker container ls

# 取消其的自启动
sudo docker update --restart=no c8265b42def3

# 设置其为自启动
sudo docker update --restart=always redroid

内网穿透

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
# https://github.com/fatedier/frp/releases     v0.56.0
# /usr/bin/frpc -c /etc/frpc.toml
-------------------------------------------------
serverAddr = "x.x.x.x"
serverPort = 7000
auth.token = "xxxx"

loginFailExit = false
log.to = "/var/log/frpc.log"
log.level = "info"
log.maxDays = 1

[redroid]
name = "redroid"
type = "tcp"
localIP = "127.0.0.1"
localPort = 5555
remotePort = 7555

-------------------------------------------------
sudo systemctl start frpc
sudo systemctl enable frpc

sudo vi /etc/systemd/system/frpc.service
-------------------------------------------------
[Unit]
Description=frpc service 
After=network.target syslog.target
Wants=network.target
 
[Service]
Type=simple
ExecStart=/usr/bin/frpc -c /etc/frpc.toml
 
[Install]
WantedBy=multi-user.target

其他优化

  1. 禁止掉debian默认休眠,或者在gnome设置中关闭电源之类 mask禁用 unmask启用

sudo systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.target

  1. 增加中文支持,先执行下面命令选 zh_CN.UTF-8 en_US.UTF-8 ,然后在GNOME设置区域里调为中文

sudo apt install locales && sudo dpkg-reconfigure locales

  1. 执行下面命令可更改主机名,改后最好再手动改下 /etc/hosts 里的主机名

sudo hostnamectl set-hostname h88k

  1. 设置中国时间

sudo timedatectl set-timezone Asia/Shanghai

  1. 更换中国源
1
2
3
4
5
6
# 本条是Debian替换源的
sudo sed -i 's/deb.debian.org/mirrors.ustc.edu.cn/g' /etc/apt/sources.list
sudo sed -i 's|security.debian.org|mirrors.ustc.edu.cn/debian-security|g' /etc/apt/sources.list

# 这条是Ubuntu Arm64替换源的
sudo sed -i 's/ports.ubuntu.com/mirrors.ustc.edu.cn\/ubuntu-ports/g' /etc/apt/sources.list
  1. 有时候电脑网线已连接LAN口的情况下重启,可能会遇到电脑获取不到IP的情况,重新插拔网线即可解决