Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
raspberry-pi:ipfire-on-rpicm4 [2023/09/28 16:28] Zyzonixraspberry-pi:ipfire-on-rpicm4 [2024/04/23 11:22] (current) – [Adjusting interfaces (important!)] Zyzonix
Line 1: Line 1:
-===== Install IPFire on a Raspberry Pi CM4 on DFRobot Carrier Board =====+====== Install IPFire on a Raspberry Pi CM4 on DFRobot Carrier Board over Serial Console =====
 + 
 +{{ :raspberry-pi:dfrobot_router_carrier_board_for_rpi_cm4.jpg?450|}} 
 +This tutorial covers how to install a [[https://ipfire.org/|IPFire]] Firewall on to a [[https://www.raspberrypi.com/products/compute-module-4/?variant=raspberry-pi-cm4001000|Raspberry Pi Compute Module 4]] that is carried on [[https://www.dfrobot.com/product-2242.html|DFRobot's Router Carrier Board Mini]] using a **serial console**. 
 + 
 + 
 +//Disclaimer: all provided links in this article **aren't** sponsored!// 
 +<callout type="info" icon="true">Tutorial tested against a Raspberry Pi Compute Module 4 (4GB, rev. 1.2) and IPFire Core Update 179. During the setup a second Raspberry Pi 3B+ with local attached keyboard and monitor was used. </callout> 
 + 
 +→ IPFire's wiki can be found [[https://wiki.ipfire.org/|here]]. 
 + 
 +→ And the DFRobot's wiki [[https://wiki.dfrobot.com/Compute_Module_4_IoT_Router_Board_Mini_SKU_DFR0767|here]]. 
 + 
 +===== Preparation / Requirements ===== 
 +  * SD-Card (32 GB) + SD-Card-Reader 
 +  * Raspberry Pi Compute Module 4 (4GB RAM recommended) 
 +  * Jumper Wires (Female to Female) 
 +  * Official Raspberry Pi USB-C Powersupply (CM4 requires 5V **3A**!) 
 +  * Configured and running Raspberry Pi (either with SSH-access or working display output) 
 + 
 +//Depending on your Setup:// 
 +  * //HDMI-Cable// 
 +  * //Keyboard// 
 +  * //or USB2TTL Apdapter// 
 + 
 +===== Download and flash the Image to the SD-Card ===== 
 + 
 +Download the ''aarch64'' Flash Image from IPFire's webpage: [[https://www.ipfire.org/download|ipfire.org/download]].  
 +Then flash the Image on another computer to the SD-Card. Therefore you can use [[https://sourceforge.net/projects/win32diskimager/|Win32DiskImager]] (Windows), the official [[https://www.raspberrypi.com/software/|Raspberry Pi Imager]] (Linux, Windows and MacOS) or [[https://etcher.balena.io/|BalenaEtcher]] (Web, Linux and Windows). 
 + 
 +<callout type="warning" icon="true"> 
 +  * **The compressed IMG is required, the ISO image will not work!** 
 +  * If experiencing boot issues when using newer hardware revisions have a look at the official IPFire wiki: [[https://wiki.ipfire.org/hardware/arm/rpi/four#fn:1|wiki.ipfire.org]]! 
 +</callout> 
 + 
 + 
 +Before ejecting the SD-Card perform the following changes: 
 + 
 +→ Enable the serial console: add (if not present) ''enable_uart=1'' to ''config.txt''
 + 
 + 
 +→ Check if ''SERIAL-CONSOLE'' in ''uENV.txt'' is ''SERIAL-CONSOLE=ON''
 + 
 + 
 +===== Connect both Pi's with jumper cables ===== 
 +{{ :raspberry-pi:rpi_gpio_pinout.png?450|}} 
 +{{ :raspberry-pi:dfrobot_router_carrier_board_gpio_pinout.jpg?300|}} 
 +Now connect the following pins on your carrier board's GPIO and your second Pi's GPIO with three jumper wires (female to female): 
 +<WRAP 40%> 
 +^ Carrier Board (CM4)  ^ 2nd Raspberry Pi / USB2TTL  ^ Use               ^ 
 +| **''6''**            | **''6''** / **''GND''**     | Ground (GND)      | 
 +| **''10''**           | **''8''** / **''TX''**      | Receive and send  | 
 +| **''8''**            | **''10''** / **''RX''**     | Send and receive 
 +</WRAP> 
 + 
 +When connected properly you can power up the carrier board.  
 + 
 +(It is recommended to first power up the second Pi and start the serial console before powering up the carrier board.) 
 + 
 + 
 +//Images sourced from [[https://siocours.lycees.nouvelle-aquitaine.pro/lib/exe/fetch.php/isn/gpiopinsv3withpi.png|siocours.lycees.nouvelle-aquitaine.pro]] and [[https://wiki.dfrobot.com/Compute_Module_4_IoT_Router_Board_Mini_SKU_DFR0767|wiki.dfrobot.com - CM4 DFRobot Carrier Board]]// 
 + 
 + 
 +===== Open serial console using screen ===== 
 +Before you can open a serial connection: serial console must also be enabled on the Pi from which you wish to connect. Therefore check if your ''/boot/config.txt'' contains ''enable_uart=1''. If not, add it at **top (!)** and reboot. 
 + 
 +<callout type="warning" icon="true"> 
 +When using a Raspberry Pi with bluetooth as second device also add the following lines to your ''config.txt'': 
 +<code bash> 
 +# disable bluetooth via uart 
 +dtoverlay=pi3-disable-bt 
 +dtoverlay=pi3-miniuart-bt 
 +dtoverlay=disable-bt 
 +dtoverlay=miniuart-bt 
 +</code> 
 +This will disable the bluetooth module, because this may break your serial connection as it also uses the uart console. 
 + 
 +In general there might be issues with the serial connection, it's recommended to firstly open the serial console on the second Pi and then booting up the CM4. Additionally **do not** dis- and reconnect to a running console session, otherwise your console might not be readable anymore for this session. 
 +</callout> 
 + 
 +Then you can execute the follwing command from the second Pi to connect to your serial console. **It's strongly recommended to use a local attached keyboard and monitor on a Pi that boots to CLI(!) rather than creating the serial connection via SSH / Desktop.** 
 +<code bash>screen /dev/ttyS0 115200</code> 
 +(root-permission required!) 
 +→ you might install ''screen'' befire by running the following command: 
 +<code bash>sudo apt install screen</code> 
 +If ''/dev/ttyS0'' doesn't work, use ''/dev/serial0''. In case you are using a USB2TTL-Card use ''/dev/ttyUSB0''
 + 
 +Finally perform the setup of IPFire as usual! 
 + 
 +With ''Ctrl+A'' and ''D'' you can quit the ''screen''-session. 
 + 
 +===== Select correct boot method ===== 
 + 
 +When booting for the first time, there will be three entries in the grub bootloader. 
 + 
 +**Select the 3rd option, that contains ''serial console''!** 
 + 
 +===== Adjusting Interfaces (MAC Addresses) (important!) ===== 
 + 
 +As described also in this [[https://community.ipfire.org/t/rpi-cm4-red-interface-not-available-after-reboot/7119/3|blog post]] in IPFire's official forum, there are assigment issues with the carrier board's NICs. It seems that the second PCIe NIC gets a self-assignet MAC everytime the device boots up. This is followed by the host OS no longer recognizing the NIC. To solve this issue there is a more or less fancy workaround here in this wiki: [[linux:linux-tutorials:set-persistent-mac-rtl8111|Set persistent MAC for RTL8111/8168/8411 (r8169) with udev]] (internal link). 
 + 
 + 
 +It's also recommended to completely shut down again and reboot to verify the changes! 
 + 
 +---- 
 + 
 +//Resources used: [[https://www.cyberciti.biz/hardware/5-linux-unix-commands-for-connecting-to-the-serial-console/|cyberciti.biz - linux serial console]], [[https://scribles.net/setting-up-uart-serial-communication-between-raspberry-pis/|scribles.net - uart communitation between to Raspberry Pis]] and [[https://wiki.ipfire.org/hardware/arm/rpi/four#fn:1|wiki.ipfire.org - Raspberry Pi 4 Model B]] 
  • raspberry-pi/ipfire-on-rpicm4.txt
  • Last modified: 2024/04/23 11:22
  • by Zyzonix