Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
raspberry-pi:ipfire-on-rpicm4 [2023/09/28 16:30] Zyzonixraspberry-pi:ipfire-on-rpicm4 [2024/04/23 11:22] (current) – [Adjusting interfaces (important!)] Zyzonix
Line 1: Line 1:
-===== Install IPFire on a Raspberry Pi CM4 on DFRobot Carrier Board =====+====== Install IPFire on a Raspberry Pi CM4 on DFRobot Carrier Board over Serial Console ======
  
 +{{ :raspberry-pi:dfrobot_router_carrier_board_for_rpi_cm4.jpg?450|}}
 +This tutorial covers how to install a [[https://ipfire.org/|IPFire]] Firewall on to a [[https://www.raspberrypi.com/products/compute-module-4/?variant=raspberry-pi-cm4001000|Raspberry Pi Compute Module 4]] that is carried on [[https://www.dfrobot.com/product-2242.html|DFRobot's Router Carrier Board Mini]] using a **serial console**.
  
-<callout type="info" icon="true"> ** Under construction ** </callout> 
  
 +//Disclaimer: all provided links in this article **aren't** sponsored!//
 +<callout type="info" icon="true">Tutorial tested against a Raspberry Pi Compute Module 4 (4GB, rev. 1.2) and IPFire Core Update 179. During the setup a second Raspberry Pi 3B+ with local attached keyboard and monitor was used. </callout>
 +
 +→ IPFire's wiki can be found [[https://wiki.ipfire.org/|here]].
 +
 +→ And the DFRobot's wiki [[https://wiki.dfrobot.com/Compute_Module_4_IoT_Router_Board_Mini_SKU_DFR0767|here]].
 +
 +===== Preparation / Requirements =====
 +  * SD-Card (32 GB) + SD-Card-Reader
 +  * Raspberry Pi Compute Module 4 (4GB RAM recommended)
 +  * Jumper Wires (Female to Female)
 +  * Official Raspberry Pi USB-C Powersupply (CM4 requires 5V **3A**!)
 +  * Configured and running Raspberry Pi (either with SSH-access or working display output)
 +
 +//Depending on your Setup://
 +  * //HDMI-Cable//
 +  * //Keyboard//
 +  * //or USB2TTL Apdapter//
 +
 +===== Download and flash the Image to the SD-Card =====
 +
 +Download the ''aarch64'' Flash Image from IPFire's webpage: [[https://www.ipfire.org/download|ipfire.org/download]]. 
 +Then flash the Image on another computer to the SD-Card. Therefore you can use [[https://sourceforge.net/projects/win32diskimager/|Win32DiskImager]] (Windows), the official [[https://www.raspberrypi.com/software/|Raspberry Pi Imager]] (Linux, Windows and MacOS) or [[https://etcher.balena.io/|BalenaEtcher]] (Web, Linux and Windows).
 +
 +<callout type="warning" icon="true">
 +  * **The compressed IMG is required, the ISO image will not work!**
 +  * If experiencing boot issues when using newer hardware revisions have a look at the official IPFire wiki: [[https://wiki.ipfire.org/hardware/arm/rpi/four#fn:1|wiki.ipfire.org]]!
 +</callout>
 +
 +
 +Before ejecting the SD-Card perform the following changes:
 +
 +→ Enable the serial console: add (if not present) ''enable_uart=1'' to ''config.txt''.
 +
 +
 +→ Check if ''SERIAL-CONSOLE'' in ''uENV.txt'' is ''SERIAL-CONSOLE=ON''.
 +
 +
 +===== Connect both Pi's with jumper cables =====
 +{{ :raspberry-pi:rpi_gpio_pinout.png?450|}}
 +{{ :raspberry-pi:dfrobot_router_carrier_board_gpio_pinout.jpg?300|}}
 +Now connect the following pins on your carrier board's GPIO and your second Pi's GPIO with three jumper wires (female to female):
 +<WRAP 40%>
 +^ Carrier Board (CM4)  ^ 2nd Raspberry Pi / USB2TTL  ^ Use               ^
 +| **''6''**            | **''6''** / **''GND''**     | Ground (GND)      |
 +| **''10''**           | **''8''** / **''TX''**      | Receive and send  |
 +| **''8''**            | **''10''** / **''RX''**     | Send and receive  |
 +</WRAP>
 +
 +When connected properly you can power up the carrier board. 
 +
 +(It is recommended to first power up the second Pi and start the serial console before powering up the carrier board.)
 +
 +
 +//Images sourced from [[https://siocours.lycees.nouvelle-aquitaine.pro/lib/exe/fetch.php/isn/gpiopinsv3withpi.png|siocours.lycees.nouvelle-aquitaine.pro]] and [[https://wiki.dfrobot.com/Compute_Module_4_IoT_Router_Board_Mini_SKU_DFR0767|wiki.dfrobot.com - CM4 DFRobot Carrier Board]]//
 +
 +
 +===== Open serial console using screen =====
 +Before you can open a serial connection: serial console must also be enabled on the Pi from which you wish to connect. Therefore check if your ''/boot/config.txt'' contains ''enable_uart=1''. If not, add it at **top (!)** and reboot.
 +
 +<callout type="warning" icon="true">
 +When using a Raspberry Pi with bluetooth as second device also add the following lines to your ''config.txt'':
 +<code bash>
 +# disable bluetooth via uart
 +dtoverlay=pi3-disable-bt
 +dtoverlay=pi3-miniuart-bt
 +dtoverlay=disable-bt
 +dtoverlay=miniuart-bt
 +</code>
 +This will disable the bluetooth module, because this may break your serial connection as it also uses the uart console.
 +
 +In general there might be issues with the serial connection, it's recommended to firstly open the serial console on the second Pi and then booting up the CM4. Additionally **do not** dis- and reconnect to a running console session, otherwise your console might not be readable anymore for this session.
 +</callout>
 +
 +Then you can execute the follwing command from the second Pi to connect to your serial console. **It's strongly recommended to use a local attached keyboard and monitor on a Pi that boots to CLI(!) rather than creating the serial connection via SSH / Desktop.**
 <code bash>screen /dev/ttyS0 115200</code> <code bash>screen /dev/ttyS0 115200</code>
 +(root-permission required!)
 +→ you might install ''screen'' befire by running the following command:
 +<code bash>sudo apt install screen</code>
 +If ''/dev/ttyS0'' doesn't work, use ''/dev/serial0''. In case you are using a USB2TTL-Card use ''/dev/ttyUSB0''.
 +
 +Finally perform the setup of IPFire as usual!
 +
 +With ''Ctrl+A'' and ''D'' you can quit the ''screen''-session.
 +
 +===== Select correct boot method =====
 +
 +When booting for the first time, there will be three entries in the grub bootloader.
 +
 +**Select the 3rd option, that contains ''serial console''!**
 +
 +===== Adjusting Interfaces (MAC Addresses) (important!) =====
 +
 +As described also in this [[https://community.ipfire.org/t/rpi-cm4-red-interface-not-available-after-reboot/7119/3|blog post]] in IPFire's official forum, there are assigment issues with the carrier board's NICs. It seems that the second PCIe NIC gets a self-assignet MAC everytime the device boots up. This is followed by the host OS no longer recognizing the NIC. To solve this issue there is a more or less fancy workaround here in this wiki: [[linux:linux-tutorials:set-persistent-mac-rtl8111|Set persistent MAC for RTL8111/8168/8411 (r8169) with udev]] (internal link).
 +
 +
 +It's also recommended to completely shut down again and reboot to verify the changes!
 +
 +----
 +
 +//Resources used: [[https://www.cyberciti.biz/hardware/5-linux-unix-commands-for-connecting-to-the-serial-console/|cyberciti.biz - linux serial console]], [[https://scribles.net/setting-up-uart-serial-communication-between-raspberry-pis/|scribles.net - uart communitation between to Raspberry Pis]] and [[https://wiki.ipfire.org/hardware/arm/rpi/four#fn:1|wiki.ipfire.org - Raspberry Pi 4 Model B]]
 +
  • raspberry-pi/ipfire-on-rpicm4.txt
  • Last modified: 2024/04/23 11:22
  • by Zyzonix