NanoPI R6S with OpenWRT

There is a pending fix

2 Likes

I am using R6C as a router and internet requires pppoe with vlan, when using Friendlywrt everything worked fine but with the snapshot WAN gets a public ip but there is no internet connectivity in the router (opkg update not working) or the devices in LAN....ping, traceroute and nslookup worked from diagnostics page.

The upstream gmac driver seems broken unfortunately. I got a board with RTL8367S and I found the connection will be broken if packets are larger than 203 bytes...

1 Like

The R6C comes with a very easily accessible debug port.
image

So I noticed that connecting to the console over the debug port does NOT require an OpenWRT password. So I looked in /etc/inittab :

::askconsole:/usr/libexec/login.sh

then looked in /usr/libexec/login.sh :

[ "$(uci -q get system.@system[0].ttylogin)" = 1 ] || exec /bin/login -f root

Checked the purpose of the login -f option:

Usage: login [-p] [-h HOST] [[-f] USER]
        -f      Don't authenticate (user already authenticated)

So is this by design? What do I need to toggle to let it ask for a password ?
(besides editing /usr/libexec/login.sh or /etc/inittab)

It seems by design:

"(...) Usually there is no login/signin prompt in serial connection. (...)

https://openwrt.org/docs/techref/hardware/port.serial

Not a bad idea to have console port without a password. This is a way to recover access to the OS if the password is forgotten. As long as physical access to the device is secured, I don’t see a big problem here. Password recovery usually requires physical access to a device. Consider this to be a password recovery port.

Thank you :innocent:

That really depends on accessibility. IMO there should be a penalty for forgetting a password. At least a user should reboot into fail-safe mode to reset a password. Now you just hit enter and you are root with a phone in under a minute. Who doesn't have a usb-c cable nowadays?

All I'm saying is, its far too easy. IMO the console should ask for a password, fail-safe should not. At least give the user an option to toggle it in UCI/LUCI.

/usr/libexec/login.sh could be something like:

[ "$(uci -q get system.@system[0].ttylogin)" = 1 ] || {
  case "$(uci -q get system.@system[0].ttysecure)" in
    0) exec /bin/login root;;
    1) exec /bin/login -f root;;
  esac
}

EDIT:
I feel like a moron, I think that's exactly what system.@system[0].ttylogin does :sweat_smile:

uci -q set system.@system[0].ttylogin=1
uci commit system
Yep, it does
root@router:~# exit
Please press Enter to activate this console.



BusyBox v1.36.1 (2024-09-25 21:30:22 UTC) built-in shell (ash)

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 -----------------------------------------------------
 OpenWrt SNAPSHOT, r27596-a4c95f1444
 -----------------------------------------------------
root@router:~# uci -q get system.@system[0].ttylogin
0
root@router:~# uci -q set system.@system[0].ttylogin=1
root@router:~# uci commit system
root@router:~# exit
Please press Enter to activate this console.

router login: root
Password: 


BusyBox v1.36.1 (2024-09-25 21:30:22 UTC) built-in shell (ash)

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 -----------------------------------------------------
 OpenWrt SNAPSHOT, r27596-a4c95f1444
 -----------------------------------------------------
root@router:~#

RockChip SoC has AES acceleration so I'm not surprised about the performance of OpenVPN on R6 series (I remember R4S was almost the same)

Yeah my old trusty x86_64 didn't have AES. I totally forgot a bout that.
(I started replying to myself there :laughing: )

Nanopi R6s openvpn performance. Below is a link to the video.

Summary

https://www.youtube.com/watch?v=YC16CsEYN6g
https://bret.dk/intel-n100-a-challenge-to-arm/

Although shared today it seems that the YouTube link is at least a year old going by the comments. It's using FriendlyWRT. Although it may be a good indicator of what to expect, it is not OpenWRT.

I hoped he had updated this video to include the latest snapshot to compare the difference.

1 Like