H88K在Debian下搭建路由器

发表于 | 分类于

前言说明

  1. 硬件设备用的是:Hinlink H88K V3,无线网卡:MT7916,移动模组:RM500Q-GL,NVME硬盘:Intel 760P

  2. 系统用的是 自编译修改版Armbian 24.5backport 内核支持 MT7916 网卡。官方最新版 Armbian_25.2 Kernel_6.1.84 已支持MT7916

  3. RM500Q开启支持 QMI ECM MBIM RNDIS 等驱动,当前教程使用的是 ECM 或 MBIM 模式,接口分别对应 usb0 或 wwan0

  4. 网口规划:变压器故障的那个 eth0 usb0 wlan0WAN,其余网口做 LAN

靠USB3旁 中间网口 靠复位键 MT7916_2.4G MT7916_5G RM500Q
eth0 eth1 eth2 wlan0 wlan1 usb0
100M 2500M 1000M 600M 2400M 5000M
WAN LAN LAN WAN LAN WAN

准备工作

  1. Linux下默认的网卡名称是随机的,为了方便后续操作先禁止网卡重命名

sudo bash -c "echo 'extraboardargs=net.ifnames=0' >> /boot/armbianEnv.txt"

  1. 开启IPv4内核转发

sudo bash -c "echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.conf"

  1. 安装所需软件

sudo apt install dnsmasq hostapd bridge-utils ifupdown iptables wireless-regdb

  1. 由于我用的是带GNOME桌面的版本,且要能在设置里操作为WAN的网卡。所以需要让NetworkManager不管理作为LAN的网卡
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
# sudo vi /etc/NetworkManager/NetworkManager.conf ,主要操作为添加keyfile插件和字段以及忽略ifupdown和dns等
[main]
dns=none			# 不让NM管理 /etc/resolv.conf
plugins=ifupdown,keyfile	# 添加 keyfile 插件

[ifupdown]
managed=false			# 不管理 ifupdown 的接口,即 /etc/network/interfaces 中声明的网络接口

[keyfile]			# 添加 keyfile 字段,将除了eth0外其他以eth开头的接口及wlan1(它的mac) 全部忽略
unmanaged-devices=interface-name:eth*,except:interface-name:eth0;interface-name:br-lan;mac:00:0a:52:08:b4:73

-----------------------------------------------------------------
systemctl reload NetworkManager			# 重新加载配置
nmcli device status				# 查看设备管理状态
nmcli device set wlan1 managed no		# 临时不管理某网卡
-----------------------------------------------------------------

leux@h88k:~$ nmcli device status
DEVICE         TYPE      STATE                   CONNECTION
usb0           ethernet  connected               有线连接
lo             loopback  connected (externally)  lo
wlan0          wifi      connected               Xiaomi_123
eth0           ethernet  unavailable             --
br-lan         bridge    unmanaged               --
eth1           ethernet  unmanaged               --
eth2           ethernet  unmanaged               --
wlan1          wifi      unmanaged               --
leux@h88k:~$

配置网桥

1
2
3
4
5
6
7
8
9
10
11
12
13
# 这里使用 ifupdown 来管理网桥,通过编辑 /etc/network/interfaces 来配置它
# 将eth1 eth2 wlan1网卡加入LAN,移动模组usb0作为WAN的出口
# bridge_ports中只需添加eth就行,wlan会在hostapd运行时加入到br-lan
# sudo vi /etc/network/interfaces
auto br-lan
iface br-lan inet static
  address 192.168.1.1
  netmask 255.255.255.0
  bridge_ports eth1 eth2
up iptables -t nat -A POSTROUTING -s 192.168.1.1/24 -o usb0 -j MASQUERADE

# 重启网络
sudo systemctl restart networking.service

配置DHCP

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
# sudo vi /etc/dnsmasq.conf ,如下为仅支持DHCPv4的配置
interface=br-lan
listen-address=127.0.0.1,192.168.1.1
server=223.5.5.5
server=223.6.6.6
dhcp-range=br-lan,192.168.1.100,192.168.1.249,255.255.255.0,24h

# 配置文件修改完成开始运行dnsmasq,然后使其开机自启dnsmasq
sudo systemctl start dnsmasq
sudo systemctl enable dnsmasq


# 如果启动dnsmasq时报53端口被占用,可先使用 sudo lsof -i :53 查看谁占用的然后关闭它
sudo systemctl stop systemd-resolved
sudo systemctl disable systemd-resolved

# 删除默认的软链接并重新写入DNS服务器,否则DNSMASQ启动会报找不到它
sudo unlink /etc/resolv.conf
sudo bash -c "echo 'nameserver 114.114.114.114' > /etc/resolv.conf"


# 查看DHCP设备租约信息
leux@h88k:~$ cat /var/lib/misc/dnsmasq.leases
1711503842 ba:c7:49:01:19:a0 192.168.1.143 Redmi-K30-Pro-Zoom-Edition 01:ba:c7:49:01:19:a0
1711472426 26:87:d5:21:47:cd 192.168.1.123 Xiaomi-12 01:26:87:d5:21:47:cd
1711497537 74:56:3c:b0:6d:e3 192.168.1.178 B650 01:74:56:3c:b0:6d:e3
租期              MAC              IP      hostname

编译HOSTAPD

  1. 由于Debian自带的hostapd不支持AX参数,所以需要重新编译替换
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
sudo apt install build-essential pkgconf libnl-genl-3-dev libssl-dev 

wget https://w1.fi/releases/hostapd-2.10.tar.gz
tar -xzvf hostapd-2.10.tar.gz
cd hostapd-2.10/hostapd/
wget -O .config https://github.com/openwrt/openwrt/raw/main/package/network/services/hostapd/files/hostapd-full.config

make hostapd hostapd_cli \
CONFIG_ACS=y CONFIG_DRIVER_NL80211=y CONFIG_DRIVER_WEXT= CONFIG_TLS=openssl \
CONFIG_IEEE80211N=y CONFIG_IEEE80211AC=y CONFIG_IEEE80211AX=y \
CONFIG_SAE=y CONFIG_OWE=y CONFIG_SUITEB192=y CONFIG_AP=y CONFIG_MESH=y 

# 给软件减肥
strip hostapd-2.10/hostapd/hostapd
strip hostapd-2.10/hostapd/hostapd_cli

# 先备份原来的再拷贝替换
sudo mv /usr/sbin/hostapd /usr/sbin/hostapd.bak
sudo mv /usr/sbin/hostapd_cli /usr/sbin/hostapd_cli.bak
sudo cp hostapd-2.10/hostapd/hostapd /usr/sbin/hostapd
sudo cp hostapd-2.10/hostapd/hostapd_cli /usr/sbin/hostapd_cli

# 将hostapd设为不更新防止编译替换过的文件被覆盖
sudo apt-mark hold hostapd

# 如果需要半静态编译,那么添加如下到:hostapd-2.10/hostapd/Makefile
CFLAGS += -static
LIBS += -l:libnl-3.a -l:libnl-genl-3.a -l:libssl.a -l:libcrypto.a

leux@B650:~/hostapd-2.10/hostapd$ ldd hostapd
        linux-vdso.so.1 (0x00007fffc334c000)
        libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x00007fcdcfee0000)
        libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007fcdcfcf0000)
        /lib64/ld-linux-x86-64.so.2 (0x00007fcdd0551000)
leux@B650:~/hostapd-2.10/hostapd$
  1. 指定hostapd的配置文件路径
1
2
# 修改 /etc/default/hostapd 中的 #DAEMON_CONF 这行为 
DAEMON_CONF="/etc/hostapd/hostapd.conf"
  1. 编辑 /etc/hostapd/hostapd.conf 文件并根据你的情况配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
# 如下适用MT7916发射5G 80MHz开启WiFi6
driver=nl80211
country_code=US
interface=wlan1
bridge=br-lan
hw_mode=a
channel=157

auth_algs=1
wpa=2
ssid=AX6
utf8_ssid=1
wpa_pairwise=CCMP
ignore_broadcast_ssid=0
wpa_passphrase=1234567890
wpa_key_mgmt=WPA-PSK WPA-PSK-SHA256 SAE

ieee80211w=1
ieee80211d=1
ieee80211h=1
wmm_enabled=1

tx_queue_data2_burst=2.0
ieee80211n=1
ht_capab=[HT40+][LDPC][SHORT-GI-20][SHORT-GI-40][TX-STBC][RX-STBC1][MAX-AMSDU-7935]
ieee80211ac=1
vht_oper_chwidth=1
vht_oper_centr_freq_seg0_idx=155
vht_capab=[RXLDPC][SHORT-GI-80][SHORT-GI-160][TX-STBC-2BY1][SU-BEAMFORMER][SU-BEAMFORMEE][MU-BEAMFORMER][MU-BEAMFORMEE][RX-ANTENNA-PATTERN][TX-ANTENNA-PATTERN][RX-STBC-1][SOUNDING-DIMENSION-3][BF-ANTENNA-4][VHT160][MAX-MPDU-11454][MAX-A-MPDU-LEN-EXP7]
ieee80211ax=1
he_oper_chwidth=1
he_oper_centr_freq_seg0_idx=155
he_su_beamformer=1
he_mu_beamformer=1
he_default_pe_duration=4
he_rts_threshold=1023
he_mu_edca_qos_info_param_count=0
he_mu_edca_qos_info_q_ack=0
he_mu_edca_qos_info_queue_request=0
he_mu_edca_qos_info_txop_request=0
he_mu_edca_ac_be_aifsn=8
he_mu_edca_ac_be_aci=0
he_mu_edca_ac_be_ecwmin=9
he_mu_edca_ac_be_ecwmax=10
he_mu_edca_ac_be_timer=255
he_mu_edca_ac_bk_aifsn=15
he_mu_edca_ac_bk_aci=1
he_mu_edca_ac_bk_ecwmin=9
he_mu_edca_ac_bk_ecwmax=10
he_mu_edca_ac_bk_timer=255
he_mu_edca_ac_vi_ecwmin=5
he_mu_edca_ac_vi_ecwmax=7
he_mu_edca_ac_vi_aifsn=5
he_mu_edca_ac_vi_aci=2
he_mu_edca_ac_vi_timer=255
he_mu_edca_ac_vo_aifsn=5
he_mu_edca_ac_vo_aci=3
he_mu_edca_ac_vo_ecwmin=5
he_mu_edca_ac_vo_ecwmax=7
he_mu_edca_ac_vo_timer=255
  1. 设置软件开机自启
1
2
3
4
5
6
7
8
9
10
11
12
13
# 测试配置文件是否正确以及程序是否可以正常启动
sudo hostapd -dd /etc/hostapd/hostapd.conf

# 如测试没有报错那么也可以让热点程序在后台运行
sudo hostapd -B /etc/hostapd/hostapd.conf

# 关闭其他可能占用无线的程序
sudo systemctl stop wpa_supplicant
sudo systemctl disable wpa_supplicant

# 设置热点软件开机自启
sudo systemctl unmask hostapd
sudo systemctl enable hostapd
  1. 关于WiFi6下80MHz与160MHz配置的区别
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
# 开启 80MHz
channel=36
vht_oper_chwidth=1
vht_oper_centr_freq_seg0_idx=42
he_oper_chwidth=1
he_oper_centr_freq_seg0_idx=42

# 开启 160MHz
channel=36
vht_oper_chwidth=2
vht_oper_centr_freq_seg0_idx=50
he_oper_chwidth=2
he_oper_centr_freq_seg0_idx=50

# 注意:开启160MHz后,热点启动可能需要几分钟,而80MHz启动仅需数十秒
  1. 如果需要改为开启 2.4G 40MHz 的话,需要修改如下选项
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
# 如下配置需要修改
= hw_mode=a			hw_mode=g
= channel=157			channel=1
= interface=wlan1		interface=wlan0

# 如下配置全部删除
- ieee80211h=1
- tx_queue_data2_burst=2.0
- ieee80211ac=1
- vht_oper_chwidth=1
- vht_oper_centr_freq_seg0_idx=155
- vht_capab=[RXLDPC][SHORT-GI-80][SHORT-GI-160][TX-STBC-2BY1][SU-BEAMFORMER][SU-BEAMFORMEE][MU-BEAMFORMER][MU-BEAMFORMEE][RX-ANTENNA-PATTERN][TX-ANTENNA-PATTERN][RX-STBC-1][SOUNDING-DIMENSION-3][BF-ANTENNA-4][VHT160][MAX-MPDU-11454][MAX-A-MPDU-LEN-EXP7]
- he_oper_chwidth=1
- he_oper_centr_freq_seg0_idx=155

###############################################################################
# 最后的 /etc/hostapd/hostapd-24.conf 配置(如下适用MT7916发射2.4G 40MHz开启WiFi6)
driver=nl80211
country_code=US
interface=wlan0
bridge=br-lan
hw_mode=g
channel=1

auth_algs=1
wpa=2
ssid=AX3
utf8_ssid=1
wpa_pairwise=CCMP
ignore_broadcast_ssid=0
wpa_passphrase=1234567890
wpa_key_mgmt=WPA-PSK WPA-PSK-SHA256 SAE

ieee80211w=1
ieee80211d=1
wmm_enabled=1
ieee80211n=1
ht_capab=[HT40+][LDPC][SHORT-GI-20][SHORT-GI-40][TX-STBC][RX-STBC1][MAX-AMSDU-7935]
ieee80211ax=1
he_su_beamformer=1
he_mu_beamformer=1
he_default_pe_duration=4
he_rts_threshold=1023
he_mu_edca_qos_info_param_count=0
he_mu_edca_qos_info_q_ack=0
he_mu_edca_qos_info_queue_request=0
he_mu_edca_qos_info_txop_request=0
he_mu_edca_ac_be_aifsn=8
he_mu_edca_ac_be_aci=0
he_mu_edca_ac_be_ecwmin=9
he_mu_edca_ac_be_ecwmax=10
he_mu_edca_ac_be_timer=255
he_mu_edca_ac_bk_aifsn=15
he_mu_edca_ac_bk_aci=1
he_mu_edca_ac_bk_ecwmin=9
he_mu_edca_ac_bk_ecwmax=10
he_mu_edca_ac_bk_timer=255
he_mu_edca_ac_vi_ecwmin=5
he_mu_edca_ac_vi_ecwmax=7
he_mu_edca_ac_vi_aifsn=5
he_mu_edca_ac_vi_aci=2
he_mu_edca_ac_vi_timer=255
he_mu_edca_ac_vo_aifsn=5
he_mu_edca_ac_vo_aci=3
he_mu_edca_ac_vo_ecwmin=5
he_mu_edca_ac_vo_ecwmax=7
he_mu_edca_ac_vo_timer=255
  1. 使能同时发射2.4G和5G无线信号
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
# 首先在前面的 /etc/NetworkManager/NetworkManager.conf 配置文件 [keyfile] 中增加 wlan0 来不管理或占用该接口
[keyfile]
unmanaged-devices=interface-name:eth*,except:interface-name:eth0;interface-name:br-lan;interface-name:wlan1,interface-name:wlan0

# 然后关闭 wpa_supplicant 服务。如果无法通过 systemctl 命令来关闭,也可直接移除文件来关闭(不推荐)
sudo rm /usr/lib/systemd/system/wpa_supplicant.service

# 最后拷贝 hostapd 的 service 文件,然后修改其使用的配置文件即可
sudo cp /usr/lib/systemd/system/hostapd.service /usr/lib/systemd/system/hostapd2.service
# 修改该文件如下行的内容:sudo vi /usr/lib/systemd/system/hostapd2.service		
ExecStart=/usr/sbin/hostapd -B -P /run/hostapd2.pid /etc/hostapd/hostapd-24.conf

# 如果网卡没被占用且配置文件正确的话便可启动试试了
 sudo systemctl start hostapd2.service					# 可以尝试启动看是否出错
sudo systemctl enable hostapd2.service					# 正常的话使该服务开机自启

# 注意:停止 hostapd.service 服务将会和 hostapd2.service 服务同时停止
sudo systemctl stop hostapd.service

IPv6相关

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
# 想要获取5G的IPv6地址,先下载编译quectel_cm拨号工具
https://github.com/coolsnowwolf/lede/tree/master/package/wwan/app/quectel_cm_5G/src

# 拷贝编译好的程序
mv quectel-CM /usr/local/bin/
mv quectel-qmi-proxy /usr/local/bin/
mv quectel-atc-proxy /usr/local/bin/
mv quectel-mbim-proxy /usr/local/bin/

# 配置脚本来开机自启,记得修改/etc/network/interfaces中的外网出口由usb0为wwan0
# sudo vi /etc/systemd/system/quectel-cm.service
------------------------------------------------------
[Unit]
Description=Quectel-CM Service
After=network.target
Wants=network.target

[Service]
ExecStop=/bin/kill -s TERM $MAINPID
ExecStart=/usr/local/bin/quectel-CM -s ctnet -4 -6

[Install]
WantedBy=multi-user.target
------------------------------------------------------

# 启动服务和开机自启
sudo systemctl start quectel-cm
sudo systemctl enable quectel-cm


#############################################################################
# 根据以下设置,局域网内的设备可以通过IPv6访问外网,但内网设备获取的不是公网IPv6地址
------------------------------------------------------
# 首先开启内核转发IPv4和IPv6
# sudo vi /etc/sysctl.conf
net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1

------------------------------------------------------
# 将eth1 eth2网卡加入LAN,移动模组wwan0作为WAN的出口
# sudo vi /etc/network/interfaces
auto br-lan
iface br-lan inet static
  address 192.168.1.1
  bridge_ports eth1 eth2
up iptables -t nat -A POSTROUTING -s 192.168.1.1/24 -o wwan0 -j MASQUERADE

iface br-lan inet6 static
  address fd00::1
  netmask 64
up ip6tables -t nat -A POSTROUTING -s fd00::1/64 -o wwan0 -j MASQUERADE

------------------------------------------------------
# sudo vi /etc/dnsmasq.conf ,如下为同时支持DHCPv4 DHCPv6的配置
interface=br-lan
listen-address=::1,127.0.0.1,192.168.1.1
server=223.5.5.5
server=223.6.6.6
server=240C::6666
server=240C::6644
dhcp-range=br-lan,192.168.1.100,192.168.1.249,255.255.255.0,24h
enable-ra
dhcp-range=br-lan,::1,constructor:br-lan,ra-names,24h
------------------------------------------------------

# 提醒:quectel-CM 程序运行时会将获取到的DNS写入 /etc/resolv.conf 中 
# 现在可以去 https://www.test-ipv6.com 或 https://ipw.cn 测试IPv6是否可以访问了

内网穿透

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
# https://github.com/fatedier/frp/releases     v0.56.0
# /usr/bin/frpc -c /etc/frpc.toml
-------------------------------------------------
serverAddr = "x.x.x.x"
serverPort = 7000
auth.token = "xxxx"

loginFailExit = false
log.to = "/var/log/frpc.log"
log.level = "info"
log.maxDays = 1

[redroid]
name = "redroid"
type = "tcp"
localIP = "127.0.0.1"
localPort = 5555
remotePort = 7555

-------------------------------------------------
sudo systemctl start frpc
sudo systemctl enable frpc

sudo vi /etc/systemd/system/frpc.service
-------------------------------------------------
[Unit]
Description=frpc service 
After=network.target syslog.target
Wants=network.target
 
[Service]
Type=simple
ExecStart=/usr/bin/frpc -c /etc/frpc.toml
 
[Install]
WantedBy=multi-user.target

网络共享

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
sudo mkdir /mnt/nvme			# 先挂载NVME硬盘,重启生效
sudo bash -c "echo '/dev/nvme0n1p1 /mnt/nvme ext4 defaults,discard 0 0' >> /etc/fstab"

chmod 0777 /mnt/nvme/share		# 给共享目录开放读写的权限
sudo apt install samba			# 安装后默认就开机自启动了
sudo cp /etc/samba/smb.conf /etc/samba/smb.conf.bak	# 可备份原始Samba 配置文件

# 配置完Samba后还需要添加Samba用户才能访问,否则只能匿名访问
sudo smbpasswd -a leux			# -a 添加一个Samba用户,-x 删除一个Samba用户
sudo smbpasswd -d leux			# -d 禁用一个Samba用户,-e 开启一个Samba用户

# SMB是Samba的核心启动服务,负责建立服务端与客户端间的对话,验证用户身份并提供对文件和打印系统的访问。
sudo systemctl restart smbd.service

# NMB是Samba负责解析的服务,类似DNS实现的功能,可把Linux系统共享的工作组名称或主机名与其IP对应起来。
sudo systemctl restart nmbd.service


# 修改配置文件 /etc/samba/smb.conf 来共享用户家目录和NVME硬盘目录,行开头的 ; 和 # 为注释
[global]
;   interfaces = 192.168.1.1/24 eth0	# 只监听这些网段或接口上的连接,默认空
;   bind interfaces only = yes		# 只绑定到在interfaces选项中指定的接口,默认no

#======================= Share Definitions =======================
[homes]
    comment = Home Directories		# 该目录的描述
    browseable = no			# 是否可以浏览
    read only = no			# 是否仅能只读
    create mask = 0644			# 创建文件权限
    directory mask = 0755		# 创建目录权限
    valid users = %S			# 当前系统的用户名,%S表示所有samba用户

[NVME]
    comment = Intel 760P
    path = /mnt/nvme/share		# 要共享的实际路径
    browseable = yes			# 其他人是否可浏览
    read only = no			# 该共享是否只读(与writable类似)
    create mask = 0644
    directory mask = 0755
    valid users = leux

# 重载后可在Windows上通过 \\192.168.1.1 或 \\h88k 访问该共享目录

翻越长城

  1. 下载安装配置Clash
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
# 安装配置完成后即可在【Windows手动代理:设置 -> 网络和Internet -> 代理 -> 手动设置代理 -> 打开并填入该IP地址和端口】来手动代理
wget https://github.com/MetaCubeX/mihomo/releases/download/v1.19.1/mihomo-linux-arm64-v1.19.1.gz
gzip -d mihomo-linux-arm64-v1.19.1.gz
sudo mv mihomo-linux-arm64-v1.19.1 /usr/local/bin/clash
sudo chmod +x /usr/local/bin/clash

# 创建文件夹,运行 clash 之前需要存在配置文件,否则 clash 无法启动:
mkdir -p /home/leux/.config/clash/
wget -O /home/leux/.config/clash/Country.mmdb https://github.com/Dreamacro/maxmind-geoip/releases/download/20241212/Country.mmdb
cp [你的订阅配置文件] /home/leux/.config/clash/config.yaml

# 下载并拷贝WEB控制界面到指定路径,最后可通过【运行Clash的设备IP地址和端口号】加界面路径访问控制页面:http://192.168.1.1:9090/ui/
# wget https://github.com/MetaCubeX/metacubexd/archive/refs/heads/gh-pages.zip
# unzip gh-pages.zip
# mv metacubexd-gh-pages/ /home/leux/.config/ui/ 

# 执行如下命令段来添加开机自启Clash程序的systemd服务文件:
sudo cat > /etc/systemd/system/clash.service << EOF
[Unit]
Description=Clash Service
After=network.target

[Service]
Type=simple
User=root
ExecStart=/usr/local/bin/clash -d /home/leux/.config/clash/
Restart=on-failure

[Install]
WantedBy=multi-user.target
EOF
  1. 自用Clash配置部分示例,接入的设备可自动翻墙而无需手动设置IP端口代理
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
# 在Linux下使用networking,dnsmasq,hostapd搭建无线路由器能实现LAN下设备无感代理的配置(Fake-IP类型 + TUN模式)
mixed-port: 7890
allow-lan: true
bind-address: '*'
mode: rule
log-level: info
external-controller: '0.0.0.0:9090'
external-ui: "/ui"
dns:
    enable: true
    ipv6: false
    default-nameserver: [223.5.5.5, 119.29.29.29]
    enhanced-mode: fake-ip
    fake-ip-range: 198.18.0.1/16
    use-hosts: true
    nameserver: ['https://doh.pub/dns-query', 'https://dns.alidns.com/dns-query']
    fallback: ['https://doh.dns.sb/dns-query', 'https://dns.cloudflare.com/dns-query', 'https://dns.twnic.tw/dns-query', 'tls://8.8.4.4:853']
    fallback-filter: { geoip: true, ipcidr: [240.0.0.0/4, 0.0.0.0/32] }
tun:
    enable: true
    stack: system
    auto-route: true
    auto-redir: true
    auto-detect-interface: true
proxies:
......
proxy-groups:
......
rules:
......

配置Docker

  1. 安装Docker
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
# 安装需要用到的软件
sudo apt update && sudo apt install ca-certificates curl gnupg

# 卸载自带的旧版本
sudo apt remove docker.io docker-doc docker-compose podman-docker containerd runc

# 请选择从【国外官方仓库】还是【国内中科大源】下载
# DOCKER_URL=https://download.docker.com/linux/debian
# DOCKER_URL=https://mirrors.ustc.edu.cn/docker-ce/linux/debian

# 添加Docker仓库密钥
curl -fsSL $DOCKER_URL/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg

# 添加Docker软件源
echo \
  "deb [arch="$(dpkg --print-architecture)" signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] $DOCKER_URL \
  "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \
  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

# 安装最新的Docker
sudo apt update
sudo apt install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
  1. 以非root用户身份管理Docker(可选)
1
2
3
4
5
6
7
8
9
10
11
# 创建docker组并将您的用户添加到组中
sudo groupadd docker
sudo usermod -aG docker $USER

# 将Docker配置为开机自启
sudo systemctl enable docker
sudo systemctl enable containerd

# 停止Docker开机自启
sudo systemctl disable docker.service
sudo systemctl disable containerd.service
  1. 更改Docker的数据储存路径
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
# 挂载NVME硬盘,重启生效
sudo mkdir /mnt/nvme
sudo bash -c "echo '/dev/nvme0n1p1 /mnt/nvme ext4 defaults,discard 0 0' >> /etc/fstab"

# 先查看默认的数据储存路径
$ sudo docker info
......
Docker Root Dir: /var/lib/docker

# 修改镜像加速地址和数据储存路径
$ sudo vi /etc/docker/daemon.json
------------------------------------------------------
{
  "registry-mirrors": [
    "http://hub-mirror.c.163.com",
    "https://mirror.baidubce.com",
    "https://docker.nju.edu.cn",
    "https://docker.mirrors.sjtug.sjtu.edu.cn"
  ],
  "data-root": "/mnt/nvme/docker"
}
------------------------------------------------------

# 重新启动Docker服务使配置生效
sudo systemctl restart docker
  1. 运行Redroid镜像并启用GPU加速(注意:GPU加速仅限BSP内核 5.10.160)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
# 运行大佬分享的支持GPU加速的Redroid镜像,并使其开机自启
# https://github.com/CNflysky/redroid-rk3588/blob/main/README_zh.md
# https://github.com/redroid-rockchip/.github/blob/main/profile/README.md
sudo docker run -d --privileged --name redroid --restart=always \
-p 5555:5555 -v /mnt/nvme/data:/data cnflysky/redroid-rk3588:12.0.0-latest \
androidboot.redroid_height=1920 androidboot.redroid_width=1080 \
androidboot.redroid_fps=30 androidboot.redroid_magisk=1 \
androidboot.redroid_fake_wifi=1 androidboot.redroid_fake_wifi_ssid=CMCC

# 后期可以如下启动该镜像
sudo docker start redroid

# 通过adb连接或者使用scrcpy投屏
adb connect 192.168.1.1:5555
scrcpy --tcpip=192.168.1.1:5555 --video-codec=h265 --video-encoder='c2.rk.hevc.encoder'

# 查看日志
docker exec redroid logcat -d		# 查看日志
docker exec redroid logcat -c		# 清理日志

# 查看容器信息
sudo docker container ls

# 取消其的自启动
sudo docker update --restart=no c8265b42def3

# 设置其为自启动
sudo docker update --restart=always redroid

其他优化

  1. 禁止掉debian默认休眠,或者在gnome设置中关闭电源之类 mask禁用 unmask启用

sudo systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.target

  1. 增加中文支持,先执行下面命令选 zh_CN.UTF-8 en_US.UTF-8 ,然后在GNOME设置区域里调为中文

sudo apt install locales && sudo dpkg-reconfigure locales

  1. 执行下面命令可更改主机名,改后最好再手动改下 /etc/hosts 里的主机名

sudo hostnamectl set-hostname h88k

  1. 设置中国时间

sudo timedatectl set-timezone Asia/Shanghai

  1. 更换中国源
1
2
3
4
5
6
# 本条是Debian替换源的
sudo sed -i 's/deb.debian.org/mirrors.ustc.edu.cn/g' /etc/apt/sources.list
sudo sed -i 's|security.debian.org|mirrors.ustc.edu.cn/debian-security|g' /etc/apt/sources.list

# 这条是Ubuntu Arm64替换源的
sudo sed -i 's/ports.ubuntu.com/mirrors.ustc.edu.cn\/ubuntu-ports/g' /etc/apt/sources.list
  1. 有时候电脑网线已连接LAN口的情况下重启,可能会遇到电脑获取不到IP的情况,重新插拔网线即可解决