I have run ipfire for a while on an Raspberry Pi 3 with an extra usb - ethernet adapter (Delock 62966) in a red-orange-green setup behind a fritzbox router. Some weeks ago I did an update of ipfire from 139 to 141. All went fine but after a while, the network stops working. other pcs where not able to connect anymore, for a reason, I does not know.
So after some tests I had the idea, that my sd-card may be damaged and did a fresh install of 141 and restored settings from an backup.
I could step through the setup and did manage to connect to the web interface via the green interface. But still was not able to connect to the internet.
So I rebooted the system this morning and now are not able to connect to the web interface as well. The PCs are not able to establish any connection to ipfire. In dmesg I see some errors but am not Linux scilled enough to understand. Maybe one could help! It is not a hardware defect, because when I run raspbian on it, I could connect with the Delock interface to the router and there are no erros displayed with dmesg.
Looks like a DNS issue. Restarting unbound often fixes it, if only for an interim period. From a console:
It’s really magic and I am not able to explain. This evening, about 1 hour ago, I started testing again . I had the idea to use tcpdump on my pc (Ubuntu 18.04) to observ, what goes on when trying to connect to the green interface.
To my surprise I saw a normal connection and got an IP address of the range, the dhcp server should give (192…). So I went ahead with testing and could see, that everything is working. So can the problem lay on the pc and not on ipfire? But why was it possible to get an IP from the router (range of 172…) but when plug in to the green ipfire interface not?
To my further surprise, the dmesg now as well has this part that I posted yesterday an on the Log summary there is a warning:
WARNING: Kernel Errors Present
WARNING: CPU: 0 PID: 0 at net/sched/sch_generic. …: 5 Time(s)
dwc2 3f980000.usb: DWC OTG HCD URB Enqueue failed adding QTD. Error status -28 …: 1 Time(s)
smsc95xx 1-1.1:1.0 eth0: Error reading MII_ACCE …: 2 Time(s)
My findings in the web are, that this error was a bug on raspberry that is fixed since some years know. Does ipfire work with old Raspi code? I guess not.
So does anyone have an idea?
it’s me again and I just found a post, where an error is described, that looks a lot like mine and that is well analyzed. The only difference to my error is, that my kernel version is 4.14.154 and not 4.19…
2 usb ethernet adapters: cable plug-in causes kernel-4.19.x to crash
I will go on and look for a solution in that post and give it a try. It might take some time since I post here again, because the crash has not happened very often jet.
Any input here still welcome.
If you want to use USB-Ethernet adapter on Raspberry Pi, particularly with more than one such adapter, then the only reliable way is to connect all via an externally powered USB hub. Raspberry Pi have very low current capacity to USB.
thanks for your advice. Yes, you are right, the current capacity is not very big. The Delock adapter I use have a current of about 180 - 320 mA Delock Germany told me. When the Raspberry starts, I can observe the little lightning sign in the top right corner only for a short time. 320 mA is not too much for the raspberry 3, I think. The Delock adapter also has a 5V power plug so I added power over this as well. I than can see, that the lighning singn is not showing.
The problem here ist not power consumtion. The problem is memory management in the network stack as you can read in the post i linked further above.
I gave the solution, to add the parameter “coherent_pool=4M” to /boot/cmdline.txt, a try, but without luck.
Problem for me now is to decide: Should I try with the newest ipfire version, should I buy a raspberry 4, should i give an other arm platform a try or should I stop here and change to a bigger Intel based hardware with its security problems?
Any advice here?
I’m not well acquainted with Raspberry Pi - stopped using after the 1B. There is still no sign of IPFire working on RPi 4. Have you put a USB power meter on your RPi 3 ? That would inform whether or not you are saving much compared with a mini-PC x86_64 - the latter could readily deploy much more than 1 GB RAM.
Appropriate mini-PC depends on what Internet speed you have and what services you run. I have a vpopn K1, wirh 4 GB RAM, that runs IPS comfortably on my 12 Mb/s link. It avoids 11 of the 14 CPU vulnerabilities by not having Intel. It costs about the same as a RPi 4 with 4GB RAM plus aluminium case - and does not have a fan to wear out.
Perforance comparison with RPi is difficult because, unfortunnately, ARM are not listed in https://www.cpubenchmark.net/, but the K1 might match the top-of-the-line RPi 4 that has 4 GB RAM.
thanks. So, what is a vpopn K1? I did not find in in the web.
It might be available only on aliexpress.com, under category “mini pc” - multiple vendors are selling it or a facsimile of it. It’s an A6-1450 (quad- core, 1.4 GHz), mini-pc, in finned aluminium case.
I see, what you mean. May be, I give it a try. At the moment I will try it with an old ZBOX-AD02 I have. Just to see if it works on a x86_64 platform.