Banana Pi Router(?) R1

Just got a Banana Pi Router R1 that I *nearly/half-way* turned into WiFi router. Here follows my notes about how, what and to which degree.

Banana Pi Router R1 is a first version of Banana-Pi board that has 5x ethernet ports and WiFi with external connectors for the antenas. There is already R2 version out there, but R1 is cheaper and I found an aluminium case for it and I thought the older version would also be better "battle" tested and supported. It turned out the newest Armbian doesn't work so well with it and it is coming to end-of-life. The hdmi did just out-of-sync on the screen and network-split-switch funtionality also did not work out-of-the-box with it. Wanted to try to install Debian from www.debian.org, but that option requires a serial cable which I do not have. SD-card image from banana-pi.org basically worked, but needed to lock-down upgrades of kernel&tools.

Network device of Banana Pi R1 is Broadcom BCM53125 which is single chip that through configuration allows isolating ports and creating the classical scenario of 4-port LAN switch and 1-port WAN interface. This leads to a little security problem / flaw / window of opportunity. The thing is that before this chip is configured the default state of operation is a simple 5-port switch. Which means that during boot or in case something goes wrong and OS fails to configure it, all of the LAN devices end-up being connected via switch to the WAN. There can be a DHCP server there too and devices could end-up getting public IP addresses. Tested this be interrupting the boot process. Even during normal boot there are 10-15s when all 5 ports are in a switch mode. According to forum this auto switching mode on start-up can be disabled by soldering 2k2 resistor on the board. Will try that once I get this 0402 smd resistor (the smalles size → will be difficult to solder).

The original WiFi module RTL8192cu used in BP-R1 has a stability problems in AP mode and therefor is usable only as client... There are people who desoldered it and replaced with MT5572. Will need at least hot air gun to do so and additional 14€ for the new module.

My plan was to use an old sata SSD disk, but it turned out that the device boots from SD-card only.

Anyway after couple of days of trial and error here's what worked to have a half-way functional (insecure, with slow/broken WiFi) router out of this hardware:

  • http://www.banana-pi.org/downloadall.html → BPI-R1 → Images → http://wiki.banana-pi.org/Banana_Pi_BPI-R1#Image_Release → Debian u-boot-2016.07, kernel 4.6.5 → image name: 2016-08-04-Armbian_5.17_Lamobo-r1_Debian_jessie_4.6.5_desktop-build-by-bpi-r1.img.zip google drive download : https://drive.google.com/file/d/0B_YnvHgh2rwjV3I5RlpwdmZHYWs/view?usp=sharing
  • ^^^ it's a full SD-card image with auto-login X session
  • following files then needs to be overwritten:
    ├── etc
    │   ├── apt
    │   │   └── preferences.d
    │   │       └── 10-linux-image-next-sunxi.pref
    │   ├── default
    │   │   ├── hostapd
    │   │   └── isc-dhcp-server
    │   ├── dhcp
    │   │   └── dhcpd.conf
    │   ├── firewall
    │   ├── hostapd.conf
    │   ├── hostname
    │   ├── network
    │   │   └── interfaces
    │   ├── screenrc
    │   ├── ssh
    │   │   └── sshd_config
    │   └── timezone
    └── root
        └── .ssh
            └── authorized_keys
    11 directories, 14 files
    • files that can be used as they are:
      • etc/apt/preferences.d/10-linux-image-next-sunxi.pref → pin the 5.17 arbian tools and kernel, those are working and shall not be upgraded
      • etc/default/hostapd → to enable hostapd to start
      • etc/default/isc-dhcp-server → to enable dhcpd server to start and set interface to br0
      • etc/dhcp/dhcpd.conf → dhcpd server config with leases pool, dns servers
      • etc/firewall → iptables firewall with nat, ssh and ping allowed from WAN
      • etc/network/interfaces → eth0.101 as WAN with dhcp and NAT firewall, the rest of port as eth.102 + wlan0 in br0 bridge
      • etc/screenrc → startup_message off && vbell off
      • etc/ssh/sshd_config → PasswordAuthentication no
    • files that needs to be edited:
      • etc/hostname → a place for your creativity
      • root/.ssh/authorized_keys → add here your ssh key so that you can log-in (ssh password authentication is off)
      • etc/timezone → Europe/Vienna
      • etc/hostapd.conf → wlan0 in AP mode with ssid FIXME and passphrase CHANGE_ME
    • here all those files as tarball. Just copy/overwrite those into the root system and edit/adjust the ones mentioned above.

Update 23.4.2019:

Days passed and I got an email from Robert who sent me a link with Ubuntu Server Release 2018-07-28 and a note that the original WiFi card is working in AP mode with it. And it in deed works. Here's lsmod & friends:

root@bpi-iot-ros-ai:~# lsmod
Module                  Size  Used by
sunxi_ir                4240  0
cpufreq_userspace       3816  0
ov5640                 17661  0
mali_drm                3194  0
drm                   235242  1 mali_drm
mali                  144658  0
ump                    66205  1 mali
bridge                 87455  0
stp                     2182  1 bridge
llc                     5941  2 stp,bridge
8192cu                754741  0
spidev                  6789  0
root@bpi-iot-ros-ai:~# uname -a
Linux bpi-iot-ros-ai 3.4.112-BPI-M1-Kernel #1 SMP PREEMPT Wed Jul 25 18:55:12 CST 2018 armv7l armv7l armv7l GNU/Linux
root@bpi-iot-ros-ai:~# lsusb | grep WLAN
Bus 003 Device 002: ID 0bda:8178 Realtek Semiconductor Corp. RTL8192CU 802.11n WLAN Adapter
root@bpi-iot-ros-ai:~# iwconfig wlx10a4be6e1114
wlx10a4be6e1114  IEEE 802.11bgn  ESSID:"jj2"  Nickname:"<WIFI@REALTEK>"
          Mode:Master  Frequency:2.442 GHz  Access Point: 10:A4:BE:6E:11:14
          Bit Rate:130 Mb/s   Sensitivity:0/0
          Retry:off   RTS thr:off   Fragment thr:off
          Encryption key:off
          Power Management:off
          Link Quality=0/100  Signal level=-95 dBm  Noise level=0 dBm
          Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
          Tx excessive retries:0  Invalid misc:0   Missed beacon:0


  • the ssh-keys on that Ubuntu image are already generated and so unless forced everyone ends up with the same ones.
  • both "root" and "pi" users have "bananapi" as password, to prevent being "hacked" it better be changed for both.
  • hdmi monitor did not work
  • after `apt-get update && apt-get dist-upgrade` ssh-server will not start; having not working hdmi doesn't help the situation much