Ivan Rakanskiy

My experience on Orange Pi Zero 2

Nov 14, 2021

Back in the day I stick to Ubuntu Focal stable/legacy image, with 4.9.170-sun50iw9 kernel.

The few issues I faced and resolved:

UFW enabling issue

On ufw enable thow away an error:

[email protected]:~# ufw enable
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
ERROR: problem running ufw-init
iptables-restore v1.8.4 (legacy): unknown option "--log-prefix"
Error occurred at line: 24
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
ip6tables-restore v1.8.4 (legacy): unknown option "--log-prefix"
Error occurred at line: 24
Try `ip6tables-restore -h' or 'ip6tables-restore --help' for more information.

Problem running '/etc/ufw/user.rules'
Problem running '/etc/ufw/user6.rules'

If you don't need loging, you could stick  with workarround: ufw logging off:

[email protected]:~# ufw logging off
Logging disabled
[email protected]:~# ufw enable
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup

No kernel headers package in the repository

To build Wireguard kernel module dkms require kernel headers which doesnt come in image and not availible in the repository.
You need to use orangepi-build to compile kernel and headers packages.

Repository within People's Republic of China

Repository with packages on some People's Republic of China university mirror, which became unavailabile because I used Tor and got banned by Great Firewall of China.
To resolve that issue I setuped reverse proxy to the mirror, on VPS with is not banned by GFW.
Here's an snipped from Nginx configuration:

    location /ubuntu-ports {
        root /var/repo_mirror/index_data;
        try_files $uri @ubuntu-ports;
    }
    location @ubuntu-ports {
        proxy_pass http://mirrors.tuna.tsinghua.edu.cn;
        proxy_set_header Host mirrors.tuna.tsinghua.edu.cn;
        proxy_cache_valid 200 1d;
        proxy_cache repository_cache;
        proxy_cache_use_stale error timeout invalid_header updating;
        proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
    }

UPD Now at November 2021 avalible image with kernel 5.13.0-sun50iw9 which has built-in Wireguard, so you don't need to build it as module.

Ivan Rakanskiy