Ethernet-over-USB network

Basic configuration

Specifically to V2+. When combined with configuring a DNS server, FTP, or SMB (for example), this is a powerful way to extend the capabilities of PiKVM.

USB limitations

TL;DR: By default, you can add only one additional device to choose from, such as USB Ethernet, or USB Serial, or an extra Mass Storage Drive.

There is a hardware limit on the number of devices that can be emulated at the same time. Each USB device uses so-called endpoints to communicate with the host. Depending on the type, the device consumes a different number of endpoints, while their total number is limited by the capabilities of the chip, for Raspberry Pi it is 8.

It is quite difficult to calculate the number of endpoints used, but in the case of PiKVM, you can focus on the following numbers:

Device	Endpoints
Keyboard, mouse	1 for each
Mass Storage Drive	2 for each
USB Ethernet, USB Serial	3 for each

V2 and V3 emulates one mouse by default, V4 emulates two mouses. Thus, V2 and V3 use 4 endpoints, and V4 uses 5 by default.

Creating an axtra Mass Storage Drive consumes additional endpoints, as well as USB Serial and USB Ethernet, so only a limited number of devices can be selected for the final configuration, for example, one USB Ethernet.

If you need something more non-standard, you can disable the regular Mass Storage Drive and the additional mouse (on V4) to free up some extra endpoints.

The kvmd-otg service is responsible for setting up USB emulation. If the endpoint limit is exceeded, the service will not be able to start and no emulated USB device will work.

In the log it looks something like this:

# journalctl -u kvmd-otg
...
kvmd-otg[382]: kvmd.apps.otg                     INFO --- ===== Preparing complete =====
kvmd-otg[382]: kvmd.apps.otg                     INFO --- Enabling the gadget ...
kvmd-otg[382]: kvmd.apps.otg                     INFO --- WRITE --- /sys/kernel/config/usb_gadget/kvmd/UDC
kvmd-otg[382]: OSError: [Errno 524] Unknown error 524
kvmd-otg[382]: During handling of the above exception, another exception occurred:
kvmd-otg[382]: Traceback (most recent call last):
kvmd-otg[382]:   File "/usr/bin/kvmd-otg", line 9, in <module>
kvmd-otg[382]:     main()
kvmd-otg[382]:   File "/usr/lib/python3.10/site-packages/kvmd/apps/otg/__init__.py", line 348, in main
kvmd-otg[382]:     options.cmd(config)
kvmd-otg[382]:   File "/usr/lib/python3.10/site-packages/kvmd/apps/otg/__init__.py", line 278, in _cmd_start
kvmd-otg[382]:     _write(join(gadget_path, "UDC"), udc)
kvmd-otg[382]:   File "/usr/lib/python3.10/site-packages/kvmd/apps/otg/__init__.py", line 83, in _write
kvmd-otg[382]:     with open(path, "w") as file:
kvmd-otg[382]: OSError: [Errno 524] Unknown error 524
systemd[1]: kvmd-otg.service: Main process exited, code=exited, status=1/FAILURE
systemd[1]: kvmd-otg.service: Failed with result 'exit-code'.
systemd[1]: Failed to start PiKVM - OTG setup.

In this case, you need to disable some of the previously enabled devices and restart PiKVM.

1. Edit /etc/kvmd/override.yaml and add these lines:

   otg:
       devices:
           ethernet:
               enabled: true
               driver: ecm
               host_mac: 48:6f:73:74:50:43
               kvm_mac: 42:61:64:55:53:42
   

   The host_mac address will be used on the server's network interface. The kvm_mac means the address that will be assigned to the local interface on the PiKVM. The KVM interface will be called usb0network interface. If the host_mac or kvm_mac is not specified, a random value will be used. The driver parameter means the protocol that will be used for the USB network. The default value is ecm so it can be passed it this example. Other possible values are eem, ncm, rndis and rndis5.

   Driver compatibility:

   Driver	Operating System
   ecm	Linux macOS
   eem	Linux
   rndis5	Windows XP to Windows 71 Linux > 2.6.13
   rndis	Windows 7 and later2 Linux > 2.6.13
   ncm	Windows 10 and later Linux > 2.6.37 macOS

   1: Manual driver installation is required. Download RNDIS 5 Windows
   2: Automatic driver installation since kvmd-3.53

2. To automatically configure the USB network on the server recommended using the service kvmd-otgnet. It configures the firewall, assigns an address to the local PiKVM interface usb0 and starts DHCP so the managed server can get the IPv4 address. By default, the address 172.30.30.0/24 to interface usb0 will be assigned. One of the other addresses from the network 172.30.30.0/24 will be assigned to the server when it requests it via DHCP. For security reasons, all incoming connections from the server to the PiKVM side are blocked (except for ICMP and UDP port 67 which is used for DHCP). If you want to allow access from the server to the PiKVM interface, then you need to add ports 80 and 443 to the whitelist using /etc/kvmd/override.yaml file like this:

   otgnet:
       firewall:
           allow_tcp: [80, 443]
   

   To view other available configuration parameters, use the command kvmd -m.

3. To enable the service, use the command systemctl enable kvmd-otgnet.

4. Perform reboot.

Routing via PiKVM

By default, kvmd-otgnet will configure network connection between PiKVM and the server host only. The server host will not be able to reach other hosts beyond PiKVM. If the full network access is required from the server host through the USB-Ethernet feature (access all hosts PiKVM can access), additional settings are needed in /etc/kvmd/override.yaml.

1. Run echo "net.ipv4.ip_forward = 1" > /etc/sysctl.d/99-kvmd-extra.conf.

2. Add network interface to forward requests to (default gateway) by adding a line forward_iface: <interface name> under firewall:. Typically it would be eth0 if the built-in ethernet port is used::

   otgnet:
       firewall:
           forward_iface: eth0
   

3. Add DNS server to provide host name resolution service. For example, adding 8.8.8.8 as DNS server requires addition of dnsmasq dhcp options. This can be done by adding following lines to /etc/kvmd/override.yaml:

   otgnet:
       commands:
           post_start_cmd_append:
           - "--dhcp-option=6,8.8.8.8"
   

4. Combining above two together::

   otgnet:
       firewall:
           forward_iface: eth0
       commands:
           post_start_cmd_append:
           - "--dhcp-option=6,8.8.8.8"
   

   5. To enable internet access for the server host, add the following to the otgnet configuration::

    otgnet:
       iface:
           net: 10.65.0.0/28
   

   The 'net' parameter defines the network address range of the usb0 network. The server host will automatically receive an IP address within this network including the DNS servers defined under 'post_start_cmd_append'. Note: This network should not be same as the network PiKVM is connected to.

5. Don't forget to reboot.

An example of what the config would look like for a server host that can access PiKVM and has internet access:

otgnet:
    firewall:
        allow_tcp: [80, 443]
        forward_iface: wlan0
    commands:
        post_start_cmd_append:
            - "--dhcp-option=6,1.1.1.1,1.0.0.1"
    iface:
        ip_cmd:
            - /usr/bin/ip
        net: 10.65.0.0/28

Working with Windows Computers

This has been proven to work with Windows:

1. Set the driver type to rndis (see above).

2. Download this driver on the Windows machine and unzip it somewhere.

3. Open the devices manager:
   

4. Select Properties of the Composite KVM Device:
   

5. Select the RNDIS Device and click properties:
   

6. Switch to the Driver tab and then click Update driver.

7. Click Browse my computer for driver software:
   

8. Click Let me pick from a list of available drivers on my Computer:
   

9. From the list of available hardware types, scroll down and select Network adapters, then click Next:
   

10. Click Have disk:
    

11. Click Browse, navigate to the folder where you've stored the driver and select the RNDIS.inf, press Open and then OK:
    

12. Select Acer Netchip RNDIS/Ethernet Gadget and click Next:
    

13. Dismiss the warning about non-compatible drivers by clicking Yes:
    

14. You're done - the device should now be recognized:
    

15. Verify the card is working by pinging your PiKVM in a console: ping 172.30.30.1: