New setup for my raspberry pi

As I described in an earlier post, I have an raspberry pi, which I was running a vpn service, ssh and mumble on. This was working for roughly half a year, though Arch Linux somehow stopped working after not updating properly.

I tried to reinstall everything, though since Arch Linux does not work with BerryBoot I guess it was no surprise.

There has been an update to Debian, so I decided to do the easier step of installing Debian using BerryBoot (over vnc as described in my last post), which worked perfectly.

I could then connect to the server via ssh, user pi, password raspberry.
Change the password with passwd when you have logged in.
Setting up mumble was easily done by
sudo apt-get update
sudo apt-get upgrade
sudo apt-get install mumble-server
sudo dpkg-reconfigure mumble-server
sudo iptables -I INPUT -p tcp --dport 64738 -j ACCEPT
sudo iptables -I INPUT -p udp --dport 64738 -j ACCEPT
sudo iptables-save > /etc/iptables/iptables.rules

Remember to forward traffic on port 64738 through your router. The server can be administrated thorough mumble client by setting user name to SuperUser and using the password set above in the reconfigure.
Then I set up the VPN server according to the description from Debian, though with a different config file.
port 1194
proto udp
dev tun
ca      /etc/openvpn/easy-rsa/keys/ca.crt    # generated keys
cert    /etc/openvpn/easy-rsa/keys/server.crt
key     /etc/openvpn/easy-rsa/keys/server.key  # keep secret
dh      /etc/openvpn/easy-rsa/keys/dh2048.pem # I used 2048 bit key
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS routerIP" # Put your router IP in here
server 10.9.8.0 255.255.255.0  # internal tun0 connection IP
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo         # Compression - must be turned on at both end
persist-key
persist-tun
user nobody
group nogroup
status log/openvpn-status.log
verb 3  # verbose mode
client-to-client
Remember to also do forwarding of the VPN trafic.
In addition  the router needs to forward port 1194 (UDP) to the raspberry pi.

If you want to access the vpn server on your android phone you need to generate the key with
./build-key-pkcs12 keyname
From /etc/openvpn/easy-rsa
The resulting keyname.p12 file contains the key and certificate and is the only file you need to transfer to your phone. See this page.


Now you hopefully have a working server.

Not working anymore: My first post is about .... My new Raspberry PI setup, running OpenVPN, ssh and murmur (mumble server)

 This will be my first blog post ever :O, so bear with me in this experiment.

I bought a Raspberry PI a year ago, though it took me nearly 8 months to start it for the first time.

My current setup is what one would call, unnecessary complicated.
Due to the lack of a 4 GB SD card I decided to install the OS on a 4GB USB stick and use a 512 MB SD  card. Also I don't want to connect it to a screen, so I decided to install BerryBoot on the SD card and enable vnc remote management (with the router handing out a static IP) headless BerryBoot.

This worked very well, and allowed me to install Debian on the USB stick.

I got Debian running with remote login via ssh and murmur. Though it didn't want to upgrade properly and I couldn't get openvpn to work properly.

Therefore I deleted the Debian installation and installed Arch Linux through Berryboot (image from http://archlinuxarm.org/platforms/armv6/raspberry-pi), using these instructions which in short and updated are:

sudo kpartx -av archlinux-hf-2013-07-22.img
sudo mount /dev/mapper/loop0p5 /mnt
cd /mnt
sudo rm lib
sudo mv usr/lib lib
cd usr
sudo ln -s ../lib lib
cd /tmp
sudo mksquashfs /mnt Arch_Linux.img240 -comp lzo -e lib/modules

sudo umount /mnt 

sudo kpartx -d /dev/loop0

I made the Arch_Linux.img240 image on my Linux Mint system and copied it to a different USB stick, such that I could use the custom operating system in BerryBoot option.

This worked perfectly and I now had a system running Arch Linux.
I got rid of the root user, and added a normal user with access to run sudo.

Now I went ahead and installed murmur (mumble server) which runs, though it gives a warning at startup related to the qt4 package:

Unable to load library icui18n "Cannot load library icui18n: (icui18n: cannot open shared object file: No such file or directory)"

In order to get it to work with openvpn, iptables needs to be configured:

sudo iptables -I INPUT -p tcp --dport 64738 -j ACCEPT
sudo iptables -I INPUT -p udp --dport 64738 -j ACCEPT
sudo iptables-save > /etc/iptables/iptables.rules

The last line is to save the rules such that they are persistent on reboot.

Openvpn was set up according to NyxBox – OpenVPN Server on Raspberry Pi