Sunday 27 October 2013

New setup for my raspberry pi

As I described in an earlier post, I have an raspberry pi, which I was running a vpn service, ssh and mumble on. This was working for roughly half a year, though Arch Linux somehow stopped working after not updating properly.

I tried to reinstall everything, though since Arch Linux does not work with BerryBoot I guess it was no surprise.

There has been an update to Debian, so I decided to do the easier step of installing Debian using BerryBoot (over vnc as described in my last post), which worked perfectly.

I could then connect to the server via ssh, user pi, password raspberry.
Change the password with passwd when you have logged in.
Setting up mumble was easily done by
sudo apt-get update
sudo apt-get upgrade
sudo apt-get install mumble-server
sudo dpkg-reconfigure mumble-server
sudo iptables -I INPUT -p tcp --dport 64738 -j ACCEPT
sudo iptables -I INPUT -p udp --dport 64738 -j ACCEPT
sudo iptables-save > /etc/iptables/iptables.rules

Remember to forward traffic on port 64738 through your router. The server can be administrated thorough mumble client by setting user name to SuperUser and using the password set above in the reconfigure.
Then I set up the VPN server according to the description from Debian, though with a different config file.
port 1194
proto udp
dev tun
ca      /etc/openvpn/easy-rsa/keys/ca.crt    # generated keys
cert    /etc/openvpn/easy-rsa/keys/server.crt
key     /etc/openvpn/easy-rsa/keys/server.key  # keep secret
dh      /etc/openvpn/easy-rsa/keys/dh2048.pem # I used 2048 bit key
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS routerIP" # Put your router IP in here
server 10.9.8.0 255.255.255.0  # internal tun0 connection IP
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo         # Compression - must be turned on at both end
persist-key
persist-tun
user nobody
group nogroup
status log/openvpn-status.log
verb 3  # verbose mode
client-to-client
Remember to also do forwarding of the VPN trafic.
In addition  the router needs to forward port 1194 (UDP) to the raspberry pi.

If you want to access the vpn server on your android phone you need to generate the key with
./build-key-pkcs12 keyname
From /etc/openvpn/easy-rsa
The resulting keyname.p12 file contains the key and certificate and is the only file you need to transfer to your phone. See this page.


Now you hopefully have a working server.
Posted by at
Labels: , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)