Category: Server

OpenVPN on a Raspberry Pi

by Jesper van TolDIY / Server1 Comment on OpenVPN on a Raspberry Pi

My parents and I, who come from the Netherlands, have recently bought a cabin in Norway. We have a lot of wishes and ideas for this cabin, but one of the first projects I started on right after we signed the contract was the setup of a VPN server on a Raspberry Pi. The goal is to have any device connecting to the WiFi in the cabin appearing to be in the Netherlands, so that my parents can ‘work from home’ from the cabin and can stream Dutch TV and Dutch Netflix. For this to work, we need a router that can act as a VPN Client and a VPN Server to connect to.

By having the router connecting to the VPN Server, any device that connects to the router will also be connected via the same tunnel to the internet. By installing the VPN server on a Raspberry Pi, I can just ship a readily installed unit to the Netherlands with minimal setup steps for my parents while they remain 100% in control of their VPN endpoint. This is important to ensure that for example Netflix will not block their stream, as any data appears to come from their own home instead of a (known) VPN provider.

For this project we use the following components:

I recently bought an Asus RT-AC66U B1 router, which I know can act as a VPN Client. The Asus 4G-AC68U is a model from the same product line, which also includes a 4G simcard slot.

Software-wise, we only need only a handful of services/programs:

  • The latest Raspbian Lite
  • PiVPN
  • A Dynamic DNS provider, I’m using Google Domains
  • ddclient

Setup

The first step is obviously to flash Raspbian on an SD-card and shuf it into the Raspberry. I’m using Raspbian Lite since we know exactly which software packages we are going to use, and any dependencies will be installed with them. This will keep the overall system performance as high as possible.

After setting up Raspbian, we use SSH to log in as root and install PiVPN. PiVPN will install either OpenVPN or WireGuard, in our case OpenVPN as this is also supported in the Asus router. I have set up the IP configuration to be dynamic, so it can adapt to the setup in my parent’s house once it arrives in the post. Other than that I’ve used the standard settings, obviously choosing the right DNS Provider (Google Domains). I had also set up a Dynamic DNS entry in Google Domains prior to the Raspberry Pi installation, which will be used for this VPN setup.

Dynamic IP lookup

Since I don’t know the public IP address of my parents house (and they might have a dynamic IP address that changes every once in a while), one can use Dynamic DNS. Basically, Dynamic DNS checks the current public IP address of the host and sends this to a pre-configured DNS provider. The provider matches the IP address, for example 185.176.244.205, to a subdomain name, for example cloud.jessendelft.org. This way, anytime a device tries to find cloud.jessendelft.org they only have to ask the DNS provider, which will then provide them with the correct public IP address. To achieve this on the Raspberry Pi we can use ddclient. ddclient only needs to know a few basic parameters such as the login credentials of the DNS provider and does the rest by itself. It runs as a deamon in the background, automatically checking and updating the current public IP address in the DNS register.

I generated two OpenVPN configuration files which can be uploaded to VPN Clients and allows them to connect to the server, one for the Asus router and one for my private PC so I can test & debug the entire setup. These configuration files include instructions to use one of my subdomains to find the current public IP address of the OpenVPN Server in the Netherlands. This keeps the setup easy and flexible.

Lastly, I entered the Wi-Fi credentials of my parents house in a file called ‘wpa-supplicant.conf’ and placed this in the /boot/ folder of the Raspberry Pi, so they can use it both in wired and wireless mode. After running a few tests it was then ready to send it in the post, and hope that all works! I also included a guide for my father to set up the required port forwarding in his router in the Netherlands, so the VPN Server can be found from the internet.

Testing the setup

When the Raspberry Pi had arrived in the Netherlands it was time to put it to the test. We forwarded the required port in the router, gave it a static local IP address and attempted to connect from Norway.

Connecting was successful!
However, the test-pc did not have internet access.

The VPN Server in its natural habitat.

Some debugging later revealed that the ethernet port did not have the default eth0 name, but something more tropical. Changing the name of the ethernet port in the configuration (iptables) fixed the problem and allowed internet access through the VPN tunnel. Hooray!

Lastly we installed Log2Ram, which limits the logging done to the SD-card to extend the lifetime of the system. SD-cards can get corrupted when written too often to, so in order to limit the amount of write cycles Log2Ram will save all logs in RAM memory and only once a day write the entire logfiles to the SD-card.

A reboot to make sure everything works and it was finally time to check the speed of the connection!

Speedtest over 4G

Honestly, this is 10x as high as expected when we started on this project so we’re certainly very happy about this! This will allow my parents to comfortably travel to their cabin and use the internet, while they appear to be in the Netherlands.

Playing with Grafana & InfluxDB

by Jesper van TolDIY / ServerLeave a Comment on Playing with Grafana & InfluxDB

In my search for a way to display the data being collected by Homey I often have seen Grafana as an option. Grafana is a tool to visualize data in graphs, gauges, tables, etc. It reads data from a database, is very responsive and easy to work with. As a bonus, FreeNAS offers a community plug-in which has both Grafana and InfluxDB installed and ready to go, so I could easily set up a jail to try it out.

Homey by itself does not log any data. To have it upload its variables to the InfluxDB database I just had to install the InfluxDB App, fill in the IP address of the Grafana jail & credentials of the database, et voila! From the Grafana interface I started seeing the potential Query fields being populated with all the data that Homey had to offer. Not much time after that, I had my first Dashboard populated with energy measurements, real-time power consumption and temperature data from different rooms in the house. With a little more playing around this Dasboard was shown as an iframe on my Magic Mirror.

Grafana dashboard shown as an iframe on the Magic Mirror

After doing this I realized that FreeNAS is also a great source of data (CPU usage, network & HDD speeds, RAM usage etc.) and a place where I’d like to get some more overview of what’s happening. Naturally, a quick Google-search yielded tons of people who had done this before, and I followed this guide to get FreeNAS to upload its data to a separate InfluxDB database and create a Dashboard in Grafana. I then used this dashboard as an inspiration to create a similar one for Homey and by the end of the day I had 3 different dashboards which give me a neat insight in how well my core-components from my smart home are working.

An additional line in the reverse proxy configuration and the Grafana jail was accessible through the internet. Curious on how it looks? You can find it here: cloud.jessendelft.org/grafana/.
Username: viewer
Password: viewer123

I am not sure yet if I want to keep using this system, as I ultimately want some form of 2D/3D interactive map of my house to show this information. As an interim solution though, this is quite nice and I was surprised by how easy it was to include this in my system. I like the fact that all the ground-work is up and running (FreeNAS, Reverse Proxy, Homey, etc.), and that it apparently is working so well that it is easy to build layers of complexity upon them with for example the Grafana dashboards. If you have comments/ideas on what I can do with my data, or how I can improve my system even more, please let me know in the comments!

Cheers!
Jesper

Home NAS Server Setup

by Jesper van TolDIY / Home Projects / ServerLeave a Comment on Home NAS Server Setup

This website runs on an Intel NUC.

Actually, a lot of things are now running on this little NUC. Before showing you exactly what processes/services are running, please allow me to explain why I have this NUC in the first place.

Home Assistant and the NUC

In our previous house I was running Home Assistant on a Raspberry Pi. Home Assistant is a piece of software that can observe, control and automate nearly anything that can be part of a smart home. In my case, I had the following devices connected to it:

Linking all these devices together required something more robust than a Raspberry Pi, hence why in April 2019 I bought an Intel NUC NUC6CAYH. This little fellah has an Intel Cerion CPU, place for a maximum of 2x 4GB of DDR3L RAM, can house a 2.5″ hard drive and has a 1Gb ethernet port. I figured that this was a very good alternative for a Raspberry Pi, whilst also keeping my wallet in mind.

This NUC ran Home Assistant (or HA for short) very reliably, although the HA software itself needed quite some maintenance, up until we moved in December 2019. The NUC disappeared in a box, and at the new house I bought an Athom Homey to take over the task of HA in an attempt to limit the amount of maintenance work. This is why I had a NUC laying around when I decided to start setting up a Home Server in January 2020.

First step: Setting up a NAS file server

When I started on this project I knew nothing about file- or NAS servers, but I imagined that there would be open source software out there that could help me out. I had decided that I did not want to buy new hardware, as things could be tested on the NUC first to see if it would be good enough.

Two names that kept popping up were FreeNAS and Unraid. They both looked equally good candidates for me, so I picked the one that felt like it had the best chance of succeeding -> FreeNAS. Over the last couple of months I have been very happy with this choice. FreeNAS is running very stable and is in my opinion easy to use. The initial file server setup was a breeze, and in no-time I had a functioning NAS server which could be accessed through a PC with Windows Explorer (via a Samba share).

FreeNAS has a functionality which are called ‘Jails’. Jails are, very shortly explained, little isolated operating systems that use the same kernel as the hosts operating system. This means that they are more lightweight to run than a Virtual Machine as they dynamically share available RAM, CPU & HDD space between the host and other jails, but simultaneously are compartmentalized from the host. Processes run inside the jail can only access files inside the jail, and processes/files inside the jail are not aware of any file outside the jail. An additional (much better) introduction to jails can be found here. All in all, they are a perfect place to run additional programs/services without the risk of breaking my entire NAS system.

The current setup

The current HW setup, including PS4 Pro and Philips Hue bridge

Hardware

The current hardware today is, as I mentioned, running on an Intel NUC. This includes:

The HDD’s are set up in a mirrored configuration. That means that all data is copied on both drives, giving me an effective storage capacity of 2 TB whilst also protecting myself from a disk failure. This is also called a RAID 1 setup.

FreeNAS Software setup

The current setup is running 3 jails, 1 Virtual Machine, a samba share and some additional smaller services inside FreeNAS:

FreeNAS services setup
  • The Samba share allows us to access files on the server when we’re on the home network.
  • The website that you see right now is running inside a Jail.
  • A second jail contains NextCloud. NextCloud mainly allows for automatic synchronization of pictures and videos from my phone to the server.
  • Since there are multiple websites that I want to access from this web-address there is a jail set up that acts as a Reverse Proxy server.
  • Lastly I have a virtual machine that runs PiHole. PiHole is software that blocks advertisements on my home network. Unfortunately it cannot run (yet) inside a FreeNAS jail as it does not support FreeBSD, the operating system FreeNAS runs on.

So how do all these services work together? Well, that’s a different view:

Networking flow

Starting from the bottom, there are the NextCloud storage, this blog and the magic mirror which are accessible through the internet via the reverse proxy. There is also the Samba share which is accessible only on the local network for privacy reasons.

In the middle of the picture is the router which obviously has access to the internet. All DNS requests are however forwarded to PiHole. A DNS request is a request for a name server to translate the domain name of a website (for example jessendelft.org) to an address (for example 217.197.166.65), in order to connect to that address. PiHole blocks any requests to known advertisement addresses so that these requests never get resolved, which means they will not load. This way there is network-wide ad-blocking for all devices connected to it.

I have some plans of integrating Octoprint into the Reverse Proxy once my 3D printer is back up&running. I also want to move PiHole to a jail to free up some RAM and HDD space which are now reserved by the Virtual Machine.
If you have any more ideas on what I can do to improve my setup, please let me know!