Archive for the ‘Linux’ Category.

How I run two openvpn server in same private network

I am running two openvpn servers in private network (192.168.0.0). Only in case one server stops working.

Network

default gateway internet router: 192.168.0.250
openvpn1: 192.168.0.137 10.8.0.0, debian, bananapi m2
openvpn2: 192.168.0.143 old=10.8.0.0 new=10.8.1.0, debian, bananapi B2
web server1:    192.168.0.40 (static ip), also running unbound dns and dnsmasq as DHCP server, debian
web server2:    192.168.0.50 (static ip), enigma2

Problem

First, both openvp servers where configured the same, using 10.8.0.0 for the remote clients. Do not forget to enable ip4 forwarding: sudo sysctl -w net.ipv4.ip_forward=1.

Unfortunately, some hosts did not respond, when connected to the second openvp server. Don’t know, why openvpn server1 works for remote connections connecting to private web servers. Internet browsing using default router worked with both opvpn connections.

When running a ssh session on .137 or .143, I was able to ping .40, but could not browse to the .40 web server from the remote connection. When connected to openvpn2, I could not open the web page of the 192.168.0.40 server.

How does a host know to use correct vpn network for sending back traffic and do not use the default router?

Solution

I changed the configuration to openvpn2 to use 10.8.1.0. Then I tested with static routes on 192.168.0.40:

For the static ip (/etc/network/interfaces):

  post-up route add -net 10.8.0.0/24 gw 192.168.0.137 dev eth1
  post-up route add -net 10.8.1.0/24 gw 192.168.0.143 dev eth1

After that temporary change on .40, I was able to to connect to openvpn2 and the web server on .40.

For dhcp clients in network (many esp8266, esp32 and esplink devices), I need to have an option for DHCP too.

On the dnsmasq dhcp server:

dhcp-option=option:classless-static-route,0.0.0.0/0,192.168.0.250,10.8.0.0/24,192.168.0.137,10.8.1.0/24,192.168.0.143

Note that the default router option (dhcp-option=option:router,192.168.0.250) may be ignored by dhcp clients

The dhcp options have been verified on a debian client:

aoa150:~$ ip r
default via 192.168.0.250 dev wlan2 proto static metric 600
10.8.0.0/24 via 192.168.0.143 dev wlan2 proto dhcp metric 600
10.8.1.0/24 via 192.168.0.137 dev wlan2 proto dhcp metric 600
192.168.0.0/24 dev wlan2 proto kernel scope link src 192.168.0.111 metric 600

Now I can connect from my mobile using OpenVPN to my network using openvpn1 and openvpn2 server.

adsbox, dump1090 piaware flightaware flightradar24 and IPv6

Recently I switched by flight tracker Bananapi M2 Zero with RTLSDR from adsbox (port 7070) to dump1090 (port 8080). But then, the IPv6 official address does not open the web site any more, although I switched the port forarding from 7070 to 8080 on the router.

After some digging and tests, I found that lighttpd, that was used as web server by dump1090-fa (fligh-warae variant), does not default to use IPv6 too. I had to change the dump1090-fa extension for lighttpd to:

/etc/lighttpd/conf-enabled/89-dump1090-fa.conf

...# Listen on port 8080 and serve the map there, too.
$SERVER["socket"] == ":8080" {
  server.use-ipv6 = "enable"
  alias.url += (
    "/data/" => "/run/dump1090-fa/",
    "/" => "/usr/share/dump1090-fa/html/"
  )
}
...

Now,  netstat -tulpn did show that port 80 and 8080 are open for ipv4 and ipv6

...
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      -                   
...
tcp6       0      0 :::8080                 :::*                    LISTEN      -

Just to remember.

Openvpn server an Deutsche Glasfaser IPv6 only Router und feste-ip.net

OpenVPN auf BananaPi M2 Zero W mit Raspbian

Deutsche Glasfaser Genexis Router in Verbindung mit feste-ip.net zur Umsetzung ipv4 nach ipv6

Ich versuche hier meine Installation basierend auf den nachfolgenden Quellen zusammenzufassen.

Quellen: https://wiki.ubuntuusers.de/OpenVPN/ und https://blog.sengotta.net/openvpn-server-am-unitymedia-ds-lite-anschluss-betreiben/

Nachfolgend sind persönliche Angaben in < und > gesetzt. IP Addressen sind in der Form durch x ersetzt.

Feste-ip.net Universal Portmapper einrichten

Über https://test-ipv6.com/ die öffentliche IP6 Adresse des Servers (VPN Gateway) ermitteln.

Feste-IP.net Portmapper

Bei feste-ip.net habe ich eine Port Weiterleitung auf die öffentliche IPv6 Addresse des BananaPi (dem OpenVPN Server) und den Port 443 unter “Universelle Portmapper” angelegt.

Ich habe hier den Port 443 gewählt da dieser auch in vielen Fremdnetzen (zb Mobilfunk Netze) funktioniert. Der Standard VPN Port 1194 ist möglicherweise in dem einen oder anderen Netz gesperrt.

Ich habe einen Alias gewählt den ich mir leichter merken kann als den DNS-Namen. Ausserdem laufen auf demselben BananaPi M2 Zero W noch drei weitere Dienste. Diese sind über den gleichen Alias unter drei anderen Ports erreichbar.

In der Client.conf muss später der Alias Name und der gemapte Port angegeben werden, da die Verbindung nicht über IPv6 und Port 443 hergestellt wird. Siehe client.con Zeile:

remote <aliasname>.feste-ip.net <auf 443 umgeleiterter port>

Openvpn Server einrichten

Continue reading ‘Openvpn server an Deutsche Glasfaser IPv6 only Router und feste-ip.net’ »

adsbox adsb receiver antenna rtlsdr gain

As adsbox did take too much CPU from my main server I moved adsbox to a banana pi zero w. Running Raspbian adsbox used about 200% of the 4 cores and 10% of the 512 MB headless system. That was OK for me and I wanted to extend the range of my rtlsdr antenne. I moved the antenna out side and was impressed about the exended range but nearby aircrafts did not show any more 🙁

As I want to see the nearby aircrafts, we are near düsseldorf in the landing lines and wanted the data of the aircrafts crossing the small home village 30km away from the DUS airport.

adsbox missed too much data or the rtlsdr dongle received too much signals. First I changed the adsbox call to use 4 threads for adsb decoding. That did not help.

Then I looked for the gain values to lower the reception signal strength. My rtlsdr RTL8232u supports gain values (found with rtl_test):

#Supported gain values (29): 0.0 0.9 1.4 2.7 3.7 7.7 8.7 12.5 14.4 15.7 16.6 19.7 20.7 22.9 25.4 28.0 29.7 32.8 33.8 36.4 37.2 38.6 40.2 42.1 43.4 43.9 44.5 48.0 49.6

I first started with 0.0 and got better nearby results but only a range of about 5km. Using 25.8 gives a range of 120km but too much airplanes (~39) and nearby losts. With the max gain I had more than 59 airplanes at a time. Finally I used 16.6, which still gives a range of 80km and ~5-10 airplanes.

Using the highest gain would give a very large range of ~250km but nearby signals get lost. And we ant to see mainly the nearby airplanes and now use a gain of 16.6.

The cpu usage is now down to 100% (quad core, so that is 25%) and the adsbox decocde threads are down to 15-25%.