Posts tagged ‘Linux’

How I run two openvpn server in same private network

I am running two openvpn servers in private network (192.168.0.0). Only in case one server stops working.

Network

default gateway internet router: 192.168.0.250
openvpn1: 192.168.0.137 10.8.0.0, debian, bananapi m2
openvpn2: 192.168.0.143 old=10.8.0.0 new=10.8.1.0, debian, bananapi B2
web server1:    192.168.0.40 (static ip), also running unbound dns and dnsmasq as DHCP server, debian
web server2:    192.168.0.50 (static ip), enigma2

Problem

First, both openvp servers where configured the same, using 10.8.0.0 for the remote clients. Do not forget to enable ip4 forwarding: sudo sysctl -w net.ipv4.ip_forward=1.

Unfortunately, some hosts did not respond, when connected to the second openvp server. Don’t know, why openvpn server1 works for remote connections connecting to private web servers. Internet browsing using default router worked with both opvpn connections.

When running a ssh session on .137 or .143, I was able to ping .40, but could not browse to the .40 web server from the remote connection. When connected to openvpn2, I could not open the web page of the 192.168.0.40 server.

How does a host know to use correct vpn network for sending back traffic and do not use the default router?

Solution

I changed the configuration to openvpn2 to use 10.8.1.0. Then I tested with static routes on 192.168.0.40:

For the static ip (/etc/network/interfaces):

  post-up route add -net 10.8.0.0/24 gw 192.168.0.137 dev eth1
  post-up route add -net 10.8.1.0/24 gw 192.168.0.143 dev eth1

After that temporary change on .40, I was able to to connect to openvpn2 and the web server on .40.

For dhcp clients in network (many esp8266, esp32 and esplink devices), I need to have an option for DHCP too.

On the dnsmasq dhcp server:

dhcp-option=option:classless-static-route,0.0.0.0/0,192.168.0.250,10.8.0.0/24,192.168.0.137,10.8.1.0/24,192.168.0.143

Note that the default router option (dhcp-option=option:router,192.168.0.250) may be ignored by dhcp clients

The dhcp options have been verified on a debian client:

aoa150:~$ ip r
default via 192.168.0.250 dev wlan2 proto static metric 600
10.8.0.0/24 via 192.168.0.143 dev wlan2 proto dhcp metric 600
10.8.1.0/24 via 192.168.0.137 dev wlan2 proto dhcp metric 600
192.168.0.0/24 dev wlan2 proto kernel scope link src 192.168.0.111 metric 600

Now I can connect from my mobile using OpenVPN to my network using openvpn1 and openvpn2 server.

adsbox, dump1090 piaware flightaware flightradar24 and IPv6

Recently I switched by flight tracker Bananapi M2 Zero with RTLSDR from adsbox (port 7070) to dump1090 (port 8080). But then, the IPv6 official address does not open the web site any more, although I switched the port forarding from 7070 to 8080 on the router.

After some digging and tests, I found that lighttpd, that was used as web server by dump1090-fa (fligh-warae variant), does not default to use IPv6 too. I had to change the dump1090-fa extension for lighttpd to:

/etc/lighttpd/conf-enabled/89-dump1090-fa.conf

...# Listen on port 8080 and serve the map there, too.
$SERVER["socket"] == ":8080" {
  server.use-ipv6 = "enable"
  alias.url += (
    "/data/" => "/run/dump1090-fa/",
    "/" => "/usr/share/dump1090-fa/html/"
  )
}
...

Now,  netstat -tulpn did show that port 80 and 8080 are open for ipv4 and ipv6

...
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      -                   
...
tcp6       0      0 :::8080                 :::*                    LISTEN      -

Just to remember.

FHEM: serielle Devices über Netzwerk anschliessen

Zu Testzwecken brauche ich ab und an neben meinen Haupt FHEM System ein zweites FHEM System, zB auf meinem Netbook. Nun sind drei Devices (nanoCUL 433MHz, nanoCUL 868MHz und ein Jeelink) direkt am Hauptserver über USB (serial) angeschlossen. Wenn ich diese in einem Testsystem benötige, müsste ich die Geräte vom Hauptserver trennen. Wie praktisch wäre es, wenn ich diese USB Devices über das Netzwerk anbinden könnte, so wie dies über EspLink mit dem angschlossenen Arduino Nano mit SignalDuino Firmware möglich ist.

Nun zur Anbindung von seriellen Geräten an das Netzwerk gibt es für Linux ser2net. Leider ist die Original-Version nicht multi-Client tauglich und würde nur einem Client die Verbindung erlauben. Bei EspLink sind jedoch mehrere Clients möglich. Obwohl die meisten ser2net Quellen nur einen Client unterstützen, gibt es ein oder zwei Quellen, deren Implementierung mehrer Clients unterstützen.

Nachdem ich einen Quellcode von ser2net mit multi-Client Support geladen und nach geringen Modifikationen auch erfolgreich implementieren konnte, kann ich nun alle Geräte, die am Haupt FHEM Server angeschlossen sind auch über mein Netzwerk nutzen. Die Geräte mussten nur in der ser2net conf Datei mit verschiedenen Netzwerkports eingetragen werden:

2301:raw:0:/dev/serial/by-id/usb-FTDI_FT232R_USB_UART_A9YDLRJV-if00-port0:38400,8DATABITS,NONE,1STOPBIT
2302:raw:0:/dev/serial/by-id/usb-FTDI_FT232R_USB_UART_A94BBD91-if00-port0:38400,8DATABITS,NONE,1STOPBIT

In der fhem.cfg wurden die Geräte entsprechend umdefiniert:

#define nanoCUL433 CUL /dev/serial/by-id/usb-FTDI_FT232R_USB_UART_A9YDLRJV-if00-port0@38400 1234
define nanoCUL433 CUL 192.168.0.40:2301 1234
#define nanoCUL868 CUL /dev/serial/by-id/usb-FTDI_FT232R_USB_UART_A94BBD91-if00-port0@38400 3421
define nanoCUL868 CUL 192.168.0.40:2302 4321

Die original EspLink Anbindung des Arduino Nano mit SignalDuino Firmware:

define sduinoIP SIGNALduino 192.168.0.99:23

Mit diesen Änderungen kann ich diese USB Geräte nun auch über das Netzwerk benutzen.

Meine Abwandlung von ser2net findet sich auf Github.

Enigma2 OpenEmbedded Enhanced Movie Center Trashfolder CleanUp

We own a great VuPlus Solo2 Linux based Satelit Receiver. We record some series and films and then delete them. The deleted media files are not deleted directly when using EMC to view and delete. The media files are moved to a trash folder first and should be automatically deleted after x days. But that does not work for whatever reason.

Recently I checked the trash folders I found, as I wondered why the box’s hard disk is getting filled up. And I found many, many old ‘deleted’ files, that are not removed from the hard disk.

I decided to write my own script (/home/root/deltrasholder7days.sh, yes, there is a typo ;-)) ) to finally remove ‘deleted’ files after 7 days. The script was then added to the root’s crontab.

#!/bin/sh
# delete old files
# delete trash files older than 7 days
/usr/bin/find /mnt/hdd/movie_trash -type f -mtime +7 -delete
/usr/bin/find /mnt/hdd/movie/trashcan -type f -mtime +7 -delete
cd /mnt/hdd/movie_trash/
rm last_cleanup*
touch last_cleanup_$( date '+%Y-%m-%d_%H-%M-%S' )
cd /mnt/hdd/movie/trashcan/
rm last_cleanup*
touch last_cleanup_$( date '+%Y-%m-%d_%H-%M-%S' )

The script deletes all files at /mnt/hdd/movie_trash and /mnt/hdd/movie/trashcan with a modification date of 7 days before current day. Then it adds a file with a timestamp as name to let me know, that the script has worked at what time.
… and the crontab (/etc/cron/crontabs/root):

1 1 * * * /home/root/deltrasholder7days.sh

This starts the script every day at 1pm.

That’s all, thank’s to the author of the find utility.