Rasbperry Pi blinking LEDs from GPIORead More
I'm breathing a little easier today after backing up the SD card in my Raspberry Pi. I realized there was a problem while I was at Starbucks and tried to connect to my home VPN... no joy. When I got home I found the Pi sitting with a single red light. This happened once before. The last time it was after a power outage and it seems that was the case this time, too. I had no success reviving the thing, but just like last time, re-flashing the OS onto the SD card did the trick. Well, sort of... I still had to re-install and configure openvpn, setup 2-factor authentication, etc.
I suspect the issue is related to the power supply I'm using. It's a Motorola PSU that I had on hand; 5V 550mA ... a little on the low side, but I've got nothing connected via USB so it seemed to work OK.
I jumped on Amazon and picked up a new power supply
and another SD card
The steps below are for Mac OS X.
To create a backup of the SD card:
- Launch Terminal
- Issue the following command
- diskutil list
- Note the disk number of the SD card. It has a FAT32 and a Linux Partition. In my case it was /dev/disk1.
- !! It's important to get this right. If you use the wrong disk number, you could lose data on your hard drive !!
- Issue the following command (substituting the appropriate number of your SD disk)
- sudo dd if=/dev/rdisk1 of=~/Desktop/pi.img bs=1m
- This accesses the raw disk and writes it to an image file on your desktop. There's no progress display, so just wait until it finishes. It will take several minutes.
When you're ready to restore the image:
- Unmount the disk
- sudo unmountDisk /dev/rdisk1
- Restore the image to SD
- sudo dd of=/dev/rdisk1 if=~/Desktop/pi.img bs=1m
on 2014-06-16 23:57 by R Keith Smith
So, we had a power outage a couple of days ago. Actually about 2 or 3 in quick succession where it seemed like things would recover then they went right back off. Anyway, I forgot to check on the Raspberry Pi to see if it had booted back up and was working now with the new and improved power supply. I'm at a Starbucks right now and just connected to it as usual so it seems that the power supply really did the trick.
I wrote some time back about using the Raspberry Pi as a personal VPN tunnel and an SSH Weby Proxy. Using the VPN connection is easy; just enable the VPN from System Preferences > Network. Easier still, if you've checked the option for "Show VPN status in the menu bar", just click and connect. However, using the SSH proxy is a little more involved, requiring several steps to establish the SSH connection and reconfigure your network to tunnel traffic across it.
To streamline this process (for the wife), I created an Automator application that reduces the entire process to a few clicks and provides useful status information.
These steps are for OS X. I'm sure you can achieve the same results in Windows or Linux with different tools.
There are a couple of initial steps that need to be completed to make it possible to automate. These only need to be setup once (before using the application). After that it's click and go.
First we'll need to create a new network "Location" that uses the SSH tunnel as a proxy. Select System Preferences > Network.
- At the top where it says Location: Automatic, click the drop-down and select Edit Locations...
- Click the + to add a new location.
- Give the new location a name. I used : Normal Connection over SSH via Raspberry Pi. You can use whatever you like, but you'll need it later for the Automator script.
- Click [Done]
- Make sure your Wi-Fi connection is selected and click [Advanced...]
- Click the Proxies tab
- Enable SOCKS Proxy
- For the proxy server information use localhost as the servername and 8080 for the port.
- For "Bypass proxy settings..." enter *.local, 169.254/16 (ensuring the proxy will not be used for internal LAN connections).
Next we'll need to edit the /etc/ssh_config file to add an SSH host. My entry looks like this:
Again, the name can be whatever you want, but you'll need to use it again later in the Automator application.
Finally, we build the Automator application.
Start Apple Automator and create a new Application. Drag actions from the Library to the Workflow window. My application uses the following series of actions:
Ask for Confirmation > Run AppleScript > Pause > Run AppleScript > Run AppleScript.
The Ask for Confirmation steps confirms that the user wants to start the SSH proxy. Add some meaningful text to the action.
The first Run AppleScript action changes the network to use our new "Location". It's important that this match exactly with the name of the new Location you created earlier.
This will interrupt the Wi-Fi connection, so the next action is to Pause and wait for the connection to re-establish. I started with a 15 seconds pause but have found that 6 is consistently successful for me.
Our next Run AppleScript action opens a Terminal window and initiates the SSH connection via a script. This is where the name of the host from your ssh_config file that you edited above comes in.
The entire text of the AppleScript is here (sorry it's an image, I couldn't convince the blog software to not ruin the code formatting):
Our final Run AppleScript action gives the confirmation dialog and waits for the user to end the session. When the user clicks [OK], the network settings are reverted to use the default location (bypassing the proxy) and the SSH tunnel session is killed.
Save your application and give it a groovy icon.
The next time you're using public WiFi and can't use your VPN, double-click the automator application and go.
Happy (and secure) Surfing!
I like to use ipchicken.com to verify the connection. When you're connected via VPN or SSH tunnel, it should report your IP address as belonging to your home internet provider.
There's already a lot of great information on the web about the Raspberry Pi and projects you can build with it. This post is not intended to be a detailed tutorial, but rather a collection of links and references to the resources that I used to build my own VPN gateway.
I finally received my Raspberry Pi in the mail this week. If case you're not familiar, it's a tiny (almost credit-card sized) computer. It was conceived as a low cost personal computer that could be mass produced cheaply to provide comuting opportunities, particularly in education, where they might not have otherwise existed. I ordered my Model B from Allied Electronics. Since release they've been pretty much perpetually on back order, but I got mine about 6 weeks after ordering.
The basic Model B comes with just the computer board and attached connection ports. I made a list of the things I would need prior to receiving the Pi in the mail. Most of the cables and connectors can be ordered with the Pi, but I just scrounged through my cable & gadget caches to come up with most of what I needed.
- 5V Micro-USB Power Cable
- HDMI <-> HDMI cable
- Ethernet Patch Cable
- USB Keyboard
- USB Mouse
- SD Card
The Power Cable. I had one of these laying around from an old Motorola Bluetooth headset charger. HDMI cable? Check. I always have plenty of those around because they're so cheap from MonoPrice that I buy more than I need. Patch cable? I've accumulated more of those over the years than I care to think about... including a nice 50-footer that I could use to connect to my router/switch from the guestroom (where the Television is) temporarily. An old Apple USB keyboard did the trick nicely along with my wireless Logitech mouse that I use when traveling. I bought a 4GB SD card at Best Buy using my Reward Points so it was, in effect, free to me.
That left just the case. I looked online... a lot. I saw a lot of cases. There are some amazing and impressive designs out there. That said, I couldn't justify spending $20 on a case for a $35 computer. That's like buying a $20,000 car cover for my JEEP. So for the short-term I settled on the Punnet printable case. This will help prevent any accidental short circuits while also keeping some of the dust bunnies at bay. Also, because the device will be located on a shelf in my network "closet" aesthetics aren't really an issue.
I downloaded the PDF from Squareitround
printed on some colored (red, of course) construction paper and set about cutting and folding. The finished prodcut turned out quite agreeable and the board fit nicely inside.
To install the Raspbian (Raspberry Debian, get it?) OS onto the SD card, I first downloaded the "Wheezy" image from the Raspberry Pi downloads page and verified the image checksum (what's the point of setting up a secure VPN if you don't know your source OS is legit?).
The eLinux wiki has good instructions for preparing the SD card and loading the image. I used section 4.4 for a "mostly graphical" process from my Macbook Pro.
It was time to bring everything together and fire up the Pi. I connected the USB power supply, Apple keyboard, wireless mouse, HDMI cable to the guestroom television and a nice long patch cable to the router in the closet. The little board sprang to life.
The first boot launches RasPi Config. Good details can be found here: http://elinux.org/RPi_raspi-config. Most importantly, change the default password! I'm planning to expose this machine to the outside world. It's absolutely critical that it not use the default password. Also, enable SSH to allow remote access for administration.
Even though the machine will be sitting "headless" in the closet, I wanted to see the Raspbian desktop at least once, so I booted it up the GUI to have a look. It's slow by modern desktop standards, but given it's tiny size it's still incredibly impressive to see a full functioning Linux desktop running from such a small device. For my use case it won't matter anyway because I won't be booting to the desktop.
All the rest of the configuration I could do "remotely" via SSH. I chose a suitable static IP address on my internal network and added a DHCP reservation so I'd be able to predictably find the device on the network.
For setting up the VPN, I followed the excellent guide at Scott Jordan's blog: http://unvexed.blogspot.com/2012/08/how-to-set-up-real-encrypted-vpn.html. His instructions are clear and concise and everything worked as expected.
It's worth noting (and it came up in the comments on the above blog) that PPTP VPN has been compromised by way of attacking the MS CHAP v2 Key Exchange. If you want to know more, read Moxie Marlinspike's excellent write up here : https://www.cloudcracker.com/blog/2012/07/29/cracking-ms-chap-v2/. It's not a trivial attack in that it still takes a great deal of compute power and/or time, but you should be aware of it.
The Dynamic DNS Address
To make sure you can access this server from where you are, you'll need to ensure that even if your router reboots and your WAN IP address changes, that you can still look it up by DNS name. I've previously used DynDNS and their Pro package is exactly that type of service.
The SSH Tunnel
In case you missed it, I wrote some time ago about connecting via an SSH Tunnel to provide for privacy. Now, with the Raspberry Pi, that's even easier to do. The same blog has another easy to follow article detailing how to configure and use the Pi as an SSH Tunnel endpoint.
As mentioned there, I added 443 as a listener port to allow me access back to my Pi even when the default SSH port has been blocked. This should be allowed almost anywhere. In fact, anyone blocking port 443 is basically telling me that they don't want me to use their network.
Securing the SSH Connection
Since the Pi is now exposed to the Internet and using the default "Pi" username, I wanted to dial up the security a bit and prevent a possible brute force password attack. I did this by enabling two-factor authentication in the form of SSH keys. The following video gives a nice tutorial on how to set it all up.
Accessing the VPN
I setup VPN on my laptop (as well as the wife's) using the instructions in Scott Jordan's blog referenced above. Setting up access on our iPhones and iPads was even easier. Just navigate to Settings > General > VPN and create a new PPTP VPN connection.
That's it. It took some hand-drawn sketches to explain to the wife when, where and why she should be using these secure connections, but I think she gets it. And as an added bonus, we can now access our Drobo fileserver at home from anywhere.