Categories
Linux Misc Networking Software VM

Smokeping.eu

I’ve revamped my Smokeping infra a bit since 2020.

First off, starting to use the smokeping.eu1 domain that Bianco got 10 or so years ago instead of using weird URLs under superuser.one domain.

It’s running on four nodes as we speak:

This is achieved using Smokeping in a docker container, Cloudflare tunnel and Cloudflare CDN/DNS.

1 Doesn't point at anything at the moment. To do later.
Categories
Apple Hardware Linux Misc Networking Software Windows www

Remote desktop and Wake-on-LAN

Shan uses her iPad a lot, but a lot of the more serious (interior design) work needs to happen on AutoCAD or Photoshop. That is just not going to work on an iPad.

When we’re travelling (read: holiday) she’s carrying an old Lenovo ThinkPad 13 (great device!) just “in case” she needs to open AutoCAD and edit something minor or read the drawings/dimensions. But honestly, most of the time that device is turned off and dead weight.

But all the above is just an excuse to “I was bored, and I wanted to test something”: can I use an old Raspberry Pi (zero W) to remotely wake her Intel NUC, and then use Tailscale to use RD on her iPad? Well, yes I can.

I completed this using:

  • Tailscale to remote desktop from anywhere to home
  • Cloudflare Tunnels, Access and DNS to have a web interface to wake the desktop
  • A Linux device that’s always on and in the same LAN, and that’ll run a PHP script.

Prep work: enable WOL

First off: enable Wake-on-LAN (WOL) in the BIOS and in your Windows settings. This article explains it for Intel NUCs, but would be similar enough for most devices. The Device Manager pane looked different on our i5 NUC, but was close enough.

On Mac, you just need to enable it in the Energy preference pane, for Linux I have no clue. 🤷‍♂️

Second step: have a working Raspberry Pi (or any Linux device) in the same LAN. This device needs to be turned on 24/7, so use something that uses very little power.

I do have a more powerful RPi4 I wish I could've reused (running Docker and some other "serious" stuff; however it's currently in a different VLAN, and it's quite crucial the Linux device is in the same LAN as the device(s) you want to wake up), so I went with an old Raspberry Pi Zero W that was collecting dust (it used to run pwnagotchi).

On the Linux device, install etherwake. The command to run is quite simply etherwake aa:bb:cc:11:22:33 (= the ethernet MAC address of your device).

If this doesn’t wake your desktop, something is wrong and there’s no point continuing. Go and troubleshoot.

Install Tailscale and RD

On the (Windows) desktop and your iPad, install Tailscale. Login, and make sure it works by pinging from one to the other.

Then set up Remote Desktop on both (Windows, iPad). You should test and make sure you can properly connect using the LAN IP address and then the Tailscale IP address.

Fun fact: I create a DNS record for all my devices using Cloudflare DNS with the syntax of device-name.ts.yeri.be, so I don't need to ever remember IPs, and can easily ssh or ping devices without having to look up IPs. 
Cloudflare DNS screenshot, filtered on “ts”. I add both A and AAAA records (not shown in the screenshot)
Fun fact side track: I actually have a dynamic script that runs (on Linux) and creates hostname.ts.yeri.be for the Tailscale IP, hostname.wg.yeri.be based on the Wireguard IP, hostname.lan.yeri.be based on the LAN IP. This dyndns script runs every so often and updates IPs if needed. All this is running using Cloudflare DNS and their API. Super convenient.

Nginx, php and etherwake

I'm a 80s kid, so I'll use dirty PHP to run this script. I'm sure I'll go straight to hell for this, but yolo.

Install nginx and PHP (no need for MySQL and other stuff).

etherwake requires root to run (because it needs root access to create a weird magic ethernet packet). Create a file in /etc/sudoers.d/etherwake and add this line:

www-data ALL=(ALL) NOPASSWD: /usr/sbin/etherwake

This will allow www-data (nginx/php) to run /usr/sbin/etherwake using sudo, without password.

In /var/www/html/ create an index.php file with:

<html>
<head><title>Wake on Lan</title></head>
<body>
<p>Wake up <a href="mycooldesktop.php">My Cool Desktop</a>
</body>
</html>

And a mycooldesktop.php (or whatever) file with:

<?php
$output = shell_exec('sudo /usr/sbin/etherwake aa:bb:cc:11:22:33 2>&1');
echo "<pre>$output</pre>";
?>
<p><a href="..">Back</a></p>
It ain't pretty -- but it gets the job done. 

And be sure to edit the MAC address to match your desktop’s ethernet MAC address.

Cloudflare tunnels

Install Cloudflare Tunnel (via Zero Trust dashboard).

When creating a new tunnel, the dashboard will give you all needed commands to install the tunnel on your RPi — but be sure to select the right OS/architecture (arm64? arm? armhf?).

Easy.

And then point the tunnel to http://localhost. No need to mess around with SSL certs.

Lastly, set up Cloudflare Access (via the same Zero Trust dashboard): create a new application, and make sure only approved users can sign in (i.e.: using a pin code emailed to only approved emails).

I only allow access to my own emails, and my family, by using groups.

You can try it yourself via wol.superuser.one. You won’t get in. 🙂

Optionally, but recommended: lock down Nginx to only allow connections from localhost (127.0.0.0/8 and ::1) if using Cloudflare Tunnels, or Cloudflare IPs if using port forwarding with Cloudflare Access in front. 
Love my design skills… But it gets the job done: click that link, and it’ll execute etherwake.

To recap

  • We used Tailscale to create a VPN network between the desktop and the iPad. The big benefit is that Tailscale works effortlessly across NAT networks without having to open ports,
  • We used Cloudflare DNS so we don’t need to remember hostnames :),
  • We used Cloudflare Tunnels to make sure the RPi web interface is accessible across NAT (without port forwarding) and from anywhere,
  • We used Cloudflare Acces and locked down access to the right people using ACLs,
  • We used etherwake running on a RPi to wake up devices that are hibernating or turned off.

And that’s it really.

PS: technically WoL works with WiFi, but when I enabled WoL on the WiFi adapter, the NUC refused to hibernate/sleep for more than a minute, and kept waking itself up. So, there seems to be some kind of trigger in my network that keeps waking it up. Also, not sure if WoL via WiFi would work if the device is turned off (as opposed to sleep or hibernate). I just ended up using ethernet. 

PPS: both Cloudflare Tunnels and Tailscale use Wireguard tech in the background, so that's really cool. 
Categories
Hardware Linux Software

Making Bluetooth work on RPi4

I rarely use Bluetooth on my RPis. I’m already facing enough issues with my iMac and Mac Mini (it lags, it randomly disconnects in meetings, etc).

My pwnagotchi on the other hand is counting on a BLE network to connect to the internet: for now I am using my iPad, and while that works, it causes my iPad to disconnect from WiFi (because of course, it can only do tethering from a mobile network, not from its WiFi network).

I wanted to explore if I could set up bluetooth tethering/internet sharing from my RPi4 server… But for that BLE had to work! And for some reason BLE was not working on Liana.

[bluetooth]# power on
No default controller available

For some reason no controller was available. The drivers were definitely installed…

apt install bluetooth pi-bluetooth bluez raspberrypi-sys-mods

but hcitool dev ; hciconfig -a weren’t returning anything.

After quite some extensive Googling I found the solution

Check if this returns something:

# ls -l /dev | grep ttyAMA0
lrwxrwxrwx 1 root root           7 Sep  1 15:08 serial1 -> ttyAMA0
crw-rw---- 1 root dialout 204,  64 Sep  1 15:08 ttyAMA0

As opposed to:

# ls -l /dev | grep ttyS0
# (no output)

Then continue to do the following:

# make a backup
cp /boot/cmdline.txt /boot/cmdline.txt.bak
# edit the file
nano -w /boot/cmdline.txt
# edit the first part from
# console=ttySerial0 to console=ttyAMA0
# the line should be something similar to but do NOT blindly copy paste it as you won't be able to boot due to your PARTUUID being different
console=ttyAMA0,115200 console=tty1 root=PARTUUID=6c586e13-02 rootfstype=ext4 elevator=deadline fsck.repair=yes rootwait
reboot

After rebooting … it works!

liana ~ # hcitool dev ; hciconfig -a
Devices:
	hci0	DC:A6:32:B1:0E:79
hci0:	Type: Primary  Bus: UART
	BD Address: DC:A6:32:B1:0E:79  ACL MTU: 1021:8  SCO MTU: 64:1
	UP RUNNING 
	RX bytes:2397 acl:0 sco:0 events:118 errors:0
	TX bytes:2603 acl:0 sco:0 commands:99 errors:0
	Features: 0xbf 0xfe 0xcf 0xfe 0xdb 0xff 0x7b 0x87
	Packet type: DM1 DM3 DM5 DH1 DH3 DH5 HV1 HV2 HV3 
	Link policy: RSWITCH SNIFF 
	Link mode: SLAVE ACCEPT 
	Name: 'liana'
	Class: 0x000000
	Service Classes: Unspecified
	Device Class: Miscellaneous, 
	HCI Version: 5.0 (0x9)  Revision: 0x13b
	LMP Version: 5.0 (0x9)  Subversion: 0x6119
	Manufacturer: Cypress Semiconductor Corporation (305)

liana ~ # bluetoothctl 
Agent registered
[bluetooth]# scan on
Discovery started
[CHG] Controller DC:A6:32:B1:0E:79 Discovering: yes
[NEW] Device 7F:A9:BC:8D:E4:14 7F-A9-BC-8D-E4-14
[NEW] Device 58:EB:19:D8:D4:23 58-EB-19-D8-D4-23
[NEW] Device A4:83:E7:42:79:F6 A4-83-E7-42-79-F6
[NEW] Device 58:7B:24:1B:CC:5C 58-7B-24-1B-CC-5C
[NEW] Device D9:05:9F:DB:55:19 N0163
[NEW] Device 5F:DA:90:34:82:68 5F-DA-90-34-82-68
[NEW] Device 77:2A:1B:11:54:7D 77-2A-1B-11-54-7D
[NEW] Device 42:BF:0B:38:F3:20 42-BF-0B-38-F3-20

Next step is trying to get tethering to work…

Categories
Hardware Linux Networking Software

Ideal travel router: GL-AR750S

Right. With the pandemic and all none of us are going to travel much but still…

About a year ago I purchased myself an OpenWRT router to use on the plane and in hotels.

And so far I really like both the device and the Hong Kong based brand (launching new and updated products, and releasing relatively regular updates for older products). Pick a device that fits your needs (USB powered? LTE? Small form factor?).

The GL-AR750S aka Slate is fully customizable but runs a few nice things out of the box: WireGuard (with a physical button to turn it on or off), OpenVPN, shell access, Tor (requires the latest firmware), IPv6, DoH (Cloudflare only for now), multiple SSIDs (i.e. Guest WiFi), and more.

Oh and I specifically picked this version (compared to other or cheaper ones) because it had both 2.4Ghz and 5Ghz, as well as 3 Gbit ports (1x WAN, 2x LAN).

Pick whatever works for you…

I use the device on flights, where I connect to the network once in the air, purchase WiFi or use iPass “for one device” and then connect to the interwebs behind my NAT-router from my iPad, phone(s), laptop(s), and even Shan‘s devices if she is travelling with me.

In hotels, I either connect it to the wired ethernet, if still available (tends to be more stable), or connect it to the guest WiFi and then connect my devices to the router: saves me from connecting to a new network and typing the room number and login/password/family name on every device. And once again hides the true number of connected devices; quite handy trick for those pesky hotels providing free access only to two devices.

Sure it takes a bit of setup every time: find a working USB port, sign in to the web interface, search for new networks if this is a new hotel or I haven’t travelled on this airline, connect to said network, sign in with iPass, and optionally enable VPN)…

And once in a while some fiddling with VPN or DNS that’s borking up or being blocked by overzealous firewalls.

Also, some in-flight entertainment USB ports don’t provide enough power (and/or are often broken — looking at you Lufthansa in economy) so be sure to carry a couple of these (US-plug works best) — I’ve already forgotten one on my last flight from MUC-SIN on LH, but luckily I have pretty easy access to these.

If you travel a lot it’s totally worth the money.

Categories
Hardware Linux Software

Raspberry Pi 4 + SSD

All right. With the release of the new RPi4 with 8Gb of RAM I had to get myself one to see if it was already a viable desktop replacement for surfing and emails.

While a SD card works fine for certain tasks (things that don’t require a lot of IO) — for a desktop that’s a no-go… It’s just too slow.

I still had an old Macbook Pro 13″ (2o15?) SSD lying around that was collecting dust. Why not use that one to use as root for the RPi?

This article will focus on making it work on Raspbian first. Technically this should all work on other distros as well, but YMMV seeing all this is still beta.

I use Raspbian Lite: I like to work with minimalstic systems and install just what I need. But technically this should work with any flavour.

But first, let’s prep the device.

Case

I already have a RPi4 (4Gb) at home running mostly Docker containers (nginx proxy and a few personal things and Smokeping).

And one of the ‘best’ purchases I made for the RPi4 was the “Raspberry Pi 4 Model B Aluminium Case” (Lazada, AliExpress). This case is passive and dissipates enough heat (even in a closed cabinet in Singapore where it’s 30°) for the CPU never to throttle back when overclocked at 2Ghz (see below).

Do note that this case (which is pretty much just a massive heat sink) gets pretty hot if the RPi is running at max performance for long periods of time.

USB-SSD

Get one that fits your SSD and that ideally has Linux support. As Apple uses custom SSD connectors (prior to being soldered onto the motherboard) I had to get a converter from China. It was a bit of Russian Roulette to see if it would work or be supported on Linux. I got myself this one (chipset: Netchip Technology). As I didn’t remember what type of Macbook Pro this came from, using this site to compare serial/model was useful. This USB-to-SSD converted also works on Mac and Windows by the way.

The SSD with the PCB that provides the USB interface.

In my case, the RPi also did not provider enough power to the USB-SSD converter (although… it really should but whatevs), so be sure to use the provided power cable and plug it into a USB power source. Not doing so will cause the SSD to heat up and show a bunch of disconnects/errors in dmesg.

raspbian ~ # fdisk -l /dev/sda1 
Disk /dev/sda1: 233.8 GiB, 250999127552 bytes, 490232671 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
raspbian ~ # lsusb 
Bus 002 Device 002: ID 0525:622b Netchip Technology, Inc. 
Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 001 Device 002: ID 2109:3431 VIA Labs, Inc. Hub
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
raspbian ~ # lsusb -t
/:  Bus 02.Port 1: Dev 1, Class=root_hub, Driver=xhci_hcd/4p, 5000M
    |__ Port 2: Dev 2, If 0, Class=Mass Storage, Driver=usb-storage, 5000M
/:  Bus 01.Port 1: Dev 1, Class=root_hub, Driver=xhci_hcd/1p, 480M
    |__ Port 1: Dev 2, If 0, Class=Hub, Driver=hub/4p, 480M
Raspberry Pi 4 with USB SSD connected
Raspberry Pi 4 with USB SSD connected

eeprom update

Disconnect the USB-SSD for now.

At the time of writing we need to update the eeprom to boot from USB. I’m using the latest eeprom available to me. Note that the USB-boot eeprom is about to hit stable so you might not need to do this anymore.

There are two methods for updating. We can do it manually:

rpi-update
cd /lib/firmware/raspberrypi/bootloader/beta
rpi-eeprom-update -d -f ./pieeprom-2020-06-15.bin
# BCM2711 detected
# VL805 firmware in bootloader EEPROM
# BOOTFS /boot
# *** INSTALLING ./pieeprom-2020-06-15.bin ***
# BOOTFS /boot
# EEPROM update pending. Please reboot to apply the update.
reboot
# RPi should come back online after a reboot

Or we use rpi-eeprom-update (see article, at the bottom):

nano -w /etc/default/rpi-eeprom-update
# edit critical to stable
rpi-eeprom-update
rpi-eeprom-update -a

The good thing is that, even if you boot from a Raspbian that does not have /etc/default/rpi-eeprom-update edited to use stable instead of critical, it will not downgrade your eeprom.

Now you can plug in the SD card in an USB-SD card reader, and test if the RPi boots from USB. Note that the SD card might be slower.

RPi booting the SD card from USB (/dev/sda)

All right — so everything is working. I am keeping this SD card to update the eeprom again at a later stage (as the one we flashed is beta). If we use Archlinux or Ubuntu the eeprom update tools won’t be included.

Next step is to flash Raspbian to the USB-SSD.

This screenshot shows Ubuntu, but for the sake of this article, we’ll use Raspbian still. I’m using Etcher to flash.

Boot-up from the USB-SSD.

Errors

In case you are getting an error similar to start4.elf: is not compatible you’ll need to copy paste /boot/start4.elf from a Raspbian that ran rpi-update (i.e. the one from the SD card, or see below).

If you are booting (a fresh) Raspbian, it might complain about cma: Failed to reserve 256 MiB (and several other errors). The solution is running rpi-update.

Boot from the working Raspbian (using the SD card):

# check which drive is your USB-SSD (i.e. using fdisk -l or dmesg). 
# In my case I booted from USB-SD (/dev/sda) and we'll update the new/clean Raspbian on the SSD (/dev/sdb).
#
# First resize the partition, if the system never booted it'll be 1.5Gb and thus not big enough:
# Device     Boot  Start     End Sectors  Size Id Type
# /dev/sdb1         8192  532479  524288  256M  c W95 FAT32 (LBA)
# /dev/sdb2       532480 3620863 3088384  1.5G 83 Linux
fdisk /dev/sdb
# Type the following:
# p (and visually check it all makes sense)
# d
# 2
# n
# Select (default p): p
# Partition number (2-4, default 2): <enter>
# First sector (2048-490234751, default 2048): 532480 (or whichever is the same "start" from the 2nd partition) 
# Last sector, +/-sectors or +/-size{K,M,G,T,P} (532480-490234751, default 490234751): <enter>
# Created a new partition 2 of type 'Linux' and of size 233.5 GiB.
# Partition #2 contains a ext4 signature.
# Do you want to remove the signature? [Y]es/[N]o: n
# p (visually check once again it makes sense, if not you can cancel/quit by typing q)
# w (if it makes sense)
# The last command will write the changes to the partition table and sync all changes. 
# Then we need to check and resize the filesystem:
e2fsck -f /dev/sdb2
resize2fs /dev/sdb2
# If all that worked we can start mounting everything
mkdir /tmp/ssd
mount /dev/sdb2 /tmp/ssd/
mount /dev/sdb1 /tmp/ssd/boot/
mount /proc/ /tmp/ssd/proc/ -t proc
mount --rbind /sys/ /tmp/ssd/sys/
mount --rbind /dev/ /tmp/ssd/dev/
# Once everything is mounted, we're chrooting into the fresh Raspbian running on the SSD
chroot /tmp/ssd/ /bin/bash
# you can double confirm the partition size using:
df -h
# And we update the system. Again, if all this hits stable it might not be needed.
rpi-update
# say "y" when it's asking you to.
# exit the chroot and turn off the device, remove the USB-SD and leave USB-SSD connected. 
exit 
halt

My first reboot the boot process threw errors about failing to mount the root fs.

We’ll need to update /etc/fstab with the correct partuuid.

# Boot from the (USB-)SD card again
# In my case sdb became sda and vice versa, so double check
lsblk
# be sure to select the right disk (the SSD, no the SD)!
mkdir /tmp/ssd
mount /dev/sda2 /tmp/ssd/
# And find the SSD here as well.
# look for the last column, partuuid, something like 
"6f6cc2fb-01"
blkid
nano -w /tmp/ssd/etc/fstab
# edit the existing partuuid's with the ones from blkid
# you'll need to edit both /boot (-01) and / (root, -02).
halt
# When rebooting from the SSD it'll go through a fsck. In my case for some reason it failed and dropped to a shell. I did a manual check and everything was fine. Rebooted and it booted normally... *shrug*

Booting

At this stage booting from the USB-SSD should work just fine. You have a working system booting from USB.

It’s working! Now I can configure my system.

Overclocking

Last thing I’d recommend is getting a bit more juice out of your four cores.

You can quite easily overclock the RPi4 to 2Ghz (per core). It’s a pretty nice boost (~25%) and worth going for. I haven’t seen any heat issues leading to underclocking (throttling back), and everything runs stable. Note that under real circumstances you are unlikely to be running at 100% for extended period of times.

This guide explains how to overclock Raspbian (but the same applies for Ubuntu RPi — I’ll eventually be using Ubuntu as the OS due to its 64 bit support; at the moment Raspbian only supports a 64 bit kernel (beta) and the userland still runs 32 bit. But that’ll be a follow-up article.

The gist of the article is to edit /boot/config.txt and add:

over_voltage=6
arm_freq=2000

Save the file, reboot and monitor temp (echo $((cat /sys/class/thermal/thermal_zone0/temp/1000))) and core frequency (watch -n 1 vcgencmd measure_clock arm) while running stress -c 4 to make sure the cores are running at 100%.

Raspberry Pi 4 running at 2Ghz
Raspberry Pi 4 running at 2Ghz. It never throttled back after running for ~30 minutes.