Home of the Squeezebox™ & Transporter® network music players.
Page 1 of 2 12 LastLast
Results 1 to 10 of 15
  1. #1

    Running picoreplayer over a VPN

    I spent a while searching for a guide on how to get picoreplayer working over a vpn and couldn't find one. After a bit of trial and error, I managed to get a picoreplayer connecting my home network over a vpn, meaning I can have picloreplayers outside my home network and don't need to open up the LMS ports to the rest of the big bad internet. This post will guide you through setting ups vpn client on your picoreplayer and connecting it to a VPN server on your home network. The set up needs to be done with the picoreplayer connected to your home network directly, once completed you can move it to the remote network on the internet.

    My setup is as below:

    picoreplayer on raspberry Pi running version 3.10 out on the internet
    OpenVpn to connect to my home network
    Asus router providing the OpenVpn server.
    Mac Mini running LMS inside my home network

    First thing to do is configure your VPN server. My Asus router provides this very easily from its web interface. There's a link on the left hand side under advanced settings called VPN:
    Name:  Screen Shot 2017-01-31 at 8.13.49 AM.png
Views: 1416
Size:  82.5 KB

    Then click the OpenVPN button and make sure you are on the VPN server page (not VPN Client). You shouldn't need to set any advanced parameters, just leave everything default and set Enable OpenVPN Server to On:
    Name:  vpnserver.png
Views: 1172
Size:  79.0 KB

    You'll also need to add a VPN user under the username and password section, for example:
    Name:  vpn users.png
Views: 1165
Size:  68.6 KB

    Once thats all done, hit apply and the VPN server should be running. I'm sure more details can be found on the OpenVPN and Asus forums...

    To configure the client end of the VPN, you'll need some specific configuration details from the VPN Server. Luckily, Asus routers will generate all this for you. Click the big export button and you should download an .opvn configuration file. Save this as we'll use the details when configuring the VPN client on the picoreplayer.

    Now it's time to get picoreplayer ready to run a VPN client:

    On the web interface, click the advanced tab at the bottom, this allows us to easily install some extensions we need:
    Name:  pcp advanced.png
Views: 1166
Size:  95.5 KB

    Then click the extensions button to take you to the extensions page. You want to make sure the Official piCore repository is selected under the Set extension repository section. If not, change to this and click set:
    Name:  pcpextensions.png
Views: 1163
Size:  27.7 KB

    You want to install two extensions:
    1. ntp.tcz
    2. openvpn.tcz


    Select each in turn and click load. This will install the ntp client (needed to make sure the time on picoreplayer is right - if it isn't the openvpn client won't connect) and the openvpn client.

    With both of these installed, it's time to switch to the command line and configure the VPN Client.

    Login on to your picloreplayer using ssh (use PuTTY on windows or just the command prompt on Linux/MacOs). You'll need to know the IP address of your picoreplayer on your home network.

    Once logged on, create a directory in the tc user's home directoy called openvpn"
    Code:
    cd /home/tc/
    mkdir openvpn
    cd openvpn
    In this directory you need to create 5 files:

    ca.crt
    In this file, paste in all the text between the <ca> and </ca> tags from the .ovpn file saved from the router.

    client.crt
    In this file, paste in all the text between the <cert> and </cert> tags from the .ovpn file saved from the router.

    client.key
    In this file, paste in all the text between the <key> and </key> tags from the .ovpn file saved from the router.

    up
    In this file, put the username and password created on the server openvpn page on your router, one per line. For example:
    Code:
    exampleUser
    examplePassword
    client.conf
    In here goes all the other config you haven't yet used from the generated .ovpn file. One change you must make is to add "up" after auth-user-pass. My client.conf is below (your remote hostname will be different, the port should be the same)
    Code:
    client
    dev tun
    proto udp
    remote example.hostname.com 1194
    float
    comp-lzo adaptive
    keepalive 15 60
    auth-user-pass /home/tc/openvpn/up
    ns-cert-type server
    resolv-retry infinite
    nobind
    Now we must create a backup of the files we created, otherwise they will all be lost when picoreplayer reboots (I learnt this the hard way after re-typing the config multiple times :-())
    Code:
    /usr/local/sbin/pcp bu
    [ INFO ] Backing up files to /mnt/mmcblk0p2/tce/mydata.tgz|
    Done.
    [ OK ] Backup successful.
    All the command line stuff is done now so you can log out.

    The last step is to have picoreplayer set the date and time through ntpdate and then start the openvpn client at boot. This can all be done through the web interface. On the TWEAKS page, find the section near the end called User commands.

    In the first box, type:
    Code:
    sudo ntpdate pool.ntp.org
    In the second box type:
    Code:
    sudo openvpn --ca /home/tc/openvpn/ca.crt --cert /home/tc/openvpn/client.crt --key /home/tc/openvpn/client.key --config /home/tc/openvpn/client.conf
    click save.

    That's it, when your picoreplayre reboots it will set the date and time correctly then connect to your vpn server, thus presenting itself on your local home network and connect to your LMS.

    The only additional step you might need (depending on if your vpn will allow the discovery service used by LMS) is to manually set the IP address of LMS in the picoreplayer web interface. This can be done on the Squeezelite Settings page in the LMS IP field.

  2. #2
    Senior Member Greg Erskine's Avatar
    Join Date
    Sep 2006
    Location
    Sydney, Australia
    Posts
    2,178
    hi odw199,

    Great write up, thanks for your time and effort.

    I was wondering about what you said about ntp. piCorePlayer does do a ntp to set the time on boot. During development we sync changed files, so if the time isn't set correctly we would know fairly quickly.

    See [Main Page] in [Beta] mode > [Diagnostics] > [Boot]
    Then scroll down to /usr/bin/getTime.sh

    The [Boot] page shows the boot process.

    regards
    Greg

  3. #3
    The ntp requirement came from one instance when my pi booted up with the date set to 1st Jan (presumably 1972 - I didn't check). It had been unpowered for a while so sensible to assume the clock had reset. This prevented openvpn from connecting as it saw the certificates as not yet being valid.

    Could user command 1 execute before the built in time sync?

  4. #4
    Senior Member Greg Erskine's Avatar
    Join Date
    Sep 2006
    Location
    Sydney, Australia
    Posts
    2,178
    Quote Originally Posted by odw199 View Post
    The ntp requirement came from one instance when my pi booted up with the date set to 1st Jan (presumably 1972 - I didn't check). It had been unpowered for a while so sensible to assume the clock had reset. This prevented openvpn from connecting as it saw the certificates as not yet being valid.

    Could user command 1 execute before the built in time sync?
    The [Boot] page shows the order that processes are run. So User commands (in do_rebootstuff.sh) are run after settime/getTime. But I just realised, the response from crond showing the time has been set comes up 10 or 15 seconds after the "Setup piCorePlayer complete".

    I do see on the odd occasion the time displayed on the web interface showing epoch instead of the correct time. I have assumed this is due to the fact that we can fire up the web interface before the ntp has completed setting the time. A refresh shows the correct date.

    Some of the startup commands are backgrounded, so commands can sometimes run before others have completed.

    Code:
    /usr/sbin/ntpd -q -p pool.ntp.org
    This is the standard command to set the time (maybe with sudo).

    Maybe a wait 5; before the openvpn command. If you like scripting, a wait loop checking that the time is not epoch before proceeding.

    I am just trying to eliminate one download and an extra command.

    Again, thanks for doing this.

    regards
    Greg
    Last edited by Greg Erskine; 2017-01-31 at 15:53.

  5. #5
    I'll see if I can eliminate the ntp requirement, but as I have a working implementation it'll be a while before I fiddle with it

  6. #6
    Senior Member Jeff07971's Avatar
    Join Date
    Aug 2011
    Location
    London, England
    Posts
    1,591
    Quote Originally Posted by odw199 View Post
    I'll see if I can eliminate the ntp requirement, but as I have a working implementation it'll be a while before I fiddle with it
    I have never needed to do anything "extra" from the standard Pcp as regards NTP

    I wrote a script that starts the VPN and checks the VPN connection every 10 minutes. It restarts OpenVPN if the remote network cannot be contacted.

    Code:
    #!/bin/sh
    
    sudo openvpn --config /home/tc/openvpn/config.conf &
    
    VPNTest() {
    
    #Check if the VPN is already being tested
    
      if [ -f /home/tc/TestingVPN ]; then
        echo "VPN is already being tested"
      else
    
      touch /home/tc/TestingVPN
    
    # Get Local network address
    
      homenet=$(/sbin/ifconfig | grep -Eo 'inet (addr:)?([0-9]*\.){3}[0-9]*' | grep -Eo '([0-9]*\.){2}[0-9]*' | grep -v '127.0.0')
    
    # Choose a host on the remote network
    
      testhost=192.168.5.2
    
    # If we can ping the host remote network then the VPN is up
    
        if [ "$homenet" != "192.168.5" ]; then
            count=$(ping -c 4 $testhost | grep 'received' | awk -F',' '{ print $2 }' | awk '{ print $1 }')
              if [ $count -eq 4 ]; then
                hostup=yes
              echo "VPN is UP"
              else
            
              echo "VPN is DOWN"
              echo "Restarting OpenVPN"
            
        sudo killall -HUP openvpn &
              
              sleep 20
              count=$(ping -c 4 $testhost | grep 'received' | awk -F',' '{ print $2 }' | awk '{ print $1 }')
                if [ $count -eq 4 ]; then
                echo "VPN is now up"
                else
                echo "VPN is still down will try again next time this script is run"
                fi
          fi		
    	  else
    # If we happen to be on the remote network without VPN
    
          echo "We're Home !"
        fi
    
    rm -f /home/tc/TestingVPN
    
      fi
    }
      
    while true
      do
        VPNTest
        sleep 600
      done
    I added this to user command 1

    Code:
    /home/tc/Startvpn.sh
    Seems to work fine

    Want a webapp ? Get SqueezeLite-X ! https://forums.slimdevices.com/showt...l=1#post903953

  7. #7
    Senior Member Jeff07971's Avatar
    Join Date
    Aug 2011
    Location
    London, England
    Posts
    1,591
    Quote Originally Posted by odw199 View Post
    The ntp requirement came from one instance when my pi booted up with the date set to 1st Jan (presumably 1972 - I didn't check). It had been unpowered for a while so sensible to assume the clock had reset. This prevented openvpn from connecting as it saw the certificates as not yet being valid.

    Could user command 1 execute before the built in time sync?
    There is no RTC on the Pi, the clock needs to be set everytime the Pi boots

    Want a webapp ? Get SqueezeLite-X ! https://forums.slimdevices.com/showt...l=1#post903953

  8. #8
    Senior Member Linvincible's Avatar
    Join Date
    Aug 2014
    Location
    Switzerland
    Posts
    106

    Possible via L2tp?

    Thanks a lot for your efforts investigating this!
    I have a ubiquity router already configured as L2tp server, and looking at the article to set it up for open vpn scares me...
    What would one need to do to setup and configure an L2tp client on picoreplayer?

    Quote Originally Posted by odw199 View Post
    I spent a while searching for a guide on how to get picoreplayer working over a vpn and couldn't find one. After a bit of trial and error, I managed to get a picoreplayer connecting my home network over a vpn, meaning I can have picloreplayers outside my home network and don't need to open up the LMS ports to the rest of the big bad internet. This post will guide you through setting ups vpn client on your picoreplayer and connecting it to a VPN server on your home network. The set up needs to be done with the picoreplayer connected to your home network directly, once completed you can move it to the remote network on the internet.
    [...]
    Main system: Syno 415+ -> Roon server on Intel NUC -> Bricasti M1 DAC -> Karan KAL reference mkIII-> 2x Karan KAM 900 -> Usher BE20 DMD. All powered from PS Audio P10.
    Office system: Syno 415+ -> Roon server on Intel NUC -> Raspberry pi with Rooopi -> Burson Audio Conductor V2+ -> Hifiman Edition X
    Remote system: LMS on Syno 415+ -> piCorePlayer with Audiophonics DAC -> Monitor Audio Silver 100

  9. #9
    Senior Member bernt's Avatar
    Join Date
    Aug 2005
    Location
    Sweden, Kalmar
    Posts
    834
    SB Touch optical to Hegel H90, Speakers Larsen 4.2
    Spare SB3
    AirPlay Bridge to Audio Pro A10
    Squeezelite-x connected to home LMS with ZeroTier One.
    SB Radio
    ReadyNAS 202
    iPeng

  10. #10
    Senior Member
    Join Date
    Dec 2017
    Location
    PARIS, Fr
    Posts
    202
    Hello
    I would like to use Picoreplayer on Raspberry in remote location by using openvpn.
    But i can not find openvpn.tcz in the repository.
    Is there a way to manually install this?

    Thank You
    Pommes
    The Earth Has Music For Those Who Listen

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •