I spent a while searching for a guide on how to get picoreplayer working over a vpn and couldn't find one. After a bit of trial and error, I managed to get a picoreplayer connecting my home network over a vpn, meaning I can have picloreplayers outside my home network and don't need to open up the LMS ports to the rest of the big bad internet. This post will guide you through setting ups vpn client on your picoreplayer and connecting it to a VPN server on your home network. The set up needs to be done with the picoreplayer connected to your home network directly, once completed you can move it to the remote network on the internet.
My setup is as below:
picoreplayer on raspberry Pi running version 3.10 out on the internet
OpenVpn to connect to my home network
Asus router providing the OpenVpn server.
Mac Mini running LMS inside my home network
First thing to do is configure your VPN server. My Asus router provides this very easily from its web interface. There's a link on the left hand side under advanced settings called VPN:
Then click the OpenVPN button and make sure you are on the VPN server page (not VPN Client). You shouldn't need to set any advanced parameters, just leave everything default and set Enable OpenVPN Server to On:
You'll also need to add a VPN user under the username and password section, for example:
Once thats all done, hit apply and the VPN server should be running. I'm sure more details can be found on the OpenVPN and Asus forums...
To configure the client end of the VPN, you'll need some specific configuration details from the VPN Server. Luckily, Asus routers will generate all this for you. Click the big export button and you should download an .opvn configuration file. Save this as we'll use the details when configuring the VPN client on the picoreplayer.
Now it's time to get picoreplayer ready to run a VPN client:
On the web interface, click the advanced tab at the bottom, this allows us to easily install some extensions we need:
Then click the extensions button to take you to the extensions page. You want to make sure the Official piCore repository is selected under the Set extension repository section. If not, change to this and click set:
You want to install two extensions:
- ntp.tcz
- openvpn.tcz
Select each in turn and click load. This will install the ntp client (needed to make sure the time on picoreplayer is right - if it isn't the openvpn client won't connect) and the openvpn client.
With both of these installed, it's time to switch to the command line and configure the VPN Client.
Login on to your picloreplayer using ssh (use PuTTY on windows or just the command prompt on Linux/MacOs). You'll need to know the IP address of your picoreplayer on your home network.
Once logged on, create a directory in the tc user's home directoy called openvpn"
In this directory you need to create 5 files:Code:cd /home/tc/ mkdir openvpn cd openvpn
ca.crt
In this file, paste in all the text between the <ca> and </ca> tags from the .ovpn file saved from the router.
client.crt
In this file, paste in all the text between the <cert> and </cert> tags from the .ovpn file saved from the router.
client.key
In this file, paste in all the text between the <key> and </key> tags from the .ovpn file saved from the router.
up
In this file, put the username and password created on the server openvpn page on your router, one per line. For example:
client.confCode:exampleUser examplePassword
In here goes all the other config you haven't yet used from the generated .ovpn file. One change you must make is to add "up" after auth-user-pass. My client.conf is below (your remote hostname will be different, the port should be the same)
Now we must create a backup of the files we created, otherwise they will all be lost when picoreplayer reboots (I learnt this the hard way after re-typing the config multiple times :-())Code:client dev tun proto udp remote example.hostname.com 1194 float comp-lzo adaptive keepalive 15 60 auth-user-pass /home/tc/openvpn/up ns-cert-type server resolv-retry infinite nobind
All the command line stuff is done now so you can log out.Code:/usr/local/sbin/pcp bu [ INFO ] Backing up files to /mnt/mmcblk0p2/tce/mydata.tgz| Done. [ OK ] Backup successful.
The last step is to have picoreplayer set the date and time through ntpdate and then start the openvpn client at boot. This can all be done through the web interface. On the TWEAKS page, find the section near the end called User commands.
In the first box, type:
In the second box type:Code:sudo ntpdate pool.ntp.org
click save.Code:sudo openvpn --ca /home/tc/openvpn/ca.crt --cert /home/tc/openvpn/client.crt --key /home/tc/openvpn/client.key --config /home/tc/openvpn/client.conf
That's it, when your picoreplayre reboots it will set the date and time correctly then connect to your vpn server, thus presenting itself on your local home network and connect to your LMS.
The only additional step you might need (depending on if your vpn will allow the discovery service used by LMS) is to manually set the IP address of LMS in the picoreplayer web interface. This can be done on the Squeezelite Settings page in the LMS IP field.
Results 1 to 10 of 15
Thread: Running picoreplayer over a VPN
-
2017-01-31, 05:04 #1
- Join Date
- Feb 2008
- Posts
- 56
Running picoreplayer over a VPN
-
2017-01-31, 14:52 #2
hi odw199,
Great write up, thanks for your time and effort.
I was wondering about what you said about ntp. piCorePlayer does do a ntp to set the time on boot. During development we sync changed files, so if the time isn't set correctly we would know fairly quickly.
See [Main Page] in [Beta] mode > [Diagnostics] > [Boot]
Then scroll down to /usr/bin/getTime.sh
The [Boot] page shows the boot process.
regards
Greg
-
2017-01-31, 15:15 #3
- Join Date
- Feb 2008
- Posts
- 56
The ntp requirement came from one instance when my pi booted up with the date set to 1st Jan (presumably 1972 - I didn't check). It had been unpowered for a while so sensible to assume the clock had reset. This prevented openvpn from connecting as it saw the certificates as not yet being valid.
Could user command 1 execute before the built in time sync?
-
2017-01-31, 15:48 #4
The [Boot] page shows the order that processes are run. So User commands (in do_rebootstuff.sh) are run after settime/getTime. But I just realised, the response from crond showing the time has been set comes up 10 or 15 seconds after the "Setup piCorePlayer complete".
I do see on the odd occasion the time displayed on the web interface showing epoch instead of the correct time. I have assumed this is due to the fact that we can fire up the web interface before the ntp has completed setting the time. A refresh shows the correct date.
Some of the startup commands are backgrounded, so commands can sometimes run before others have completed.
Code:/usr/sbin/ntpd -q -p pool.ntp.org
Maybe a wait 5; before the openvpn command. If you like scripting, a wait loop checking that the time is not epoch before proceeding.
I am just trying to eliminate one download and an extra command.
Again, thanks for doing this.
regards
GregLast edited by Greg Erskine; 2017-01-31 at 15:53.
-
2017-02-04, 02:54 #5
- Join Date
- Feb 2008
- Posts
- 56
I'll see if I can eliminate the ntp requirement, but as I have a working implementation it'll be a while before I fiddle with it
-
2017-02-04, 04:01 #6
I have never needed to do anything "extra" from the standard Pcp as regards NTP
I wrote a script that starts the VPN and checks the VPN connection every 10 minutes. It restarts OpenVPN if the remote network cannot be contacted.
Code:#!/bin/sh sudo openvpn --config /home/tc/openvpn/config.conf & VPNTest() { #Check if the VPN is already being tested if [ -f /home/tc/TestingVPN ]; then echo "VPN is already being tested" else touch /home/tc/TestingVPN # Get Local network address homenet=$(/sbin/ifconfig | grep -Eo 'inet (addr:)?([0-9]*\.){3}[0-9]*' | grep -Eo '([0-9]*\.){2}[0-9]*' | grep -v '127.0.0') # Choose a host on the remote network testhost=192.168.5.2 # If we can ping the host remote network then the VPN is up if [ "$homenet" != "192.168.5" ]; then count=$(ping -c 4 $testhost | grep 'received' | awk -F',' '{ print $2 }' | awk '{ print $1 }') if [ $count -eq 4 ]; then hostup=yes echo "VPN is UP" else echo "VPN is DOWN" echo "Restarting OpenVPN" sudo killall -HUP openvpn & sleep 20 count=$(ping -c 4 $testhost | grep 'received' | awk -F',' '{ print $2 }' | awk '{ print $1 }') if [ $count -eq 4 ]; then echo "VPN is now up" else echo "VPN is still down will try again next time this script is run" fi fi else # If we happen to be on the remote network without VPN echo "We're Home !" fi rm -f /home/tc/TestingVPN fi } while true do VPNTest sleep 600 done
Code:/home/tc/Startvpn.sh
-
2017-02-04, 04:03 #7
-
2020-10-05, 02:09 #8
Possible via L2tp?
Thanks a lot for your efforts investigating this!
I have a ubiquity router already configured as L2tp server, and looking at the article to set it up for open vpn scares me...
What would one need to do to setup and configure an L2tp client on picoreplayer?
Main system: Syno 415+ -> Roon server on Intel NUC -> Bricasti M1 DAC -> Karan KAL reference mkIII-> 2x Karan KAM 900 -> Usher BE20 DMD. All powered from PS Audio P10.
Office system: Syno 415+ -> Roon server on Intel NUC -> Raspberry pi with Rooopi -> Burson Audio Conductor V2+ -> Hifiman Edition X
Remote system: LMS on Syno 415+ -> piCorePlayer with Audiophonics DAC -> Monitor Audio Silver 100
-
2020-10-05, 02:21 #9
Or use ZeroTier.
https://zerotier.atlassian.net/wiki/...+with+ZeroTierSB Touch optical to Hegel H90, Speakers Larsen 4.2
Spare SB3
AirPlay Bridge to Audio Pro A10
Squeezelite-x connected to home LMS with ZeroTier One.
SB Radio
ReadyNAS 202
iPeng
-
2021-01-05, 12:44 #10
- Join Date
- Dec 2017
- Location
- PARIS, Fr
- Posts
- 212
Hello
I would like to use Picoreplayer on Raspberry in remote location by using openvpn.
But i can not find openvpn.tcz in the repository.
Is there a way to manually install this?
Thank You
PommesThe Earth Has Music For Those Who Listen