OpenVPN for Mikrotik client

From this setup for OpenVPN Server on Ubuntu 16.04..

We need to unbolt some of the security features of the server config for Mikrotik compatibility.

I guess this isn’t explained in bright colours on their wiki examples cos they’re not proud of not being up with latest crypto. Which is more annoying cos it took a day, where as getting the server online took 20 minutes on a digital ocean instructional.

Continue reading “OpenVPN for Mikrotik client”

OpenVPN Server on Ubuntu 16.04

Following this guide.

NOTE 1: In the part where they edit /etc/openvpn/server.conf

I edited the server directive to read:
server 192.168.155.0 255.255.255.0

then my UFW rules are

# START OPENVPN RULES
# NAT table rules
*nat
:POSTROUTING ACCEPT [0:0]
# Allow traffic from OpenVPN client to ens3 (change to the interface you discovered!)
-A POSTROUTING -s 192.168.155.0/24 -o ens3 -j MASQUERADE
COMMIT
# END OPENVPN RULES
Continue reading “OpenVPN Server on Ubuntu 16.04”

Beaumast Part 2

The main challenge installing guy wires onto a tiled roof was how to make anchor points. I went to a local antenna supplier and they told me the usual method is with these long self tapping o-ring bolts. So that’s what I did, it was much easier than I expected.

I used a diamond hole saw from eBay to make 2 holes in the roof tiles, and made use of an existing satellite dish mast for the final mounting point. I used threaded rod to attach a tapped o ring (or whatever you call it) to the satellite mast. Using a wet finger I was able to mold silicon around the anchor bolts in the roof tiles.

Part 1 ->

From my understanding it’s better to be earthed than not… I tried running conduit through this cement path using only an angle grinder and a chisel. This would have taken waay too long. Ended up buying a jack-hammer from gumtree (cheaper than renting). The second earth wire is from a UBNT Ethernet protector in the roof-space. This goes to a separate earth rod a small distance from the mast earth rod.

Project Secure Backup. Part 6

I moved the project to some acrylic in what is possibly the final stage for the project.While I thought the software reset for the Ethernet chip would suffice for connection problems, it appears this isn’t the case. I’ll try reprogramming the chip with an interrupt reboot for the main program loop, currently the device isn’t sending info to ThingSpeak.

Once the code is running smoothly (for at least a week) I’ll add email notifications. In the future I won’t use this Ethernet chip, there is a similarly priced chip I have which is much more capable.

Continue reading “Project Secure Backup. Part 6”

Hardware shutdown switch for RPi

Sometimes I need to power off one of my Raspberry Pis, and since I run these computers headless, going to a remote SSH terminal to issue a shutdown command can be extra work. I saw a webpage mentioning using a simple 2 pin jumper to initiate a shutdown script for the Pi. So that’s what I did (green tab on the GPIO pins), I chose python due to the wait_for_edge function.

This script will shutdown the RPi when the tab is pulled. Strangely the RPi will boot if you plug the jumper back in after it has shutdown, or if you pull it out after it has completed shut down (putting it back before it has completed shutting down). If there is no jumper in during boot, then the script will close.

#!/usr/bin/env python
#note crontab for superuser required a new PATH variable as here http://unix.stackexchange.com/questions/43392#answer-43394
import subprocess
try:
 import RPi.GPIO as GPIO
except RuntimeError:
 print("Error importing RPi.GPIO! This is probably because you need superuser privileges. You can achieve this by using 'sudo' to run your script")

#http://raspberrypi.stackexchange.com/questions/12966/what-is-the-difference-between-board-and-bcm-for-gpio-pin-numbering
GPIO.setmode(GPIO.BOARD)
GPIO.setup(5, GPIO.IN) #Hardware Pullup on this pin..

ShutdownCommand = ['shutdown', '-h', 'now', '"System halted by GPIO action"']

if GPIO.input(5) == 0:
 #run script waiting for jumper removal
 GPIO.wait_for_edge(5, GPIO.RISING)
 GPIO.remove_event_detect(5)
 KillProcess = subprocess.Popen(ShutdownCommand, stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
 MountData, MountError = KillProcess.communicate()
 GPIO.cleanup() 
else:
 GPIO.cleanup()

Then I simply added this script to the bottom of my root crontab (sudo crontab -e) to run at reboot:

@reboot python /usr/local/sbin/ShutdownJumper.py

Monitoring RPi Temp and CPU with Thingspeak

I made the following python script to update CPU Temperature and 5 minute average CPU load of my RPi to Thingspeak:

#!/usr/bin/env python
import subprocess
import httplib, urllib

GetTempCommand = "cat /sys/class/thermal/thermal_zone0/temp"
GetCPUCommand = "cat /proc/loadavg"

GetTempProcess = subprocess.Popen(GetTempCommand.split(), stdout=subprocess.PIPE)
GetTempOutput = GetTempProcess.communicate()[0]
Temp = float(GetTempOutput) / 1000
#print Temp
GetCPUProcess = subprocess.Popen(GetCPUCommand.split(), stdout=subprocess.PIPE)
GetCPUOutput = GetCPUProcess.communicate()[0]
CPU = GetCPUOutput.split()
#print CPU[1]

params = urllib.urlencode({'field1': CPU[1],'field2': Temp, 'key':'######'})     # use your API key generated in the thingspeak channels for the value of 'key'
# temp is the data you will be sending to the thingspeak channel for plotting the graph. You can add more than one channel and plot more graphs
headers = {"Content-typZZe": "application/x-www-form-urlencoded","Accept": "text/plain"}
conn = httplib.HTTPConnection("api.thingspeak.com:80")                
try:
    conn.request("POST", "/update", params, headers)
    response = conn.getresponse()
    data = response.read()
    conn.close()
except:
    print "connection failed"

The script is run every 5 mins using cron ($ crontab -e):

*/5 * * * * python "/home/ubuntu/logging/TempCPUtoThingspeak.py"

I borrowed some script from here and here.