So more recently I have started to make use of Cloud based systems, VPN’s, Web Services / Servers etc. One of the things I have wanted to build for a while is a portable Router / WiFi hub that can support a VPN connection.

There has recently been a lot of published warnings about people being exposed while surfing the internet at cafes or other public WiFi hot spots.

The idea of this project is to make use of a Raspberry PI, a second Ethernet Dongle, a Wifi Dongle and a VPN connection. One of the Raspberry Pi’s Ethernet sockets plugs into the public internet while the other (and soon to come WiFi Access Point) acts as its own private network, tunneling all data to the internet via a VPN connection.

Below are some of my notes about how I have build a Raspberry PI, VPN secured Router:

Raspberry Pi VPN Router Config

eth0 (on the PI) connected to the internal network
eth1 (USB to Ethernet) connected to the internet / network
tun0 The VPN Tunnel created when the PI connects to the VPN server
wlan0 (Usb to Wifi) Not Configured

Start with a NEW blank image of Raspberry ArmHF from http://www.raspberrypi.org/downloads

The first thing you should do is run:

sudo apt-get update && sudo apt-get install ca-certificates

which will update and upgrade your PI’s base image and also install certificates information

Once all the updates and installs have taken place we need to reboot the pi:

Sudo shutdown now -r

From here we need to configure all the network interfaces 1st
Then configure the VPN, test the vpn, and then install all the packages to make the Pi into a VPN’ed Router

To configure the network interfaces we need to edit the following file:

/etc/network/interfaces to do this we will use nano:

sudo nano /etc/network/interfaces

To keep things flexible and easy to manage we will want the INTERNET facing ethernet socket to be a DHCP Client, remember this is the USB to Ethernet port (eth1). We want the INTERNAL facing Ethernet socket (On the Pi, eth0) to be static and issue out IP addresses to connected computers. When the VPN connection goes live we will link the Eth0 to Tun0 so that all data traffic from Eth0 goes via the VPN connection.

Inside /etc/network/interfaces we need to add the following (removing the old data):


# interfaces(5) file used by ifup(8) and ifdown(8)

auto lo
iface lo inet loopback

#Onboard NIC connecting to the Internal Network
auto eth0
iface eth0 inet static
address 192.168.50.1
netmask 255.255.255.0
network 192.168.50.0
broadcast 192.168.50.255
gateway 192.168.50.1
#USB NIC serving as internet gateway
auto eth1
iface eth1 inet dhcp

Save the file and close the editor, as it stands now, your file has been saved but not loaded. You can load the file by either rebooting the PI or rebooting networking interfaces:

sudo /etc/init.d/networking restart

You can either do this now or in my case, wait and install all packages needed and then give the system a reboot to load everything in one go.
From here we need to install the following tools:

bind9 isc-dhcp-server perl libnet-ssleay-perl openssl openvpn libauthen-pam-perl libpam-runtime libio-pty-perl libdigest-md5-perl apt-show-versions libapt-pkg-perl this is done by:

sudo apt-get install bind9 isc-dhcp-server perl libnet-ssleay-perl openssl openvpn libauthen-pam-perl libpam-runtime libio-pty-perl libdigest-md5-perl apt-show-versions libapt-pkg-perl

Installing the VPN Tunnel:
With OpenVPN installed we can load our provided .OVPN file. This will have been generated (or provided from your VPN provider) by your server and needs to be loaded into:

/etc/openvpn/

In my case, i have the file loaded on an internal webserver so I just issue the commands:

cd /etc/openvpn/

sudo wget http://server.local/files/PI_VPN.ovpn

This downloads the .ovpn file to the directory, now we need to edit the file’s name so that OpenVPN picks it up on the next reload.

sudo mv PI_VPN.ovpn openvpn.conf

Now you need to reboot the VPN Server to pick up the new settings:

sudo /etc/init.d/openvpn restart

Installing the Router section:
Now we need to edit the DHCP server config details so that when users connect to the PI it will issue a DHCP address and resolve DNS Queries.

sudo nano /etc/dhcp/dhcpd.conf

As we want this DHCP server to have command of the IP network we need to make it authoritative, so you need to find and remove the # uncommenting out the following line:

# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
authoritative;

Now we need to add a new subnet to the network:

subnet 192.168.50.0 netmask 255.255.255.0 {
range 192.168.50.10 192.168.50.250;
option broadcast-address 192.168.50.255;
option routers 192.168.50.1;
default-lease-time 600;
max-lease-time 7200;
option domain-name “local”;
option domain-name-servers 8.8.8.8, 8.8.4.4;
}

This sets the reference IP range from 192.168.50.10 to 192.168.50.250 – more than enough for a small local network.
The networks domain is called ‘local’ you can also change this to anything you want ie home

Ive also appended the DNS Settings for Google’s Domain servers to this note, this means any DNS lookups perfomed by the PI will resolve against Google and not your ISP. If your using a custom DNS Server this is the place to change the information to reflect this.

Now Save the file and exit.

You can reboot the DHCP Service by typing in:

sudo /etc/init.d/isc-dhcp-server restart

You should recieve two OK messages.

If you have more than one device connected to your (new) internal network you should be able to ping them by typing in:

Ping 192.168.50. 55 (assuming your ping’ing device has an IP of 192.168.50.55) but it wont allow you to connect out to the wider world just yet.

Now we need to edit the IP Tables of the PI, to allow the forwarding of traffic from the VPN gateway into the internal network.

To do this type:

sudo echo 1 > /proc/sys/net/ipv4/ip_forward

which will allow the forwarding of IPV4 IP traffic, we also need to edit:

sudo nano /etc/sysctl.conf

and uncomment out (remove the #) around the line:

# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1

Save the file and exit.

Now we need to edit the IP Tables rules to allow for traffic. Type in:

iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE

Unfortunately, due to the nature of IP Tables if the PI looses power, it will reset it the IP tables back, loosing all your settings (not handy if you plan on moving the PI about) so we need to now backup and save your new settings.
This is done by saving your IP Tables as a rule file:

sudo iptables-save > /etc/iptables.up.rules

You can call the saved file anything you like, but it helps to keep things organised.
Now we need to create and edit a script to load the IP Tables Rule file:

sudo nano /etc/network/if-pre-up.d/iptables

and insert:

#!/bin/sh
#This script restores iptables upon reboot

iptables-restore < /etc/iptables.up.rules

exit 0

Now we need to edit the ownership & permissions of this file so it will run on boot:

sudo chown root:root /etc/network/if-pre-up.d/iptables && sudo chmod +x /etc/network/if-pre-up.d/iptables && sudo chmod 755 /etc/network/if-pre-up.d/iptables

You should now be able to reboot your PI as much as you like and it will retain all your data settings! (YaY).

Its worth giving your PI a reboot now, Given all the things you have now loaded onto the PI you will need to give it a reboot to get it going properly.

Following on from my previous post (see post), concerning the unboxing of an Android based Mini GPS tracker, I’ve finally cracked how it works and what you need to do, the below is a review and how-to on my successes with the device so far;

For starters the Tracker is tiny:

Operation is relatively simple; I’m using a prepaid SIM card which you simply slot into the SIM card slot, once fully inserted the Tracker activates and a red light illuminates for about 10 seconds.

Initially my tracker did nothing, I spent the morning trying to see if it was a SIM card fault, the number not being activated or the tracker itself. Eventually I came to the conclusion that all things network related were fine and began to lose confidence in the Tracker.

THEN: It sprung into life. Out of no-where the tracker started responding to SMS commands and if I were to ring the device it would answer and I could hear the surrounding – very interesting.

Points to note:

‘GPS’ & ‘DW’ commands appear to do the same thing, but not what I was expecting.

I was expecting a raw output of GPS Lat and Long Co-ordinates from the Tracker, something in a raw easy to use format would have been nice… but alas I was presented with this:

Not being able to read the Chinese I don’t know what it says but a quick copy and paste of the characters into Google Translate reveals ‘View image URL’ so now we know that the device is using some kind of 3rd party mechanism to present the users with a picture of a map centered around the GPS co-ordinates.

It would have been nice to have raw GPS data, particularly as the URL your forwarded too doesn’t seem to work and auto directs to another web server which isn’t currently working.  Given that this device is (hopefully) Android based their might be an option to reprogram the tracker? –don’t hold your breath.

A quick few Google searches reveal a few others are having the same issues – both with the web server as well as the lack of any kind of good quality support from the sellers. Below is a link to a seller who appears to be communicating:

http://club.dx.com/forums/forums.dx/threadid.1261336

A few months back I ordered from a ‘Made in China’ website a small GPS / GSM tracking device, the device sounded pretty interesting – tho not in a stalkerish way!

Devices like this have been speculated about for many years and indeed used by various governments of the world for years. But more recently companies and individuals have taken to using the devices.

From a data perspective devices like this can serve a greater good. The tracking of a elderly loved one serves a useful purpose and backed up by SOS buttons its very easy to see benefit from something like this.

I had previously investigated building something like this in the past as an experiment so I was intrigued to see what an official product did and looked like. Plus being only $15USD inc. shipping it didnt break the bank.

Boxed:

Its clear to see how small the tracker is:

Technologically it features an ARM A8 Processor (hence the name Mini A8) which is one of the chipsets being produced in the millions out in China. This processor is able to run Googles ‘Android’ operating system so being able to program and interact with the tracker should be quite easy..

The instructions on the other hand are a different matter… While the Chinese are very good at many things, technical translation is not one of them.

eg “before using the new machine should be filled with electricity, in order to achieve the best effort”

So this is a ‘rough’ Chinglish to English translation guide on how to operate the A8 Mini Tracker

Mini A8 Android GPS / GSM Tracker English Users Guide.

This product uses the latest technology produced from Taiwan. Small yet mighty, It features a long battery life, simple easy to use, stable operation and easy installation.

While the device has a range of uses, the top uses are: Monitoring and support of elderly / cared for individuals, vehicle and logistics tracking as well as individual location tracking.

Powering ON: The device is powered on, once a SIM card has been inserted into the SIM tray. Turning the device over (Android face down) slide the cover back to reveal the SIM tray.

Once a SIM card has been inserted the system will begin its boot process. You will see a light illuminate for approximately 10 seconds. Once this light has been extinguished replace the cover.

Environmental Monitoring:  You can use the tracker’s onboard Mic to listen to the surrounding environment. To do this simply dial the number connected to the SIM you inserted, the tracker should answer and after approximately 5 seconds you should be able to hear up to approximately 10 meters from the tracker.

Sound Controlled Call Back: One advantage of the A8 that It can ring you when when noise around the device exceeds 45 DB. To configure this, ring from the phone you wish to the A8 to call you, once connected to the tracker wait 3 seconds and then hang up.

This feature can be turned off by sending an SMS text of ‘0000’ to the phone number of the A8. You can also turn this feature back on again by sending an SMS of ‘1111’ to the A8’s number.

GPS Positioning: In CAPITALS send an SMS message of either ‘DW’ or ‘GPS’ to the A8′. After a few minutes the A8 will respond with the GPS co-ordinates.

SOS Emergency Call: From the phone you wish to receive SOS calls from. Send in CAPITALS an SMS with the words ‘SOS’. After 3 seconds press the SOS button on the A8 to test this functionality. The indicator should flash and the phone should ring.

The Mini A8 GPS/ GSM Tracker operates at frequencies of: GSM 850/900/1800/1900MHz

Notices:

Before initial use, please ensure you fully charge the device, A 5.0V Power supply has been supplied however any 5.0VDC power source will work.

If your not able to interact with the A8 Device try removing the SIM card, reinserting and recharging before next use.

and finally my favourite quote of the manual:

“this product is forbidden for illegal purposes, Otherwise your peril.”

Recently I was approached by a a friend of mine who’s PC had been Hi-Jacked by a Virus.

The program was incredibly complex, pretending to be an official warning from the police that this PC had been used for all number of illegal activities such as hacking, malicious photo distribution and had been locked. The program demanded money in the form of a Credit Card or other payment method before it would unlock and function again.

UNDER NO CIRCUMSTANCES GIVE YOUR CREDIT CARD DETAILS

Programs like this, much like email spam are in no way official.

The immediate action to take is to shutdown the PC ASAP. You cant risk the virus infecting more files or any other PC’s on your network. If possible remove the network cable from the PC and also shutdown the Wifi to prevent the spread.

The next step is to boot the PC from an external source like a USB key or CD containing an antivirus application. A few below are the best I have found:

  1. Kaspersky – https://support.kaspersky.com/viruses/rescuedisk
  2. AVG live CD – http://www.avg.com/gb-en/avg-rescue-cd
  3. BitDefender – http://download.bitdefender.com/rescue_cd/

NB – I prefer to use the Kaspersky Live CD so the instructions below will be specific to Kaspersky, however the principe for the others is the same.

Using ANOTHER PC download the ISO file and save it to a suitable location (Desktop for example).

Using Nero or a free ISO burning tool (such as: http://www.freeisoburner.com/) select the ISO image and insert a blank CD.

When the CD is complete, transfer it to the infected PC and boot your PC.

When the POST screen is displayed (Usually the company Logo) it will quickly present a number of options to boot from, select the CD option and press enter.

After a few seconds you will be presented with a few options loaded from the CD.

Load the GUI Option (1st Option) and the system will continue to boot.

After a few minutes (dependent on your PC’s Speed) a desktop environment (similar to windows desktop) will appear. Once this has loaded it will start to run the antivirus scanning tool. Here you have two options:

  1. Let the scan run using the current antivirus database (recommended)
  2. Stop the scan and use your internet connection to update the antivirus database before starting the scan

Given that the CD image you will have downloaded will be relatively up to date, its fair to say that the virus definitions database on the CD will also be up to date. So for the first pass, let the scan run. This may take several hours depending on how many files are on your PC.

Once the scan is complete it will present you with a list of Virus’s on the PC as well as recommended actions to take. At this point you want to click the DELETE  button.

From here select the option to reboot the PC, the computer will now begin to power down, ending with the CD being ejected and you being asked to press ‘Enter’ to confirm that the CD has been removed.

The PC will now reboot and HOPEFULLY all the virus’s that plagued your PC will have been wiped from existance (on your PC). Final steps are to reconnect your network cable (if you havent done so already) and switch your WiFi back on.

If all has gone well your PC should be all better now.