Wireguard on Raspberry

Written by pmd - - no comments

I have tried to use Wireguard following two guides :

  1. From this forum thread, without succes: Guide: Install Wireguard On Raspberry latest releases
  2. From this blog article, without succes as well: Installing and Configuring WireGuard on Raspberry Pi OS (August 2020)

This can be used as well to generate wireguard peers configurations + QR codes: Wireguard Tools

=> no successfull handshake between server (raspberry) and peers (Android and Windows 10).

Configuration

Server:

$ sudo cat /etc/wireguard/wg0.conf
[Interface]
Address = 192.168.99.1/24
ListenPort = 58280
PrivateKey = gNVxJe7Se842IiOR5GsXeM4sHcacGhPATIdQCgqP8Wa=
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
[Peer]
PublicKey = OQmmvh9/8PDWFIpOEzVWzOZ1HXQ48+10vONFlUNb0ia=
AllowedIPs = 192.168.99.2/32
[Peer]
PublicKey = N9VPXnH8hip4sJGGWm4ziLFWD5ZAveoj7H5oH8OgsHa=
AllowedIPs = 192.168.99.3/32

Peer 1:

$ cat ~/wg_config/users/client1/client.conf
[Interface]
Address = 192.168.99.2/24
PrivateKey = 6OfJPX1ZQCFu08fTy2uU6JdgUf/qXgzBoTtX/tCYX3a=

[Peer]
PublicKey = b6kqDH4pjAdK0LqPrEF4Fc9d4XxR0Eb3kSk9rzdEKma=
AllowedIPs = 192.168.99.1/32, 192.168.1.0/24
Endpoint = adress.ddns.net:58280

Peer 2:

$ cat ~/wg_config/users/client2/client.conf
[Interface]
Address = 192.168.99.3/24
PrivateKey = uB+g5H0kbyI07kHdAajcQUE8VqMTaNqqiu0yj6BrH1a=

[Peer]
PublicKey = b6kqDH4pjAdK0LqPrEF4Fc9d4XxR0Eb3kSk9rzdEKma=
AllowedIPs = 192.168.99.1/32, 192.168.1.0/24
Endpoint = adress.ddns.net:58280

 

Troubleshooting

12/10/2020

UDP correctly forwarded

I verified UDP port was correctly forwarded by my ISP modem/router, following Test whether UDP port is open: simple UDP server and client

Server side:

$ nc -l -u -p 58280

Client side:

$ nc -u servname_or_ip 58280

Checking if packets arrive to server

Listening on specific interface and on precise port of the server:

$ sudo tcpdump -i eth0 'port 58280'
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
20:56:36.474701 IP 92.88.90.88.56188 > 192.168.1.201.58280: UDP, length 148
20:56:36.476725 IP 192.168.1.201.58280 > 92.88.90.88.56188: UDP, length 92
20:57:34.066017 IP 92.88.90.88.51673 > 192.168.1.201.58280: UDP, length 148
20:57:34.070037 IP 192.168.1.201.58280 > 92.88.90.88.51673: UDP, length 92

Here I tried two times to connect a peer to the server while pinging Wireguard server IP (192.168.99.1) from peer.

17/10/2020

Recording packets using tcpdump on both client and server sides

CLIENT: in a country potentially blocking VPN stuff
SERVER: in France, probably not blocking anything

I have generated another peer configuration. This time it is not a windows, not an android, but an openwrt router using same .
I have fixed the port in use for the wireguard client on openwrt in order to listen WAN interface on 51820.

What is observed on CLIENT openwrt side:

root@OpenWrt:~# tcpdump -i eth1 'port 51820'
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 262144 bytes
14:37:45.906247 IP 192.168.1.102.51820 > raspberry.abo.wanadoo.fr.58280: UDP, length 148
14:37:46.025023 IP raspberry.abo.wanadoo.fr.58280 > 192.168.1.102.51820: UDP, length 92
14:37:46.038821 IP 192.168.1.102.51820 > raspberry.abo.wanadoo.fr.58280: UDP, length 32
14:38:11.087567 IP 192.168.1.102.51820 > raspberry.abo.wanadoo.fr.58280: UDP, length 32
14:38:36.687153 IP 192.168.1.102.51820 > raspberry.abo.wanadoo.fr.58280: UDP, length 32
14:39:02.286884 IP 192.168.1.102.51820 > raspberry.abo.wanadoo.fr.58280: UDP, length 32
14:39:27.887315 IP 192.168.1.102.51820 > raspberry.abo.wanadoo.fr.58280: UDP, length 32
14:39:53.487145 IP 192.168.1.102.51820 > raspberry.abo.wanadoo.fr.58280: UDP, length 32
14:39:53.498819 IP 192.168.1.102.51820 > raspberry.abo.wanadoo.fr.58280: UDP, length 148
14:39:59.257666 IP 192.168.1.102.51820 > raspberry.abo.wanadoo.fr.58280: UDP, length 148
14:40:04.377588 IP 192.168.1.102.51820 > raspberry.abo.wanadoo.fr.58280: UDP, length 148
14:40:10.138437 IP 192.168.1.102.51820 > raspberry.abo.wanadoo.fr.58280: UDP, length 148
14:40:15.257703 IP 192.168.1.102.51820 > raspberry.abo.wanadoo.fr.58280: UDP, length 148
14:40:21.017550 IP 192.168.1.102.51820 > raspberry.abo.wanadoo.fr.58280: UDP, length 148
14:40:26.782109 IP 192.168.1.102.51820 > raspberry.abo.wanadoo.fr.58280: UDP, length 148
14:40:31.897640 IP 192.168.1.102.51820 > raspberry.abo.wanadoo.fr.58280: UDP, length 148
14:40:37.659644 IP 192.168.1.102.51820 > raspberry.abo.wanadoo.fr.58280: UDP, length 148
14:40:42.777571 IP 192.168.1.102.51820 > raspberry.abo.wanadoo.fr.58280: UDP, length 148
14:40:48.537585 IP 192.168.1.102.51820 > raspberry.abo.wanadoo.fr.58280: UDP, length 148
14:40:54.298502 IP 192.168.1.102.51820 > raspberry.abo.wanadoo.fr.58280: UDP, length 148
14:41:00.057651 IP 192.168.1.102.51820 > raspberry.abo.wanadoo.fr.58280: UDP, length 148
14:41:05.177582 IP 192.168.1.102.51820 > raspberry.abo.wanadoo.fr.58280: UDP, length 148
14:41:10.937544 IP 192.168.1.102.51820 > raspberry.abo.wanadoo.fr.58280: UDP, length 148
14:41:16.697736 IP 192.168.1.102.51820 > raspberry.abo.wanadoo.fr.58280: UDP, length 148
14:41:22.457569 IP 192.168.1.102.51820 > raspberry.abo.wanadoo.fr.58280: UDP, length 148
14:41:28.220105 IP 192.168.1.102.51820 > raspberry.abo.wanadoo.fr.58280: UDP, length 148
14:41:33.977597 IP 192.168.1.102.51820 > raspberry.abo.wanadoo.fr.58280: UDP, length 148
14:41:39.097547 IP 192.168.1.102.51820 > raspberry.abo.wanadoo.fr.58280: UDP, length 148
14:42:04.697538 IP 192.168.1.102.51820 > raspberry.abo.wanadoo.fr.58280: UDP, length 148
^C
29 packets captured
29 packets received by filter
0 packets dropped by kernel
root@OpenWrt:~# wg
interface: WG0
public key: OQmmvh9/8PDWFIpOEzVWzOZ1HXQ48+10vONFlUNb0ia=
private key: (hidden)
listening port: 51820

peer: b6kqDH4pjAdK0LqPrEF4Fc9d4XxR0Eb3kSk9rzdEKma=
endpoint: raspberry.abo.wanadoo.fr:58280
allowed ips: 192.168.99.1/32
latest handshake: 32 minutes, 12 seconds ago
transfer: 92 B received, 40.80 KiB sent
persistent keepalive: every 25 seconds
root@OpenWrt:~#
  • Only first two captured packets were seen by SERVER side.
  • These two captured packets are enough to declare successful handshake on CLIENT side.

What is observed on SERVER raspberry pi side:

pi@raspberrypi:~ $ sudo tcpdump -i eth0 'port 58280'
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
16:37:45.924082 IP 93.88.83.27.51820 > 192.168.1.201.58280: UDP, length 148
16:37:45.928019 IP 192.168.1.201.58280 > 93.88.83.27.51820: UDP, length 92
^C
2 packets captured
2 packets received by filter
0 packets dropped by kernel
pi@raspberrypi:~ $ sudo wg
interface: wg0
public key: b6kqDH4pjAdK0LqPrEF4Fc9d4XxR0Eb3kSk9rzdEKma=
private key: (hidden)
listening port: 58280

peer: OQmmvh9/8PDWFIpOEzVWzOZ1HXQ48+10vONFlUNb0ia=
endpoint: 93.88.83.27:51820
allowed ips: 192.168.99.2/32
transfer: 888 B received, 552 B sent
pi@raspberrypi:~ $
  • Only first two packets captured by CLIENT are seen as well on SERVER side.
  • Handshake is not declared successful on SERVER side.
  • Why SERVER is not seeing following packets ??? If I restart CLIENT, SERVER does not see packets for new handshake unless port used by CLIENT changes.
  • Why SERVER is not seeing anything from this CLIENT packet: " 14:37:46.038821 IP 192.168.1.102.51820 > raspberry.abo.wanadoo.fr.58280: UDP, length 32 "

Trying to connect from local country

CLIENT: in a country potentially blocking VPN stuff Computer using Windows in France, probably not blocking anything
SERVER: in France, probably not blocking anything

pi@raspberrypi:~ $ ip route show table 42
default via 192.168.1.1 dev eth0 proto dhcp src 192.168.1.201 metric 202
192.168.1.0/24 dev eth0 proto dhcp scope link src 192.168.1.201 metric 202
192.168.99.0/24 dev wg0 proto kernel scope link src 192.168.99.1
pi@raspberrypi:~ $ sudo tcpdump -i eth0 'port 58280'
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
19:58:01.734652 IP device.mobile.abo.orange.fr.51706 > 192.168.1.201.58280: UDP, length 148  # handshake
19:58:01.741670 IP 192.168.1.201.58280 > device.mobile.abo.orange.fr.51706: UDP, length 92   # handshake
19:58:01.781909 IP device.mobile.abo.orange.fr.51706 > 192.168.1.201.58280: UDP, length 96   # ping from client
19:58:01.782398 IP 192.168.1.201.58280 > device.mobile.abo.orange.fr.51706: UDP, length 96   # server answers
19:58:02.893737 IP device.mobile.abo.orange.fr.51706 > 192.168.1.201.58280: UDP, length 96   # ping from client
19:58:02.894315 IP 192.168.1.201.58280 > device.mobile.abo.orange.fr.51706: UDP, length 96   # server answers
19:58:03.822017 IP device.mobile.abo.orange.fr.51706 > 192.168.1.201.58280: UDP, length 96   # ping from client
19:58:03.822643 IP 192.168.1.201.58280 > device.mobile.abo.orange.fr.51706: UDP, length 96   # server answers
19:58:05.793794 IP device.mobile.abo.orange.fr.51706 > 192.168.1.201.58280: UDP, length 96   # ping from client
19:58:05.794394 IP 192.168.1.201.58280 > device.mobile.abo.orange.fr.51706: UDP, length 96   # server answers
19:58:15.839250 IP device.mobile.abo.orange.fr.51706 > 192.168.1.201.58280: UDP, length 32   # ???
19:58:51.032841 IP 192.168.1.201.58280 > device.mobile.abo.orange.fr.51706: UDP, length 128  # server pings client
19:58:51.123963 IP device.mobile.abo.orange.fr.51706 > 192.168.1.201.58280: UDP, length 128  # client answers
19:58:52.033771 IP 192.168.1.201.58280 > device.mobile.abo.orange.fr.51706: UDP, length 128  # server pings client
19:58:52.090988 IP device.mobile.abo.orange.fr.51706 > 192.168.1.201.58280: UDP, length 128  # client answers
19:58:53.035792 IP 192.168.1.201.58280 > device.mobile.abo.orange.fr.51706: UDP, length 128  # server pings client
19:58:53.135887 IP device.mobile.abo.orange.fr.51706 > 192.168.1.201.58280: UDP, length 128  # client answers
19:58:54.037607 IP 192.168.1.201.58280 > device.mobile.abo.orange.fr.51706: UDP, length 128  # server pings client
19:58:54.076616 IP device.mobile.abo.orange.fr.51706 > 192.168.1.201.58280: UDP, length 128  # client answers
[...]
[...]
[...]
pi@raspberrypi:~ $ sudo wg
interface: wg0
  public key: b6kqDH4pjAdK0LqPrEF4Fc9d4XxR0Eb3kSk9rzdEKma=
  private key: (hidden)
  listening port: 58280

peer: xxMWH9tZDwCNXPbErQxBuDejgkxNU1QOm9vFezUBeSa=
  endpoint: device.mobile.abo.orange.fr :51706
  allowed ips: 192.168.99.6/32
  latest handshake: 19 seconds ago
  transfer: 564 B received, 476 B sent

=> It worked ! I conclude that wireguard is blocked in the country where the client is.

Interesting to read about how easy it is to block wireguard: Let's talk about obfuscation again

 

 

Check connectivity and switch on/off a LED (GL-AR150)

Written by pmd - - no comments

Shell script that will check if there is connectivity to a defined website every 60 seconds and switch ON/OFF the led :

  • /usr/bin/WANLED :
#!/bin/sh
while [ true ]; do
        /usr/bin/wget -q --tries=2 --spider http://google.com
        if [ $? -eq 0 ]; then
                #echo "Connected ! LED OFF."
                echo "none" >  /sys/class/leds/gl-ar150:orange:wlan/trigger
        else
                #echo "Not connected ! LED ON."
                echo "default-on" >  /sys/class/leds/gl-ar150:orange:wlan/trigger
        fi
        sleep 60
done

 

Schell script to autostart the above script :

  • /etc/init.d/WANLED :
#!/bin/sh /etc/rc.common

START=99
STOP=1

start(){
        /usr/bin/WANLED &
}

stop(){
        killall -9 WANLED
}

Now let's make these script executable and started at startup:

# chmod +x /usr/bin/WANLED
# chmod +x /etc/init.d/WANLED
# /etc/init.d/WANLED enable
# /etc/init.d/WANLED start

Now the orange LED should be ON when there is no connectivity to Google.

FYI OpenWRT in use was : OpenWrt 19.07.2, r10947-65030d81f3

Source: LED, Start script at startup, LED on when Internet is available

Python 3.7 + Selenium on Raspberry Pi 3 and on Windows 10

Written by pmd - - no comments

Raspian buster

$ sudo apt-get install chromium-chromedriver xvfb
$ sudo python3 -m pip install pyvirtualdisplay selenium

Windows 10

Download Chrome. Install it.

https://chromedriver.chromium.org/getting-started

https://stackoverflow.com/questions/33150351/how-do-i-install-chromedriver-on-windows-10-and-run-selenium-tests-with-chrome

 

Python3

#!/usr/bin/python3
# -*-coding:Utf-8 -*

# Selenium
from selenium import webdriver
from selenium.webdriver.chrome.options import Options

mg = 'tck_000003X1'
options = Options()
options.add_experimental_option("prefs", {
    #"download.default_directory": default_download_directory,
    "download.prompt_for_download": False,
    "download.directory_upgrade": True,
    "safebrowsing.enabled": True,  
})
options.add_experimental_option("excludeSwitches", ["enable-logging"])

browser = webdriver.Chrome(options=options, executable_path=r'C:\Windows\chromedriver.exe')

url = "http://ms.com/ms.html?t=" + mg
browser.get(url)
etoiles = browser.find_element_by_id("etoile_span").get_attribute('class')
print("Nombre d'étoile : " + etoiles[-1])

browser.quit()

AUTO-Update of openvpn configuration

Written by pmd - - no comments

It happens that NordVPN openvpn configuration files don't work anymore after a while.

I made a bash script to update the configuration easy and fast:

#!/bin/bash
# Mise a jour de la configuration NordVPN
# Dossier temporaire
DOSSIER_TEMP="/home/pi/NordVPNautoUpdate"
#Dossier des configurations openvpn
DOSSIER_OPENVPN="/etc/openvpn"
CONF_OPENVPN="server.conf"
AUTOLOGIN_OPENVPN="login.txt"
# Pays
PAYS="ua"
# TCP ou UDP?
PROTO="udp"
# Archive de configuration NordVPN
ARCHIVE_NORDVPN="https://downloads.nordcdn.com/configs/archives/servers/ovpn.zip"
FICHIER=$(echo -n $ARCHIVE_NORDVPN | awk -F "/" '{printf $NF}')

# On supprime et on crée le dossier temp
rm -rf $DOSSIER_TEMP
mkdir $DOSSIER_TEMP

# On télécharge tous les fichiers de conf NordVPN
wget $ARCHIVE_NORDVPN -P $DOSSIER_TEMP

# On dézip l'archive téléchargée
mkdir $DOSSIER_TEMP/temp
unzip -q "$DOSSIER_TEMP/$FICHIER" -d $DOSSIER_TEMP/temp

# On garde que les conf d'un certain pays
mv $DOSSIER_TEMP/temp/ovpn_$PROTO/$PAYS[0-9]*$PROTO* $DOSSIER_TEMP/
rm -r $DOSSIER_TEMP/temp

# On supprime les conf double-VPN et l'archive zip
NbConf=0
for ConfOpenVPN in $DOSSIER_TEMP/*; do
        if [[ $ConfOpenVPN != */$PAYS[0-9]*$PROTO* ]]; then
                rm $ConfOpenVPN
        else
                # On compte le nombre de conf restantes
                NbConf=$((NbConf+1))
        fi
done

# On choisi une conf au hasard
NbConf=$((1 + RANDOM % $NbConf))
COMPTEUR=0
for ConfOpenVPN in $DOSSIER_TEMP/*; do
        COMPTEUR=$((COMPTEUR+1))
        if [[ $COMPTEUR -eq $NbConf ]]; then
            # On modifie la configuration pour authentification automatique
            sed -i "s@auth-user-pass@auth-user-pass $DOSSIER_OPENVPN/$AUTOLOGIN_OPENVPN@" $ConfOpenVPN
            # On déplace la conf dans le dossier openvpn
            sudo cp -f $ConfOpenVPN $DOSSIER_OPENVPN
            sudo cp -f $ConfOpenVPN $DOSSIER_OPENVPN/$CONF_OPENVPN
                        # On informe
                        echo "Configuration installée :"
                        echo $ConfOpenVPN | awk -F "/" '{printf $NF}'
                        echo ""
        fi
done

# On supprime le dossier temporaire
rm -rf $DOSSIER_TEMP
# On redémarre openvpn avec la nouvelle configuration
sudo service openvpn restart

Then simply execute the script:

bash NordVPNautoUpdate.sh

Unlock standalone Airsonic database

Written by pmd - - no comments

If your airsonic is stucked for some reasons such as Liquibase Update Failed and Waiting for changelog lock...

liquibase.exception.LockException: Could not acquire change log lock. Currently locked by 192.168.254.200 (192.168.254.200) since 18/11/18 16:39
  1. Stop Airsonic for sure :
    sudo service airsonic stop
  2. Read logs /var/airsonic/airsonic.log :
    nano /var/airsonic/airsonic.log
  3. Backup your database folder /var/airsonic/db :
    sudo cp /var/airsonic/db /var/airsonic/db_backup
  4. Edit /var/airsonic/db/airsonic.script :
    sudo nano /var/airsonic/db/airsonic.script
    • remove all lines where you can find DATABASECHANGELOGLOCK by example :
      • CREATE MEMORY TABLE DATABASECHANGELOGLOCK.....
      • INSERT INTO DATABASECHANGELOGLOCK VALUES(1,TRUE,'2018-11-18 16:39:56.266000000','192.168.254.200 (192.168.254.200)')
  5. Save file.
  6. Start Airsonic :
    sudo service airsonic start
  7. Check Airsonic status :
    sudo service airsonic status

If you wanna reset your Airsonic music server, just delete the database /var/airsonic/db ...

Source 1, 2, 3.

Update Airsonic on Raspberry Pi 3

Written by pmd - - no comments

How to update a standalone Airsonic

  • Stop the current running Airsonic:
$ sudo systemctl stop airsonic.service
$ cd /var/airsonic/
$ sudo mv airsonic.war airsonic.war.10.1.1.bak
$ sudo wget https://github.com/airsonic/airsonic/releases/download/v10.1.2/airsonic.war --output-document=/var/airsonic/airsonic.war
  • Put good rights to all folder (new airsonic.war is not owned by airsonic), and verify it has been applied:
$ sudo chown -R airsonic:airsonic /var/airsonic
$ ls
total 151M
-rw-r--r--  1 airsonic airsonic 760K Oct 11 19:52 airsonic.log
-rw-r--r--  1 airsonic airsonic  11M Oct  3 00:20 airsonic.log.1
-rw-r--r--  1 airsonic airsonic  978 Oct 11 04:00 airsonic.properties
-rw-r--r--  1 airsonic airsonic  70M Jul 28 22:10 airsonic.war
-rw-r--r--  1 airsonic airsonic  70M Dec 16  2017 airsonic.war.10.1.1.bak
drwxr-xr-x  2 airsonic airsonic 4.0K Oct 11 19:49 db
drwxr-xr-x  2 airsonic airsonic  20K Sep 14 16:08 lastfmcache
drwxr-xr-x  7 airsonic airsonic 4.0K Jul 22 10:36 lucene2
-rw-r--r--  1 airsonic airsonic  741 Oct 11 19:50 rollback.sql
drwxr-xr-x 16 airsonic airsonic 4.0K Oct  4 17:45 thumbs
drwxr-xr-x  2 airsonic airsonic 4.0K Jul 22 10:54 transcode
  • Start updated Airsonic and restart proxy server:
$ sudo systemctl start airsonic.service
$ sudo service nginx restart

Nothing too hard, basically, you need to replace the airsonic.war by the updated one.

PluXml 5.6 / CKEditor 4.7.3 modification to get handy code <div>

Written by pmd - - no comments

I modified the file /plugins/ckeditor/ckeditor/styles.js to have a much more easier way to put code in my memo.

Before:

    {
        name: 'Special Container',
        element: 'div',
        styles: {
            padding: '5px 10px',
            background: '#eee',
            border: '1px solid #ccc'
        }
    },

After:

    {
        name: 'Special Container',
        element: 'div',
        styles: {
            padding: '5px 10px',
            background: '#eee',
            border: '1px solid #ccc',
            'white-space': 'nowrap',
            'overflow': 'auto',
            'font-family': 'monospace, monospace',
            'font-size': '0.9rem'
        }
    },

Unstable Wifi connection to Raspberry Pi 3

Written by pmd - - no comments

Original post

I am loosing connection to my Raspberry Pi 3 in a very much random way.

I recently replaced Subsonic by Airsonic, and connection to Pi seemed to be much more stable since that exact day. But today, it happened one more time... as I was expecting! Time to troubleshoot has come.

Since I am using 2 tables to root my traffic, one of them is not updated on some interface up/down events. I made a small script called by cron every 5 minutes to understand things and rebooting Pi once a day to get the access back:

#!/usr/bin/env bash

# Script to monitor and restart wireless access point when needed

# Logging
date >> NetworkCheckLog
echo "wap_check_pmd: Checking if network connection is down..." >> NetworkCheckLog
echo "$ ip route show table main" >> NetworkCheckLog
ip route show table main >> NetworkCheckLog
echo "$ ip route show table 42" >> NetworkCheckLog
ip route show table 42 >> NetworkCheckLog

# First make sure we can resolve google, otherwise 'ping -w' would hang
if ! $(host -W5 www.google.com > /dev/null 2>&1); then
        #Make a note in syslog
        logger "wap_check_pmd: Network connection is down..."
        date >> NetworkCheckLog
        ifconfig >> NetworkCheckLog
        echo "wap_check_pmd: Network connection is down..." >> NetworkCheckLog
        exit
fi

Time when it got fucked:

Mon  6 Aug 08:55:01 CEST 2018
wap_check_pmd: Checking if network connection is down...
$ ip route show table main
0.0.0.0/1 via 10.8.7.1 dev tun0
default via 192.168.1.1 dev wlan0 src 192.168.1.200 metric 303
10.8.8.0/24 dev tun0 proto kernel scope link src 10.8.7.12
31.192.112.170 via 192.168.1.1 dev wlan0
128.0.0.0/1 via 10.8.7.1 dev tun0
192.168.1.0/24 dev wlan0 proto kernel scope link src 192.168.1.200 metric 303
$ ip route show table 42
default via 192.168.1.1 dev wlan0 src 192.168.1.200 metric 303
192.168.1.0/24 dev wlan0 proto kernel scope link src 192.168.1.200 metric 303

Mon  6 Aug 09:00:01 CEST 2018
wap_check_pmd: Checking if network connection is down...
$ ip route show table main
0.0.0.0/1 via 10.8.7.1 dev tun0
default via 192.168.1.1 dev wlan0 src 192.168.1.200 metric 303
10.8.8.0/24 dev tun0 proto kernel scope link src 10.8.7.12
128.0.0.0/1 via 10.8.7.1 dev tun0
192.168.1.0/24 dev wlan0 proto kernel scope link src 192.168.1.200 metric 303
$ ip route show table 42
Mon  6 Aug 09:00:15 CEST 2018
wap_check_pmd: Network connection is down...

I then checked /var/log/syslog:

Aug  6 08:59:26 raspberrypi dhcpcd[382]: wlan0: carrier lost
[...]
Aug  6 08:59:26 raspberrypi dhcpcd[382]: wlan0: deleting default route via 192.168.1.1
Aug  6 08:59:26 raspberrypi dhcpcd[382]: wlan0: deleting route to 192.168.1.0/24
[...]
Aug  6 08:59:51 raspberrypi dhcpcd[382]: wlan0: carrier acquired

After Googling, I found an interesting article. Which provide interesting tips.

  1. Use this command to read the current power saving mode of your Pi:
    $ sudo iw wlan0 get power_save
    Power save: on
  2. And this one to turn power_save off:
    $ sudo iw wlan0 set power_save off
  3. To make this permanent add the following line to /etc/rc.local:
    /sbin/iw dev wlan0 set power_save off

We will see if it helps :)

Update 27/10/2018

I choose to turn the power_save off as it originally was. But I came up with this script:

#!/bin/bash
#/home/pi/wap_check
# Script to monitor and restart wireless access point when needed
maxPloss=10 #Maximum percent packet loss before a restart

# Logging
# echo "$(date +"%d-%m-%y %H:%M:%S ") wap_check_pmd: Checking if network connection is down..." >> /home/pi/NetworkCheckLog

# If table 42 is empty, we lost raspberry
TABLE_42=$(ip route show table 42)
if [[ -z "${TABLE_42}" ]]; then
  # Loging
  echo  "$(date +"%d-%m-%y %H:%M:%S ") wap_check_pmd: Table 42 is empty! Trying to populate it:" >> /home/pi/NetworkCheckLog
  logger "wap_check_pmd: Table 42 is empty! Trying to populate it."
  # Filling up the table 42
  ip route show table main | grep -v tun0 | while read LINE; do sudo ip route add $LINE table 42; done
  sleep 1
  ip route show table 42 >> /home/pi/NetworkCheckLog
fi

# IP cannot be the same, debian-transmission can go only through tun0
IP_VPN=$(sudo -u debian-transmission wget -qO- ifconfig.co)
IP_PUBLIC=$(wget -qO- ifconfig.co)
if [[ "${IP_VPN}" = "${IP_PUBLIC}" ]]; then
  echo "$(date +"%d-%m-%y %H:%M:%S ") wap_check_pmd: Same IP for debian-transmission and pi: $(echo $IP_VPN) and $(echo $IP_PUBLIC)" >> /home/pi/NetworkCheckLog
  logger "wap_check_pmd: Same IP for debian-transmission and pi..."
  if [[ -n "${IP_PUBLIC}"  ]]; then
    echo "$(date +"%d-%m-%y %H:%M:%S ") wap_check_pmd: Rebooting. [1]" >> /home/pi/NetworkCheckLog
        logger "wap_check_pmd: Rebooting. [1]"
    sleep 1
    sudo /sbin/reboot
        exit
  fi
fi

# Make sure we can resolve google, otherwise 'ping -w' would hang
if ! $(host -W5 www.google.com > /dev/null 2>&1); then
    # Make a note in syslog
    logger "wap_check_pmd: Network connection is down..."
        echo "$(date +"%d-%m-%y %H:%M:%S ") wap_check_pmd: Rebooting. [2]" >> /home/pi/NetworkCheckLog
        logger "wap_check_pmd: Rebooting. [2]"
        # Restart device
        sleep 1
        sudo /sbin/reboot
    exit
fi

# Initialize to a value that would force a restart
# (just in case ping gives an error and ploss doesn't get set)
ploss=101
# now ping google for 10 seconds and count packet loss
ploss=$(ping -q -w10 www.google.com | grep -o "[0-9]*%" | tr -d %) > /dev/null 2>&1
if [ "$ploss" -gt "$maxPloss" ]; then
    logger "wap_check_pmd: Packet loss ($ploss%) exceeded $maxPloss"
    echo "$(date +"%d-%m-%y %H:%M:%S ") wap_check_pmd: Packet loss ($ploss%) exceeded $maxPloss" >> /home/pi/NetworkCheckLog
    # restart_networking
fi

I run this script every 5 minutes, line in my crontab file:

*/5 * * * * /bin/bash /home/pi/NetworkCheck.sh

Log file looks like this:

22-09-18 22:25:02  wap_check_pmd: Table 42 is empty! Trying to populate it:
22-09-18 22:26:55  wap_check_pmd: Same IP for debian-transmission and pi:  and
22-09-18 22:27:09  wap_check_pmd: Rebooting. [2]
24-09-18 23:20:16  wap_check_pmd: Rebooting. [2]
25-09-18 22:26:10  wap_check_pmd: Packet loss (30%) exceeded 10
25-09-18 23:11:07  wap_check_pmd: Packet loss (16%) exceeded 10
04-10-18 02:55:12  wap_check_pmd: Packet loss (70%) exceeded 10
04-10-18 15:50:01  wap_check_pmd: Table 42 is empty! Trying to populate it:
default via 192.168.1.1 dev wlan0 src 192.168.1.200 metric 303
192.168.1.0/24 dev wlan0 proto kernel scope link src 192.168.1.200 metric 303
04-10-18 19:20:12  wap_check_pmd: Packet loss (20%) exceeded 10
04-10-18 20:40:27  wap_check_pmd: Packet loss (30%) exceeded 10
04-10-18 20:55:21  wap_check_pmd: Packet loss (16%) exceeded 10
05-10-18 20:20:01  wap_check_pmd: Table 42 is empty! Trying to populate it:
default via 192.168.1.1 dev wlan0 src 192.168.1.200 metric 303
192.168.1.0/24 dev wlan0 proto kernel scope link src 192.168.1.200 metric 303
05-10-18 20:52:25  wap_check_pmd: Packet loss (30%) exceeded 10
06-10-18 15:15:15  wap_check_pmd: Packet loss (30%) exceeded 10
07-10-18 08:55:02  wap_check_pmd: Same IP for debian-transmission and pi:  and
16-10-18 19:21:53  wap_check_pmd: Same IP for debian-transmission and pi:  and
16-10-18 19:22:07  wap_check_pmd: Rebooting. [2]
27-10-18 11:30:20  wap_check_pmd: Packet loss (20%) exceeded 10

youtube-dl

Written by pmd - - no comments

youtube-dl is a usefull packet to download youtube video through command line. GitHub.

List what to download

First step is to list what youtube video you wanna download and convert to mp3 file:

2 files to put on a web server which are:

  1. liste.txt which must be chmod 777 (index.php will write links in this file)
  2. index.php
<!DOCTYPE html>
<html>
<head>
<title>youtube-dl</title>
<meta name="viewport" content="width=device-width, initial-scale=1">
<style>
body {
width: 550px;
font-size: 75%;
}
p {
font-family: "Lucida Console", "Courier New", monospace;
white-space: nowrap
}
li {
font-family: "Lucida Console", "Courier New", monospace;
white-space: nowrap
}
hr {
border: 0;
border-bottom: 1px dashed #CCCCCC;
background: #FFFFFF;
}
input[type=text], select {
width: 80%;
padding: 12px 20px;
margin: 8px 0;
display: inline-block;
border: 1px solid #ccc;
border-radius: 4px;
box-sizing: border-box;
}

input[type=submit] {
width: 80%;
background-color: #4CAF50;
color: white;
padding: 14px 20px;
margin: 8px 0;
border: none;
border-radius: 4px;
cursor: pointer;
}

input[type=submit]:hover {
background-color: #45a049;
}

div {
border-radius: 5px;
background-color: #f2f2f2;
padding: 20px;
overflow:auto;
width: 500px;
}
</style>
</head>
<body>
<span style="white-space: nowrap">
<div>
<p>
<?php
if(isset($_POST['field1']))
{
$data = $_POST['field1'] . "\r\n";
$ret = file_put_contents('liste.txt', $data, FILE_APPEND | LOCK_EX);
if($ret === false) {
echo "There was an error writing this file.";
}
else {
echo "$ret bytes written to file.";
}
}
else {
echo "No post data to process.";
}
?>
</p>
</div>
<hr>

<div>

<p>Format to be respected:</p>
<ol>
<li>« https://www.youtube.com/watch?v=1YRW1QRKTBc »</li>
<li>« https://youtu.be/9cBtJYI6itg »</li>
<li>« https://soundcloud.com/hungry-music/nto-alter-ego »</li>
</ol>

<form action="index.php" method="POST">
<input type="text" id="fname" name="field1" placeholder="https://www.youtube.com/watch?v=1YRW1QRKTBc"><br />
<input type="submit" value="Submit">
</form>
</div>

<hr>

<div>
<p>Next link(s) to be downloaded and saved to mp3 files:</p>
<p>
<?php
echo nl2br(file_get_contents( "liste.txt" ));
?>
</p>
</div>

<hr>

<div>
<p>
Logs (last 200 lines): <br />
<?php
//echo nl2br(file_get_contents( "/path/to/history.txt" ));
echo nl2br(trim(implode("", array_slice(file("/path/to/history.txt"), -200))));
?>
</p>
</div>
</body>
</html>

Sources 1, 2

Secure input form

https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/
http://www.htaccesstools.com/htpasswd-generator/

location ^~ /youtube-dl {
     auth_basic           "Иди на хуй мозгоёб!!!";
     auth_basic_user_file /path/to/.htpasswd;
     location ~ \.php$ {
         include snippets/fastcgi-php.conf;
         fastcgi_pass unix:/run/php/php7.0-fpm.sock;
         }
 }

Restart nginx:

$ sudo service nginx restart

Download script

He depends on:

  • /path/to/liste_en_cours.txt
  • /path/to/history.txt
#!/usr/bin/bash
filename="$1"
liste_en_cours=/path/to/Downloads/youtube_auto/liste_en_cours.txt

cp -f $1 $liste_en_cours
sleep 1
echo -n > $1

echo "  " >> /path/to/Downloads/youtube_auto/history.txt
date >> /path/to/Downloads/youtube_auto/history.txt

while read -r line
do
    name="$(echo $line | sed 's/\r//g')"
    echo -n "$name | " >> /path/to/Downloads/youtube_auto/history.txt
    page="$(wget -O - $name)"
    echo $page | sed -n 's/.*<title>\(.*\)<\/title>.*/\1/ip;T;q' >> /path/to/Downloads/youtube_auto/history.txt

    /usr/local/bin/youtube-dl -f bestaudio $name --extract-audio --audio-format mp3 -o "/path/to/Downloads/youtube_auto/downloads/%(title)s.%(ext)s" | grep ffmpeg | grep mp3 | sed 's/.*\//===> /' | sed 's/mp3.*/mp3/' >> /path/to/Downloads/youtube_auto/history.txt

done < "$liste_en_cours"

mv -f /path/to/Downloads/youtube_auto/downloads/* /path/to/Music/youtube

#All big files goes to folder Mixes
for file in /path/to/Music/youtube/*; do
    SIZE="$(stat --printf="%s" "$file")"
    if (( $SIZE > 25000000 )); then
        mv -f "$file" /path/to/Music/Mixes
    fi
done

Source homemade. Now execute it with cron job by example.

 

Install Airsonic on Raspberry Pi 3

Written by pmd - - no comments

Stand-alone WAR installation integrated within systemd

Let's see how to install a stand-alone Airsonic on a Raspberry 3 integrated with Systemd.

First of all, we need Java to be installed:

$ sudo apt-get updateinstall openjdk-8-jre

By following these systemd setup instructions, Airsonic will be available at http://localhost:8080/airsonic.

  1. Setup dedicated airsonic user:
    $ sudo useradd airsonic
  2. Setup Airsonic data dir:
    $ sudo mkdir /var/airsonic
    $ sudo chown airsonic /var/airsonic
  3. Download the stand-alone WAR:
    $ sudo wget https://github.com/airsonic/airsonic/releases/download/v10.1.1/airsonic.war --output-document=/var/airsonic/airsonic.war
  4. Setup systemd service:
    $ sudo wget https://raw.githubusercontent.com/airsonic/airsonic/master/contrib/airsonic.service -O /etc/systemd/system/airsonic.service
    $ sudo systemctl daemon-reload
    $ sudo systemctl start airsonic.service
    $ sudo systemctl enable airsonic.service
    $ sudo wget https://raw.githubusercontent.com/airsonic/airsonic/master/contrib/airsonic-systemd-env -O /etc/sysconfig/airsonic

    Note: On Debian systems you need to replace /etc/sysconfig with /etc/default)

  5. Go configure http://localhost:8080/airsonic.

Set up a reverse proxy: nginx

  1. Go edit nginx configuration:
    $ sudo nano /etc/nginx/sites-available/default
  2. location ^~ /airsonic {
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            #proxy_set_header X-Forwarded-Proto https;
            proxy_set_header Host $http_host;
            #proxy_max_temp_file_size 0;
            proxy_pass http://localhost:8080;
            #proxy_redirect http:// https://;
    }
  3. Restart nginx:
    $ sudo service nginx restart

Set up the transcoder

$ sudo apt-get install ffmpeg

Then we need to link Airsonic with the transcoder ffmpeg.

$ sudo mkdir /var/airsonic/transcode
$ cd /var/airsonic/transcode
$ sudo ln -s /usr/bin/ffmpeg /var/aisonic/transcode/ffmpeg
$ ls -alh
total 8.0K
drwxr-xr-x 2 airsonic airsonic 4.0K Jul 22 10:54 .
drwxr-xr-x 5 airsonic tomcat8  4.0K Jul 22 10:48 ..
lrwxrwxrwx 1 root     root       15 Jul 22 10:54 ffmpeg -> /usr/bin/ffmpeg
$ sudo chown -R airsonic:airsonic /var/airsonic
$ ls -alh
total 8.0K
drwxr-xr-x 2 airsonic airsonic 4.0K Jul 22 10:54 .
drwxr-xr-x 5 airsonic airsonic 4.0K Jul 22 10:48 ..
lrwxrwxrwx 1 airsonic airsonic   15 Jul 22 10:54 ffmpeg -> /usr/bin/ffmpeg

Interact with server from Android

I use the Ultrasonic application:
ultrasonic

Source 1, 2, 3,

Rss feed of the category