Raspberry Pi

Free form discussions... not on topic... we'll try to copy discussions that seem pertinent to appropriate forums.
Forum rules
Topic? We Don' Need No Steengkeeng Topic! Try to be polite though.

Raspberry Pi

Postby desertguns » Wed Jul 01, 2015 11:37 pm

So, anyone else playing with this? Been screwing with it for a year or so. Process control is not its strong suit but there are work arounds. Data logging binary/hex code from peripheral stuff works well. Modbus to linux code is out there too. See some untapped potential in ICP.
desertguns
 
Posts: 2338
Joined: Fri Feb 04, 2011 10:25 pm
Location: Meltingballs, AZ

Re: Raspberry Pi

Postby wa_desert_rat » Fri Jul 03, 2015 5:29 am

I have deployed several Raspberry Pi computers as VPN systems. After trying many different methods of creating a Virtual Private Network I finally abandoned all of the off-the-shelf routers with the supposed capability of working in a VPN. Netgear's routers required monthly reconfiguration; simply deleting the config and recreating it (exactly as it had been) fixed it but what a pain in the a$$ that was. Plus having the VPN system on the border router seemed to me to be a security risk; if someone cracked the router they could then add themselves to the VPN and have full access to the internal network.

So I turned to making older PCs that had been replaced as desktops into VPN servers and clients. That worked but, inevitably, the mechanical bits on the older PC would fail. Power supply fans, CPU fans, hard drives and the like would make it necessary to recreate the device.

When the Rpi "B" came out I bought a handful of them and deployed them as test devices in a county-wide VPN that had been in operation for at least a decade. A year later that VPN is still operational with nothing but occasional updates to the software.

The advantage to using the Rpi as a VPN device are obvious. First of all it's invisible; we have mounted them out of sight using velcro. This means that no one decides to turn them off! You'd be surprised how often servers in small outlying offices get turned off and/or unplugged by janitors moving them around. And new employees look at a PC sitting there running with no monitor, mouse or keyboard attached and think it's an old box that got turned back on by mistake. With the Rpi sitting there attached to the bottom of a desk they don't even know it's there.

And it's reliable; they just keep right on running because there are no moving parts. And if an Rpi does fail, all I have to do is pony up another $50 or so and plug the SD card from the old one right into the new one and, Voila!, we're back in business. We can even have spares.

Not having the VPN clients and servers on the border (that is, connected to the WAN) means that you can protect access to it with the router's access-control-lists as well as the Rpi's firewall (which, because it runs on Linux, is pretty easily configured). OpenVPN is a free VPN server/client application that takes care of routes. All I have to do is add a route to the DHCP server that routes traffic to the VPN to the IP address on the Rpi. Doesn't need two network interfaces, either. It does need some IP addresses on different subnets but with 10.x.x.x subnet addresses available that's no big issue.

(By the way, I had a big state-wide VPN configured and when it went down I discovered that the systems admin for the WA and OR Century Link networks had configured several servers with 192.168.1.xxx addresses which he then placed on the WAN. His story to me when I finally figured out what had happened, was that our WAN was *his* LAN so he was perfectly justified in putting a box with a 192.168.1.1 address on it. This broke our VPN, of course, because someone had set up the home office on that 192.168.1.xxx subnet and the only way I could fix the VPN was to re-address the home office LAN; to a 10.x.x.x subnet. So if you have your network on 192.168.1.xxx my advice to you is to move it to something more obscure.)

Now these are small offices with only a few people working in them but I was still a bit concerned about the throughput of the Rpi in that application. The offices all have their own border routers and traffic to and from the Internet at large is not routed through the Rpi; the Rpi only handles traffic that moves directly to and from the home office. So domain logins, access to server file systems via mounted drives, and email to and from the Exchange server at the home office are all that the Rpi handles. Even so, I was concerned that the users would experience some noticeable delays. That, however, has not turned out to be the case. Everyone has been happy with the systmes I've put together for them; especially with the uptime and low maintenance.

The Rpis are also all deployed in offices that have Internet services controlled by someone else. In the past, with OEM routers, I have had to interface with the systems people who controlled the Internet WAN we were running our VPNs over. The joy of OpenVPN is that you simply put it on the local network with access to the default router and it goes out, makes its connections, and happily runs traffic while Internet traffic still routes through the default router. Since the VPN machines have no open ports on the WAN they are completely secure (unless someone on the local network wants to hack into them). They also run happily from temporary (DHCP) IP addresses. Only the single VPN server - located at the nexus of the network - has to have a static IP and one open port (two if you need ssh access).

They make a good local DNS server, too. As a secondary DNS for the local network, if the domain server goes down the PCs on the network are not "blind" to the Internet. They can't get to the domain (and probably their files and email) but they can still get out on the Internet.

I'm thinking of using one as a Nagios server next. :)

All good.
WDR
http://www.bigboxbikes.com
"No one has ever had to evacuate a city because the solar ;panels broke!"
wa_desert_rat
 
Posts: 2051
Joined: Thu Feb 03, 2011 11:48 pm
Location: Moses Lake, WA

Re: Raspberry Pi

Postby wa_desert_rat » Sat Jul 04, 2015 7:41 am

I should add that if, for some strange reason, you prefer the Windows operating systems over Linux, MS is releasing Windows 10 for the Raspberry Pi. In fact you can get a rough cut of it soon. For free.

http://www.theinquirer.net/inquirer/new ... wboard-max
WDR
http://www.bigboxbikes.com
"No one has ever had to evacuate a city because the solar ;panels broke!"
wa_desert_rat
 
Posts: 2051
Joined: Thu Feb 03, 2011 11:48 pm
Location: Moses Lake, WA


Return to ChatRoom

Who is online

Users browsing this forum: No registered users and 1 guest