Jump to content

Recommended Posts

Posted

Hello guys, soon I will receive this nice toy (512MB) and I want to be prepared for my project: a domestic vpn server (using pptp) serving 1 o 2 guests at most.

For this project I just need the RJ45 socket thus I would like to switch off as much as possible (e.g. GPU, on board wifi and others if there).

Someone can point me to some resources or list what I can do to accomplish this?

 

P.S. I know that pptp is not as secure as IPSec (and maybe IPSec is heavier for such device) but for the purpose of my project it is enough.

 

Thanks a lot

Gianni

Posted

The OPi Zero doesnt need much power.
I only disabled the Wifi - because I do use Ethernet - with the following commands in the /etc/rc.local (I know are are also other/better ways):
 

ifconfig wlan0 down
rmmod xradio_wlan
rmmod mac80211
rmmod cfg80211

 

Posted

Thank you for your reply...this could be a way to disable it, although I prefer to do it in the config.txt if it is possible...anything about disabling the GPU?

I want to switch all those off not really for consumption but to reduce the overall heating of the board

Posted

config.txt - sounds you normally do use a Raspberry Pi ;)

Some hardware can be en-/disabled via armvian-config: system-->hardware (overlays)

but not the gpu.

I think under armbian you have to recompile the kernel for doing such a thing.

Posted
48 minutes ago, guidol said:

config.txt - sounds you normally do use a Raspberry Pi ;)

Some hardware can be en-/disabled via armvian-config: system-->hardware (overlays)

but not the gpu.

I think under armbian you have to recompile the kernel for doing such a thing.

Yeah...I will check what I can do with armbian-config...thanks

Not only raspberry...armbian as well on banana pi!

Posted

I would never ever run an VPN server on an outdated 3.4 EOL kernel.. :lol: IMO there's no reason to run an OPi0 with the BSP kernel in those days (except 'high temperature issues' known on the OPi0 - I had never problems that the board doesn't run stable, others complained).. For boards with HDMI and desktop this might not be 100% true (yet - soon possible in mainline), but for headless servers just don't...

 

We don't deliver mail drivers for 'server images' and therefore it's not really accessed means 'additional consumption' might be minor. The same counts somehow for wifi, as long as you don't use it idle consumption is anyway not that high.

 

looking into schematics (https://mega.nz/#F!MKQSUIbS!reCl8EK0QqjnOoC-e2ZwBg!dPIzHLaa), you might save a bit by toggle PA20 but I never tested it (the same schematics should also be somewhere on linux-sunxi.org -  just to lazy to google it)..

Posted
20 hours ago, AlterX said:

I want to be prepared for my project: a domestic vpn server (using pptp)

 

Friends don't let friend use PPTP.... it's not very secure and it's been deprecated across pretty much all platforms.

 

As someone suggested - wireguard is present, and worse case, one can always consider using OpenVPN...

Posted
3 hours ago, sfx2000 said:

 

Friends don't let friend use PPTP.... it's not very secure and it's been deprecated across pretty much all platforms.

 

As someone suggested - wireguard is present, and worse case, one can always consider using OpenVPN...

Yes I know...it is already planned to switch over to a modern vpn protocol...but for my project right now doesn't really matter. Anyway the box will be completely isolated from the internal network and also guests won't see each other.

Posted
7 minutes ago, alfaktulu said:

And open vpn? Why don't use?

 

One can always use OpenVPN - it's a bit slow/inefficient due to certain design decisions, but it's secure, and widely available...

Posted

I have an OPiZero running my OpenVPN and a TOR relay...

I did have to set max cpu down to 816mhz and governor to conservative because it would occasionally lock up (the other day when I went to reboot it, found the case has melted!)

 

But it hums along nicely and doesn't skip a beat...

 

Stupid easy install of OpenVPN with scripts for creating users

 

There is also a super cheap single ethernet board called the NanoPi NEO  I set one up for my buddy at his house...and he loves it

Posted
On 12/5/2018 at 6:47 PM, sfx2000 said:

 

One can always use OpenVPN - it's a bit slow/inefficient due to certain design decisions, but it's secure, and widely available...

Yeah...unfortunately OpenVPN is NOT SMP capable...so each connection uses a single core...so it doesn't benefit from multiple cores unless you have multiple clients connected

Posted
1 hour ago, WarHawk_AVG said:

(the other day when I went to reboot it, found the case has melted!)

picture please

Posted
1 hour ago, WarHawk_AVG said:

I have an OPiZero running my OpenVPN and a TOR relay...

I did have to set max cpu down to 816mhz and governor to conservative because it would occasionally lock up (the other day when I went to reboot it, found the case has melted!)

 

But it hums along nicely and doesn't skip a beat...

 

Stupid easy install of OpenVPN with scripts for creating users

 

There is also a super cheap single ethernet board called the NanoPi NEO  I set one up for my buddy at his house...and he loves it

Interesting tro know...why the hell it is burning like that?!?!

 

Posted

Might have locked up...for some reason if the system doesn't boot, I think it might go full CPU and just run hot

AT 816Mhz fastest CPU and 240mhz idle..I consistently runs well below 50°C
I also just to make sure..have a cronjob set to reboot at 20:00 everyday..before sometimes it wouldn't come up...after the change to restrict speeds...it reboots and comes back up with no issues
 

Just wish I had more than 256MB...with OpenVPN and TOR running it runs around 180MB usage

OPiZero.Melt.jpg

Posted

Hi this is the project I am working on that explains why a PPTP is more than enough (when the vpn server on orange pi is available) for the purpose: snapvpn

 

Posted
On 12/20/2018 at 1:09 AM, AlterX said:

Hi this is the project I am working on that explains why a PPTP is more than enough (when the vpn server on orange pi is available) for the purpose: snapvpn

 

You mention "Using the ad-hoc mobile app (download it from Android or Apple store)"
Got links?

 

Got video's on how this works?

 

Posted

In the detailed steps you can find link to android store for the app...for a video check this out:snapvpn example

 

Basically you use the box as wifi ap and all devices connected to it can use the vpn gateway in trasparente way thus a smarttv over wifi

Posted
On 12/3/2018 at 10:18 AM, guidol said:

The OPi Zero doesnt need much power.
I only disabled the Wifi - because I do use Ethernet - with the following commands in the /etc/rc.local (I know are are also other/better ways):
 


ifconfig wlan0 down
rmmod xradio_wlan
rmmod mac80211
rmmod cfg80211

 

If I run these commands, I get error that modules are in use...how did you do it?

Posted

I know :(

it worked only in a older (legacy kernel?) version.

In the actual version which I use (mainline 4.19) it doesnt work anymore to unload the xradio_wlan module.

Posted
On 12/21/2018 at 6:18 PM, guidol said:

I know :(

it worked only in a older (legacy kernel?) version.

In the actual version which I use (mainline 4.19) it doesnt work anymore to unload the xradio_wlan module.

 

after searching the internet we have to do it the blacklist way :)

for every module you doenst want to load create a file in /etc/modprobe.d with the name <modulname>.conf that will include the line

blacklist <modulname>

like that :

/etc/modprobe.d/xradio_wlan.conf :
blacklist xradio_wlan

 

If we do this for all 3 modules we get:
 

root@opi-zero(192.168.6.99):/etc/modprobe.d# cat xradio_wlan.conf mac80211.conf cfg80211.conf
blacklist xradio_wlan
blacklist mac80211
blacklist cfg80211

After a reboot the modules arent loaded anymore :)

root@opi-zero(192.168.6.99):~# lsmod
Module                  Size  Used by
lz4hc                  16384  4
lz4hc_compress         24576  1 lz4hc
ftdi_sio               40960  0
sun8i_codec_analog     24576  1
sun4i_codec            32768  3
usbserial              24576  1 ftdi_sio
snd_soc_core          118784  2 sun4i_codec,sun8i_codec_analog
snd_pcm_dmaengine      16384  1 snd_soc_core
snd_pcm                69632  2 snd_pcm_dmaengine,snd_soc_core
zram                   24576  5
snd_timer              24576  1 snd_pcm
snd                    45056  3 snd_timer,snd_soc_core,snd_pcm
soundcore              16384  1 snd
sun4i_gpadc_iio        16384  0
uio_pdrv_genirq        16384  0
uio                    16384  1 uio_pdrv_genirq
usb_f_acm              16384  1
u_serial               20480  3 usb_f_acm
g_serial               16384  0
libcomposite           40960  2 g_serial,usb_f_acm
ip_tables              20480  0
x_tables               20480  1 ip_tables
pwrseq_simple          16384  1

 

for reference:  KernelModuleBlacklisting

 

Howto:
Create a file '/etc/modprobe.d/<modulename>.conf' containing 'blacklist <modulename>'.
Run 'depmod -ae' as root
Recreate your initrd with 'update-initramfs -u'

 

Posted
23 hours ago, guidol said:

 

after searching the internet we have to do it the blacklist way :)

for every module you doenst want to load create a file in /etc/modprobe.d with the name <modulname>.conf that will include the line

blacklist <modulname>

like that :


/etc/modprobe.d/xradio_wlan.conf :
blacklist xradio_wlan

 

If we do this for all 3 modules we get:
 


root@opi-zero(192.168.6.99):/etc/modprobe.d# cat xradio_wlan.conf mac80211.conf cfg80211.conf
blacklist xradio_wlan
blacklist mac80211
blacklist cfg80211

After a reboot the modules arent loaded anymore :)


root@opi-zero(192.168.6.99):~# lsmod
Module                  Size  Used by
lz4hc                  16384  4
lz4hc_compress         24576  1 lz4hc
ftdi_sio               40960  0
sun8i_codec_analog     24576  1
sun4i_codec            32768  3
usbserial              24576  1 ftdi_sio
snd_soc_core          118784  2 sun4i_codec,sun8i_codec_analog
snd_pcm_dmaengine      16384  1 snd_soc_core
snd_pcm                69632  2 snd_pcm_dmaengine,snd_soc_core
zram                   24576  5
snd_timer              24576  1 snd_pcm
snd                    45056  3 snd_timer,snd_soc_core,snd_pcm
soundcore              16384  1 snd
sun4i_gpadc_iio        16384  0
uio_pdrv_genirq        16384  0
uio                    16384  1 uio_pdrv_genirq
usb_f_acm              16384  1
u_serial               20480  3 usb_f_acm
g_serial               16384  0
libcomposite           40960  2 g_serial,usb_f_acm
ip_tables              20480  0
x_tables               20480  1 ip_tables
pwrseq_simple          16384  1

 

for reference:  KernelModuleBlacklisting

 


Howto:
Create a file '/etc/modprobe.d/<modulename>.conf' containing 'blacklist <modulename>'.
Run 'depmod -ae' as root
Recreate your initrd with 'update-initramfs -u'

 

 

Very good!! it is working for me as well

 

Guest
This topic is now closed to further replies.
×
×
  • Create New...

Important Information

Terms of Use - Privacy Policy - Guidelines