AlterX Posted December 3, 2018 Posted December 3, 2018 Hello guys, soon I will receive this nice toy (512MB) and I want to be prepared for my project: a domestic vpn server (using pptp) serving 1 o 2 guests at most. For this project I just need the RJ45 socket thus I would like to switch off as much as possible (e.g. GPU, on board wifi and others if there). Someone can point me to some resources or list what I can do to accomplish this? P.S. I know that pptp is not as secure as IPSec (and maybe IPSec is heavier for such device) but for the purpose of my project it is enough. Thanks a lot Gianni
guidol Posted December 3, 2018 Posted December 3, 2018 The OPi Zero doesnt need much power. I only disabled the Wifi - because I do use Ethernet - with the following commands in the /etc/rc.local (I know are are also other/better ways): ifconfig wlan0 down rmmod xradio_wlan rmmod mac80211 rmmod cfg80211 3
AlterX Posted December 3, 2018 Author Posted December 3, 2018 Thank you for your reply...this could be a way to disable it, although I prefer to do it in the config.txt if it is possible...anything about disabling the GPU? I want to switch all those off not really for consumption but to reduce the overall heating of the board
Tido Posted December 3, 2018 Posted December 3, 2018 https://wiki.debian.org/Wireguard and available on Armbian
AlterX Posted December 3, 2018 Author Posted December 3, 2018 7 minutes ago, Tido said: https://wiki.debian.org/Wireguard and available on Armbian Good to know it...I will then create a second generation Anything about disabling GPU, on board wifi and something else?
guidol Posted December 3, 2018 Posted December 3, 2018 config.txt - sounds you normally do use a Raspberry Pi Some hardware can be en-/disabled via armvian-config: system-->hardware (overlays) but not the gpu. I think under armbian you have to recompile the kernel for doing such a thing.
AlterX Posted December 3, 2018 Author Posted December 3, 2018 48 minutes ago, guidol said: config.txt - sounds you normally do use a Raspberry Pi Some hardware can be en-/disabled via armvian-config: system-->hardware (overlays) but not the gpu. I think under armbian you have to recompile the kernel for doing such a thing. Yeah...I will check what I can do with armbian-config...thanks Not only raspberry...armbian as well on banana pi!
AlterX Posted December 3, 2018 Author Posted December 3, 2018 I think I found something interesting: low consumption how to change the fex: change fex settings 1
chwe Posted December 4, 2018 Posted December 4, 2018 I would never ever run an VPN server on an outdated 3.4 EOL kernel.. IMO there's no reason to run an OPi0 with the BSP kernel in those days (except 'high temperature issues' known on the OPi0 - I had never problems that the board doesn't run stable, others complained).. For boards with HDMI and desktop this might not be 100% true (yet - soon possible in mainline), but for headless servers just don't... We don't deliver mail drivers for 'server images' and therefore it's not really accessed means 'additional consumption' might be minor. The same counts somehow for wifi, as long as you don't use it idle consumption is anyway not that high. looking into schematics (https://mega.nz/#F!MKQSUIbS!reCl8EK0QqjnOoC-e2ZwBg!dPIzHLaa), you might save a bit by toggle PA20 but I never tested it (the same schematics should also be somewhere on linux-sunxi.org - just to lazy to google it).. 1
sfx2000 Posted December 4, 2018 Posted December 4, 2018 20 hours ago, AlterX said: I want to be prepared for my project: a domestic vpn server (using pptp) Friends don't let friend use PPTP.... it's not very secure and it's been deprecated across pretty much all platforms. As someone suggested - wireguard is present, and worse case, one can always consider using OpenVPN... 1
AlterX Posted December 4, 2018 Author Posted December 4, 2018 3 hours ago, sfx2000 said: Friends don't let friend use PPTP.... it's not very secure and it's been deprecated across pretty much all platforms. As someone suggested - wireguard is present, and worse case, one can always consider using OpenVPN... Yes I know...it is already planned to switch over to a modern vpn protocol...but for my project right now doesn't really matter. Anyway the box will be completely isolated from the internal network and also guests won't see each other.
sfx2000 Posted December 6, 2018 Posted December 6, 2018 7 minutes ago, alfaktulu said: And open vpn? Why don't use? One can always use OpenVPN - it's a bit slow/inefficient due to certain design decisions, but it's secure, and widely available...
WarHawk_AVG Posted December 14, 2018 Posted December 14, 2018 I have an OPiZero running my OpenVPN and a TOR relay... I did have to set max cpu down to 816mhz and governor to conservative because it would occasionally lock up (the other day when I went to reboot it, found the case has melted!) But it hums along nicely and doesn't skip a beat... Stupid easy install of OpenVPN with scripts for creating users There is also a super cheap single ethernet board called the NanoPi NEO I set one up for my buddy at his house...and he loves it
WarHawk_AVG Posted December 14, 2018 Posted December 14, 2018 On 12/5/2018 at 6:47 PM, sfx2000 said: One can always use OpenVPN - it's a bit slow/inefficient due to certain design decisions, but it's secure, and widely available... Yeah...unfortunately OpenVPN is NOT SMP capable...so each connection uses a single core...so it doesn't benefit from multiple cores unless you have multiple clients connected
Tido Posted December 14, 2018 Posted December 14, 2018 1 hour ago, WarHawk_AVG said: (the other day when I went to reboot it, found the case has melted!) picture please
AlterX Posted December 14, 2018 Author Posted December 14, 2018 1 hour ago, WarHawk_AVG said: I have an OPiZero running my OpenVPN and a TOR relay... I did have to set max cpu down to 816mhz and governor to conservative because it would occasionally lock up (the other day when I went to reboot it, found the case has melted!) But it hums along nicely and doesn't skip a beat... Stupid easy install of OpenVPN with scripts for creating users There is also a super cheap single ethernet board called the NanoPi NEO I set one up for my buddy at his house...and he loves it Interesting tro know...why the hell it is burning like that?!?!
WarHawk_AVG Posted December 20, 2018 Posted December 20, 2018 Might have locked up...for some reason if the system doesn't boot, I think it might go full CPU and just run hot AT 816Mhz fastest CPU and 240mhz idle..I consistently runs well below 50°C I also just to make sure..have a cronjob set to reboot at 20:00 everyday..before sometimes it wouldn't come up...after the change to restrict speeds...it reboots and comes back up with no issues Just wish I had more than 256MB...with OpenVPN and TOR running it runs around 180MB usage
AlterX Posted December 20, 2018 Author Posted December 20, 2018 Hi this is the project I am working on that explains why a PPTP is more than enough (when the vpn server on orange pi is available) for the purpose: snapvpn
WarHawk_AVG Posted December 21, 2018 Posted December 21, 2018 On 12/20/2018 at 1:09 AM, AlterX said: Hi this is the project I am working on that explains why a PPTP is more than enough (when the vpn server on orange pi is available) for the purpose: snapvpn You mention "Using the ad-hoc mobile app (download it from Android or Apple store)" Got links? Got video's on how this works?
AlterX Posted December 21, 2018 Author Posted December 21, 2018 In the detailed steps you can find link to android store for the app...for a video check this out:snapvpn example Basically you use the box as wifi ap and all devices connected to it can use the vpn gateway in trasparente way thus a smarttv over wifi
AlterX Posted December 21, 2018 Author Posted December 21, 2018 On 12/3/2018 at 10:18 AM, guidol said: The OPi Zero doesnt need much power. I only disabled the Wifi - because I do use Ethernet - with the following commands in the /etc/rc.local (I know are are also other/better ways): ifconfig wlan0 down rmmod xradio_wlan rmmod mac80211 rmmod cfg80211 If I run these commands, I get error that modules are in use...how did you do it?
guidol Posted December 21, 2018 Posted December 21, 2018 I know it worked only in a older (legacy kernel?) version. In the actual version which I use (mainline 4.19) it doesnt work anymore to unload the xradio_wlan module.
guidol Posted December 24, 2018 Posted December 24, 2018 On 12/21/2018 at 6:18 PM, guidol said: I know it worked only in a older (legacy kernel?) version. In the actual version which I use (mainline 4.19) it doesnt work anymore to unload the xradio_wlan module. after searching the internet we have to do it the blacklist way for every module you doenst want to load create a file in /etc/modprobe.d with the name <modulname>.conf that will include the line blacklist <modulname> like that : /etc/modprobe.d/xradio_wlan.conf : blacklist xradio_wlan If we do this for all 3 modules we get: root@opi-zero(192.168.6.99):/etc/modprobe.d# cat xradio_wlan.conf mac80211.conf cfg80211.conf blacklist xradio_wlan blacklist mac80211 blacklist cfg80211 After a reboot the modules arent loaded anymore root@opi-zero(192.168.6.99):~# lsmod Module Size Used by lz4hc 16384 4 lz4hc_compress 24576 1 lz4hc ftdi_sio 40960 0 sun8i_codec_analog 24576 1 sun4i_codec 32768 3 usbserial 24576 1 ftdi_sio snd_soc_core 118784 2 sun4i_codec,sun8i_codec_analog snd_pcm_dmaengine 16384 1 snd_soc_core snd_pcm 69632 2 snd_pcm_dmaengine,snd_soc_core zram 24576 5 snd_timer 24576 1 snd_pcm snd 45056 3 snd_timer,snd_soc_core,snd_pcm soundcore 16384 1 snd sun4i_gpadc_iio 16384 0 uio_pdrv_genirq 16384 0 uio 16384 1 uio_pdrv_genirq usb_f_acm 16384 1 u_serial 20480 3 usb_f_acm g_serial 16384 0 libcomposite 40960 2 g_serial,usb_f_acm ip_tables 20480 0 x_tables 20480 1 ip_tables pwrseq_simple 16384 1 for reference: KernelModuleBlacklisting Howto: Create a file '/etc/modprobe.d/<modulename>.conf' containing 'blacklist <modulename>'. Run 'depmod -ae' as root Recreate your initrd with 'update-initramfs -u' 1
AlterX Posted December 25, 2018 Author Posted December 25, 2018 23 hours ago, guidol said: after searching the internet we have to do it the blacklist way for every module you doenst want to load create a file in /etc/modprobe.d with the name <modulname>.conf that will include the line blacklist <modulname> like that : /etc/modprobe.d/xradio_wlan.conf : blacklist xradio_wlan If we do this for all 3 modules we get: root@opi-zero(192.168.6.99):/etc/modprobe.d# cat xradio_wlan.conf mac80211.conf cfg80211.conf blacklist xradio_wlan blacklist mac80211 blacklist cfg80211 After a reboot the modules arent loaded anymore root@opi-zero(192.168.6.99):~# lsmod Module Size Used by lz4hc 16384 4 lz4hc_compress 24576 1 lz4hc ftdi_sio 40960 0 sun8i_codec_analog 24576 1 sun4i_codec 32768 3 usbserial 24576 1 ftdi_sio snd_soc_core 118784 2 sun4i_codec,sun8i_codec_analog snd_pcm_dmaengine 16384 1 snd_soc_core snd_pcm 69632 2 snd_pcm_dmaengine,snd_soc_core zram 24576 5 snd_timer 24576 1 snd_pcm snd 45056 3 snd_timer,snd_soc_core,snd_pcm soundcore 16384 1 snd sun4i_gpadc_iio 16384 0 uio_pdrv_genirq 16384 0 uio 16384 1 uio_pdrv_genirq usb_f_acm 16384 1 u_serial 20480 3 usb_f_acm g_serial 16384 0 libcomposite 40960 2 g_serial,usb_f_acm ip_tables 20480 0 x_tables 20480 1 ip_tables pwrseq_simple 16384 1 for reference: KernelModuleBlacklisting Howto: Create a file '/etc/modprobe.d/<modulename>.conf' containing 'blacklist <modulename>'. Run 'depmod -ae' as root Recreate your initrd with 'update-initramfs -u' Very good!! it is working for me as well 2
Recommended Posts