Tiernan's Comms Closet

Geek, Programmer, Photographer, network egineer…

Raspberry Pi as a Mobile WiFi HotSpot (part 1)

I have been using an iPhone 4 as a wifi hotspot for a while now. It does not have a “phone” SIM in it, with calls and texts enabled, instead it has a 3G Data SIM from a dongle… It works OK, but there are a few issues i have with it…

  • No easy way to see how much data is being used, unless you Jail Break, and then battery life goes away…
  • not very hackable… other than Jail Break, and thats not hackable enough…
  • not a lot of storage: 16Gb, and most of that is takin up by Music and Apps
  • no background network daemons… more on that in a second…

The Network Daemons i am thinking would be useful for a WiFi Hotspot would be Squid, WANProxy, SSH, PPTP or OpenVPN Client and possibly a downloader of some sort. What i am thinking is as follows:

  • Have a device, that is small enough to fit in a bag, possibly small enough to fit in a jacket pocket. It will probably not be as small as the iPhone.
  • It should have storage on board. Boot storage and cache storage
  • At least 1, possibly more, WiFi Adapters, with optional antennas
  • At least 1, possibly more, 3G or 4G Modems
  • At least 1 ethernet port, again possibility for more
  • Battery that can run the whole system for at least 4-5 hours, and should be able to run while being charged. charging via USB would be ideal also
  • Optional Screen, but more likley, some sort of web interface to show whats going on (Bandwdith usage, clients connected, connection details)

When this turns on, it should automatically start the 3/4G connections (if there are multiple connections, it should do some balancing of the connections). if there are more then 1 WiFi Connection, one should be a Client (connect to an external WiFi connection, like home, college, work) and one should be an Access Point (Your Phone, Tablet and Laptop connect to this one). Ethernet can also be used in a simular way (if one only, it could be client or server, if multiple, one can be client, one can be server). DHCP addresses will be given out on Access Point or Server connections, and on Client connections, DHCP will be accepted.

Squid would be installed and listen on its usual port. Optionally, all port 80 and 8080 traffic could be routed though Squid. Ideally, HTTPS traffic should be automatically routed, but i think thats a bit harder to setup… If VPN Clients are enabled, it could also allow All or Some traffic to be routed over the VPN connections. SSH could also be used to compress traffic between multiple Squid boxes (one in house, one on the device). WANProxy could be used in a simular manner to save bandwdith and make the connection faster.

So, with all that, i am looking at using a Raspberry Pi for the job. I am still working on this, but here is what i have so far…

  • I have put a Wifi adapter into my Raspberry Pi (A Linksys, but forget the exact model number). Using a tutorial on Vivek’s blog on making a wifi hotspot on linux i managed to get the AP showing up on my laptop, but could not connect. I am not sure if its the adapter causing the problem, or what, but i am going to change out the adapter.
  • At the moment, i am sharing the ethernet connection, not the 3G connection… I have posted here before the link to Terence Eden’s post on getting the Raspberry Pi to connect to 3G. All that i will need to do is connect to 3g and then NAT the connection from Wifi to 3G…

So, there are a few more bits and pieces to get done over the next while… I will keep posting here…

Moving sites to NearlyFreeSpeech

I have been running a Dedicated Server from Hetzner for a while now, but have started to look at what i am running on the site, and reailized i under utilize the machine a lot… For example, this site is generated using Jekyll, which takes up very little power, and becomes static HTML files. My other blogs (Tiernan’s Comms Closet and GeekPhotographer) are both low traffic WordPress sites, and I run a couple of other static sites also for friends… All in all, not a lot of power…

Its not a fortune to run the server, the box i have has a Quad Core, Hyper threaded Intel i7, 32Gb RAM, 2 3TB Hdds (not raid…) and runs a copy of VMWare ESXi, and it costs about EUR60 a month, including a couple of IP addresses… But, i dont use it all that often… So, i am in the process of getting rid of it…

So, the 2 other blogs (GeekPhotographer and Tiernan’s Comms Closet) have already moved. They where easy enough… Export the WordPress DB, copy the file up, tweak the config, import the DB, DNS updates, etc… All done… but this site… that is more “Complicated”…

Since it is generated on a ‘git push’, Jekyll and Ruby needs to be installed on the box… I am using static sites on NearlyFreeSpeech which only charge me per meg (about 0.1c, but that reduces as you transfer more) transfered and per 5 meg stored (1c). Thats for STATIC sites… if you are running a dynamic site, its about 1c per 1mb stored, plus 1c per day, plus another 2c for MySQL instances. Check out their pricing calculator to see the magic at work!

Anyway, my GIT repo is on a machine in the house. It has Jekyll and all required bits installed. In the ‘post-receive’ hook (check the original zerosum post), i generate the site, and then do an rsync copy to NFSN servers. That is it!

Any question, leave a comment.

[update] forgot to add the gist which shows how i do the rsync call…

[update2] you in my case, the folder that Jekyll is being built in needed to be chmoded and chowned… I chowned the the folder to the gitolite user and i chmodded the folder to 777… before i did this, some files where unreadable on NFSN… with this, all works grand…

Send Emails as a Distribution Group in Office365

I am in the process of moving my Email domains from one Office365 plan (a Professional) to an Enterprise Plan. During the move, i set up some Email Aliases for older email addresses, which are still being used, but i dont send a lot of email from. But if i do need to send emails from these addresses, with the help of Powershell, I managed to set it up. The full details are listed on “how to send as an alias in Office 365”. It works perfectly! And, as a bit of shamless self promotion, if you are interested in Office365, why not drop me a mail at Tiernan at LimitedSlipNetworks dot com and i can set you up with a trial and more information.

IPv6 Firewall rules for MikroTik RouterOS

After yesterday’s post on IPv6 Networking in the house, I realized that all machines internally had publically facing IPv6 addresses! I started to panic, then went looking online, and found the following script:

This script, when run on your RouterOS board, will allow Established and Related connections, allow outgoing connections, and drop anything incoming that has not been requested… so, now everything inside the network should be more secured… I am new to this IPv6 stuff, so I am still learning… but, i am getting there…

IPv6 + MikroTik + Linux + Windows

I have been wanting to setup an IPv6 network for a while now, but never had the hardware or network to support it. My broadband Modem, a Cisco EPC3925, was pretty useless… But with the advent of Bridging on the Cisco EPC3925 it now works!

The first thing i needed to do was setup a Tunnel Broker Account with Hurricane Electric. I got a /64 block of IPv6 addresses, which should do me for a while… 🙂

Next, I followed the config example from the MikroTik Wiki Page: My First IPv6 Network. In my case, i only ran though most of router 1’s config, and did not create the “routing between segments” and “ospv-v3” backbone… I did give my internal LAN port an IPv6 address, as well as an IPv4 address.

Next, on my Windows Server machine, i gave it a static IPv6 address (since i dont have an IPv6 DHCP setup… yet…) and told it to use the IPv6 address i gave the RouteBoard as its gateway. Then i told it to use the OpenDNS public IPv6 address. I then visited IPv6 Test and Google’s IPv6 page to confirm connectivity… SUCCESS!!!

On my Linux box, I followed Soflayer’s Adding an IPv6 IP tutorial.

So far, so good…

Compressing and UnCompressing Protobuf items in C#

Part of a project i am working on required sending large amounts of data between different instances. To get this to work efficially, we started using the ProtoBuf using ProtoBuf-net in .NET. but the files where still quite large (17mb, give or take). So, we looked into compression…

here is some examples of how we managed to compress the protobuf files. We got some decient compression: 3mb files, down from 17mb. very happy.

to compress an object (obj) and write to a temp file (tmpfile):

to decompress the object back to a known type:

GIT tips and tricks

I use GIT a lot for different things, including this blog. so, here are a few tips and tricks i have found useful over the while…

Symform – P2P Backup

I have previously posted about CrashPlan as my Backup System. I also, a long time ago, talked about Backing up SQL, MySQL and other stuff on my other blog. Well, CrashPlan is all good, but there are 2 “niggly” bits with it…

  • Its not FREE (well, this year i got it Free on Black Friday…) but it is cheap ($120 a year to backup 10 machines to the cloud aint bad.)
  • Its NOT FAST! The CrashPlan Datacenters all live in the US, and my servers live in Europe (either Dublin or Germany). So, bandwidth is limited… Getting less than 1Mbit/s most times, but have seen it reach 3… I have 20Mbits/s upload… even half that would be nice…

So, thats where Symform comes in. Symform is a P2P Backup Service, which runs on Windows, Linux and MacOSX. In theory, it should run anywhere that has a Mono runtime since its written in .NET. Anyway, you start with 10Gb of free storage, and you can increese that by one of 2 ways:

  • Pay money: for $0.15 per month, you get 1Gb of storage in the cloud
  • Pay Bytes: For every 2Gb “Contributed” (which is actually more like a pledge than a contribution… more on that later) you get 1Gb storage in the cloud.

It works very well, and is nice a fast too. I have a few machines in house which are contribting stoage, a total of about 2Tb, and I have been given 1Tb storage in “The Cloud”. There is a lot more on how this works on their “How Symform Works” section of their site.

I mentioned the “Contribution” VS “Pledge” up above… I have a machine in the house where i have Pledged 1Tb of storage. In reality, Symform can use the full 1Tb of storage, if it needs to, but is currently only using 168Gb. Now, that could just be that the machine is still getting files, and it will end up using the full 1Tb eventually, but either way, its all good.

Also, as a couple of notes on Contribution and Backups:

  • The machine needs to be online and accessable on the internet at least 80% of the time, but 24/7 is ideal. If you drop below the 80%, your account can be suspended.
  • your machine needs to be publically accessable, meaning port forwarded. I have a couple contribution machines in house, so they each have seperate ports forwarded to them.
  • Given the P2P nature of the software, lots of connections to different machines are made… if you are behind a firewall, you may need to allow all or most outgoing connections. If you are on a really restrictive firewall, you may want to stick a contribution box in your DMZ and probably use the Turbo Seeding feature.
  • Turbo Seeding is a handy feature, especially for Laptops… only problem is its Windows Only… So, importing and exporting does not work on Linux or OSX.
  • The software can managed Work and Non Work hours, and will limit the upload and download speed during this time. Also a nice feature…

So far, so good. Very happy with the software, but would like a nicer interface to see whats going on. At the moment, you are either limited to using the web interface, which aint bad, but not great, or watching the log files… I would also like the ability to prioritize certain files or folders, so, for example, upload my documents folder before anything else, and if anything changes in there, even if its uploading from somewhere else, pause and upload the documents folder… Just a thought…

moving your TMG SQL server Logs DB and other TMG tips

In house, I have been using Microsoft TMG 2010 Server for a while now. I use it as a firewall for some of the machines on the network, and also as a proxy for most, if not all, machines. When acting as a Firewall, all traffic flows though the machine, be it HTTP/HTTPS, SMTP/POP3/IMAP, or anything for that matter. You can also lock down ports on the box, which is a feature of most firewalls, but i like TMG due to its relitive ease of use…

Anyway, one problem with routing all traffic from different machines though TMG is after a while, the logging starts getting big. Single TMG by default is set to use SQL Server, it can start using lots of memory, hard drive space, etc. So, there are a couple of articles which should make moving your TMG’s SQL DB to a different machine easier…

Some other tips you may find useful

  • If you have Malware Inspection turned on, but you know there are certain sites that wont serve Malware (for example, Ubutnu Archives or YouTube.com) you can add these to the “Destination Exceptions” list. Under “Web Access Policy”, click “Malware Inspection” and click “Destination Exceptions”. Double click on the “Sites Exempt from Malware Inspection” and add your URL. I put *.ubuntu.com and *.youtube.com in here (Microsoft Updates are already on the list). Now, when downloading files from these locations, they do not run though inspection and save CPU cycles. WANRING You need to trust these sites!
  • There is a nice little app to add into TMG called Bandwidth Splitter which allows you to not only monitor what traffic is going though your network, but also put limits on different machine sets, users, etc. There is a Free editon which works with only 10 clients, but does what i need it to do to start with.