Tag Archives: home server

Start a service after openvpn connection has been established using systemd

I like to provide services only via VPN for security reasons. That means a server only accepts connections to a service (e.g. imap, jabber) only from a vpn network and not coming from a really network device. Usually it this is easy to do by configuring a service to just listen on the vpn interface.

Unfortunately this creates a problem when starting up a machine. The vpn connection is usually established some time after the networking is established. The services that should listen on the vpn interface are usually started before the vpn service has setup the vpn connection. Most services fail to startup in that case because the interface they should bind to is not there (yet).

Systemd can be configured to start the services in the right order but I found it hard to find working advice for doing that. So this is the way.

  1. Create a copy of the .service-file responsible for the service you want to start after openvpn in /etc/systemd/system. This is required as you are not supposed to ever modify .service files in /usr/lib/systemd directly.

    cp /usr/lib/systemd/system/[yourService].service /etc/systemd/system

    Units found in /etc/systemd/system will overrule the units from /usr/lib/systemd/system
  2. You need to modify the copied service file in /etc/systemd/system. Place this lines in its [Unit] section:

    [Unit]
    Wants=sys-devices-virtual-net-tun0.device
    After=sys-devices-virtual-net-tun0.device

    Note: If there are already Wants or After directives in the file, place the sys-devices-virtual-net-tun0.device behind the existing directive seperated with a space. Wants and After accept multiple units but they must be space seperated.
    Note: This assumes that the vpn you want the service to wait creates the tun0 device. Systemd creates units files for network interfaces that show up. The lines above make systemd wait for tun0 to show up before it starts the modified service.

When you have enabled your service with “systemctl enable” it should now startup after the vpn connection has been established.

This should work with any vpn technology as long as you make sure to use the right device file. If your vpn is behind interface tun1 you should use sys-devices-virtual-net-tun1.device instead of sys-devices-virtual-net-tun0.device.

Advertisements

Build your own 6 watts home server using an raspberry pi

IMG_1513 In the picture besides you see my new home server built around a raspberry pi. The parts in detail:

  • raspberry pi model b Rev.2 inside a transparent casing
  • D-Link DUB-H7 7-Port USB 2.0 Hub (confirmed working with the raspberry pi)
  • 2.5 inch 500 GB usb harddisk from toshiba (an older one I had)
  • Hauppauge Nova-T Stick for DVB-T (confirmed working with the raspberry pi IF you have a powered usb hub!)

The pi is connected to a fritzbox 7270 via ethernet and is running raspian (Debian Wheezy). The CPU is overclocked a little at 800 MHz.

Currently this small computer is running the following services for me:

  • full webserver consisting of nginx, php and mysql (follow standard tutorials for debian)
  • web rss reader using tiny rss 1.7.4
  • streaming tv from the tv stick to all computers in the network using vdr and streamdev-plugin
  • streaming requested music via the upnp protocol having installed minidlna as described here
  • common file storage via ssh/sftp
  • backup space via rsync

Memory usage is around 100 MiB all the time (no graphical is running). TinyRSS could be running a little snappier – I intend to help optimizing it a little. Streaming tv is putting 15% cpu usage on the pi.

The best about it is the low power usage. I measured it and even together with the power supply it never reached 8 watts. I see around 5 watts at idle. It may peak a little higher when there is full cpu and disk load – but that’s rare. So you can think of having it running all day without some bad.

I intend to add another usb disk acting as a backup by mirroring the data on the other disk.

Things to know about power usage

Power supply was the only big question I had when putting together the parts I needed. I wanted to keep costs and power losses low by running not adding more power supplys than absolutely needed.

The raspberry pi can be powered via an usb port. But it needs at least 700 mA what not every port provide. The usb port of the Fritzbox was no option because of that. If you want to connect more power hungry devices (like harddisks or tv sticks) via usb to the raspberry, you really need a powered usb hub because no usb port can power the pi AND that devices together. I wanted to run the pi, two harddisks and a tv stick altogether, so some power was needed.

Instead of buying a power supply for the pi and a powered usb hub (which would make two), I only bought the usb hub. The D-Link hub is specified to deliver 3.5 A, what should be enough. So I simply pluged the pi into the hub and connected the hub with the pi via one of its two usb ports again. This connection circle is working well and every device I plug in the hub can be used by the pi. This trick saved me one power supply and some power being burned.

A hint if you intend to run usb disks with that hub: Have Y-cables available (with two usb plugs). One port of the hub may not be enough to power the disk, but using two of them will suffice.

Update 30.5.2013

In the meantime I added a second USB harddrive to the setup which serves as a backup. Via cronjob the content of the first harddisk is transfered to the backup disk every night by rsync. That works perfectly.

Moreover I have a cronjob making a low level copy of the sd card containing the system image to the hard disk weekly. So I have a full backup of the system in case the sd card is failing.

Two problems I encountered. Mirroring my desktops home directory to the usb drives of the pi via rsync often crashes long before having finished. I do not know the reason but found rsync to be no backup solution for me. Maybe unison will work here.

Apart from that I sometimes find that my tv stream from the pi suddenly aborts and cannot be restored. It took me a while to find out that the problem is actually the fritzbox 7270 running FritzOS 5.50. After restarting it, everything works again. Must be a strangeĀ  bug in the fritzbox with data intensive socket connections. So if you are watching tv via your pi and the stream aborts, the problem might actually be your router.