* [[https://github.com/thibmaek/awesome-raspberry-pi|Lots of Raspberry Pi tips and tutorials - thibmaek on GitHub.com]]
* [[https://github.com/wtsxDev/Raspberry-Pi|Lots of Raspberry Pi tips and tricks: NFS, SSH, VNC, DNS,... - wtsxDev on github.com]]
* [[http://frederickvandenbosch.be/?p=2385|Good info on setting up a useful Raspbian microsd card right away - frederickvandenbosch.be]]
* [[https://magpi.raspberrypi.org/articles/anpr-car-spy-raspberry-pi|Build an automatic number plate recognition(ANPR) system]]
==== Install Raspbian using img file ====
On a Mac, use Etcher and point it at the downloaded image file, or ...
* Format the SD card using SDCardFormatter
* Check where the SD card is mounted
mbpi7:.ssh stuart$ df -g
Filesystem 1G-blocks Used Available Capacity iused ifree %iused Mounted on
/dev/disk0s2 237 47 189 21% 12608239 49696631 20% /
devfs 0 0 0 100% 724 0 100% /dev
/dev/disk1s2 931 637 293 69% 167108601 76998065 68% /Volumes/data
map -hosts 0 0 0 100% 0 0 100% /net
map auto_home 0 0 0 100% 0 0 100% /home
/dev/disk2s1 3 0 3 1% 0 0 100% /Volumes/UNTITLED 4
We see here it is mounted on /Volumes/UNTITLED 4
* Unmount the SD card using Disk Utility or
sudo umount /Volumes/UNTITLED\\ 4/
* Copy the image file to the SD card
sudo dd if=../Downloads/2014-01-07-wheezy-raspbian.img of=/dev/rdisk2 bs=1m
==== Backup your Raspberry Pi SD card to an image file ====
After the OS is installed, up to date, upgraded and just how you want it, keep a copy to save time if it crashes\\
First find out the name of the Pi's disk
diskutil list
Do the copy
sudo dd bs=1m if=/dev/rdisk2 of=raspi_20140108.img
For the geeks, kill -29 makes dd report its status to stderr\\
==== Enable remote SSH access ====
Either:
* mount the sd card on another computer and create an empty file named 'ssh' on the boot filesystem, or
sudo systemctl enable ssh
sudo systemctl start ssh
==== How to install a Raspberry Pi SMS Server ====
=== Send text messages via a 3G GSM modem from your applications ===
* [[https://www.howtoforge.com/tutorial/how-to-install-raspberry-pi-sms-server/|How to install a Raspberry Pi SMS Server]]
* [[https://www.diafaan.com/sms-tutorials/gsm-modem-tutorial/|Example of a 3G modem conversation]]
* [[http://www.smssolutions.net/tutorials/gsm/sendsmsat/|Send SMS using AT commands]]
=== Use Pushbullet - no cost option ===
* [[https://docs.pushbullet.com/#api-quick-start|Pushbullet API]]
==== Autoboot the wlan0 wireless lan interface on Raspberry Pi ====
root@raspberrypi:/# cat /etc/network/interfaces
auto lo
iface lo inet loopback
iface eth0 inet dhcp
- allow-hotplug wlan0
- iface wlan0 inet manual
- wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf
- iface default inet dhcp
auto wlan0
allow-hotplug wlan0
iface wlan0 inet dhcp
wpa-ssid ""
wpa-psk ""
iface default inet dhcp
or, for later versions...
vi /etc/network/interfaces
allow-hotplug wlan0
iface wlan0 inet manual
wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf
vi /etc/wpa_supplicant/wpa_supplicant.conf
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
network={
ssid="YOUR_NETWORK_NAME"
psk="YOUR_PASSWORD"
key_mgmt=WPA-PSK
}
or on later versions of Raspbian, with the card in your computer, place a file named wpa_supplicant.conf on the boot filesystem containing the WiFi network and it's password and you are done!
vi /boot/wpa_supplicant.conf
and put this info in it (adjust as necessary)
country=BE
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1
network={
ssid=""
psk=""
key_mgmt=WPA-PSK
}
This file then gets copied at boot time to ''/etc/wpa_supplicant/wpa_supplicant.conf''\\
or, if using RetroPie...\\
With the SD card in your computer, place a file named wifikeyfile.txt on the boot filesystem containing the WiFi network and it's password and you are done!
vi /boot/wifikeyfile.txt
ssid="WIFI SSID"
psk="wifi passphrase"
==== Mount an NFS share ====
* Ready made tutorial [[http://www.kalitut.com/2017/11/mount-nfs-share.html|here]]
==== What version of Raspbian do I have? ====
lsb_release -a
or
cat /etc/apt/sources.list
==== Assign a fixed IP address (Stretch) ====
It is actually a lot simpler now to assign a fixed IP. As root,
vi /etc/dhcpcd.conf
Add this to the bottom of the file
interface eth0
static ip_address=192.168.1.13/24
static routers=192.168.1.1
#static domain_name_servers=192.168.1.1
and restart.\\
Uncomment the domain_name_servers line if you don't want to use the dns server supplied by the gateway (router)
==== Assign a fixed IP address (to the wireless adapter in the case) ====
Get the current IP address and other info
ifconfig -a
We're interested in these bits:
wlan0
inet addr:192.168.1.15 Bcast:192.168.1.255 Mask:255.255.255.0
Get the router/gateway address
netstat -rn
We're interested in these bits:
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 wlan0
Now using the above data, edit /etc/network/interfaces and add the following lines to the wlan0 section (also changing the iface line to "static")
address 192.168.1.100
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.1
It should end up looking something like this:
auto wlan0
allow-hotplug wlan0
iface wlan0 inet static
address 192.168.1.100
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.1
wpa-ssid ""
wpa-psk ""
=== Restart the networking daemon ===
(or reboot the Pi)
/etc/init.d/networking reload
==== Install an OpenVPN server ====
All operations as root\\
=== Get the Pi up-to-date ===
apt-get update
apt-get upgrade
apt-get autoremove
raspi-config # set overclocking to Medium
=== Install the packages ===
apt-get install openvpn openssl
and optionally this to be able to reach the server from the internet using names instead of numbers
apt-get install ddclient
and maybe other useful stuff
apt-get install host shorewall telnet lighttpd
=== Generate a copy of the easy-rsa structure ===
cd /etc/openvpn
cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0 ./easy-rsa
=== Modify the easy-rsa location ===
cd easy-rsa
vi vars
Change
- export EASY_RSA="`pwd`"
export EASY_RSA="/etc/openvpn/easy-rsa"
. ./vars
./clean-all
=== Link correct binary ===
ln -s openssl-1.0.0.cnf openssl.cnf
=== Generate certificate authority files ===
./build-ca ca
This creates 4 files in the keys subdirectory...
-rw-r--r-- 1 root root 1383 Feb 2 12:02 ca.crt
-rw------- 1 root root 916 Feb 2 12:02 ca.key
-rw-r--r-- 1 root root 0 Feb 2 12:02 index.txt
-rw-r--r-- 1 root root 3 Feb 2 12:02 serial
=== Generate the server key files ===
just hit ENTER for the password but sign and commit the certificate when asked
./build-key-server home_server
keys subdirectory now looks like this
-rw-r--r-- 1 root root 4129 Feb 2 12:03 01.pem
-rw-r--r-- 1 root root 1383 Feb 2 12:02 ca.crt
-rw------- 1 root root 916 Feb 2 12:02 ca.key
-rw-r--r-- 1 root root 4129 Feb 2 12:03 home_server.crt
-rw-r--r-- 1 root root 737 Feb 2 12:03 home_server.csr
-rw------- 1 root root 916 Feb 2 12:03 home_server.key
-rw-r--r-- 1 root root 141 Feb 2 12:03 index.txt
-rw-r--r-- 1 root root 21 Feb 2 12:03 index.txt.attr
-rw-r--r-- 1 root root 0 Feb 2 12:02 index.txt.old
-rw-r--r-- 1 root root 3 Feb 2 12:03 serial
-rw-r--r-- 1 root root 3 Feb 2 12:02 serial.old
=== Generate the client keys ===
just hit ENTER for the password but sign and commit the certificate when asked
./build-key home_client1
keys subdirectory now looks like this
-rw-r--r-- 1 root root 4129 Feb 2 12:03 01.pem
-rw-r--r-- 1 root root 4012 Feb 2 12:04 02.pem
-rw-r--r-- 1 root root 1383 Feb 2 12:02 ca.crt
-rw------- 1 root root 916 Feb 2 12:02 ca.key
-rw-r--r-- 1 root root 4012 Feb 2 12:04 home_client1.crt
-rw-r--r-- 1 root root 737 Feb 2 12:04 home_client1.csr
-rw------- 1 root root 916 Feb 2 12:04 home_client1.key
-rw-r--r-- 1 root root 4129 Feb 2 12:03 home_server.crt
-rw-r--r-- 1 root root 737 Feb 2 12:03 home_server.csr
-rw------- 1 root root 916 Feb 2 12:03 home_server.key
-rw-r--r-- 1 root root 283 Feb 2 12:04 index.txt
-rw-r--r-- 1 root root 21 Feb 2 12:04 index.txt.attr
-rw-r--r-- 1 root root 21 Feb 2 12:03 index.txt.attr.old
-rw-r--r-- 1 root root 141 Feb 2 12:03 index.txt.old
-rw-r--r-- 1 root root 3 Feb 2 12:04 serial
-rw-r--r-- 1 root root 3 Feb 2 12:03 serial.old
=== Generate the Diffie-Hellman file ===
./build-dh
This gives us one extra file
-rw-r--r-- 1 root root 245 Dec 24 13:40 dh1024.pem
=== Build a server config file ===
Copy from the examples directory...
cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn/
gunzip /etc/openvpn/server.conf.gz
… or
cd ..
vi server.conf
and paste this snippet:
dev tun
proto udp
port 1194
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/home_server.crt
key /etc/openvpn/easy-rsa/keys/home_server.key
dh /etc/openvpn/easy-rsa/keys/dh1024.pem
server 10.8.0.0 255.255.255.0
persist-key
persist-tun
status /var/log/openvpn-status.log
verb 3
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
log-append /var/log/openvpn
comp-lzo
=== Enable IP forwarding ===
echo 1 >/proc/sys/net/ipv4/ip_forward
=== Allow IP forwarding across reboots ===
vi /etc/sysctl.conf
- Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1
Activate the changes with
sysctl -p
=== Generate and export an OpenVPN client config file ===
Use Tunnelblick (on a Mac) to generate a template client configuration file or copy/paste and modify this:\\
If you use Viscosity, this is not necessary. You just need to fill in the blanks on its connection panel…\\
In either case you need to know where you stored the files (ca.crt, home_client1.crt and home_client1.key) generated earlier.
dev tun
client
proto udp
- remote 192.168.1.100 1194 # testing with lan address of Raspberry Pi
remote 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert home_client1.crt
key homeclient1.key
comp-lzo
verb 3
=== Check IP address and interface name ===
ifconfig -a
=== Alter routing table to allow traffic to the server ===
Copy/paste this snippet:
assuming wired interface and the ip address of our Pi is 192.168.1.100\\
Some info on iptables might come in handy at this point. See references below...\\
vi /etc/iptables.rules
- Generated by iptables-save v1.4.14 on Sun Feb 9 16:15:03 2014
* filter
>INPUT ACCEPT [[121:9458]]
>FORWARD ACCEPT [[0:0]]
>OUTPUT ACCEPT [[261:42388]]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p udp -m udp --dport 1194 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --dport 1194 -j ACCEPT
-A FORWARD -o eth0 -m state --state NEW -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o eth0 -m state --state NEW -j ACCEPT
-A OUTPUT -o eth0 -p udp -m udp --dport 1194 -j ACCEPT
COMMIT
- Completed on Sun Feb 9 16:15:03 2014
- Generated by iptables-save v1.4.14 on Sun Feb 9 16:15:03 2014
* nat
>PREROUTING ACCEPT [[127:9041]]
>INPUT ACCEPT [[97:6824]]
>OUTPUT ACCEPT [[9:642]]
>POSTROUTING ACCEPT [[9:642]]
-A INPUT -i eth0 -p udp -m udp --dport 1194 -j ACCEPT
-A POSTROUTING -s 10.8.0.0/24 -o eth0 -j SNAT --to-source 192.168.1.100
COMMIT
- Completed on Sun Feb 9 16:15:03 2014
then edit /etc/network/interfaces and add the following line just after "iface eth0 inet static"
pre-up iptables-restore < /etc/iptables.rules
=== Start the server ===
/etc/init.d/openvpn start
Server is running, setup client.\\
* Gotcha that caught me out several times…\\
If you change any of the iptables rules, you need to stop/start the OpenVPN server for it to take note of the new settings!
/etc/init.d/openvpn restart
=== ddclient sample configuration file ===
Put this in /etc/ddclient.conf and modify it to taste\\
I use dnsdynamic. If you don't, you'll need to change more than is indicated below
daemon=600 # check every 10 minutess
syslog=yes # log update msgs to syslog
mail=root # mail all msgs to root
mail-failure=root # mail failed update msgs to root
pid=/var/run/ddclient.pid # record PID in file.
ssl=yes # use ssl-support. Works with ssl-library
use=web, web=myip.dnsdynamic.com # get ip from server.
server=www.dnsdynamic.org # default server
login=[[your username here]] # default login
password=[[your password here]] # default password
server=www.dnsdynamic.org, \\
protocol=dyndns2 \\
[[your website here]]
==== iptables ====
* man iptables!
list open ports
netstat -tulpn
see if firewall is allowing access
telnet
list FILTER rules
iptables -L -n -v
list NAT rules
iptables -L -t nat -n -v
list all rules in selected chain
iptables -S -t nat -v
show all rules in a form to use for input
iptables-save | tee /etc/iptables.rules
bring in those rules previously saved (does not overwrite the table - just adds these rules)
iptables-restore < /etc/iptables.rules
show local routing table
ip route show table local
===== Install both Flightradar24 and FlightAware feeders on a headless Raspberry Pi (Stretch) =====
Feed flight data up to flight services.\\
We can install both fr24feed and piaware and have them feeding at the same time.\\
At the time of writing, the Pi 3b+ is out but FlightAware does not have an image that works on it yet. So we will install its package manually.
==== Steps ====
=== Install Raspbian ===
* Very well documented already (I like [[https://etcher.io|Etcher]] though for burning the images)
=== Prepare for initial boot ===
Before installing the microsd card in the Pi
* Enable the ssh server
touch /boot/ssh
* Assign static (wired) IP address for initial boot
vi /boot/cmdline.txt
Append this to the end of the line already there (modifying for your local network)...
ip=192.168.1.12::192.168.1.1:255.255.255.0:rpi:eth0:off
=== Initial boot ===
Put the microsd card in the Pi, plug in an ethernet cable and power it up. Give it 20 seconds and login using the IP address above.
* Login as pi/raspberry and change the password and hostname if required
sudo su -
raspi-config
* Assign static IP address in correct place
On Stretch, /etc/network/interfaces is no longer used
vi /etc/dhcpcd.conf
- Example static IP configuration:
interface eth0
static ip_address=192.168.1.12/24
- static ip6_address=fd51:42f8:caae:d92e::ff/64
static routers=192.168.1.1
static domain_name_servers=192.168.1.13 8.8.8.8
Remove the IP address added to /boot/cmdline.txt
vi /boot/cmdline.txt
* Install useful stuff
apt-get install -y dnsutils
* Turn IPV6 off
sudo sysctl -w net.ipv6.conf.all.disable_ipv6=1
=== Install the feeder packages ===
apt-get update
apt-get upgrade
The web server of choice of both of these tools is lighttpd (good choice in my opinion) and it will be installed by whichever package is run first.\\
In order to get the local skyview website up on http://>8080, piaware should be installed first.
* [[https://flightaware.com/adsb/piaware/install.rvt|Install FlightAware using the package method]]
At this point, PiAware is installed, dump1090-fa is installed and lighttpd is installed. Now the DVB-T dongle needs to be connected otherwise the dump1090 software won't startup successfully.\\
If this is a reinstall of the software, you will have lost your feeder identification and you will be uploading as a guest user.\\
Get your feeder id from your login page on FlightAware. eg. [[https://flightaware.com/adsb/stats/user/rockingh0rse|flightaware.com/adsb/stats/user/rockingh0rse]] Put your feeder id back into PiAware's config file with this
piaware-config feeder-id 12345678-1234-1234-1234-123456789abc
* Reboot to initialise everything.
* Log back in as root ( as pi, then sudo su - ) and check the status of the components with
systemctl status piaware
or
piaware-status
If all is running ok, install FlightRadar24. This will detect that lighttpd and a version of dump1090 are already installed and will not overwrite them.
* [[https://forum.flightradar24.com/threads/8908-New-Flightradar24-feeding-software-for-Raspberry-Pie|FlightRadar24 install using a nice bash shell script]]
If you want to look at the script, download it using
wget -O install_fr24_rpi.sh http://repo.feed.flightradar24.com/install_fr24_rpi.sh
If choosing to use MLAT, [[https://www.latlong.net|this is a good website to find your lat/long coordinates]]\\
You will need these when the fr24feed --signup program runs (last part of the setup). It will also ask for a sharing key. This can be found in the Welcome mail Flightradar24 sent you!
Check the status of the components with
systemctl status fr24feed
or
fr24feed-status
All done? Check out the aircraft you're capturing. Start a browser and go to port 8080 on the Raspberry Pi for snazzy PiAware stats
http://192.168.1.12:8080
or port 8754 for less snazzy but equally informative stats for FlightRadar24
http://192.168.1.12:8754
Next step? Maybe interrogate the ACARS message system on board?
* [[http://www.satsignal.eu/raspberry-pi/acars-decoder.html|satsignal.eu]]
==== GUIDE TO INSTALL RASPBERRY PI RADARBOX FEEDER ====
* [[https://www.radarbox24.com/raspberry-pi/guide|How to install AirNav RadarBox]]
===== References =====
* [[http://blog.remibergsma.com/2013/01/27/secure-browsing-via-untrusted-wifi-networks-using-openvpn-and-the-raspberry-pi/|http://blog.remibergsma.com/2013/01/27/secure-browsing-via-untrusted-wifi-networks-using-openvpn-and-the-raspberry-pi/]]
* [[http://blog.remibergsma.com/2013/01/13/howto-connect-to-hosts-on-a-remote-network-using-openvpn-and-some-routing/|http://blog.remibergsma.com/2013/01/13/howto-connect-to-hosts-on-a-remote-network-using-openvpn-and-some-routing/]]
* [[http://blog.remibergsma.com/2013/01/05/building-an-economical-openvpn-server-using-the-raspberry-pi/|http://blog.remibergsma.com/2013/01/05/building-an-economical-openvpn-server-using-the-raspberry-pi/]]
* [[http://ivanx.com/raspberrypi/|http://ivanx.com/raspberrypi/]]
* [[http://www.andrewmunsell.com/blog/getting-started-raspberry-pi-install-raspbian|http://www.andrewmunsell.com/blog/getting-started-raspberry-pi-install-raspbian (using dd for img file)]]
* [[http://www.sans.org/reading-room/whitepapers/hsoffice/soho-remote-access-vpn-easy-pie-raspberry-pi-34427|http://www.sans.org/reading-room/whitepapers/hsoffice/soho-remote-access-vpn-easy-pie-raspberry-pi-34427]]
* [[http://en.alexnogard.com/install-openvpn-raspberry-pi-wheezy-debian/|http://en.alexnogard.com/install-openvpn-raspberry-pi-wheezy-debian/]]
* [[https://forums.openvpn.net/topic14286.html|https://forums.openvpn.net/topic14286.html]]
* [[http://raspberrypi-hacks.com/29/turn-your-raspberry-into-an-openvpn-vpn-server/|http://raspberrypi-hacks.com/29/turn-your-raspberry-into-an-openvpn-vpn-server/]]
* [[http://www.cyberciti.biz/tips/linux-iptables-examples.html|http://www.cyberciti.biz/tips/linux-iptables-examples.html]]
* [[http://www.smallnetbuilder.com/security/security-howto/30353-how-to-set-up-a-site-to-site-vpn-with-openvpn|http://www.smallnetbuilder.com/security/security-howto/30353-how-to-set-up-a-site-to-site-vpn-with-openvpn]]
* [[http://community.openvpn.net/openvpn/wiki/RoutedLans|http://community.openvpn.net/openvpn/wiki/RoutedLans]]
* [[https://workaround.org/openvpn-faq|https://workaround.org/openvpn-faq]]
* [[https://wiki.debian.org/iptables|https://wiki.debian.org/iptables]]
* [[http://en.wikipedia.org/wiki/Iptables|http://en.wikipedia.org/wiki/Iptables]]
* [[http://www.revsys.com/writings/quicktips/nat.html|http://www.revsys.com/writings/quicktips/nat.html]]