On a Mac, use Etcher and point it at the downloaded image file, or …
mbpi7:.ssh stuart$ df -g Filesystem 1G-blocks Used Available Capacity iused ifree %iused Mounted on /dev/disk0s2 237 47 189 21% 12608239 49696631 20% / devfs 0 0 0 100% 724 0 100% /dev /dev/disk1s2 931 637 293 69% 167108601 76998065 68% /Volumes/data map -hosts 0 0 0 100% 0 0 100% /net map auto_home 0 0 0 100% 0 0 100% /home /dev/disk2s1 3 0 3 1% 0 0 100% /Volumes/UNTITLED 4
We see here it is mounted on /Volumes/UNTITLED 4
sudo umount /Volumes/UNTITLED\\ 4/
sudo dd if=../Downloads/2014-01-07-wheezy-raspbian.img of=/dev/rdisk2 bs=1m
After the OS is installed, up to date, upgraded and just how you want it, keep a copy to save time if it crashes
First find out the name of the Pi's disk
diskutil list
Do the copy
sudo dd bs=1m if=/dev/rdisk2 of=raspi_20140108.img
For the geeks, kill -29 makes dd report its status to stderr
Either:
sudo systemctl enable ssh sudo systemctl start ssh
root@raspberrypi:/# cat /etc/network/interfaces auto lo iface lo inet loopback iface eth0 inet dhcp - allow-hotplug wlan0 - iface wlan0 inet manual - wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf - iface default inet dhcp auto wlan0 allow-hotplug wlan0 iface wlan0 inet dhcp wpa-ssid "<SSID>" wpa-psk "<PASSPHRASE>" iface default inet dhcp
or, for later versions…
vi /etc/network/interfaces
allow-hotplug wlan0
iface wlan0 inet manual
wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf
vi /etc/wpa_supplicant/wpa_supplicant.conf
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
network={
ssid="YOUR_NETWORK_NAME"
psk="YOUR_PASSWORD"
key_mgmt=WPA-PSK
}
or on later versions of Raspbian, with the card in your computer, place a file named wpa_supplicant.conf on the boot filesystem containing the WiFi network and it's password and you are done!
vi /boot/wpa_supplicant.conf
and put this info in it (adjust as necessary)
country=BE
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1
network={
ssid="<your_ssid>"
psk="<your_password>"
key_mgmt=WPA-PSK
}
This file then gets copied at boot time to /etc/wpa_supplicant/wpa_supplicant.conf
or, if using RetroPie…
With the SD card in your computer, place a file named wifikeyfile.txt on the boot filesystem containing the WiFi network and it's password and you are done!
vi /boot/wifikeyfile.txt ssid="WIFI SSID" psk="wifi passphrase"
lsb_release -a
or
cat /etc/apt/sources.list
It is actually a lot simpler now to assign a fixed IP. As root,
vi /etc/dhcpcd.conf
Add this to the bottom of the file
interface eth0 static ip_address=192.168.1.13/24 static routers=192.168.1.1 #static domain_name_servers=192.168.1.1
and restart.
Uncomment the domain_name_servers line if you don't want to use the dns server supplied by the gateway (router)
Get the current IP address and other info
ifconfig -a
We're interested in these bits:
wlan0
inet addr:192.168.1.15 Bcast:192.168.1.255 Mask:255.255.255.0
Get the router/gateway address
netstat -rn
We're interested in these bits:
Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 wlan0
Now using the above data, edit /etc/network/interfaces and add the following lines to the wlan0 section (also changing the iface line to “static”)
address 192.168.1.100 netmask 255.255.255.0 network 192.168.1.0 broadcast 192.168.1.255 gateway 192.168.1.1
It should end up looking something like this:
auto wlan0 allow-hotplug wlan0 iface wlan0 inet static address 192.168.1.100 netmask 255.255.255.0 network 192.168.1.0 broadcast 192.168.1.255 gateway 192.168.1.1 wpa-ssid "<SSID>" wpa-psk "<PASSPHRASE>"
(or reboot the Pi)
/etc/init.d/networking reload
All operations as root
apt-get update apt-get upgrade apt-get autoremove raspi-config # set overclocking to Medium
apt-get install openvpn openssl
and optionally this to be able to reach the server from the internet using names instead of numbers
apt-get install ddclient
and maybe other useful stuff
apt-get install host shorewall telnet lighttpd
cd /etc/openvpn cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0 ./easy-rsa
cd easy-rsa vi vars Change - export EASY_RSA="`pwd`" export EASY_RSA="/etc/openvpn/easy-rsa" . ./vars ./clean-all
ln -s openssl-1.0.0.cnf openssl.cnf
./build-ca ca
This creates 4 files in the keys subdirectory…
-rw-r--r-- 1 root root 1383 Feb 2 12:02 ca.crt -rw------- 1 root root 916 Feb 2 12:02 ca.key -rw-r--r-- 1 root root 0 Feb 2 12:02 index.txt -rw-r--r-- 1 root root 3 Feb 2 12:02 serial
just hit ENTER for the password but sign and commit the certificate when asked
./build-key-server home_server
keys subdirectory now looks like this
-rw-r--r-- 1 root root 4129 Feb 2 12:03 01.pem -rw-r--r-- 1 root root 1383 Feb 2 12:02 ca.crt -rw------- 1 root root 916 Feb 2 12:02 ca.key -rw-r--r-- 1 root root 4129 Feb 2 12:03 home_server.crt -rw-r--r-- 1 root root 737 Feb 2 12:03 home_server.csr -rw------- 1 root root 916 Feb 2 12:03 home_server.key -rw-r--r-- 1 root root 141 Feb 2 12:03 index.txt -rw-r--r-- 1 root root 21 Feb 2 12:03 index.txt.attr -rw-r--r-- 1 root root 0 Feb 2 12:02 index.txt.old -rw-r--r-- 1 root root 3 Feb 2 12:03 serial -rw-r--r-- 1 root root 3 Feb 2 12:02 serial.old
just hit ENTER for the password but sign and commit the certificate when asked
./build-key home_client1
keys subdirectory now looks like this
-rw-r--r-- 1 root root 4129 Feb 2 12:03 01.pem -rw-r--r-- 1 root root 4012 Feb 2 12:04 02.pem -rw-r--r-- 1 root root 1383 Feb 2 12:02 ca.crt -rw------- 1 root root 916 Feb 2 12:02 ca.key -rw-r--r-- 1 root root 4012 Feb 2 12:04 home_client1.crt -rw-r--r-- 1 root root 737 Feb 2 12:04 home_client1.csr -rw------- 1 root root 916 Feb 2 12:04 home_client1.key -rw-r--r-- 1 root root 4129 Feb 2 12:03 home_server.crt -rw-r--r-- 1 root root 737 Feb 2 12:03 home_server.csr -rw------- 1 root root 916 Feb 2 12:03 home_server.key -rw-r--r-- 1 root root 283 Feb 2 12:04 index.txt -rw-r--r-- 1 root root 21 Feb 2 12:04 index.txt.attr -rw-r--r-- 1 root root 21 Feb 2 12:03 index.txt.attr.old -rw-r--r-- 1 root root 141 Feb 2 12:03 index.txt.old -rw-r--r-- 1 root root 3 Feb 2 12:04 serial -rw-r--r-- 1 root root 3 Feb 2 12:03 serial.old
./build-dh
This gives us one extra file
-rw-r--r-- 1 root root 245 Dec 24 13:40 dh1024.pem
Copy from the examples directory…
cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn/ gunzip /etc/openvpn/server.conf.gz
… or
cd .. vi server.conf
and paste this snippet:
dev tun proto udp port 1194 ca /etc/openvpn/easy-rsa/keys/ca.crt cert /etc/openvpn/easy-rsa/keys/home_server.crt key /etc/openvpn/easy-rsa/keys/home_server.key dh /etc/openvpn/easy-rsa/keys/dh1024.pem server 10.8.0.0 255.255.255.0 persist-key persist-tun status /var/log/openvpn-status.log verb 3 push "redirect-gateway def1" push "dhcp-option DNS 8.8.8.8" push "dhcp-option DNS 8.8.4.4" log-append /var/log/openvpn comp-lzo
echo 1 >/proc/sys/net/ipv4/ip_forward
vi /etc/sysctl.conf - Uncomment the next line to enable packet forwarding for IPv4 net.ipv4.ip_forward=1
Activate the changes with
sysctl -p
Use Tunnelblick (on a Mac) to generate a template client configuration file or copy/paste and modify this:
If you use Viscosity, this is not necessary. You just need to fill in the blanks on its connection panel…
In either case you need to know where you stored the files (ca.crt, home_client1.crt and home_client1.key) generated earlier.
dev tun client proto udp - remote 192.168.1.100 1194 # testing with lan address of Raspberry Pi remote <public ip address> 1194 resolv-retry infinite nobind persist-key persist-tun ca ca.crt cert home_client1.crt key homeclient1.key comp-lzo verb 3
ifconfig -a
Copy/paste this snippet:
assuming wired interface and the ip address of our Pi is 192.168.1.100
Some info on iptables might come in handy at this point. See references below…
vi /etc/iptables.rules
- Generated by iptables-save v1.4.14 on Sun Feb 9 16:15:03 2014 * filter >INPUT ACCEPT [[121:9458]] >FORWARD ACCEPT [[0:0]] >OUTPUT ACCEPT [[261:42388]] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p udp -m udp --dport 1194 -j ACCEPT -A INPUT -i eth0 -p udp -m udp --dport 1194 -j ACCEPT -A FORWARD -o eth0 -m state --state NEW -j ACCEPT -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT -A OUTPUT -o eth0 -m state --state NEW -j ACCEPT -A OUTPUT -o eth0 -p udp -m udp --dport 1194 -j ACCEPT COMMIT - Completed on Sun Feb 9 16:15:03 2014 - Generated by iptables-save v1.4.14 on Sun Feb 9 16:15:03 2014 * nat >PREROUTING ACCEPT [[127:9041]] >INPUT ACCEPT [[97:6824]] >OUTPUT ACCEPT [[9:642]] >POSTROUTING ACCEPT [[9:642]] -A INPUT -i eth0 -p udp -m udp --dport 1194 -j ACCEPT -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j SNAT --to-source 192.168.1.100 COMMIT - Completed on Sun Feb 9 16:15:03 2014
then edit /etc/network/interfaces and add the following line just after “iface eth0 inet static”
pre-up iptables-restore < /etc/iptables.rules
/etc/init.d/openvpn start
Server is running, setup client.
If you change any of the iptables rules, you need to stop/start the OpenVPN server for it to take note of the new settings!
/etc/init.d/openvpn restart
Put this in /etc/ddclient.conf and modify it to taste
I use dnsdynamic. If you don't, you'll need to change more than is indicated below
daemon=600 # check every 10 minutess syslog=yes # log update msgs to syslog mail=root # mail all msgs to root mail-failure=root # mail failed update msgs to root pid=/var/run/ddclient.pid # record PID in file. ssl=yes # use ssl-support. Works with ssl-library use=web, web=myip.dnsdynamic.com # get ip from server. server=www.dnsdynamic.org # default server login=[[your username here]] # default login password=[[your password here]] # default password server=www.dnsdynamic.org, \\ protocol=dyndns2 \\ [[your website here]]
list open ports
netstat -tulpn
see if firewall is allowing access
telnet <ip address> <port>
list FILTER rules
iptables -L -n -v
list NAT rules
iptables -L -t nat -n -v
list all rules in selected chain
iptables -S -t nat -v
show all rules in a form to use for input
iptables-save | tee /etc/iptables.rules
bring in those rules previously saved (does not overwrite the table - just adds these rules)
iptables-restore < /etc/iptables.rules
show local routing table
ip route show table local
Feed flight data up to flight services.
We can install both fr24feed and piaware and have them feeding at the same time.
At the time of writing, the Pi 3b+ is out but FlightAware does not have an image that works on it yet. So we will install its package manually.
Before installing the microsd card in the Pi
touch /boot/ssh
vi /boot/cmdline.txt
Append this to the end of the line already there (modifying for your local network)…
ip=192.168.1.12::192.168.1.1:255.255.255.0:rpi:eth0:off
Put the microsd card in the Pi, plug in an ethernet cable and power it up. Give it 20 seconds and login using the IP address above.
sudo su - raspi-config
On Stretch, /etc/network/interfaces is no longer used
vi /etc/dhcpcd.conf - Example static IP configuration: interface eth0 static ip_address=192.168.1.12/24 - static ip6_address=fd51:42f8:caae:d92e::ff/64 static routers=192.168.1.1 static domain_name_servers=192.168.1.13 8.8.8.8
Remove the IP address added to <tt>/boot/cmdline.txt</tt>
vi /boot/cmdline.txt
apt-get install -y dnsutils
sudo sysctl -w net.ipv6.conf.all.disable_ipv6=1
apt-get update apt-get upgrade
The web server of choice of both of these tools is lighttpd (good choice in my opinion) and it will be installed by whichever package is run first.
In order to get the local skyview website up on <tt>http://<pi address>>8080</tt>, piaware should be installed first.
At this point, PiAware is installed, dump1090-fa is installed and lighttpd is installed. Now the DVB-T dongle needs to be connected otherwise the dump1090 software won't startup successfully.
If this is a reinstall of the software, you will have lost your feeder identification and you will be uploading as a guest user.
Get your feeder id from your login page on FlightAware. eg. flightaware.com/adsb/stats/user/rockingh0rse Put your feeder id back into PiAware's config file with this
piaware-config feeder-id 12345678-1234-1234-1234-123456789abc
systemctl status piaware
or
piaware-status
If all is running ok, install FlightRadar24. This will detect that lighttpd and a version of dump1090 are already installed and will not overwrite them.
If you want to look at the script, download it using
wget -O install_fr24_rpi.sh http://repo.feed.flightradar24.com/install_fr24_rpi.sh
If choosing to use MLAT, this is a good website to find your lat/long coordinates
You will need these when the <tt>fr24feed –signup</tt> program runs (last part of the setup). It will also ask for a sharing key. This can be found in the Welcome mail Flightradar24 sent you!
Check the status of the components with
systemctl status fr24feed
or
fr24feed-status
All done? Check out the aircraft you're capturing. Start a browser and go to port 8080 on the Raspberry Pi for snazzy PiAware stats
http://192.168.1.12:8080
or port 8754 for less snazzy but equally informative stats for FlightRadar24
http://192.168.1.12:8754
Next step? Maybe interrogate the ACARS message system on board?