Easily create a VPN Gateway with a Raspberry Pi (or similar board)

I don't have an OpenVPN-capable router, but I needed to create an always-on openvpn CLIENT that would connect to my VPN service, so that it could be used as a gateway for other devices in my LAN. Using this gateway to access the internet, the internet traffic of those devices would be protected by the secure VPN connection.

I've looked around and I have found a great tutorial to achieve this: it was written by Superjamie for the Raspberry Pi and you can find it here.

Unfortunately I didn't have a Raspberry Pi available at the time, so I thought it would be interesting to do the same for what board I had available, which was an Orange Pi Zero.

I used DietPi as the base operating system for this project, and tried following Superjamie's tutorial, but since it didn't work on my Orange Pi / DietPi combo, I made a few adjustments, which I share with you here.
All credits for this still go to Superjamie, because that's where all the huge work comes from.

Please follow Superjamie's tutorial (again, you can find it here) with the following exceptions:

1. Install DietPi instead of Raspbian Jessie
2. Since DietPi's user already has root capabilities, you should write any commands from Superjamie's tutorial without typing the 'sudo' at the beginning of the command.
3. I've found out that the section of the tutorial called "Enable VPN at boot" was useless and harmful, as it would prevent OpenVPN to be launched correctly, therefore it must be skipped.
4. The VPN Kill Switch section of the tutorial didn't work for me. I have found out that it had to be modified a little bit to make it work, so I'm re-writing it below, in a version that makes it work:

VPN KILL SWITCH 

This will block outbound traffic from the Pi so that only the VPN and related services are allowed.
Once this is done, the only way the Pi can get to the internet is over the VPN.
This means if the VPN goes down, your traffic will just stop working, rather than end up routing over your regular internet connection where it could become visible.

[Note by Tech Delirium: please adjust IP addresses by using the correct ones for your network and the port numbers by checking the ports used by your VPN service]

iptables -A OUTPUT -o tun0 -m comment --comment "vpn" -j ACCEPT
iptables -A OUTPUT -o eth0 -p icmp -m comment --comment "icmp" -j ACCEPT
iptables -A OUTPUT -d 192.168.1.0/24 -o eth0 -m comment --comment "lan" -j ACCEPT
iptables -A OUTPUT -o eth0 -p udp -m udp --dport 1198 -m comment --comment "openvpn" -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp -m tcp --sport 22 -m comment --comment "ssh" -j ACCEPT
iptables -A OUTPUT -o eth0 -p udp -m udp --dport 123 -m comment --comment "ntp" -j ACCEPT
iptables -A OUTPUT -o eth0 -p udp -m udp --dport 53 -m comment --comment "dns" -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp -m tcp --dport 53 -m comment --comment "dns" -j ACCEPT
iptables -A OUTPUT -o eth0 -j DROP
iptables -I FORWARD -i eth0 ! -o tun0 -j DROP

[Note by Tech Delirium: Superjamie's tutorial didn't work for me, but adding the last line above does the trick and makes the kill-switch work]

And save so they apply at reboot:

sudo netfilter-persistent save

If you find traffic on your other systems stops, then look on the Pi to see if the VPN is up or not.

You can check the status and logs of the VPN client with:

sudo systemctl status openvpn@Japan
sudo journalctl -u openvpn@Japan

That's it! Now the board will connect to your VPN service at startup and if you set up you devices to use the Pi's as their gateway, that device's internet traffic will be tunneled via the VPN and will be protected. If the connection to the VPN service goes down, NO TRAFFIC will be allowed through, so you will have no leaks.

Easily install Logitech Media Server (Squeezebox Server) and Squeezelite on your Pi with Armbian Jessie

Do you have any spare Pi?
I am talking about the Raspberry Pi, Orange Pi, Banana Pi, Cubieboard, pcDuino, Odroid, NanoPi and the likes...

Why not transform it into a Sonos-like multimedia server and player?
It's soooo easy!

All we need is two nice pieces of software: the Logitech Media Server (aka Squeezebox server) and a player to connect to it, which is going to be Squeezelite.

First of all, download the right image of Armbian for your board HERE. 
Please choose "Jessie server" image, if available. This is the version for server usage, with no desktop environments.
Follow the instructions and setup the operating system (we have faith you can manage this on your own, since you have a spare development board...)

How to install the Logitech Media Server / Squeezebox Server

Now, we have to install the Logitech Media Server, but we have to download it first. From the command line give the following command:

wget http://downloads.slimdevices.com/nightly/7.9/sc/ffd0b97/logitechmediaserver_7.9.0~1480398011_arm.deb -O lms.deb

(Please notice that from http...to..._arm.deb there are no spaces)
And let's wait for the file to be downloaded.  If you get a file not found error, you'll have to visit this website with a browser:

http://downloads.slimdevices.com/nightly/?ver=7.9

Find the most recent version of the _arm.deb version available, right click on it to copy it's link, and substitute this link in the above command.

Once the Logitech Media Server installation package has been downloaded, proceed with its installation:

sudo dpkg -i lms.deb

That's it! The Logitech Media Server is now installed, and you can go to:

http://ip-address-of-the-board:9000

 from any browser to set it up.

How to install the Squeezelite player

To actually play/stream your music collection or listen to online radios, you'll also need a player. This can be installed on the same board as the Logitech Media Server (so you will have a Server and a Player on the same machine), or on different boards which will work as players that connect to the Server (you can have as many players as you want!)

So, let's install Squeezelite, the Player "side" of this combo.
First we need to refresh the packages list of our installation:

sudo apt-get update

 Then we can install squeezelite:

sudo apt-get install squeezelite

That's basically it! Squeezelite will be installed and will automatically be launched at startup.

If you are using an external usb soundcard you might need to tweak with the squeezelite configuration file, which is /etc/default/squeezelite

First you will need to find out the name of the soundcard, and to do this you have to issue the following command:

sudo /usr/bin/squeezelite -l

Check the output and identify the name of your sound card. Copy it, then open the configuration file:

sudo nano /etc/default/squeezelite

Find the following line:

SL_SOUNDCARD="sysdefault:CARD=ALSA"

and substitute sysdefault:CARD=ALSA with the name of the card you have copied before.

If you want to give your player a different name than your hostname, just edit this line:

SL_NAME="$(hostname -s)"

and change the string within the quotes to the name you want to give this player.

The other options usually don't need to be touched.
That was easy, wasn't it?

Enjoy your music on your Pi!

The OrangePI PC, a low cost alternative to the Raspberry PI.A short review.

A few months ago I was browsing AliExpress, when I stumbled upon a product called OrangePi.
I searched the internet for information about it, and I immediately discovered its official website, which is www.orangepi.org (there also exists www.orangepi.com but it looks to be the website of a UK vendor of the same boards).

Well, what is an OrangePi? Of course, the name recalls the most famous SBC (single board computer) ever, the RaspberryPi, and this is not a coincidence, as the OrangePi is a chinese SBC, clearly inspired by the Raspberry.

As of now, there are 7 different Orange Pi models (ranging from "Mini" to "Plus 2"). The most interesting in my opinion is the "OrangePi PC". Why? For its aggressive price of only $15 plus shipping!

The hardware of this board is interesting:

CPU:
H3 Quad-core Cortex-A7 H.265/HEVC 4K

GPU:
·Mali400MP2 GPU @600MHz
·Supports OpenGL ES 2.0

Memory (SDRAM): 1GB DDR3 (shared with GPU)

Onboard Storage: TF card (Max. 64GB) / MMC card slot

Onboard Network: 10/100M Ethernet RJ45

Video Input:
A CSI input connector Camera:
·Supports 8-bit YUV422 CMOS sensor interface
·Supports CCIR656 protocol for NTSC and PAL
·Supports SM pixel camera sensor
·Supports video capture solution up to 1080p@30fps

Audio Input: MIC

Video Outputs:
·Supports HDMI output with HDCP
·Supports HDMI CEC
·Supports HDMI 30 function
·Integrated CVBS
Supports simultaneous output of HDMI and CVBS

Audio Output: 3.5 mm Jack and HDMI

Power Source: DC input

USB 2.0 Ports: Three USB 2.0 HOST, one USB 2.0 OTG

Low-level peripherals:
·40 Pins Header,compatible with Raspberry Pi B+
·GPIO(1x3) pin
·UART, ground.

So, as you can see, we basically have a quad core ARM CPU, with 1GB of RAM, 3 USB ports, and a fair graphics card.
What it lacks (other Orange Pi models have this and/or that) are onboard wifi, a gigabit ethernet port and eMMC, but of course we can't have everything at this price.

I've ordered the Orange Pi PC on Aliexpress, from the official manufacturer, and 3 weeks later I received a neat package containing the board, a usb power cable and a not-too-sturdy transparent plastic case. All this for less than $25 including shipping!

I've been using it for a couple of weeks and... what can I say?
The board could be very interesting if only the community behind it was bigger and more active. It definitely can't compare to the Raspberry Pi community as of yet.
The support from the manufacturer could be better, as the images of operating systems they provide are old and faulty, and the claim that Raspberry Pi images can be used for this board(s) is absolutely misleading since RasPi images are not compatible at all.
Luckily there is a member of the community, called loboris, who is very active and has released many OSes to be used on these boards, among which Debian, Fedora, Slackware, Arch Linux and others.

I'm currently running his build of Ubuntu MATE 14.04 and I have to say he has done a great work: it's easy to install, and apart from a few glitches here and there, it works very well.

My original intention was to use this board as a very low cost syncthing server/node, and that's exactly what I did.
After installing the aforementioned Ubuntu MATE, I've downloaded the latest ARM version of syncthing and installed it on the OrangePi PC.
(For those who don't know what it is, syncthing is an open source alternative to BTSync or -basically- a completely self-hosted Dropbox alternative).
It works great, it's very fast, and for the money I've spent I'm very satisfied, considering that I was also able to "redirect" the Raspberry Pi 1 model B I was using for this task to something more useful (a squeezebox player, actually).

Unfortunately, Linux does not have the proper drivers to take advantage of the GPU hardware acceleration, therefore using this board as an XBMC/Kodi mini HTPC is not a good idea (yet). Some people are working on it, and I really hope they succeed, because a $15 Kodi machine with the ability to render HD video would be HUGE!

At the moment, the only way to take advantage of the GPU is by installing Android, although the image provided is buggy and not very reliable.
Still, if you like to fiddle with new hardware and explore new possibilities, you might want to give it a chance.

In my opinion the OrangePi PC is a nice product, which lacks the necessary support from the manufacturer, who looks too busy releasing new boards instead of developing a good OS for the boards they have already sold.

The community is growing, but the official forum must be hosted on a very old server, since it's so sloooooow. I hope they will at least upgrade this.

Still, for $15 this board is a steal. I would definitely buy it again, although I would still limit its use to simple tasks. If you have complex projects in mind, you can't beat the Raspberry Pi world and community, and the price difference is not that big.

How to install Huion graphic tablets on Linux

The graphic tablet market is basically dominated by Wacom, which makes very good tablets, but at a high price.

Enter Huion, a chinese company that manufactures cheap graphic tablets that are a good alternative to Wacom, especially for people who never used a graphic tablet before, or for those on a tight budget.

These graphic tablets all work on Windows and Mac OSX with the provided drivers (or -better- by downloading the latest version from Huion's website).

Linux users have to work a little in order to see their Huion tablet work under their beloved operating system. So here is a little how-to to solve this issue.

First of all, most Huion tablets are natively supported via kernel, starting from kernel version 3.17, therefore if you are using a kernel >=3.17, you shouldn't have any problem.

If you are using a kernel <3.17 you are going to need to follow these simple steps (instructions are valid for debian-based distros, like Ubuntu and its derivates):

1. Go to project DIGImend on GitHub;
2. Download the latest release of digimend-kernel-drivers
3. unzip/untar the downloaded package in a new directory (for example: ~/digimend )
4. open a terminal
5. make sure you have the appropriate linux-headers installed

sudo apt-get install linux-headers-`uname -r`

6. move to the directory where you have unzipped/untarred the drivers package:

cd ~/digimend

7. in the terminal give the command:

make

8. when it finishes give the command:

sudo make install

Ignore any "Can't read private key" messages that might show up. This won't be a problem unless you set up kernel module signature verification. But most people won't so, don't worry.

Now you can plug your Huion graphic tablet and enjoy using it under Linux.

Don't have a graphic tablet yet? Buy one now!