VPN for an odroid

Moderators: mdrjr, odroid

VPN for an odroid

Unread postby richard-g8jvm » Thu Sep 06, 2018 11:21 pm

Hi
can anyone recommend VPN software that will run on eith a C1 or XU4

Before quickly listing things like ipvanish

I want to create a VPN on one of my spare Odroids so that I can log in to my own system and use my fixed IP address in the UK,
This is so I can use a UK address, which is not know to be a VPN server, when on holiday or travel when outside of the UK.
I need to be able to keep the data streamed to a minimum, so logging in to a remote destop , would put to much data on the stream.
I have 30 Mb/s down and 10 Mb/s up link at home.
Would I need two ethernet ports on which ever odroid I use, so a sorta dupex connection to the route, or could I use just a single port ??

Tia
richard
BR
Richard G8JVM
richard-g8jvm
 
Posts: 310
Joined: Sun Jan 18, 2015 1:27 am
Location: Telford UK
languages_spoken: english
ODROIDs: C1+ C2, XU4

Re: VPN for an odroid

Unread postby mad_ady » Fri Sep 07, 2018 12:10 am

You can use openvpn server for example to connect over tcp or udp back home.
Your setup probably looks like this:
Travelling PC ---- Internet ---- Home Router ----- Odroid

You will need to do port forwarding on your router ( e.g. forward port 443 to odroid-ip:openvpn-port).

In the openvpn configuration you will use private tunnel addresses (e.g. 172.16.0.0/24) that will be pushed to the clients (e.g Travelling PC will be assigned 172.16.0.2 when the tunnel is up). You can also decide if you want to announce a default gateway to the client to force all their traffic through the tunnel (which is what you want).

Your odroid will need to have routing enabled so that traffic from tun0 can leave through eth0. Next you have two options:
1. Enable nat on the odroid (masquarade all traffic originating from tun0 address space) - and you're done - or...
2. Add a static route for 172.16.0.0/24 on your router (and any lan device you wish to access) pointing back to your odroid so that traffic can return.

That should do it. Your isp should see incoming traffic to your public ip on port 443 and outgoing traffic to various resources.

The simpler approach to openvpn would be to open the odroid's ssh port via port forward and connecting to it with a ssh client enabling proxy mode (ssh -D 8080 user@public-ip -P ssh-forwarded-port)
Next in a browser set the proxy ip to 127.0.0.1:8080 and traffic should flow through your tunnel. This is easier to set up (that's it!) but:
* only works with tcp traffic (dns doesn't go through the tunnel and may be geo-restricted)
* not all applications can use a socks proxy


Note that even with a tested/working vpn setting you may be unable to use it. Some networks (hotels/venues/businesses) restrict traffic based on:
* ports - only port 80/443 are allowed (that's why I suggested using port 443)
* deep packet inspection/site classification - your traffic will stand out and may be dropped because it's not https or the destination (your home ip) is not a classified/reputable destination

Some hotels may drop vpns on their guest network simply to make you pay for "corporate" access.

You can also add a http proxy on your odroid in the hopes that it may pass all the firewalls.
User avatar
mad_ady
 
Posts: 4707
Joined: Wed Jul 15, 2015 5:00 pm
Location: Bucharest, Romania
languages_spoken: english
ODROIDs: XU4, C1+, C2, N1

Re: VPN for an odroid

Unread postby richard-g8jvm » Fri Sep 07, 2018 1:00 am

Many thanks mad_ady

I've checked and there is a android open-vpn client app so I can use a small tablet for the client.

Would the C1+ have enough grunt to use as a open-vpn server ??, it would be its only use .
BR
Richard G8JVM
richard-g8jvm
 
Posts: 310
Joined: Sun Jan 18, 2015 1:27 am
Location: Telford UK
languages_spoken: english
ODROIDs: C1+ C2, XU4

Re: VPN for an odroid

Unread postby mad_ady » Fri Sep 07, 2018 1:05 am

Yes, I expect it can do at least 20Mbps software encryption/decryption. You can test with winscp and transfer a large file to/from the odroid and see what transfer rates you get. Your biggest bottleneck will be encryption speed.
User avatar
mad_ady
 
Posts: 4707
Joined: Wed Jul 15, 2015 5:00 pm
Location: Bucharest, Romania
languages_spoken: english
ODROIDs: XU4, C1+, C2, N1

Re: VPN for an odroid

Unread postby elatllat » Fri Sep 07, 2018 3:01 am

mad_ady wrote:...Your biggest bottleneck will be encryption speed.

richard-g8jvm, encryption was the main benchmark improvement (other than 2x RAM) of the N1.
We hope the N2 will also improve on encryption speed... and get released soon.
elatllat
 
Posts: 1074
Joined: Tue Sep 01, 2015 8:54 am
languages_spoken: english
ODROIDs: XU4, N1

Re: VPN for an odroid

Unread postby mad_ady » Fri Sep 07, 2018 3:12 am

Right, but even RPI can do ~20Mbps encrypted traffic (https://www.raspberrypi.org/forums/view ... p?t=134947), so C1 should be fine for this use case (single user, streaming)
User avatar
mad_ady
 
Posts: 4707
Joined: Wed Jul 15, 2015 5:00 pm
Location: Bucharest, Romania
languages_spoken: english
ODROIDs: XU4, C1+, C2, N1

Re: VPN for an odroid

Unread postby richard-g8jvm » Fri Sep 07, 2018 4:01 am

Hi
I already have two spare Odroids not in use, dont really want to buy another.

If the C1+ can be used, great , I also have a XU4 if not.
Just trying to get my head around, the CA server, which if its not too heavy on use can go on the C2.
It will only have one user,,,me., just being used for the catch up TV. I found that one android app for Live UK TV did work
when I was using a VPN, but only ITV allowed catch up service to be used, BBC was blocked as it reconised the VPN server :(

I found a tutorial on setup with openvpn and easyrsa, I already use openvpn, but never used easyrsa, but at least a few months to get it all working
BR
Richard G8JVM
richard-g8jvm
 
Posts: 310
Joined: Sun Jan 18, 2015 1:27 am
Location: Telford UK
languages_spoken: english
ODROIDs: C1+ C2, XU4


Return to Ubuntu

Who is online

Users browsing this forum: No registered users and 3 guests