Thursday, 25 June 2015

The Useful Family Hub. Part 2

The Useful Family Hub. Part 2

Keir Thomas explains how to turn a Raspberry Pi or old PC into a Swiss army knife for the family’s computers and handhelds

In last week’s instalment of this two-part feature, we looked at setting up a Raspberry Pi (or old PC with Linux installed) so it becomes a useful hub for all the computers or handheld devices on your home network. For example, we explained how to turn it into an ad blocker, NAS, AirPlay audio relay for Apple devices and even a personal cloud.

This week, we look at turning the same family hub into a dynamic DNS service, an encrypted tunnel so you can be secure while using public wi-fi services, a print server compatible with Apple AirPrint, and a BitTorrent server that will quietly download files in the background, avoiding the need to leave a PC running.

We assume before starting that you’ve configured a suitable Raspberry Pi or old PC/laptop, as outlined in last week’s feature. It’s pretty simple if you haven’t: we use the default Raspbian below, set up with a static IP address of 192.168.1.123, but the instructions we provide are broadly applicable to any Debian-based distro. Throughout this feature we refer to the Pi/old PC as the hub.

Dynamic DNS


To create the VPN-a-like service described below, it’s first necessary to configure a dynamic DNS service. This can also prove useful if you configured the personal cloud setup as mentioned in last week’s instalment of this feature.

Dynamic DNS services give your home network a hostname that you can use to access it while using public wi-fi or at work. In theory, you could just use the public IP address of your household’s internet router – as reported by a site like whatsmyip.org – but if the router has to reconnect for any reason, then this address will change. Dynamic DNS services offer a way around this by assigning a hostname such as familyhub.dynu.com to the router’s IP address – and it’ll keep up to date even if the IP address changes courtesy of a client running on the hub that periodically keeps the dynamic DNS service synced.

Start by visiting the Dynu website on a desktop computer (goo.gl/yaoZUi) and create a free account, as well as a Third Level Domain Name (Option 1). This domain name can be anything you can dream up. Make a note of what you choose, and also of the username and password you opt for.

On the hub computer, type the following command to install the ddclient software that’ll handle the dynamic DNS syncing (during the setup wizard, select Other in the initial list and then repeatedly hit Enter to leave all other fields blank and choose default options until the wizard quits):

sudo apt-get -y install ddclient

Type the following to clean and subsequently open a second config file for editing:

sudo rm -rf /etc/ddclient.conf
sudo nano /etc/ddclient.conf

Visit the following web page and copy and paste what you see into the file: goo.gl/tFyQMp. However, replace USERNAME, PASSWORD and ADDRESS on the last four lines with the details you created earlier when signing up to Dynu. For example, the last four lines on my test system looked as follows:

login=keirt
password=topsekrit
protocol=dyndns2
familyhub.dynu.com

Tap Ctrl+X, then Y and hit Enter to save the file.

The next step is to configure the ddclient software to run automatically in the background every five minutes. Type the following to open crontab for editing:

sudo crontab -e

Add a line at the end of the file that reads as follows:

*/5 * * * * /usr/sbin/ddclient

Tap Ctrl+X, tap Y and hit Enter to save the file. Type the following to run ddclient for the first time:

sudo ddclient

Note that ddclient will check your router’s public IP address every five minutes, but will only sync with the dynamic DNS service if this address changes. Therefore activity updates on the Dynu.com dashboard will be very infrequent, although you can test the service by restarting your router and checking to ensure there’s an updated status within five minutes of doing so.

You’ll also need to ensure the necessary ports are forwarded on your household internet router. How this is done varies depending on device and model, but usually you’ll find the necessary tools under a Port Forwarding or Firewall heading. Ensure the ports are forwarded to the static IP address of the hub which, if you followed the instructions in last week’s feature, will be 192.168.1.123.

For the wi-fi security service below and also the Personal Cloud described last week, choose the Secure Shell or SSH option in the list of ports. If you have to manually enter a port number, type 22 and create a rule for both TCP and UDP.

Wi-Fi Protector


Using public wi-fi services is one of the dumbest things you can do from a security standpoint, but nonetheless we do it anyway because it’s so useful.

One solution for security concerns is to use a virtual private network (VPN) service. These let you create an encrypted connection with a remote server, so all data your laptop sends and receives can’t be sniffed on the local wi-fi network. Alas, subscribing to VPN services typically costs money. You can set up a VPN service on your hub using the OpenVPN software, and several guides exist online (goo.gl/CVLFGG being a particularly good example), but it’s an involved and complex process prone to breaking.

However, it’s arguably not necessary, because a cheap-as-free solution is to use the SSH service built into virtually all versions of Linux – including Raspbian that runs on the Raspberry Pi (if you’re not using a Pi for your hub, you can check for SSH on Debian-based systems using sudo apt-get -y install ssh). SSH lets you create what’s known as a secure tunnel across the internet to your home router. You can then configure this connection to work as a SOCKS proxy.

Because SSH is already installed and set up, no further configuration is necessary on the hub, although if you’re using a Raspberry Pi it’s a good idea to change the default password (type sudo raspi-config and choose the second menu option). For better security you might even create a completely new account or create an SSH key file for use instead of a password. How to do so is described online and is outside the scope of this feature.

On any laptop, you’re going to use while out and about, you’ll need two free apps: Bitvise SSH Client (goo.gl/b3ONLS) and SocksCap64 (goo.gl/fvHJCk – for 32-bit Windows use SocksCap at goo.gl/HkmHRk).

Start Bitvise SSH Client and, with the Login tab selected, type the name of your dynamic DNS address into the Host field under the Server heading (for  example, familyhub.dynu.com). In the Username field opposite, type your login username for the hub computer, and underneath select Password from the Initial Method drop-down list. Then type your login password for the hub beneath, and put a tick alongside Store Encrypted Password In Profile.

Click the Options tab, and remove the ticks in all boxes beneath the On Login heading at the right. Then click the Services tab and tick Enabled beneath the SOCKS/HTTP Proxy Forwarding heading at the right. In the Listen Interface field, type 127.0.0.1 but leave everything else as it is. Bitvise is now set up, and all you need do now and in the future when you start it is click the Login button (click Accept and Save on the dialogue box that appears the first time).

Open the SocksCap64 app, and you’ll be prompted to import your web browsers. Click to do so, then click the Socks icon on the toolbar. Click the small plus button at the middle left, then under the IP heading at the left type localhost. The Port field will be filled in automatically, but under the SOCKS Type heading click to select SOCKS 4/4a. Then click Save, and in the tiny buttons alongside the plus icon, click the second from the right that approximates a circle. This will connect your PC to the SOCKS proxy.

Setup is now complete. From now on when using public wi-fi you must quit any browser that was already open, connect via BitVise, and double-click the browser’s icon within the SocksCap64 window to start it with the secure tunnel enabled. Note that you can add other apps to SocksCap64 alongside browsers, such as your email client: just click the small down arrow alongside the Apps button, and click Add An Executable File. Then browse to the location of the app in Program Files or Program Files (x86).

When you’ve finished using the public wi-fi service, close the browser (or other app) opened by SocksCap64 and rightclick the System Tray icon of SocksCap64 and then Bitvize SSH Client, selecting Exit on both menus.

BitTorrent Downloader


The biggest downside when using BitTorrent is the amount of time it can take to complete a download, particularly for less popular items that might not see widespread seeding.

Because the hub is intended to be left on 24 hours a day, it makes an ideal BitTorrent downloader, avoiding the need to leave a PC running. Coupled to the NAS set up detailed in last week’s instalment of this feature, you can leave the hub to quietly download gigabytes of data.

We’re going to use a cross-platform free app called Deluge. Start with the following command on the hub, which will install the necessary software:

sudo apt-get -y install deluged delugeconsole

To generate the configuration file it’s necessary to start Deluge and then immediately stop it, like so:

deluged;pkill deluged

To edit the configuration file, type the following:

nano ~/.config/deluge/auth

On a new line at the bottom of the file, add the following:

pi:raspberry:10

Tap Ctrl+X, then Y and hit Enter to save the file. Now you must enable remote control for Deluge. Type the following to open its console interface:

deluged;deluge-console

Now type the following two lines:

config -s allow_remote True
exit

We’re almost done! The final step is to ensure Deluge starts every (re)boot. Type the following to open the crontab file:

crontab –e

Type the following right at the bottom of the file on a new line:

@reboot /usr/bin/deluged

Tap Ctrl+X, then Y and hit Enter to save the file, then type ‘sudo reboot’ to reboot the hub. Setup is now completed on the hub and you should switch to the PC that you’re going to use to control your new BitTorrent server.

Download the Deluge client for Windows from goo.gl/CP6o49 and install with the default options. On first running it, click Edit > Preferences, select the Interface heading at the left of the dialogue box that appears, and click Enable alongside Classic Mode. Then click OK, quit Deluge when prompted, and restart it.

When it restarts you’ll see a Connection Manager window. Select the existing entry that begins 127.0.0.1, and click the Remove button. Then click the Add button, and in the window that appears type the following alongside each heading (changing Hostname if necessary to the IP address you chose during the setup of the hub last week):

Hostname: 192.168.1.123
Username: pi
Password: raspberry

Click the Add button, click the Options control in the parent window, and put a tick alongside Automatically Connect To Selected Host on Start-Up, and also Do Not Show This Dialog On Start-Up. Select the new entry you added above and then click the Connect button.

From this point on, the Deluge program window will run on your PC, but all of its operations will be carried out on the hub, and you can close the Deluge window on your PC, safe in the knowledge that downloads will continue on the hub. Just start Deluge again on the PC if you wish to check the progress. If you click to download a torrent file within a browser on your PC, Deluge will open then transfer the torrent to the hub and begin its download seamlessly.

However, there’s one last setup step to complete, and that’s to tell Deluge where to store the torrented files on the hub. Click Edit > Preferences, ensure Downloads is selected at the left of the window, and change the paths under the Folder headings to your choice of location (and don’t forget: the torrented files are downloaded to the hub, not on your PC!).

If you added an external hard disk following the instructions in last week’s instalment, then you should type/media in each of the fields under Folders. Click OK when done.

Print Server


Households tend to have many computers, but only one or two printers. Therefore sharing a printer makes a lot of sense, and your hub can take care of this too. It can even allow printing from iPhones and iPads via Apple AirPrint, and from Android and Google Chrome devices via Google Cloud Print.

Note that not all printers are entirely compatible with the CUPS system used to handle printing on Linux. If using an old PC for your hub, you might be able to hack together support (just Google the name of your printer plus the distro name), but on the Raspberry Pi the task is made much more difficult because of its ARM CPU. In fact, for the minority of printers that rely on binary ‘wrapper’ drivers you might find it’s impossible to use them with the Pi.

If using a Pi for your hub, you’ll need to install and configure the CUPS subsystem, although this will already be installed on most versions of desktop Linux. Type the following two commands on the Pi to install the software and subsequently configure the user account correctly:

sudo apt-get -y install cups cups-client
sudo usermod -a -G lpadmin pi

Although you might not believe it, it’s now necessary to edit yet another configuration file! Type the following:

sudo nano /etc/cups/cupsd.conf

Tap Ctrl+W to start a search and type listen localhost. This will take you to a line that reads Listen localhost:631. Directly underneath this insert a new line that reads as follows (substituting the IP address of your hub if you chose something other than 192.168.1.123 during setup last week):

Listen 192.168.1.123

Tap Ctrl+W again and type # Restrict access. This will take you to a different section of the file that begins # Restrict access to the server. A few lines below this will be a line that reads </Location>. Create a new line above this and type the following:

Allow all


Add exactly the same line above the </Location> line under the heading that reads ‘# Restrict access to the admin pages’, and again under the line that reads ‘# Restrict access to configuration files’. If you’re in any doubt how this section should look, visit goo.gl/mPSNrJ to see an example with the additions highlighted.

Tap Ctrl+X, then Y and then Return to quit the text editor and save the configuration file. When returned to the command line, type the following to restart the CUPS subsystem:

sudo service cups restart

Attach the printer to the hub if you haven’t already, and configuration on the hub will be finished. However, there are still some more steps to complete. Jump onto any PC on the network, and type the following address into its browser (again changing the address if you chose a different one during set up of the hub last week):

https://192.168.1.123:631


Click to agree in order to use the invalid security certificate when prompted (this isn’t actually a security threat).

You’ll see the CUPS browser configuration panel. Click the Administration tab at the top, then click the Add Printer button. If a login dialogue box appears, just enter your hub’s username and password details.

With any luck your printer, will be automatically detected on the subsequent page and listed under the Local Printers heading. Other printers might appear in this list, but you can ignore them. Select your printer and then click the Continue button.

In the following page, put a check alongside Share This Printer, then click the Continue button.

Following this, you’ll be invited to select the printer driver, which will again probably be automatically detected. Just click the Add Printer button. Following this, you might be asked to choose printer specific settings. Usually the defaults are great, so just click the Set Default Options button.

Setup on the hub is now complete. Provided your iPhone, iPad or iPod Touch are on the same network, they’ll be able to print to the printer immediately; just tap the share button within an app like Safari on the iOS device, tap Print, and then select the printer.

To print from PCs, start by downloading and installing the standard driver from the manufacturer’s website. You might be ordered to attach the printer during installation and therefore might have to temporarily do so.

With the printer attached to the hub, click Start on the PC and type Add Printer. Click the entry in the list of search results, then select Add a Network, Wireless or Bluetooth Printer. On the following screen click The Printer That I Want Isn’t Listed.

Jump back to the browser and again open the CUPS configuration panel for the hub printer (https://192.168.1.123:631). Click the Printers tab, then right-click the link representing the printer under the Queue Name heading, and select Copy Link. Back in the PC setup dialogue box, paste this into the field that reads Select A Shared Printer By Name, but crucially make sure the start of the address reads http:// rather than https://.

Click Next, and you’ll then be invited to install a printer driver. You will most likely have to select it manually via manufacturer and model within the list. Once the driver is installed, click the Print a Test Page button to ensure the printer is set up correctly.