Economical OpenVPN Server Farm using the Cubieboard

[nwclasantha]

New_tech.jpg

Economical Site to Multi SitesOpenVPN Server Farm using the Cubieboard (Ubuntu)

You have to used HDMI monitor output cable for initial configuration only.

??? ??? HDMI ????? ???? ????? ?????? ?? ?? ???.??.??. / ??.???.??. ??????? ??? ??????? ?? ?????. ????????? ??? ?? ???? ???? ?????? ????? ????????? ??? ???? ?????? ???? ????

Introduction

A Virtual Private Network (VPN) can be thought of as a secure tunnel which connects two nodes through an insecure connection (although it has other uses not related to security). This can be as simple as securely connecting a road warrior and his/her laptop back to the home office's network or as complex as linking multiple entire networks together
To accomplish this, we can employ one of OpenVPN's two different modes: routed or bridged. Bridging, as the name implies, simply extends the server's network (via the OpenVPN machine) to the client that's connecting. It's quick and easy to set up, but has limited scalability as the network grows.

Bridging also expands the broadcast domain as broadcasts are sent through the tunnel since connected clients are assigned IP addresses in the same subnet as the server's network. This is great for services and protocols that rely on it like SMB (Windows file-sharing) . But in a broadcast-heavy environment, that extra traffic over an encrypted tunnel can take its toll on performance.

Routing, on the other hand, is a bit trickier to set up, requiring access to both the client and server side routers. But it scales well and separates both the client network and the server network in to separate broadcast domains


The diagram above depicts a typical site-to-multi site layer 3(L3) routing setup. In order to complete this setup, all of the following requirements must be met:

1. You have three sites, each one connected to the Internet. One site will be hosting the Access Server and other two sites will be hosting the OpenVPN client Servers.

2. The site hosting the Access Server must be accessible from the Internet, or have its required ports forwarded to it from the Internet.

3. The OpenVPN client servers must have IP forwarding enabled, as well as openvpn installed, and running a Linux operating system (per these instructions).

4. You must have administrative access to the OpenVPN Client Server machines, including uploading files and SSH/SFTP access.

Building an economical OpenVPN server using the Cubieboard.rar

Building an economical OpenVPN server using the Cubieboard.pdf

Ubuntu_svr_fw_script.rar

[SemiconductorCat]

Thanks.
I'm new to iptables. I'm still learning those.Examples implementations like these are very favorable.

So why you say this is economical? Because of power consumption? I agree with you. ARM chips are designed to operate
less than 1W. And try to use A11 or A15 chip, or if you need more performance use A52 cotex like chip.They are trying
to build desktops using A52 chip soon. And keep in mind that, A9 500Mhz is more better than A5 1.2 GHz proz.

And if I were you, I never worry about HDMI [even never buy a board with high end GPU chips]. So I could save more
money. Simply a board that supports a terminal logn. So I could simply log into it using serial cable + hyperterminal.
Additionally if I want X-server running. I will download a windows X server and set it up to listen from my board on lan.
So windows laptop computer will act as a X-server and board will be the x-client.I have tested with older linux version
called knoppix. I could not remind the X-server for windows that I used, I did that before 4 years ago with my
PII laptop acts as a x-client, but runs after-step using this method. But something like this will work fine.

http://mobaxterm.mobatek.net/
Many: http://stackoverflow.com/questions/4045 ... or-windows [closed question,
SE does not allow questions "which software is best" "select me software" type].

Just follow these on your client.

Code: Select all

#export $DISPLAY=192.168.1.2:0.0
#startx

Simply 192.168.1.2 is the ip address of the windows computer running X-server.

[nwclasantha]

Thanks.
I'm new to iptables. I'm still learning those.Examples implementations like these are very favorable.

So why you say this is economical? Because of power consumption? I agree with you. ARM chips are designed to operate
less than 1W. And try to use A11 or A15 chip, or if you need more performance use A52 cotex like chip.They are trying
to build desktops using A52 chip soon. And keep in mind that, A9 500Mhz is more better than A5 1.2 GHz proz.

And if I were you, I never worry about HDMI [even never buy a board with high end GPU chips]. So I could save more
money. Simply a board that supports a terminal logn. So I could simply log into it using serial cable + hyperterminal.
Additionally if I want X-server running. I will download a windows X server and set it up to listen from my board on lan.
So windows laptop computer will act as a X-server and board will be the x-client.I have tested with older linux version
called knoppix. I could not remind the X-server for windows that I used, I did that before 4 years ago with my
PII laptop acts as a x-client, but runs after-step using this method. But something like this will work fine.

http://mobaxterm.mobatek.net/
Many: http://stackoverflow.com/questions/4045 ... or-windows [closed question,
SE does not allow questions "which software is best" "select me software" type].

Just follow these on your client.

Code: Select all

#export $DISPLAY=192.168.1.2:0.0
#startx

Simply 192.168.1.2 is the ip address of the windows computer running X-server.

Simple I do not need to use GUI Environment anymore because I'm going to use init level 3 for the entire configurations.
therefore once I have installed it, anyhow i'd like to config the system into INIT 3 (CLI Mode) not the init 5.

This is a Low cost solution for the Small Enterprise implementation which is very stable and Managing via SSH securely.
at the other hand it is proper to used 8GB SD cards also with certain implementation as a one of the method of on-board OS placement as well.

Raspberry Pi ?????? ??? ?? ???? ??????? ???? ?? .. ??? ???????? ??? ?????? ???? Cubieboard ?? ????????? ???????? ????? ..Raspberry Pi ?? ???? ????????? ??? VPN User Handling ????? ????? ??? ?? ..???? ??? ?? .

??? HDMI cable ???? ?????? ????? ??? .. ?? ?????? ??????? ????? IP/DNS Settings ??? ?? SSH Enabled ?????? ??? ?? . ?????? ???? ?? Monitor ???? ?????? ???? ... ??? ??????? ????? ????? SSH ???? ??? ?? .

???? IPTables ???? Script ???? ????????? ??????? ???? .. ? ??????? IPTables Firewall ?? ??? ??? SSH ???? ????? ??? ??? ????? ?????, Server Connectivity ?? ???? ????...! ???? ? ???? IPTables Script ?? ?? ?????? ..! ????? ??? 100% ?? ? SSH ???? ??????? ??????? ???? ????????? ??????? ..!

???? File Transfer ????? SSH ???? ??????????? ??? GUI Tool ???? ???? ????? ????? ???? ?? ???? IPTables Script ?? ???? ????? ????????..!

Mainly you have 2 options,

1. Raspberry Pi Bord (Low Performance compared to the Cubieboard).
2. Cubieboard -1GHz (High Performance compared to the Raspberry Pi).

FINALLY I DO NOT WANT TO USE STARTX ON IT.

ADVANTAGES:

1. LOW COST.
2. MINIMUM SYSTEM CRASHES.
3. LOW POWER CONSUMPTION.
4. NO VIRUS INFECTION.
5. VLAN SUPPORT.
6. QOS SUPPORT.
7. L3 ROUTING ENABLED.
8. SECOND TIME BOOT-UP WITHOUT CRT/LCD ONCE YOU 100% CONFIGURED & MANAGED OVER SSH LOGIN.
9. EASILY CLONE SD CARDS WITH OTHERS.
10. ANY TIME YOU CAN PUT IT SOMEWHERE EVEN WITHOUT LARGE MOUNTING SPACE.....ETC.

[SemiconductorCat]

>> 8. SECOND TIME BOOT-UP WITHOUT CRT/LCD ONCE YOU 100% CONFIGURED & MANAGED OVER SSH LOGIN.

So the graphics chips still consumes some power even it's not used. Because module is loaded and initialized.
Some boards have this functionality to turn off the chip using an ioctl call. Using modinfo try to find about
module information and try to find details on the GPU chip label on board. [It could be an SoC graphics chip too, example
is OMAP chip implementations,in which case you only have info from modinfo].So post the info. I'll see what I could do, to find the exact ioctl call to turn off that
chip for additional power consumption. Android operating system does this, so typically ARM chip implementations
have this feature. I'll see what I could do on this.

>> 3. LOW POWER CONSUMPTION.

If I were you, then I will make this the first point. Never mind. Anyway we are heading to a scary future where
electric bill is higher than internet bill.

[nwclasantha]

>> 8. SECOND TIME BOOT-UP WITHOUT CRT/LCD ONCE YOU 100% CONFIGURED & MANAGED OVER SSH LOGIN.

So the graphics chips still consumes some power even it's not used. Because module is loaded and initialized.
Some boards have this functionality to turn off the chip using an ioctl call. Using modinfo try to find about
module information and try to find details on the GPU chip label on board. [It could be an SoC graphics chip too, example
is OMAP chip implementations,in which case you only have info from modinfo].So post the info. I'll see what I could do, to find the exact ioctl call to turn off that
chip for additional power consumption. Android operating system does this, so typically ARM chip implementations
have this feature. I'll see what I could do on this.

>> 3. LOW POWER CONSUMPTION.

If I were you, then I will make this the first point. Never mind. Anyway we are heading to a scary future where
electric bill is higher than internet bill.

I'M TALKING ABOUT , 1. http://en.wikipedia.org/wiki/Runlevel
2. High Power wasted Server (HP/IBM) vs Cubieboard