I2P is one of those software that’s best left running forever. Raspberry Pi is one of those platform that’s perfectly suitable for such task. I suppose you could leave your Raspberry Pi running “behind the enemy line”, and you can access it through the I2P darknet.

Installing I2P on Raspberry Pi is simple. Although you need to install a JVM first. You can do that by running:

sudo apt-get install default-jre-headless

You can follow the standard procedure described in I2P website. I installed mine to /opt/i2p. That folder is owned by a local user. I then installed I2P as a service, by running

/opt/i2p/i2prouter install

I then configured i2prouter to run as a local user.

Now here is the important part, the default JVM at its default configuration is very slow. According to various posts, it doesn’t seem to doing Just-In-Time(JIT) compilation, it actually interprets Java bytecode. If you simply start I2P now, your load average will shoot through the roof.

You need to modify /opt/i2p/wrapper.config, added these lines at the appropriate location:

# Use CACAO to increase execution speed
wrapper.java.additional.5=-cacao

I added it after

“wrapper.java.additional.4.stripquotes=TRUE”.

An alternative for using CACAO would be installing Oracle Java SE 8 (with JavaFX) Developer Preview for ARM. This is actually how I actually run my I2P. More instruction is available at here. If you don’t use Java SE 8, then you need to revert your modification to wrapper.config.

If you run I2P now, the load average should be between 0.5 to 1, your mileage may vary though.

You might want to change your I2P’s settings so you can access I2P from other computers within your network.By default I2P only listen to the localhost. More instructions are here. You shouldn’t modify runplain.sh, because we are not using it here. You shouldn’t move the integer library, they seem to have fixed it. You might want to change 0.0.0.0 to a specific adapter’s IP address, for security reason. For example, rather than having:

clientApp.0.args=7657 ::1,127.0.0.1 ./webapps/

I have

clientApp.0.args=7657 ::1,127.0.0.1,192.168.0.1 ./webapps/

I hope this post helps.

I live in a place with dodgy wifi connection, sometimes the Wifi adapter says that it is connected, but I can’t send packets. Therefore I have this in my root’s crontab. It works quite well.

EDIT: reset is now called wifi_reset, because reset is actually a command on its own.

#!/bin/bash

function wifi_reset {
echo
echo “Disabling wlan0″
echo
/sbin/ifdown wlan0
echo
echo “Re-enabling wlan0″
echo
/sbin/ifup wlan0
echo
echo “Done!”
}

ping -c 1 www.google.com > /dev/null 2>&1

if [ $? -ne 0 ]; then
echo “Network down!”
wifi_reset
fi

HOSTS=”www.google.com”
COUNT=10
for myHost in $HOSTS
do
count=$(ping -c $COUNT $myHost | grep ‘received’ | awk -F’,’ ‘{ print $2 }’ | awk ‘{ print $1 }’)
if [ $count -le 5 ]; then
# 50% failed
echo “Poor network performance!”
wifi_reset
fi
done

Right, if you want to install WordPress, then don’t bother with the one in the repository. It over-complicates things by putting the WordPress scripts outside /var/www. Perhaps it is better for security, but the resulting installation is a pain to use and maintain. You can’t do auto-update, and you can’t install plugins without installing a FTP server.

You should follow the tutorial at:http://codex.wordpress.org/Installing_WordPress, before you start, remember to set the owner of /var/www to www-data:www-data, and set the permission of the folder to 775.

If you want to use permalink like me, you need to enable Apache rewrite mod by typing “a2enmod rewrite” as the root, then modify the your /etc/apache2/sites-available/default according to  http://tymonn.wordpress.com/2009/07/31/how-to-enable-mod_rewrite-in-apache2-debianubuntu/

And that’s about it. If you use the WordPress package in the repository, you will have a “fun” time of setting the whole thing up.

I have finally decided to give my Raspberry Pi proper IPv6 access. I assume you have followed my previous guide on configuring OpenVPN IPv6 tunnel broker. You need to add these lines to your OpenVPN client configuration file:

script-security 2

up “/etc/openvpn/turing-up.sh”

down “/etc/openvpn/turing-down.sh”

This is the content of turing-up.sh:

#!/bin/bash

/sbin/dhclient -6 -pf /var/run/turing.ipv6.pid tap0

This is the content of turing-down.sh:

#!/bin/bash

kill $(echo $(cat /var/run/turing.ipv6.pid))

rm /var/run/turing.ipv6.pid

Basically the modification automatically attaches a dhclient on the new tap interface, and kill it when the tunnel is torn down.

Introduction

It is indeed possible to use OpenVPN for tunnelling IPv6 traffic. OpenVPN’s packets work at the transport layer, while the packets for the traditional 6in4 tunnel work at the Internet layer. OpenVPN works at a higher level. For a 6in4 tunnel to work, your router needs to be able to route IP packet with the IP protocol header of 41. This may not always happen, your router may not support that, or perhaps the administrators have configured the network to drop such packet. However OpenVPN will work as long as you can still send out TCP or UDP packets.

The basic idea is to use OpenVPN in TAP mode, and use that to forward IPv6 packets. TAP mode operates in the link layer (layer 2), so it won’t care about the data that gets transported in (layer 3). IPv6 is a basically a network layer protocol.

So let’s get started. I assume you are using a Debian based distribution.

Procedure

Setting up the Ethernet Bridge

First you need to install uml-utilities and bridge-utils. Then create a network bridge with a TAP adapter. Of course you can add in more adapters to the bridge if you want. You can do this by configuring your /etc/network/interface, for example:

iface br0 inet static

address 10.10.4.1

netmask 255.255.255.0

bridge_ports tap0

pre-up /usr/sbin/tunctl -t tap0

iface br0 inet6 static

address 2001:470:d:c68::1

netmask 64

Note, the bridge’s IPv4 address will be OpenVPN server’s address. You can only configure OpenVPN to assign IPv4 address within the range specify by the network mask of the bridge. Note that you might not need to configure IPv4 settings for this OpenVPN tunnel, however I haven’t tried it yet. Sometimes OpenVPN clients don’t bring up the TAP virtual adapter if you don’t supply IPv4 settings.

Setting up the OpenVPN Server

You can set up OpenVPN by following this tutorial. You need to set up OpenVPN in bridge mode. You need to specify the virtual adapter as the one you use in the bridge, in our case: tap0. You need to use the “server-bridge” directive rather than the “server” directive, as you are creating bridging mode OpenVPN. In our example, the “server-bridge” line looks like this:

server-bridge 10.10.4.1 255.255.255.0 10.10.4.2 10.10.4.254

For more information on OpenVPN’s configuration, please refer to its manual.

Setting up the IPv6 router

Then follow you need to follow this tutorial to get IPv6 connectivity for your server. The interface for LAN adapter is br0, rather than eth-lan in the tutorial.

I haven’t managed to make the whole thing to work purely using stateless autoconfiguration via Neighbour Discovery Protocol with radvd. I use a DHCPv6 server to assign IPv6 addresses and push the DNS server information. You need to add the following flags in the “interface” section of radvd.conf:

AdvManagedFlag on;

AdvOtherConfigFlag on;

More information is available in radvd.conf’s manual page.

For the DHCPv6 server, I use the package wide-dhcpv6-server. It is fairly straightforward to configure. Please refer to its manual page for more information.

More examples of radvd configuration or DHCPv6 server configuration are available at here.

Clients

Windows 7

If you have Windows 7, you simply need to use your OpenVPN client to connect to the server. You need to enable IPv6 on the virtual adapter that OpenVPN uses. You simply need to configure the adapter to use DHCP to get its configuration.

Linux

If you have Debian-based Linux distribution and you configured .conf files at /etc/openvpn, you need to get the DHCP client to configure IPv6 on the TAP interface. Assuming tap0 is the virtual adapter OpenVPN uses, you can run the following as the root:

dhclient -6 tap0

I suppose you could run this automatically by specifying the “up” directive in your .conf file.

There are times when your Internet access is very limited. For example in an airport, there might be wireless access points, but you have to pay for them. Interestingly, the DNS servers associated with the wireless access point can still perform DNS lookups correctly. This is when Iodine comes in.

Iodine is basically a fake DNS server. The client sends out really long DNS request, while the server responds with weird and wonderful DNS record. More information on roughly how everything is implemented can be found here.

Configuring Domain

You need to configure domains first. You can get free subdomains at FreeDNS. After registering at FreeDNS, click “Subdomains” and add a type A record. You need to type in your preferred subdomain name in the “Subdomain” box. You should put your server’s permanent IP address in the Destination.

If you do not have a server with permanent IP address, you can use your home broadband. You need to configure dynamic DNS service for your home broadband. In FreeDNS’s Subdomains section, you need to create a CNAME record rather than A record. The destination points to your dynamic DNS domain name.

You then need to add another NS record, which points to the subdomain you have just added.

You might want to ask, why I did not point the NS record straight to an IP address. This is because NS record can only contain domain names.

Server Configuration

You need a Linux machine for server. In Debian/Ubuntu, you can simply type:

apt-get install iodine

Then you need to edit your /etc/default/iodine. You need to make it look like this:

START_IODINED=”true”

IODINED_ARGS=”-c 10.10.10.1 tunnel.crabdance.com”

IODINED_PASSWORD=”your_password”

“tunnel.crabdance.com” is your NS record. “10.10.10.1″ is the server’s IP address on the tunnel interface. The client will be given the next IP address available in the range. The default network mask is /27. “-c” stops iodine daemon from checking the IP address of the incoming UDP packet. This is less secure, however if your DNS request passes through a cluster of DNS servers, the IP address may change during connection.

Now start your server:

/etc/init.d/iodined start

Using the Client

Iodine client is available for both Linux and Windows. You simply call the client’s binary in a terminal window.

In Linux, you type in:

iodine -P your_password tunnel.crabdance.com

In Windows, you need to first install OpenVPN‘s TAP virtual Ethernet adapter. When invoking iodine in Windows, you need to specify the adapter’s name using “-d” option. For example:

iodine -P your_password -d “OpenVPN” tunnel.crabdance.com

Where “OpenVPN” is the name of your virtual adapter.

You can also use the “-f” option to stop the iodine client from detaching from the terminal. This is useful for monitoring the status of the tunnel. You might want to put iodine in a terminal multiplexer, such as GNU Screen.

You can use the tunnel to do whatever you want. You could configure NAT on the server, and access Internet that way. An easier option would be to create a SSH dynamic tunnel to the server, and browse the Internet through that.

Introduction

Get_iplayer is a Perl script for downloading content from BBC iPlayer website. It originally written by Phil Lewis, it is currently maintained by at infradead.org. The content downloaded by get_iplayer does not have DRM restriction. This means that you can use any media player to play them, and there is no time restriction on how long you can keep the file. However it should be noted that it is against the UK copyright law to keep those files for longer than 7 days. I always delete mine after 7 days.

Get_iplayer by default can only download iPhone quality content. If you want to download content with higher quality, you need to install additional software.

Rtmpdump is required to downloading video with “flashhigh” and “flashvhigh” quality, as well as radio programmes. Rtmpdump stores files in the format of flv. If you have ffmpeg installed, the script will automatically convert video flv files into mp4 format, and radio flv files to aac format. If your ffmpeg was compiled with “–enable-libmp3lame” option, you can set get_iplayer to convert radio flv files to mp3 format automatically.

If you have atomicparsley installed, the mp4 files will be tagged automatically with descriptions of the TV programmes. If you have id3v2 installed, mp3 files will be tagged automatically.

Installation

I have machines running Debian and Ubuntu. I also have a Windows machine with Cygwin on it. So I will briefly cover how to set get_iplayer up in these environments.

Debian

You need for first add Debian Multimedia Repository into your APT source list. Then you need to install the signing key for the packages in this repository. You can do so by typing in:

apt-get install deb-multimedia-keyring

You will get some warning, please ignore the warning and carry on. Now install the required packages:

apt-get install ffmpeg atomicparsley id3v2 rtmpdump get-iplayer

Ubuntu

You need to type in these:

apt-get install atomicparsley id3v2 rtmpdump get-iplayer

You then need to compile ffmpeg, as Debian is moving from ffmpeg to libav, and there does not seem to be a repository with ffmpeg.

Cygwin

It is considerably harder to get get_iplayer working in Cygwin. You can use the package from Cygwin Ports. However the packages from Cygwin Ports seem to be less stable than the ones in the official Cygwin Repository.

Alternatively you can compile everything from source. It is totally doable. If you want your radio programmes in mp3 format, you need to add the “–enable-libmp3lame” option when you are compiling ffmpeg.

You also need some extra Perl modules, which you can install from CPAN shell. In order to get CPAN to automatically install all dependencies, you can use the following command.

PERL_MM_USE_DEFAULT=1 perl -MCPAN -e ‘shell’

Using get_iplayer

The documentation for get_iplayer can be found here. You can also get help by using the “–help” option or the “–help-long” option

By default get_iplayer downloads content iPhone quality. You can add user options to get_iplayer, so it always downloads higher quality content. This can be done by using the “–add-prefs” option. You can also manually edit ${HOME}/.get_iplayer/options in order to change settings.

If you use Cygwin, and you manually compiled some packages required by get_iplayer, you need to either put the binaries are in the path, or specify them in get_iplayer’s user options.

The content for my ${HOME}/.get_iplayer/options is:

tvmode flashvhigh

aactomp3 1

mp3vbr 0

subtitles 1

So on my setup, get_iplayer downloads very high quality video, and radio programmes are saved as high quality mp3 files.

Downloading iPlayer video outside the United Kingdom

It is possible to download iPlayer video from location outside the United Kingdom. You simply need to install Tor, and restrict its exit node to UK only. This can be done by modifying the torrc file. In Debian, it is located in /etc/tor/torrc. You need to insert the following two lines in the file:

ExitNodes {gb}
StrictNodes 1

Then you need some kind of software which converts Tor’s SOCKS proxy to a HTTP proxy. I personally use Privoxy. Some people prefer Polipo. My problem with Polipo is that it randomly crashes. Privoxy is available in both Debian and Ubuntu’s repository. It is also available on Windows natively. Add the following option to your Privoxy:

forward-socks5 / localhost:9050.

This forwards all the request to Privoxy to the SOCKS proxy you have just created. Now, you probably want to add the proxy option permanently into your get_iplayer setting file. You can do this by the following:

get_iplayer –add-prefs –proxy http://127.0.0.1:8118

Now you can use get_iplayer to download video as usual. Tor is only used to get the feed files. BBC restricts these feed files to UK IP addresses. BBC’s RTMP server does not restrict the IP address. RTMP connection is not tunnelled over HTTP proxy.

I do max out my bandwidth when I download iPlayer videos in China, so it is all good.