Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
vpn_client [2023/07/16 03:00] – Added guide for Tailscale VPN configuration. markfeuervpn_client [2024/08/27 10:28] (current) – added under construction note atari
Line 1: Line 1:
 +<WRAP center round todo>
 +Double-check for functionality. custom.sh has been depreciated. https://wiki.batocera.org/launch_a_script?rev=1724655769#customlast_during_startup_first_after_shutdown
 +</WRAP>
 +
 ====== OpenVPN client ====== ====== OpenVPN client ======
 You can easily connect your Batocera to a VPN, as we ship OpenVPN with the distribution. However, it requires some manual configuration, and the steps involved will most probably be depending on your VPN provider. You can easily connect your Batocera to a VPN, as we ship OpenVPN with the distribution. However, it requires some manual configuration, and the steps involved will most probably be depending on your VPN provider.
  
-In this example here, I will be connecting a Batocera 5.27 client to a [[https://nordvpn.com|NordVPN]] server, and adapt it to [[https://www.privateinternetaccess.com|PIA]] when possible. The method here can be adapted to other VPN providers quite easily, please feel free to share your experience on the forum of Discord channel.+In this example here, I will be connecting a Batocera 5.27client to a [[https://nordvpn.com|NordVPN]] server, and adapt it to [[https://www.privateinternetaccess.com|PIA]] when possible. The method here can be adapted to other VPN providers quite easily, please feel free to share your experience on the forum of Discord channel.
  
 ===== OpenVPN configuration ===== ===== OpenVPN configuration =====
Line 49: Line 53:
 #!/bin/bash #!/bin/bash
  
-if test "$1" != "start"+if test "$1" == "start"
 then then
-  exit 0+  openvpn /userdata/system/openvpn/<replace_me>.ovpn & 
 +elif test "$1" == "stop" 
 +then 
 +  killall -9 openvpn 
 +else 
 +  curl ipinfo.io 2>/dev/null  | jq -a '.ip, .city, .country' | tr '\n' ' ' | sed s:\"::g
 fi fi
-openvpn /userdata/system/openvpn/<replace_me>.ovpn &+
 </file> </file>
  
 where ''<replace_me>'' is your VPN. where ''<replace_me>'' is your VPN.
  
-===== Tips and tricks ===== +This ''custom.sh'' script will be started on boot. It can be stopped when called with ''custom.sh stop'' or, when called with no argument and just ''custom.sh'', it displays the current public IP address and city/country where you are connectedso that you can check if your VPN is active or not.
- +
-  * You can verify that you are correctly connected to the VPN by checking your public IP address before and after ''openvpn'' is started by using the command ''curl ipinfo.io'' or ''curl ifconfig.me'' +
-  * If you want to start up your VPN connection every time Batocera boots, you can add the command ''openvpn /userdata/system/openvpn/ovpn_udp/fr661.nordvpn.com.udp.ovpn &'' to the local custom startup script ''/userdata/system/custom.sh'' -- this will be the very last process fired up in the boot sequence+
  
 ===== Troubleshooting ===== ===== Troubleshooting =====
Line 82: Line 88:
 #!/bin/bash #!/bin/bash
  
-if test "$1" != "start"+if test "$1" == "start"
 then then
-  exit 0+  (openvpn /userdata/system/openvpn/<replace me>.ovpn &) 2>&1 | tee -a /var/log/vpn.log 
 +elif test "$1" == "stop" 
 +then 
 +  killall -9 openvpn 
 +else 
 +  curl ipinfo.io 2>/dev/null  | jq -a '.ip, .city, .country' | tr '\n' ' ' | sed s:\"::g
 fi fi
  
-(openvpn /userdata/system/openvpn/<replace me>.ovpn &) 2>&1 | tee -a /var/log/vpn.log 
 </file> </file>
  
Line 99: Line 109:
 #!/bin/bash #!/bin/bash
  
-if test "$1" != "start"+if test "$1" == "start"
 then then
-  exit 0 +  if [ ! -d /dev/net ]; then 
-fi +    mkdir -p /dev/net  
- +    mknod /dev/net/tun c 10 200 
-if [ ! -d /dev/net ]; then +    chmod 600 /dev/net/tun 
-  mkdir -p /dev/net  +  fi 
-  mknod /dev/net/tun c 10 200 +  openvpn /userdata/system/openvpn/<replace me>.ovpn & 
-  chmod 600 /dev/net/tun+elif test "$1" == "stop" 
 +then 
 +  killall -9 openvpn 
 +else 
 +  curl ipinfo.io 2>/dev/null  | jq -a '.ip, .city, .country' | tr '\n' ' ' | sed s:\"::g
 fi fi
  
-openvpn /userdata/system/openvpn/<replace_me>.ovpn & 
 </file> </file>
  
Line 117: Line 130:
 ====== Tailscale VPN configuration ====== ====== Tailscale VPN configuration ======
  
-While not packaged with Batocera by default, the Tailscale VPN service (which is essentially a fancy wrapper for Wireguard and has a free tier) can be added and functions on both the x86 and ARM-based versions of Batocera. This can provide you with benefits including [[netplay|Netplay with Retroarch cores]] and multiplayer on PPSSPP standalone without needing port forwarding, as well as the ability to SSH or SCP into your device from another network. There are some extra steps if you are on an ARM-based single-board computer, but it is confirmed working on Batocera versions as early as V31 and tested with both 32-bit and 64-bit boards (the Odroid N2L and the Odroid XU4). You should have an account made with Tailscale ahead of trying this.+While not packaged with Batocera by default, the Tailscale VPN service (which is essentially a fancy wrapper for Wireguard and has a free tier) can be added and functions on both the x86 and ARM-based versions of Batocera. This can provide you with benefits including [[netplay|Netplay with Retroarch cores]] and multiplayer on PPSSPP standalone without needing port forwarding, as well as the ability to SSH or SCP into your device from another network. There are some extra steps if you are on an ARM-based single-board computer, but it is confirmed working on Batocera versions as early as V31 and tested with both 32-bit and 64-bit boards (the Odroid XU4 and the Odroid N2L, respectively). You should have an account made with Tailscale ahead of trying this.
  
   * Download a Tailscale build from the static binaries section (if using an SBC, grab the one that matches your CPU architecture. ARM for the tested XU4 and ARM64 for the N2L): https://pkgs.tailscale.com/stable/#static   * Download a Tailscale build from the static binaries section (if using an SBC, grab the one that matches your CPU architecture. ARM for the tested XU4 and ARM64 for the N2L): https://pkgs.tailscale.com/stable/#static
Line 132: Line 145:
 /userdata/tailscale/tailscaled -state /userdata/tailscale/state > /userdata/tailscale/tailscaled.log 2>&1 &/userdata/tailscale/tailscale up /userdata/tailscale/tailscaled -state /userdata/tailscale/state > /userdata/tailscale/tailscaled.log 2>&1 &/userdata/tailscale/tailscale up
 </file> </file>
 +
 +  * **IF YOU ARE ACCESSING RESOURCES BEHIND A TAILSCALE SUBNET ROUTER:** By default, Tailscale clients specifically for Linux do not accept routes advertised by subnet routers. If you wish to access resources in the subnet router's network, the ''tailscale up'' command needs an ''--accept-routes'' flag appended. [[https://tailscale.com/kb/1241/tailscale-up?q=--accept-routes|Tailscale Docs]]
 +  * Using the above script block as a reference, the last line will look like this if you want to enable this feature:
 +
 +<code>
 +/userdata/tailscale/tailscaled -state /userdata/tailscale/state > /userdata/tailscale/tailscaled.log 2>&1 &/userdata/tailscale/tailscale up --accept-routes
 +</code>
  
   * **IF YOU ARE USING AN ARM SBC:** You need to use WinSCP or another program with this function to check that the tailscale and tailscaled files in /userdata/tailscale have the execute permission. Go to that directory and right click on both files, then click "Properties." Make sure to check the checkboxes for "Owner" and "Group" marked "X," then hit OK.   * **IF YOU ARE USING AN ARM SBC:** You need to use WinSCP or another program with this function to check that the tailscale and tailscaled files in /userdata/tailscale have the execute permission. Go to that directory and right click on both files, then click "Properties." Make sure to check the checkboxes for "Owner" and "Group" marked "X," then hit OK.
  • vpn_client.1689476438.txt.gz
  • Last modified: 3 years ago
  • by markfeuer