Pepephone 2G on Orange Pi 2G IOT

Recently I bought an Orange Pi 2G IOT. Pretty decent for $10 I would say, not a lot or RAM or CPU, but the interesting thing from my point of view is the 2G modem. Some pictures below with SIM card installed.


So the idea of this post is how to configure this device to connect to Pepephone network with a PIN on SIM. After some testing I finally came up with below wvdial.conf which works for me.

[Dialer defaults]
Modem = /dev/modem0
Baud = 30720000
Dial Command = ATDT
Init1 = ATE1
Init2 = AT+CPIN="XXXX"
Init3 = AT+CFUN=1
Init4 = AT+CGATT=1
Init5 = AT+CGDCONT=1,"IP","gprs.pepephone.com","",0,0
FlowControl = CRTSCTS
Phone = *99#
Username = " "
Password = " "
Stupid Mode = 1
Auto Reconnect = on

Pin entry above should be replaced with your SIM pin.
Execute running wvdial from cli and you should be able to see a new interface named ppp0. Below is a screenshot of both interfaces ppp0 and wlan0.More info here (in spanish).

Renew SSL cert with letsencrypt

Lately I have been playing around with lets encrypt. Wanted to get away from self signed certs, this gives a more professional aspect to the website. Installation was pretty easy to tell the truth, I just followed the following manual from Digital Ocean. Issue came with the cert renewal process. Letsencrypt renews via http, not https, so testing the renewal was failing.

user@computer:$ certbot renew --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log

-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/mail.example.org.conf
-------------------------------------------------------------------------------
Cert not due for renewal, but simulating renewal for dry run
Starting new HTTPS connection (1): acme-staging.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for mail.example.org
Waiting for verification...
Cleaning up challenges
Attempting to renew cert from /etc/letsencrypt/renewal/mail.example.org.conf produced an unexpected error: Failed authorization procedure. mail.example.org (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://mail.example.org/.well-known/acme-challenge/CbWS7lLTfZZe-z-ctdOhaxUe9ZhDi6iuGkxMv57xDbQ: "<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>". Skipping.
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates below have not been saved.)

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/mail.example.org/fullchain.pem (failure)
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates above have not been saved.)
1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:
- The following errors were reported by the server:

Domain: mail.example.org
Type: unauthorized
Detail: Invalid response from
http://mail.example.org/.well-known/acme-challenge/CbWS7lLTfZZe-z-ctdOhaxEe9ZhDi6iuGzxMv57xDbQ:
"<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>"

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.

Continue reading

Script to place in DMZ

So I had to place a small server in my home DMZ leaving it opened to the whole world with the corresponding risks this has. Wondering how to allow access from my home LAN I came up with the following iptables script.

#!/bin/bash

IPTABLES=/sbin/iptables
INT=eth0

startiptables() {
	if [ ${UID} -eq 0 ]; then
		${IPTABLES} -A INPUT -i ${INT} -s 192.168.1.0/24 -j ACCEPT
		${IPTABLES} -A INPUT -i ${INT} -m state --state RELATED,ESTABLISHED -j ACCEPT
		${IPTABLES} -A INPUT -i ${INT} -j REJECT
	else
                echo "Your UID is: ${UID}. Execute as superuser please"
        fi
}

stopiptables() {
	if [ ${UID} -eq 0 ]; then
		${IPTABLES} -F
		${IPTABLES} -L
	else
                echo "Your UID is: ${UID}. Execute as superuser please"
        fi
}

statusiptables() {
	if [ ${UID} -eq 0 ]; then
		${IPTABLES} -L
	else
		echo "Your UID is: ${UID}. Execute as superuser please"
	fi
}

case "$1" in
	start)	startiptables ;;
	stop)	stopiptables ;;
	status) statusiptables ;;
	*) echo "usage: $0 start|stop|status" >&2
		exit 1
		;;
esac

Pretty simple as you can see. It will allow all connections from inside home LAN and block all unrelated traffic coming from the public, except the related and established ones. Substitute the classic class C on script for your corresponding home/work network.

Downgrade Raspberry Pi kernel

So I upgraded my DietPi kernel the other day and noticed there was no driver for Realtek 8188 driver for that kernel version. After playing around trying to compile the driver for the newest kernel I decided to downgrade the kernel. Thought it was difficult, but it’s quite easy. Only choose the kernel version you want to downgrade to from here, copy the hash and run rpi-update.

user@computer:$ rpi-update 48cfa89779408ecd69db4eb793b846fb7fe40c4b

Hash above corresponds to kernel 4.4.11-v7+, with that kernel I was able to download the driver for my USB wifi using the script below:

#!/bin/bash
set -e

TOPIC_URL="http://www.raspberrypi.org/phpBB3/viewtopic.php?p=462982"

# Download and install rpi driver for 8188eu-based wifi dongles
# from MrEngman's dropbox.
#
# Version information is fetched from TOPIC_URL and appears as:
#
#   3.6.11+ #371 up to #520 inclusive    - 8188eu-20130209.tar.gz
#   3.6.11+ #524, #528, #532             - 8188eu-20130815.tar.gz
#   ...
# then is matched against local kernel release and version numbers
# to select proper driver tarball.  Kernel build number can be overriden
# with command line option -k, in case no exact match is found.

fetch_versions() {
	curl -s "$TOPIC_URL" \
	| sed 's:<code>\|</code>\|<br />:\n:g' \
	| sed 's:&nbsp;: :g ; s:gz.*:gz:' \
	| grep -E '^[0-9.]+.*tar\.gz'
}


case "$1" in
	-k|--kernel)
		build=$2
		;;
	-l|--list)
		fetch_versions
		exit 0
		;;
	-h|--help)
		echo "usage: `basename $0`" \
			"[-k|--kernel <kernel build>]" \
			"[-l|--list]"
		exit 0
		;;
	"")
		;; # proceed to install
	*)
		echo "unknown command: $1" >&2
		$0 --help
		exit 1
		;;
esac


kernel=$(uname -r)
build=${build:-$(uname -v | awk '{print $1}' | tr -d '#')}

if [ $kernel = "3.6.11+" ] && [ $build -gt 370 ] && [ $build -lt 521 ] ; then
	tarfile=8188eu-20130209.tar.gz
else
	tarfile=$(fetch_versions \
		| grep -e "^$kernel " \
		| grep -E "#$build[, ]" \
		| awk '{print $NF}')
fi

if [ ! "$tarfile" ] ; then
	echo "cannot match kernel: $kernel #$build"
	echo "please check news at $TOPIC_URL"
	echo "or try closest compatible version with -k <kernel build>"
	exit 1
fi

tmpdir=$(mktemp -d)
trap "\rm -rf $tmpdir" EXIT
cd $tmpdir

echo "downloading $tarfile (kernel $kernel #$build)"
curl -s https://dl.dropboxusercontent.com/u/80256631/$tarfile | tar xz

module_bin="8188eu.ko"
module_dir="/lib/modules/$kernel/kernel/drivers/net/wireless"
firmware_bin="rtl8188eufw.bin"
firmware_dir="/lib/firmware/rtlwifi"

if [ -f $firmware_bin ] ; then
	echo "installing firmware $firmware_bin"
	sudo install -p -m 644 $firmware_bin $firmware_dir
fi

echo "installing kernel module $module_bin"
sudo install -p -m 644 $module_bin $module_dir
sudo depmod -a
#sudo modprobe -r 8188eu || true # cannot currently be removed ("permanent")
sudo modprobe -i 8188eu
lsmod | grep -q 8188eu || echo "error: module not loaded"

As per latest update dl.dropboxusercontent.com is no longer valid and should be substituted by http://www.fars-robotics.net/, but dl.dropboxusercontent.com worked for me. Now my wifi is working.

user@computer:$ uname -a; ifconfig wlan0; lsmod | grep 8188; lsusb
Linux DietPi 4.4.11-v7+ #886 SMP Thu May 19 15:20:49 BST 2016 armv7l GNU/Linux
wlan0 Link encap:Ethernet HWaddr 00:e0:4c:81:89:01
inet addr:192.168.0.102 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::2e0:4cff:fe81:8901/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2262 errors:0 dropped:10 overruns:0 frame:0
TX packets:1659 errors:0 dropped:3 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:463049 (452.1 KiB) TX bytes:274451 (268.0 KiB)
8188eu 859474 0
cfg80211 427855 1 8188eu
Bus 001 Device 004: ID 0bda:8179 Realtek Semiconductor Corp.
Bus 001 Device 003: ID 0424:ec00 Standard Microsystems Corp. SMSC9512/9514 Fast Ethernet Adapter
Bus 001 Device 002: ID 0424:9514 Standard Microsystems Corp.
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub

And below are my available kernels.

user@computer:$ ls -ltr /lib/modules
total 28
drwxr-xr-x 3 root root 4096 Mar 18 2016 4.1.18-v7+
drwxr-xr-x 3 root root 4096 Nov 17 23:58 4.9.62+
drwxr-xr-x 3 root root 4096 Dec 30 12:36 4.9.35+
drwxr-xr-x 3 root root 4096 Dec 30 12:36 4.9.35-v7+
drwxr-xr-x 3 root root 4096 Dec 30 14:52 4.9.62-v7+
drwxr-xr-x 3 root root 4096 Dec 30 19:49 4.4.11+
drwxr-xr-x 3 root root 4096 Dec 30 20:03 4.4.11-v7+

Create a new table with Apache Hive

We are going to create a new table with Apache Hive from a previous one, populate it and then perform a UNION ALL of both tables. Below is the script that will create the new table.

-- Below script creates a new table
USE testdb;
-- show current tables
SHOW tables;
-- describe mytable2, table we will use to create mytable4
DESCRIBE mytable2;
-- create new table copying format from mytable2
CREATE TABLE mytable4 LIKE mytable2 ;

SHOW tables;
-- describe newly created table
DESCRIBE mytable4;
-- select content from newly created table
SELECT * FROM mytable4;

We proceed executing via hive in a linux shell.

user@computer:$ hive -f create-new-table.hql

Logging initialized using configuration in file:/etc/hive/conf.dist/hive-log4j.properties
OK
Time taken: 0.898 seconds
OK
mytable
mytable2
newtable3
Time taken: 0.206 seconds, Fetched: 3 row(s)
OK
id int
lname string
fname string
Time taken: 0.263 seconds, Fetched: 3 row(s)
OK
Time taken: 0.272 seconds
OK
mytable
mytable2
mytable4
newtable3
Time taken: 0.043 seconds, Fetched: 4 row(s)
OK
id int
lname string
fname string
Time taken: 0.166 seconds, Fetched: 3 row(s)
OK
Time taken: 0.666 seconds

Continue reading