In spite of being a beloved companion to computer hobbyists the world over, the Raspberry Pi doesn’t get enough credit. In fact, single-board computers of all stripes haven’t gotten their due — I just happen to have a Raspberry Pi. It was upon casting a stray glance into the corner of my room where my Pi is, churning away on the previous task I assigned it, that I pondered all the loftier projects I have in mind for it.
It will probably be a while before I tackle those grand designs. But the next best thing to following my dreams is to share them. The ideas here are charcoal sketches, not full illustrations, but they yield a rough picture.
I should also note that these projects all contain Linux in their blueprints (shocking, I know). As this is the preliminary stage, we can leave the exact distribution blank for now. You can safely trust, though, that any services we might need our Pi to run will fasten flush onto a Linux base.
You Can’t Phone Home if You Don’t Have the Number
Two of the three projects below will require server configuration — and because servers are most useful when accessible on the wider Internet, this also entails some network tinkering. Specifically, whenever you want to reach your own private network from the outside, you will need to nail down the IP address and ports on the Internet-facing side.
First, figure out what your IP address is and whether it is dynamic or static on the wide area network (WAN). For our purposes, treat our WAN as the Internet. If your WAN IP is static, great. It will always be the same (as long as you pay your ISP on time), so you can start working on ports.
However, if your WAN IP is dynamic, meaning it changes periodically, there are additional steps. You will need to register a domain for it, and then get the global DNS infrastructure to honor that. Easy! In a nutshell, this involves registering a domain, like you would for a website, but setting it to your home’s WAN IP address.
But if your WAN IP address constantly changes how does this solve anything?
With a special DNS entry called Dynamic DNS (DDNS), once you associate your router with your domain, it will automatically update itself as your router’s WAN IP changes. This way, your domain will always point to whatever WAN IP is currently assigned to your router.
When you want to access your LAN from the Internet, instead of entering an IP address you would input your domain. DNS then resolves it to your WAN IP, and you’re all set. Any further detail is beyond the scope of this article, but that’s the gist.
No matter which IP adventure you chose, you then have to decide what ports to open on your router’s WAN IP. If we liken IP addresses to postal addresses, think of ports as unit numbers. Basically, your Pi will sit on your network with its service opening up whichever of its own ports it needs, and your router will map that Pi port to one of the router’s WAN-facing ports. If you hit the right port on your WAN IP (the router), your router will pass the traffic to your Pi, on its associated port, on the LAN. Appropriately enough, this is called “port mapping” or “port forwarding.”
For example, imagine your router is 126.96.36.199 on the WAN. Let’s say your router’s LAN IP is 192.168.1.1 and your Pi’s LAN IP is 192.168.1.37. If you wanted to SSH into your Pi from anywhere on the planet, you would set port 22 on 192.168.1.37 to be open as normal. Your router would then map port 22 on 192.168.1.37 to (for instance) port 2222 on its WAN IP, 188.8.131.52.
Again, there’s a lot more to it, but that’s essentially how network configuration for your Pi goes.
To the Drawing Board
With our prep work out of the way, let’s cook up some Pi recipes.
1. VPN Server
At the top of my list of Pi experiments is creating a VPN server. Why pay for a cloud VPN when you can tunnel home for free? Most of us leave our best stuff, physical and digital, at home anyway. Once you punch into your home VPN, you can access media files, backups, or anything else squirreled on your LAN.
In this arrangement, your Pi is the VPN server, and the end-user devices you want to connect to it, e.g. laptops or mobile devices, are the clients. Your Pi resides on your LAN, with your router mapping the Pi VPN port to a port on its WAN IP. Dial your home’s IP and port, present the required key, and you will open an encrypted line back to home base.
2. Transparent VPN Proxy
This project is unique because it doesn’t provide a service (and so isn’t a server), but it facilitates the use of an existing service. When converted to a transparent VPN proxy, your Pi becomes a portable security device that automatically confers VPN protection on your other devices.
To build your transparent proxy, first you will need to ensure that your Pi has two wireless interfaces. Pi models come with, at most, one wireless interface, so you’ll have to pick up at least one USB-connected wireless device. Second, you’ll need a VPN service. If your VPN was the server described above, I guess you’ll need another Pi.
A transparent VPN proxy is designed to solve the problem of not trusting a network enough to connect your end-user devices directly to it, but still needing connectivity. In essence, the proxy device does so by interposing itself between the untrusted network and end-user device, and then routes the end-user device through your VPN of choice. This leaves the untrusted network carrying purely encrypted traffic.
To pull this off, you configure your Pi as an access point (AP) and as a VPN client. What is it an AP for? The suspect network. Its role as a VPN client works as you would expect, with its traffic encrypted to the VPN server.
The interesting stuff happens when your end-user device connects to the Pi AP. Because the Pi’s traffic is the end-user device’s traffic (as with typical APs), and the Pi’s traffic is also encrypted, your end-user device traffic is transitively encrypted. But you get that encryption without altering any settings on the end-user device. Your laptop or mobile device just thinks it’s on a normal network. Even better, at no point has it ever interacted with the sketchy network. Neat trick, huh?
3. File Storage Server
We’re back to server mode here, so the networking prerequisites are back in force.
A Pi file storage server can stand in for cloud storage while offering added perks. The general concept is that, like with the VPN, it lives on your LAN with its file service port mapped to a port on your router’s WAN IP. You then access the file server by punching in your home router’s IP and port, plus the server username and password, into your network storage client program and you throw open your vault of stashed files.
The advantages of running your own networked file storage are substantial. For one thing, you can store way more data. Want more space? Attach a bigger hard drive. For another, you own the infrastructure. You’re not entrusting your data to some company, but to your own hardware and open-source software — and it costs much less. You really only sink one-time costs into the Pi and hard drive, and just pay for electricity.
On Your Mark, Get Set, Boot!
Those aren’t even all the schemes I’ve concocted for my Pi, but they are the ones I’m most excited about and that I thought others might find most intriguing. You’ll definitely know when I get around to these, since I’m certain to share my findings. Until then, I hope these give you raspberry-flavored food for thought.