PinePhone as edge server in a remote network
The straight forward way to access a remote network is to setup a VPN connection with the router. If that’s not possible, a separate device is required to act as VPN client. A smartphone is particularly suitable for this as it is always on, small, has a low power consumption and makes it easy to configure a wifi connection with the network. The PinePhone is especially suitable for the job as it can host a standard Linux environment which is not messed up like Android. On the PinePhone we need very few tools to work in the remote network:
- Wireguard for the VPN tunnel
- SSH server
- Docker runtime, e.g. to run a time series database to collect sensor stats
Setup
- flash PostmarketOS to a microSD card
- run the wizard on the phone (to resize the root partition)
- copy the PostmarketOS img-file to the microSD card
- flash the img-file to the eMMC via
dd
: https://pine64.org/documentation/PinePhone/Installation/Installation_to_the_eMMC/#from-the-booted-microsd-os - remove the sd card and reboot
- login (user:147147) and connect wifi
SSH
- start ssh server:
sudo service sshd start
- enable ssh on boot:
sudo rc-update add sshd
- connect to the phone:
ssh user@pine64-pinephone
- in
/etc/ssh/sshd_config
: setAllowTcpForwarding yes
to forward ports from the remote network to your local host
System
- check updates:
sudo apk update
andsudo apk upgrade -a
- install some tools:
sudo apk add htop curl nano
- remove unnecessary apps:
sudo apk del gnome-maps gnome-calculator gnome-software gnome-clocks gnome-calendar gnome-text-editor gnome-contacts gnome-weather chatty portfolio lollypop firefox-esr evince calls megapixels postmarketos-default-camera postmarketos-welcome loupe flatpak
- list remaining packages:
sudo apk list -I
- disable unnecessary services:
sudo rc-update del bluetooth
andsudo rc-update del modemmanager
- list enabled services:
sudo rc-update show
Wireguard
- install:
sudo apk add wireguard-tools-wg-quick wireguard-tools-openrc
- add wireguard config to
/etc/wireguard/wg0.conf
, e.g.:
[Interface]
PrivateKey = XXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Address = 192.168.178.204/24
DNS = 192.168.178.1
DNS = fritz.box
[Peer]
PublicKey = XXXXXXXXXXXXXXXXXXXXXXXXXXXXX
PresharedKey = XXXXXXXXXXXXXXXXXXXXXXXXXXXXX
AllowedIPs = 192.168.178.0/24,0.0.0.0/0
Endpoint = XXXXXXXXXXXXXXXXXXXXXXXXXXXXX.myfritz.net:12345
PersistentKeepalive = 25
- fix permissions:
sudo chmod o-r /etc/wireguard/wg0.conf
- autostart:
sudo ln -s /etc/init.d/wg-quick /etc/init.d/wg-quick.wg0
sudo rc-update add wg-quick.wg0
sudo service wg-quick.wg0 start
- manual start:
sudo wg-quick up wg0
- manual stop:
sudo wg-quick down wg0
Docker
- install:
sudo apk add docker
(alpine sources typically provide an up-to-date version) - autostart:
sudo rc-update add docker
- start:
sudo service docker start
- the PinePhone can execute arm32v7 and also arm64v8 images
Feedback