Remote Computing and Yet Another Change of Plans

Tagged with dynamic dns, linux, philippines, raspberry pi, rdp, remmina, remote connection, rsync, ssh, united states on August 12, 2024

I wrote “Too Much Time on My Hands” after experiencing several days of frustrations. My Raspberry Pi 400 (“Pi” for short) is ready for remote computing, but I could have set things up on any computer with any Linux distribution on it. Anyway… I’ll use the Pi for remote computing as I originally planned.

In order to connect remotely, I have to rely on some form of dynamic DNS service. I tried Duck DNS and Dynu, but both failed to update the DNS records at times. After discovering a way to use Cloudflare for the same purpose, I no longer have anything to worry about. This blog is hosted on Cloudflare, by the way.

Dynamic DNS and Cloudflare

A Medium article titled “Dynamic DNS with Cloudflare” got me halfway through the process. The term the author used, “Synthetic Record”, which meant a record for a subdomain name, is needlessly confusing. You have to have a regular domain name registered at Cloudflare, of course, or it doesn’t matter.

I installed “ddclient” as instructed, but I couldn’t get it to connect, and I wasted more than an hour trying to figure out why. After I found a better solution, a GitHub script called “DDNS Cloudflare Bash Script”, I immediately uninstalled “ddclient”. The script files were ridiculously easy to download, edit as necessary, and get things up and running.

After running the script once, and after examining the log file, I edited the script to comment out all the log code at the beginning except for the “parent_path”. The last thing I had to do was create a cronjob:

*/5 * * * * /home/username/update-cloudflare-dns.sh

Every five minutes is probably overkill, but it doesn’t really do anything until the IP address actually changes.

Restricted Access

The only way to restrict access completely is to set up firewall rules. The following routine limits access to my LAN IP address and the IP address for my subdomain name. Since I’m restricting access to only one IP address at a time, I don’t even have to worry about the ports. I’m not specifying the protocol (TCP or UDP), so both are allowed. I named the file “access.sh”:

#!/bin/bash
HOSTNAME=sub.domain.com
IPFILE=/home/username/access.txt
STATIC_IP=192.168.1.101
CURRENT_IP=$(dig +short $HOSTNAME)
if [ ! -f $IPFILE ]; then
    /usr/sbin/ufw allow from $STATIC_IP
    /usr/sbin/ufw allow from $CURRENT_IP
    echo $CURRENT_IP > $IPFILE
else
    OLD_IP=$(cat $IPFILE)
    if [ "$CURRENT_IP" = "$OLD_IP" ] ; then
        echo IP address has not changed
    else
        /usr/sbin/ufw delete allow from $OLD_IP
        /usr/sbin/ufw allow from $CURRENT_IP
        echo $CURRENT_IP > $IPFILE
        echo iptables have been updated
    fi
fi

The command, sudo ufw status, returns something like this:

Anywhere                   ALLOW       192.168.1.101
Anywhere                   ALLOW       123.123.123.123

Two LAN IP addresses are assigned as static at the router, based on the MAC addresses. One for the remote computer and one for the local computer. The static IP address for the local computer will be worthless when I leave the Philippines, so I’ll remove it from the firewall before I leave. The only reason I use it now is that it’s a much faster connection.

I have a cronjob set up on the Pi:

*/5 * * * * /home/username/access.sh

Again, every five minutes is probably overkill, but it doesn’t do anything until the IP address for the host name changes.

Backups

I’m using the remote computer as a Google Drive alternative. I have a cronjob backing up a local directory periodically:

@hourly rsync -avzh -e ssh /home/local_username/Documents/ [email protected]:/home/remote_username/Documents/ --delete

I’m not using a LAN connection because the time it takes to complete isn’t a factor in anything.

Remote Software

For my visual connection, I started out using RealVNC. I had issues with the remote resolution. Then I tried X2Go. Only the Xfce desktop environment worked properly, and I dislike Xfce. Remmina is the only one that worked with my setup. I had to install xrdp on the remote side.

I can always connect to the SSH server from the command line, but Remmina also supports SSH.

Image by [email protected] Larry Ewing and The GIMP, CC0, via Wikimedia Commons