Friday, 15 July 2022

Setting up mobile backup for my home broadband

As part of an interview for a Technical Product Manager job I had to create a video presentation how I would improve a product at home. I have chosen my home broadband and argued for enabling monitoring and mobile backup as an improvement. While I am monitoring my home broadband for quite some time I have always played with the idea to use my mobile data plan in case my fixed broadband is down.

I recently moved default gateway function to my monitoring Raspberry Pi with the help of a VLAN enabled switch - see my previous post about it. The mobile coverage in the electric room where my broadband modem installed is probably the weakest in the building so not an ideal place for a mobile backup solution. On the other hand upstairs at my working desk the mobile coverage is reasonable and I have my other Raspberry Pi that I use as my desktop PC usually. I also regularly charge my phone next to this Raspberry Pi which sparked the idea to extend USB tethering as a mobile backup solution for the entire home. For this I need to change the routing at both Raspberry Pi in case the fixed broadband is down so that all traffic is routed via USB tethering. For this I have found a failover script here that I have customised for my use case as follows on the Raspberry Pi next to my broadband modem:

jordana@pi4b2:~ $ nano failover.sh

#!/bin/bash


# Set defaults if not provided by environment

CHECK_DELAY=${CHECK_DELAY:-1}

CHECK_IP=${CHECK_IP:-8.8.8.8}

PRIMARY_IF=${PRIMARY_IF:-eth0.8}

PRIMARY_GW=${PRIMARY_GW:-192.168.0.1}

BACKUP_IF=${BACKUP_IF:-eth0}

BACKUP_GW=${BACKUP_GW:-192.168.0.12}


# Compare arg with current default gateway interface for route to healthcheck IP

gateway_if() {

  [[ "$1" = "$(ip route get "$CHECK_IP" | sed -rn 's/^.*dev ([^ ]*).*$/\1/p')" ]]

}


# Cycle healthcheck continuously with specified delay

while sleep "$CHECK_DELAY"

do

  # If healthcheck succeeds from primary interface

  if ping -I "$PRIMARY_IF" -c1 "$CHECK_IP" &>/dev/null

  then

    # Are we using the backup?

    if gateway_if "$BACKUP_IF"

    then # Switch to primary

      ip route delete default via "$BACKUP_GW" dev "$BACKUP_IF"

    fi

  # If healthcheck fails from primary interface

  else

    # Are we using the primary?

    if gateway_if "$PRIMARY_IF"

    then # Switch to backup

      ip route add default via "$BACKUP_GW" dev "$BACKUP_IF"

    fi

  fi

done


On my desk I also have a failover script running on the Raspberry Pi: 


jordana@dad-pi4g:~ $ nano failover.sh

#!/bin/bash


# Set defaults if not provided by environment

CHECK_DELAY=${CHECK_DELAY:-1}

CHECK_IP=${CHECK_IP:-8.8.8.8}

PRIMARY_IF=${PRIMARY_IF:-eth0}

PRIMARY_GW=${PRIMARY_GW:-192.168.0.1}

BACKUP_IF=${BACKUP_IF:-usb0}

BACKUP_GW=${BACKUP_GW:-192.168.0.1}

EMAIL=${EMAIL:-jordan.arpad@gmail.com}


# Compare arg with current default gateway interface for route to healthcheck IP

gateway_if() {

  [[ "$1" = "$(ip route get "$CHECK_IP" | sed -rn 's/^.*dev ([^ ]*).*$/\1/p')" ]]

}


switch_to_primary() {

  ip route delete default via "$PRIMARY_GW" dev "$PRIMARY_IF"

  ip route add default via "$PRIMARY_GW" dev "$PRIMARY_IF"

  date | mail -s "$HOSTNAME switched to primary" "$EMAIL"

}


switch_to_backup() {

  ip route delete default via "$PRIMARY_GW" dev "$PRIMARY_IF"

  ip route add default via "$PRIMARY_GW" dev "$PRIMARY_IF" metric 5000

  date | mail -s "$HOSTNAME switched to backup" "$EMAIL"

}


# Cycle healthcheck continuously with specified delay

while sleep "$CHECK_DELAY"

do

  # If healthcheck succeeds from primary interface

  if ping -I "$PRIMARY_IF" -c1 "$CHECK_IP" &>/dev/null

  then

    # Are we using the backup?

    if gateway_if "$BACKUP_IF"

    then switch_to_primary

    fi

  # If healthcheck fails from primary interface

  else

    sleep "$CHECK_DELAY"

    # If healthcheck succeeds from primary interface

    if ping -I "$PRIMARY_IF" -c1 "$CHECK_IP" &>/dev/null

    then

      # Are we using the backup?

      if gateway_if "$BACKUP_IF"

      then switch_to_primary

      fi

    # If healthcheck fails from primary interface AGAIN

    else

      # Are we using the primary?

      if gateway_if "$PRIMARY_IF"

      then switch_to_backup

      fi

    fi

  fi

done

I added routing and NAT to usb0 on the desktop Raspberry Pi also and whenever I have my phone connected with USB tethering to the mobile network the redundancy switching is working like a charm back and forth :) So I made these scripts running @reboot from crontab and configured notification emails from my desktop Raspberry.


UPDATE

I added email notification to the script as per above after installing ssmtp and mailutils and configured as follows. Please note that this only works with App Password added to your Google account so use it with care, at your own risk and consider creating a separate Google account for this purpose.

jordana@dad-pi4g:~ $ sudo cat /etc/ssmtp/ssmtp.conf
#
# Config file for sSMTP sendmail
#
# The person who gets all mail for userids < 1000
# Make this empty to disable rewriting.
root=

# The place where the mail goes. The actual machine name is required no 
# MX records are consulted. Commonly mailhosts are named mail.domain.com
mailhub=smtp.gmail.com:587

# Where will the mail seem to come from?
rewriteDomain=

# The full hostname
hostname=dad-pi4g

# Are users allowed to set their own From: address?
# YES - Allow the user to specify their own From: address
# NO - Use the system generated From: address
#FromLineOverride=YES

AuthUser=jordan.arpad73@gmail.com
AuthPass=
UseSTARTTLS=YES

Posted by at No comments:

Thursday, 14 July 2022

Moving NAT to Raspberry

In an attempt to control even more functions of my home broadband I have decided to use my monitoring Raspberry Pi to execute the NAT function also. For this, I had to have two Ethernet interfaces connected to the monitoring Raspberry Pi and also move all connections currently using the built-in switch to my provider router to a switch behind the monitoring Raspberry Pi executing the NAT function. I could use a USB Ethernet adapter, for example the one I had lying around from my extra Chromecast that Google have send for free with the Stadia controller. But I still needed an extra switch and as a prime day deal I have found this VLAN enabled switch on sale:

https://amzn.eu/53hbzq4

This solves both issues, providing multiple Ethernet interfaces attached to the Raspberry Pi with an 802.1q trunk and also accommodation for the connections previously on the provider router built-in switch.

Enabling a VLAN interface on the Raspberry Pi was straigthforward:

jordana@pi4b2:~ $ sudo apt install vlan

jordana@pi4b2:~ $ sudo nano /etc/network/interfaces.d/vlans

auto eth0.8

iface eth0.8 inet manual

  vlan-raw-device eth0

The corresponding VLAN configuration on the switch is as follows:


Raspberry Pi is connected to port 1 and an Ethernet port on the provider router to port 8.

I changed the provider router to modem mode and moved the default gateway address 192.168.0.1/24 of my home LAN to eth0 on the Raspberry Pi.

jordana@pi4b2:~ $ sudo nano /etc/dhcpcd.conf

interface eth0

static ip_address=192.168.0.1/24

I also had to change the NAT rule as follows (updated with rule to drop connection request from eth0.8):

jordana@pi4b2:~ $ sudo iptables -t nat -I POSTROUTING -o eth0.8 -j MASQUERADE
jordana@pi4b2:~ $ sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED -i eth0.8 -p tcp -j ACCEPT
jordana@pi4b2:~ $ sudo iptables -A INPUT -i eth0.8 -p tcp -j DROP
jordana@pi4b2:~ $ sudo iptables-save -f /etc/iptables.rules
Posted by at No comments:
Subscribe to: Comments (Atom)