This procedure explains how to setup an Internet Cube and configure it with the Neutrinet VPN.
In order to use our VPN, you need to follow this registration process. You will generate a private key and obtain a personal VPN certificate.
In case, for some reason, you are reinstalling a cube and you want to reuse your VPN certificate, you can find them on a running (or dead) cube as user.crt, user.key, ca-server.crt and credentials in /etc/openvpn/keys.
To configure Yunohost's VPN app, you will need a cube file which contains your VPN credentials and certificates. Put all the VPN files in the same folder.
You will also need a file with the credentials chosen while the registration process :
cd <path/to/foler> nano auth
In the file, write your credentials, for example :
email@example.com Password or Passphrase
In the same folder, download Neutrinet's script to create a .cube :
Run the script :
This is the strict minimum you need:
You can find details about the components and buy them here
You'll also need:
Download the latest version of Yunohost for internet cubes (Olimex Lime1 or Lime2) from https://yunohost.org/fr/install/hardware:internetcube
For instance, for a Lime1:
Uncompress the Yunohost image:
First, find the device name of your SD card:
Install the image on your SD card (all data on the SD card will be lost).
sudo dd if=internetcube_188.8.131.52_v2021.02_lime.img of=/dev/mmcblk0 status=progress
Remove the SD card from your computer when it's done.
In order to connect to your Cube, you need to find its IP address on your local network.
In your terminal, run:
The script can be download here : https://github.com/labriqueinternet/install.labriqueinter.net/blob/master/install-sd.sh
The output should look like this:
Internet Cubes found on the network: 1. YunoHost Admin: https://192.168.1.46 SSH Access: ssh firstname.lastname@example.org HyperCube Debug: http://192.168.1.46:2468/install.html
In this example, the IP address of your Cube on the local network is: 192.168.1.46
If the script cannot find your cube, try again a couple of minutes later.
Connect to https://192.168.1.46 (Please replace 192.168.1.46 with the IP address of your Cube found in the previous step)
Start the Yunohost postinstall and provide:
You will be able to change the admin password later on if you want.
If your main domain is something like cube.yourdomain.tld and you want to add yourdomain.tld as a second domain, add your second domain now, before creating the first user.
In the admin panel, go to Users and create the first user by providing:
This user is a bit special because it will be linked to the email@example.com mail address.
In the admin panel, go to Applications and click on the Install button.
VPN Client app, then install it.
Copy the .cube file you generated earlier. From your machine, run:
scp neutrinet.cube firstname.lastname@example.org:/tmp/neutrinet.cube
(Please replace 192.168.1.46 with the IP address of your Cube found in the previous step) The admin password of your Cube is the same as the one for the admin panel.
Connect to your Cube via SSH as admin:
Configure the VPN client:
ynh-vpnclient-loadcubefile.sh -u raoul -c /tmp/neutrinet.cube -p neutrinet
(Please replace raoul and neutrinet with the username and password of the first user)
Check that your cube is connected to the VPN:
ip a from the cube and check if there is a
- Connect to the IP in your web browser
Your VPN certificate will be valid for 1 year.
Install the Neutrinet app for Yunohost in order to let the cube automatically renew the certificate before expiration:
sudo yunohost app install neutrinet
You can keep the default values.
See this page.
By default, the files
/tmp folder are stored in RAM, which isn't a good idea when you have less than 1Gb available in a cube. See tmpfs / armbian
You can disable this by running the following:
sudo sed s/^ENABLED=true/ENABLED=false/ /etc/default/armbian-zram-config -i sudo sed 's/^tmpfs/# tmpfs/' /etc/fstab -i
If you have issues, or maybe you were able to find a fix for an issue, do not hesitate to contact us : https://chat.neutrinet.be