Install Ansible on Arch Linux

Installation is pretty simple….

$ sudo pacman -Sy ansible

Create an inventory hosts file:

$ sudo vim /etc/ansible/hosts

My one currently has just localhost as the control machine:


Test it works by using the ansible ping module:

[andy@home-pc ~]$ ansible control -m ping -u andy --ask-pass
SSH password: | SUCCESS => {
    "changed": false, 
    "ping": "pong"

To use the –ask-pass switch, you need to first install sshpass:

$ sudo pacman -Sy sshpass

Other useful dependencies are:

Optional dependencies for ansible
    sshpass: for ssh connections with password
    python2-passlib: crypt values for vars_prompt
    python2-netaddr: for the ipaddr filter
    python2-systemd: log to journal
    python2-pywinrm: connect to Windows machines
    python2-dnspython: for dig lookup
    python2-ovirt-engine-sdk: ovirt support
    python2-boto: aws_s3 module
    python2-jmespath: json_query support

Its probably best to enable these as and when they’re needed. One of my next aims to is connect to a Windows device to run a few tasks so I know I’m going to need the winrm module. The below playbook refreshes the pacman cache and then updates the system. It then installs the python2-pywinrm package.

$ vim ~/ansible
$ cd ~/ansible
$ vim winrm.yml


- name: All hosts up-to-date
  hosts: control
  remote_user: root
  become: yes
    - name: full system upgrade
        update_cache: yes
        upgrade: yes
    - name: ansible winrm module
        name: python2-pywinrm
        state: latest

Then run it with:

$ ansible-playbook --ask-pass winrm.yml

Enter the root password.

XWiki on Ubuntu 16.04 LTS with Nginx Reverse Proxy

Install XWiki and all dependant programs on a 4 GB cloud server. This means:

1) Java
2) Tomcat
3) MySQL/MariaDB
4) XWiki
5) Nginx

Here we use Nginx as a reverse proxy to firstly redirect all HTTP to HTTPS and then forward all requests on port 80/443 to port 8080 (tomcat) on the localhost. Here I use LetsEncrytp for my SSL certificates.

Before we begin…

Setup DNS ——>

Prepare the Server


Update and reboot the server.

apt-get update
apt-get dist-upgrade

Enable the firewall

ufw status
ufw enable
ufw allow ssh
ufw reload
ufw status

Install Oracle Java

This is a requirement before installing Tomcat or XWiki. At the time of writing, Java 8.x is recommended as 9.x is too new and has a number of known bugs still.

apt-get install software-properties-common
add-apt-repository ppa:webupd8team/java
apt-get update
apt-get install oracle-java8-installer

You will need to accept the license agreement:

Accept license agreement

Binary code license terms

Because many programs check for $JAVA_HOME, it is a good idea to set it now. If you don’t know the path, check with:

root@wiki:~# update-alternatives --config java
There is 1 choice for the alternative java (providing /usr/bin/java).

  Selection    Path                                     Priority   Status
  0            /usr/lib/jvm/java-8-oracle/jre/bin/java   1081      auto mode
* 1            /usr/lib/jvm/java-8-oracle/jre/bin/java   1081      manual mode

Press <enter> to keep the current choice[*], or type selection number:

Then edit your system $PATH variable so that the /usr/lib/jvm/java-8-oracle is the first path.

nano /etc/environment

Mine looks like this:

root@wiki:~# cat /etc/environment

You will need to log out and back in first but you can test with the below command.

root@wiki:~# echo $JAVA_HOME

Create Virtual Host and Generate SSL

Install Nginx and LetsEncrypt.


Install and configure Nginx.

apt-get install apache2-utils nginx
systemctl enable nginx

Create a very basic virtual host by editing the nginx configuration file and inserting your server name in the server_name variable.

vim /etc/nginx/sites-enabled/default

Mine looks like this.

root@wiki:~# egrep -v "^$|^[[:space:]]*#" /etc/nginx/sites-available/default 
server {
	listen 80 default_server;
	listen [::]:80 default_server;
	root /var/www/html;
	index index.html index.htm index.nginx-debian.html;
	location / {
		try_files $uri $uri/ =404;


systemctl restart nginx

Check it works!

Nginx test page
If it doesn’t, check the firewall…

Allow HTTP and HTTPS Traffic

If you use a local firewall like UFW or iptables, you will need to allow port 80 and 443.

ufw status
ufw allow http
ufw allow https
ufw status
ufw reload


add-apt-repository ppa:certbot/certbot
apt-get update
apt-get install python-certbot-nginx
certbot --nginx -d -d

Your certificate will get saved to /etc/letsencrypt/live/

LetsEncrypt will edit your virtual hosts file.  The parts we are interested in are:

  listen 443 ssl; # managed by Certbot
  ssl_certificate /etc/letsencrypt/live/; # managed by Certbot
  ssl_certificate_key /etc/letsencrypt/live/; # managed by Certbot
  include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
  ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

  if ($scheme != "https") {
    return 301 https://$host$request_uri;
  } # managed by Certbot


Install XWiki

Install XWiki.

wget -q "" -O- | apt-key add -
wget "" -P /etc/apt/sources.list.d/
apt-get update

Search for XWiki packages to install.

apt-cache search xwiki

According to the official documentation, the enterprise version is out-of-date and the non-enterprise version should be used.

apt-get install xwiki-tomcat8-mysql

Set the root MySQL password:


Set root MySQL password
Set root MySQL password

When asked if you should configure the database with dbconfig-common, say yes.

Configure with dbconfig-common
Configure with dbconfig-common

MySQL application password:


Select application password
Select application password

Check tomcat8 is listening on port 8080:

root@wiki:~# netstat -plnt | grep :8080
tcp6       0      0 :::8080                 :::*                    LISTEN      15840/java

Check your memory usage:

root@wiki:~# free -h
              total        used        free      shared  buff/cache   available
Mem:           3.9G        487M        1.9G         10M        1.5G        3.3G
Swap:            0B          0B          0B

You will need to increase the default about of memory allocated to Java. Here’s how:

vim /etc/default/tomcat8


root@wiki:~# grep ^JAVA_OPTS /etc/default/tomcat8
JAVA_OPTS="-Djava.awt.headless=true -Xmx128m -XX:+UseConcMarkSweepGC"


root@wiki:~# grep ^JAVA_OPTS /etc/default/tomcat8
JAVA_OPTS="-Djava.awt.headless=true -Xmx1024m -XX:+UseConcMarkSweepGC"

Restart Tomcat

systemctl restart tomcat8

Test using using a browser:

If you’ve enabled a firewall and you want to test:

ufw allow 8080/tcp
ufw reload

However I’m not going to do this – I’m going to setup Nginx as a proxy first.

Configure Nginx

Remove the default virtual host configuration.

rm -v /etc/nginx/sites-enabled/default.conf
vim /etc/nginx/sites-available/

My site configuration look as follows:

upstream tomcat {
  server fail_timeout=0;
  keepalive 64;

server {
  listen [::]:80;
  listen ssl;
  listen [::]:443 ssl;
  ssl_certificate /etc/letsencrypt/live/;
  ssl_certificate_key /etc/letsencrypt/live/;
  include /etc/letsencrypt/options-ssl-nginx.conf;
  ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
  # redirect http to https
  if ($scheme != "https") {
    return 301 https://$host$request_uri;

  auth_basic "Authentication Required";
  auth_basic_user_file xwiki-access;

  location / {
    client_max_body_size 20M;
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Server $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_pass_request_headers on;
    proxy_set_header Connection "keep-alive";
    proxy_store off;
    proxy_headers_hash_max_size 512;
    deny all;

    proxy_pass http://tomcat/;

I also want to password protect my wiki:

htpasswd -c /etc/nginx/xwiki-access andy

Enable the site:

cd /etc/nginx/sites-enabled/
ln -s ../sites-available/ .

….and check configuration file for errors.

root@wiki:~# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Check config and restart Nginx:

systemctl restart nginx

Now try entering the following into your browser and complete the on-screen installation instructions:

Complete Installation

Here are few things I normally do after an installation.

Make Root Application

I want to make this Wiki instance the root web application and remove the trailing /xwiki from the URL.

systemctl stop tomcat8.service
mv -v /etc/tomcat8/Catalina/localhost/xwiki.xml /etc/tomcat8/Catalina/localhost/ROOT.xml
vim /etc/xwiki/xwiki-tomcat8.xml


<Context path="/xwiki" docBase="/usr/lib/xwiki" privileged="true" crossContext="true">
  <!-- make symlinks work in Tomcat -->
  <Resources allowLinking="true" />


<Context path="/" docBase="/usr/lib/xwiki" privileged="true" crossContext="true">
  <!-- make symlinks work in Tomcat -->
  <Resources allowLinking="true" />

Don’t forget to start Tomcat again:

systemctl start tomcat8.service

Now the URL is simply:

Enable superadmin

This is needed if you plan to import XWiki pages from a previous installation.

vim /etc/xwiki/xwiki.cfg

Find the following section.

#-# Enable to allow superadmin. It is disabled by default as this could be a
#-# security breach if it were set and you forgot about it. Should only be enabled
#-# for recovering the Wiki when the rights are completely messed.
# xwiki.superadminpassword=system

….and change to:

#-# Enable to allow superadmin. It is disabled by default as this could be a
#-# security breach if it were set and you forgot about it. Should only be enabled
#-# for recovering the Wiki when the rights are completely messed.

Don’t forget to restart Tomcat if necessary.

Update Cookie Encryption Keys

When a user logs in, three cookies are saved to their machine. These cookies are encrypted with the below details. First we need to get the two random strings of equal length.

root@wiki:~# date +%s | sha256sum | base64 | head -c 32 ; echo
root@wiki:~# date +%s | sha256sum | base64 | head -c 32 ; echo

Then edit the xwiki.cfg file.

vim /etc/xwiki/xwiki.cfg

Find the relevant section and edit to look like the below.


Don’t forget to restart Tomcat if necessary.

Complete the Installation

Login to complete the installation.

Log in
Log in

Click continue.

Installation wizard
Installation wizard

Register and log in.

Register and login
Register and login


Install xwiki
Install xwiki

Select 9.9 and continue.

Install 9.9
Install 9.9

Confirm installation again.

Confirm installation
Confirm installation



Continue again.

Continue again
Continue again

Confirm the report by clicking continue.

Confirm installation report
Confirm installation report

Installation complete!

Installation Complete
Installation Complete

Import old XWiki Content

Lets see if the import feature works!  Log in as the superadmin user and then navigate to the Administration section:

Then select Content, followed by Import:


Select the backup.xar that you (hopefully) took earlier and import all the content.

Package content
Package content

Select the following options.

Import options
Import options


Installing tox on Manjaro i3

Tox is an open source secure alternative to the likes of Skype. To install it, you need to install the core package and one of the available GUIs.  You can compare some of the available clients here but personally I like qtox. The below will pull in the required dependencies.

sudo pacman -Sy qtox

If you want the latest Git version, you can install qtox-git from the AUR.

yaourt -S qtox-git

Make sure you run that as a regular user – not root.  This pulls in the core package from the ABS repository also.

To add a contact, you will need their Tox ID – which looks like this:


If that is a bit too annoying for you, you can use a free ToxDNS provider, such as This will give you a “” address to give your people.

Windows 7 QEMU Guest

Check your kernel was compiled with support.

zgrep CONFIG_KVM /proc/config.gz
zgrep VIRTIO /proc/config.gz

Check the kvm and virtio kernel modules are loaded.

lsmod | grep kvm
lsmod | grep virtio

I needed to manually load the virtio module:

sudo modprobe virtio

To automatically load the virtio module at boot:

echo "virtio" >> /etc/modules-load.d/virtio.conf

Reboot and check again:

lsmod | egrep 'virtio|kvm'

Install qemu. I also installed qemu-launcher – a GUI front-end.

sudo pacman -S qemu qemu-launcher

Create a working directory:

mkdir vms
cd vms

Create a virtual hard drive the the Windows installation.

qemu-img create -f qcow2 windows.qcow2 40G

Prepare the installation medium. I inserted a Windows 7 installation DVD and created an ISO locally.

sudo dd if=/dev/sr0 of=en-windows-7-professional-x64-dvd.iso

To launch into the Windows installation:

qemu-system-x86_64 -enable-kvm -m 4096 -cdrom en-windows-7-professional-x64-dvd.iso -boot d windows.qcow2

Once installed you don’t need to attach the ISO:

qemu-system-x86_64 -enable-kvm -m 4096 -boot d windows.qcow2 

Update and upgrade to Windows 10 😉


Spotify on Manjaro i3

Spotify is available from the AUR.


yaourt -S spotify

To play local file you will need to also install ffmpeg.

yaourt -S ffmpeg0.10


For some (currently) unknown reason, launching Spotify crashes when I login. The only fix I have found so far is to change the scale factor from the default 1 to something else. You can do that by launching it at the command line:

spotify --force-device-scale-factor=2

To make this permanent, edit /usr/share/applications/spotify.desktop.

[Desktop Entry]
GenericName=Music Player
Comment=Spotify streaming music client
Exec=spotify --force-device-scale-factor=2


Installing Ansible on Ubuntu 14.04 LTS

Take a look at the official installation guide. The simplest way to install Ansible on Ubuntu is add the PPA repository and install via apt-get.

If not already installed, you will need the software-properties-common package.

sudo apt-get install software-properties-common

Then add the repository and install ansible.

sudo apt-add-repository ppa:ansible/ansible
sudo apt-get update
sudo apt-get install ansible

Presumably you’ve already got an external server that you want to configure with Ansible. You will need SSH access, and if you’ve not already done so, you’re gonna want to setup key-based authentication. Assuming you’ve done that, you can test things are working with:

su -
mv -v /etc/ansible/hosts{,.original}
echo > /etc/ansible/hosts

I also need to tell ansible to connect as the root user.

sudo mkdir /etc/ansible/group_vars
sudo vim /etc/ansible/group_vars/all

Enter the following. The three dashes at the top indicate this is a yaml file.

ansible_ssh_user: root

You should now be able to test with the following.

ansible -m ping all

You should see output similar to the below if all went well.

andy@bastion:~$ ansible -m ping all | success >> {
"changed": false,
"ping": "pong"

X2Go on Ubuntu Server 14.04

In a previous post, I talked about my experience using X2Go with XFCE4 and Lubuntu.

XFCE4 via X2Go

Here is how it was achieved…..

On the Server

Here I’m using Ubuntu 14.04 LTS but you can install X2Go on just about any Linux distro.

Create a User Account

Create a regular user to run the desktop session under.

sudo useradd -m -s /bin/bash andrew
sudo passwd andrew

For your own sanity, I recommend you setup password-less key-based authentication as soon as possible……go, do it now!

Configure SSH

Open the main configuration file for the OpenSSH daemon process.

sudo vim /etc/ssh/sshd_config

Ensure X11 forwarding is enabled.

X11Forwarding yes

Don’t forget to test for configuration errors and restart the SSH service.

sudo sshd -t
sudo service ssh restart

Install Lightweight Desktop Environment

Both Lubuntu and XFCE4 work well, out-the-box with X2go. I installed both side-by-side for testing and both worked well together. You can even pause/suspend your Lubuntu or XFCE4 session and come back to it another time.


sudo apt-get install xfce4

Note, for some reason you will also need to install the following packages or you will have missing icons.

sudo apt-get install gnome-icon-theme-full tango-icon-theme

For Lubuntu

sudo apt-get install lubuntu-desktop

Along with (a load of) other packages, you will now have XOrg installed. This means, as long as X11 forwarding has been enabled on the client side of the SSH connection, you can now test X11 with a program like firefox if you have it installed already.

Install X2Go Server Software

Install the repository package if it’s not already installed.

sudo apt-get install software-properties-common

Add the X2Go repository and install packages. If using Ubuntu 10.04 or 12.04, install python-software-properties instead of the software-properties-common package.

sudo add-apt-repository ppa:x2go/stable
sudo apt-get update
sudo apt-get install x2goserver x2goserver-xsession

For information about other distributions, see the X2Go server installation page.

DE Bindings

If you installed Lubuntu, you may want to install the following package for Desktop Environment bindings. I don’t believe there is currently a desktop bindings package for XFCE4.

sudo apt-get install x2golxdebindings

This is probably a good place to reboot if like me you’ve installed a lot of new packages.

On the Client

Again, you can install the client on just about anything – including Windows! Here I am using Manjaro i3 Community Linux.

sudo pacman -S x2goclient

X2Go also has some other clients that look useful – like a Python one for example.

SSH Client Configuration

Make sure you have at least ForwardX11 yes in /etc/ssh/ssh_config or ~/.ssh/config.

Host *
ForwardX11 yes
ForwardX11Trusted yes

Test X11 Forwarding

You can test that X11 is being forwarded correctly by using SSH to log onto the remove server, from your local Linux desktop, and and issue the following.

andrew@loader:~$ firefox &
[1] 2257

You might also want to setup password-less SSH key-based authentication if you’ve not done so already.

Create Sessions

For Lubuntu, select Custom Desktop and enter the below for the command.

lxsession -e LXDE -s Lubuntu

For XFCE4, you can just select XFCE.

Lubuntu XFCE4

I’m using the i3wm – I found the best result in appearance using the Use whole display option under the Input/Output tab, and then select the display (monitor) you want to use.

i3wm compatible


Minimal Desktop Environment over SSH

So I wanted to install a Java desktop application and have it publicly available on a server somewhere. Using a light weight desktop environment on one of my cloud servers made sense – provided that is, I could find something reasonably secure.

I came across X2Go and decided to give it a try on one of my Rackspace cloud servers. I used a 2 GB General Purpose v1 server and was surprised at how low the resource usage was – and consequentially how quick and responsive it all felt.

X2Go is a remote desktop tool that uses the NX technology protocol and operates entirely over a secure SSH connection. Using SSH keys makes the process of logging in pretty painless too!

I’m using Ubuntu 14.04 LTS for the OS, on the server and Manjaro i3 community edition on my local desktop, as the client. On the server I tried both XFCE4 and Lubuntu as the Desktop Environments.

Lubuntu via X2Go

Personally I think I prefer XFCE4 as it was slightly easier to install and lightning quick to use. When I used Lubuntu, the start menu could take a while (like a minute!) to load. Once it had loaded though, it too was lightning quick. And to be fair to Lubuntu, I didn’t really look into it much further.

XFCE4 using X2Go

As a note to my future self, here’s what you need to do.

OSMC PPTP Client Configuration

My parents are retired and have a house in France where they live for about three months of the year. Like most people in the UK, they watch a lot of TV and are big users of the BBC iPlayer. This is a problem when they’re in France as the BBC uses GeoLocation authentication. Simply put, this means they block all connections coming from a non-UK IP address.

One solution to this problem is to route there internet traffic through a Virtual Private Network (VPN). You could host your own VPN, or you could simply subscribe to one of many VPN providers out there. Here I am trying iPortal.

iPortal VPN Connection Details

iPortal supports two protocols for tunnelling – PPTP and L2TP. Unfortunately this means that they do not support OpenVPN.

Here you will need to get your VPN connection details to hand. iPortal only requires a username and password. Other providers may also require you to provide a domain.

Username Password kw3VX5uigjgf

Here I will be following this as a guide and configuring the client to use PPTP. I am using a Raspberry Pi with the OSMC as the OS.

Install and Configure PPTP Client

First we will need to install the pptp-linux package.

sudo apt-get update
sudo apt-get install pptp-linux

The PPTP configuration file is /etc/ppp/options.pptp. Use a text editor (nano) to edit the file if necessary.

nano /etc/ppp/options.pptp

…and add the following lines if not already present.


You can use egrep to check, as I do below.

egrep "lock|noauth|nobsdcomp|nodeflate" /etc/ppp/options.pptp

You now need to add your username, password and domain (if your providers gave you one) to the chap-secrets file, located in /etc/ppp/. Some provides also require you to specify a domain here – but not iPortal.

sudo nano /etc/ppp/chap-secrets

The format for entering these details are as shown below.


My configuration file simply has the following entry. If you’re using iPortal, your username is normally your email address. PPTP kw3VX5uigjgf *

Now create a file in /etc/ppp/peers. The name is not important.

sudo nano /etc/ppp/peers/iPortal

Now enter your connection details again like so. You may need to find out the host server name ( from your provider. Name, is your your username. Remember to prepend the domain (\\ if required.

pty "pptp --nolaunchpppd"

The ipparam is the name of your VPN connection. This should be the same name of the file you recreated earlier in /etc/ppp/peers. Some providers may require “require-mppe” in place of “require-mppe-128“.

Test Connection

To test, use the pon command followed by the name of your VPN connection. The other information is useful for debugging connection issues.

sudo pon iPortal debug dump logfd 2 nodetach

A successful connection should look something like:

osmc@osmc:~$ sudo pon iPortal debug dump logfd 2 nodetach
pppd options in effect:
debug           # (from command line)
nodetach                # (from command line)
logfd 2         # (from command line)
dump            # (from command line)
noauth          # (from /etc/ppp/options.pptp)
refuse-pap              # (from /etc/ppp/options.pptp)
refuse-chap             # (from /etc/ppp/options.pptp)
refuse-mschap           # (from /etc/ppp/options.pptp)
refuse-eap              # (from /etc/ppp/options.pptp)
name               # (from /etc/ppp/peers/iPortal)
remotename PPTP         # (from /etc/ppp/peers/iPortal)
                # (from /etc/ppp/options.pptp)
pty pptp --nolaunchpppd           # (from /etc/ppp/peers/iPortal)
crtscts         # (from /etc/ppp/options)
                # (from /etc/ppp/options)
asyncmap 0              # (from /etc/ppp/options)
lcp-echo-failure 4              # (from /etc/ppp/options)
lcp-echo-interval 30            # (from /etc/ppp/options)
hide-password           # (from /etc/ppp/options)
ipparam iPortal         # (from /etc/ppp/peers/iPortal)
nobsdcomp               # (from /etc/ppp/options.pptp)
nodeflate               # (from /etc/ppp/options.pptp)
require-mppe-128                # (from /etc/ppp/peers/iPortal)
noipx           # (from /etc/ppp/options)
using channel 1
Using interface ppp0
Connect: ppp0 <--> /dev/pts/1
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0xfc34bc4b> <pcomp> <accomp>]
rcvd [LCP ConfReq id=0x0 <mru 1400> <auth eap> <magic 0x72c91c98> <pcomp> <accomp> <callback CBCP> <mrru 1614> <endpoint []>]
sent [LCP ConfRej id=0x0 <callback CBCP> <mrru 1614>]
rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0xfc34bc4b> <pcomp> <accomp>]
rcvd [LCP ConfReq id=0x1 <mru 1400> <auth eap> <magic 0x72c91c98> <pcomp> <accomp> <endpoint []>]
sent [LCP ConfNak id=0x1 <auth chap MS-v2>]
rcvd [LCP ConfReq id=0x2 <mru 1400> <auth chap MS-v2> <magic 0x72c91c98> <pcomp> <accomp> <endpoint []>]
sent [LCP ConfAck id=0x2 <mru 1400> <auth chap MS-v2> <magic 0x72c91c98> <pcomp> <accomp> <endpoint []>]
sent [LCP EchoReq id=0x0 magic=0xfc34bc4b]
rcvd [CHAP Challenge id=0x0 <8adc771b8bafde36f1ef9dd9bc3253c1>, name = "SERVER5955"]
added response cache entry 0
sent [CHAP Response id=0x0 <aa362ea5ed92909ba0a813f6ba6b358f0000000000000000b0c4dc10e810cc54a48717df07a15846da629c63d8b9ce3d00>, name = ""]
rcvd [LCP EchoRep id=0x0 magic=0x72c91c98]
rcvd [CHAP Success id=0x0 "S=B4453B93CA28DC23F07704FE63A06DB0AE569B1E"]
response found in cache (entry 0)
CHAP authentication succeeded
sent [CCP ConfReq id=0x1 <mppe +H -M +S -L -D -C>]
rcvd [CCP ConfReq id=0x4 <mppe +H -M -S -L -D +C>]
sent [CCP ConfNak id=0x4 <mppe +H -M +S -L -D -C>]
rcvd [IPCP ConfReq id=0x5 <addr>]
sent [IPCP TermAck id=0x5]
rcvd [CCP ConfAck id=0x1 <mppe +H -M +S -L -D -C>]
rcvd [CCP ConfReq id=0x6 <mppe +H -M +S -L -D -C>]
sent [CCP ConfAck id=0x6 <mppe +H -M +S -L -D -C>]
MPPE 128-bit stateless compression enabled
sent [IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr>]
rcvd [IPCP ConfRej id=0x1 <compress VJ 0f 01>]
sent [IPCP ConfReq id=0x2 <addr>]
rcvd [IPCP ConfNak id=0x2 <addr>]
sent [IPCP ConfReq id=0x3 <addr>]
rcvd [IPCP ConfAck id=0x3 <addr>]
rcvd [IPCP ConfReq id=0x7 <addr>]
sent [IPCP ConfAck id=0x7 <addr>]
local  IP address
remote IP address
Script /etc/ppp/ip-up started (pid 653)
Script /etc/ppp/ip-up finished (pid 653), status = 0x0

To stop it, use Ctrl + C or the below command from anther terminal.

sudo poff iPortal

Route Traffic Through VPN

Once you have successfully connected to your VPN provider, you now need to route your traffic through it. Before doing that, you might want to make a note of your public IP address first. You can do this from the command line with the curl command. This should return the IP address of your ISP.

osmc@osmc:~$ curl -4

Now reconnect to your VPN with the following command.

sudo pon iPortal

Wait a few seconds and then route your traffic through the VPN.

sudo route add default dev ppp0

Now check your public IP address again. If all when well – it should now be the IP address of your VPN provider!

osmc@osmc:~$ curl -4

Your VPN is now working!


Now we have to automate the process. I created two scripts with 755 permissions

osmc@osmc:/myscripts$ ls -l
total 8
-rwxrwxr-x 1 osmc osmc 134 Aug 12 21:01
-rwxrwxr-x 1 osmc osmc 114 Aug 12 21:01

The file looks like the following.


sudo pon iPortal
sleep 10
sudo route add default dev ppp0
echo "VPN Connected: $(curl --silent -4"

And the looks like.


sudo poff iPortal
sleep 2
IP="$(curl --silent -4"
echo "VPN Disconnected: $IP"

Here’s the output from executing these scripts.

osmc@osmc:/myscripts$ ./
VPN Connected:
osmc@osmc:/myscripts$ ./
VPN Disconnected:

Launch Scripts from within OSMC

The guide I’m following uses the Advanced Launcher plugin for OSMC. Sadly it was at this point that I realised that Advanced Launcher seems to have died a horrible death and is not available any more! I will need to do a bit more research on this one it looks like – I don’t think my folks will be SSH’ing into the Pi to execute a script each time they want to watch the news lol!!!

Related Documents

iPortal VPN Review