Server Installation 2020

[PatrickW]

I find that I do need to set an MTU of 1390 or less in order to use the VPN successfully. 576 should work pretty universally, but it's a complicated topic.

I made a separate thread about the MTU issues viewtopic.php?f=38&t=282

[hamishmb]

Thanks for doing this, it must have taken quite a lot of time to pin it down so well.

[hamishmb]

The VPN server is now fully up to date, and all seems fine.

I think the issue I'm having at home might be because my pi is the very first hardware revision (the VPN server is a Pi 1 Model B, but a newer hardware revision).

[hamishmb]

I should also add: is there any reason we're using names with eth0 and eth1 rather than the non-changeable interface names for the pis? Doesn't matter for the river system, but eg VPN and webserver could go wrong if they get evaluated in a different order sometime

[PatrickW]

I did not realise it was possible to choose whether or not you have predictable interface names. I thought you just got whatever you were given by the installed version of udev (or equivalent). The Internet says I was wrong. Makes sense to me to have non-changing names if there are two interfaces with different purposes.

[TerryJC]

I should also add: is there any reason we're using names with eth0 and eth1 rather than the non-changeable interface names for the pis? Doesn't matter for the river system, but eg VPN and webserver could go wrong if they get evaluated in a different order sometime

I also didn't know that interface names could be non-changeable. Having said that, I feel that it is unlikely to become a problem with the VPN and Web Servers because in each case, one of the interfaces is a 'proper' Ethernet Port and only one is a USB Adapter. I may be wrong, but I would have thought that allocating device names to USB devices is likely to be one of the last things done during boot up.

I would agree that this would certainly have been a problem if we had used a Pi Zero for these servers. That would have necessitated the use of a USB Hub and two USB Adaptors. I know to my cost that there is no rhyme nor reason to how the device names are allocated, because this hit me when I was developing the Minster Bells/Music hardware back in 2016. The bells would come out of the Nave and the music out of the Tower roughly 50% of the time. That is why I selected a Pi 3 for the Minster Bells and the Webserver originally and more recently for the VPN Server.

[TerryJC]

I would just like to add that unless the non-changeable interface names could be made the same as the current ones, then there would be a significant disruption to the service while I created a new CA Certificate and new Cert Packs for everyone.

[PatrickW]

The idea of significantly changing the VPN config through the VPN puts me a little on edge.

I seem to remember that the built-in Ethernet port on a Pi 3 is in fact connected to the system-on-chip as a USB device, but presumably its position in the 'tree' of USB devices is sufficient to ensure it gets enumerated to eth0.

Apparently the 'predictable' name for any kind of USB Ethernet device is of the form 'enxd74c865858c9', where the last 12 characters are the MAC address of the hardware. (This one is randomly generated.)

[TerryJC]

The idea of significantly changing the VPN config through the VPN puts me a little on edge.

It could be done from the car park, but I would rather leave it alone on the basis of 'If it ain't broke, don't fix it'.

[hamishmb]

Yeah, the new addresses would either be the long enx ones, or something like enpxsy, which would break stuff. Could change on the other pis when I'm in the mood to deal with any potential issues there, but as you say it might not be worth it.

I thought the default was to have predictable names but perhaps I was wrong.