I have been running DietPi on an RPi 3 off a USB SSD drive, it had all been fine for months and months. But I can no longer ping it, nor access any apps on DietPi through browser, neither can I access via SSH. The last thing I played with was attempting to connect to Nord via the VPN setup in dietpi-launcher. I thought I had it working but I went on holiday now can’t remember for sure…
I don’t think it is a hardware issue as I just tested a fresh DietPi image on an SD card and SSH access was fine. Also, I can read the USB SSD if I stick it in my Windows laptop.
I would be very grateful for suggestions for a way forward!
what is the version of DietPi you are running? And do you recall of you activated killswitch? There was a challenge before DietPi v7.3 to have SSH blocked while having killswitch activated.
onn Windows you are not able to access RootFS as it’s a Linux file system format ext4. This would require a virtual machine or similar running a Linux OS.
Better option might be connecting a monitor and keyboard to your RPi3 to get local access.
Ah, thanks, I thought I needed to install something for that to work. I will give it a go, probably later in the week as I actually have to go into the office tomorrow! Boo!
I played around with VPN setup, but still could not SSH in when connected. So I updated to 7.5.2 (I was on 7.4.2) and tried again and I can now SSH with VPN connected.
Okay, VPN is connected and SSH working with killswitch enabled, so that problem solved. However…
Logitech Media Server is only working with killswitch disabled. It works with VPN connected and killwitch disabled. Seems a bit strange. Is this correct?
Yep that’s working as designed if I’m not mistaken.
MichaIng
Should we allow more access on local network if VPN/Killswitch is enabled? Or at least create a docs entry how to add more services to the whitelist for local access?
Probably while DietPi was updated to v7.4, the killswitch was enabled on v7.3 (which is not touched, unless re-set via dietpi-vpn). However, good that SSH works now as expected.
That any other incoming packages, not related to SSH (which we included explicitly with v7.4) or to an established connection (initiated from the Pi), is blocked, is by design when using a killswitch. We discussed whether to allow more or even all inbound connections, when seeing the killswitch as a prevention for outbound connections accidentally bypassing the VPN, while leaving inbound connections a matter of port forwarding, firewall etc. But when checking other killswitch implementations, usually either all inbound connections are blocked, or only selected ones whitelisted, like we do with SSH.
I think there is no one solution that meets it all and we may add a selection instead, i.e. selecting ports from an ss -tulpn list and whether to whitelist it for LAN or even WAN (in cases where the VPN provider supports port forwarding).
For now you can use the Edit Up option to allow LMS connections after the VPN connection has been established. For this add the following line:
Many thanks for your reply. I have just managed to try your suggested Edit Up line properly. With it I can access LMS with killswitch applied. Yay. However…
A new party-pooping issue appears. With killswitch enabled, LMS cannot see any players on the network. I have two players: PiCorePlayer running on another Pi3 (on wi-fi) and Squeezelite-X running on a Windows PC (on ethernet).
Further observations: If I disable Killswitch and hit Apply, LMS still does not see players. If I then reboot the DietPi machine it is then fine. If I then enable Killswitch and hit Apply, LMS can still see the players, but when I reboot it then cannot. VPN shows as connected for all of this. This raises another noob question - does this mean that killswitch is only effective after a reboot? VPN
I have found another solution - I have worked out how set up VPN connection to Nord on my router (Asuswrt-Merlin) and assign my DietPi IP address to it. It is working fine with its killswitch enabled.
It would still be good to know if the killswitch on PiVPN is indeed a dead-end for me & LMS or not, as I thought it might be better to put the CPU load on the Pi, but I don’t think it’s really a huge deal either way.
