Private VPN with macOS Server

After being inspired by Dan Moren¹ a long time ago, I finally went to the trouble of configuring a personal VPN, with macOS Server and my always-on iMac.

The first part was to configure a domain name with dynamic DNS, to point at my home network. I used ChangeiP to create a free domain name for this purpose. To transmit my current IP address to ChangeiP (and to OpenDNS), I purchased IP Monitor from the Mac App Store.

The second part was configuring the VPN service in macOS Server. I’m listing the steps here, but I wouldn’t have figured this all out without Todd Olthoff’s YouTube series on El Capitan Server. Here we go:

In the server Overview panel, I edited the Host Name to match the DDNS domain name I configured with ChangeiP. This involved switching from a .local name to an ‘Internet’ name (the domain name), so the server is accessable from the broader internet.
Then in the VPN panel, I set the ‘VPN Host Name’ to match the domain name.
I generated a ‘Shared Secret’ using 1Password.
I configured the client address range for IP addresses beyond our router’s dynamic set, and beyond the few static IPs I’ve set up.
I pointed the DNS Settings to point to our Time Capsule (which is where all machines on the network go for DNS).
I turned the service on.

I had initially let Server configure DNS for me, but disabling it hasn’t negatively impacted anything, so I’m leaving it off for now.

The only thing left to do was to set up the client devices. On the Mac:

Open Network Preferences, and hit the ‘+’ button to add a new service.
Select VPN from the drop down, and set the VPN Type to ‘L2TP over IPSec’.
Set the server address to the domain name.
Set the account name to your account (as configured in the ‘Users’ panel of the Server app).
Open Authentication Settings and enter your account password, as well as the Shared Secret.
In Advanced…, I selected ‘Send all traffic over VPN connection’.

The process is very similar on iOS; you can access it from Settings -> General -> VPN.

Dan pointed to some Macminicolo instructions that I found very intimidating - I think most of the steps they outline are really only necessary if you’re hosting your server in a datacenter like theirs. ↩

Adolescent Obsession and Chris Kraus’s I Love Dick

Check out my wife’s piece in Electric Literature!

Adolescent Obsession and Chris Kraus’s I Love Dick

Breakfast.

Got some Christmas lights up!

Snowblower works.

Light reading for a Saturday morning.

Ran out of lights. 🎄

Bose SoundTouch and HomeKit

I had so much fun with my previous HomeBridge adventure that I went looking for additional plug-ins I could add. I found the HomeBridge SoundTouch plugin, and installing it could not have been easier.

First, I killed the homebridge process:

launchctl unload ~/Library/LaunchAgents/com.homebridge.server.plist

Then, I downloaded the plugin:

sudo npm install -g homebridge-soundtouch

Finally, I had to modify my config.json file (~/.homebridge/config.json). I included this before the final }:

"accessories": [
        {
            "accessory": "SoundTouch",
            "name": "Kitchen Speaker",
            "room": "Kitchen"
        }
    ]

(Kitchen is the name of the speaker as configured in the Soundtouch app, and Kitchen Speaker is how I want it to appear in HomeKit. The word speaker may seem redundant, but it’s useful, since HomeKit doesn’t actually know it’s a speaker — it just thinks it’s a dumb switch.)

Finally, I restarted the homebridge process:

launchctl load ~/Library/LaunchAgents/com.homebridge.server.plist

Chamberlain MyQ and HomeBridge

Evan at 40tech.com wrote up instructions for configuring the Chamberlain MyQ system with HomeKit. Since Chamberlain still hasn’t released official support for HomeKit, you can use HomeBridge as an intermediary between iOS and the official Chamberlain API. Homebridge requires a computer (or Raspberry Pi) to be running on your home network; in my case, my always-on iMac fits the bill.

Homebridge is fairly easy to setup, especially if you already have Homebrew and Node.js on your computer. I ran into a few issues with my Homebrew installation after the upgrade to Sierra, so I decided to start with a fresh install.

Installing Homebrew and Node.js

You can follow the instructions here to install Homebrew. The basic installation command is:

/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"

This guide suggests adding the Homebrew location to your ~/.bash_profile, and I found that helpful for the Node installation:

export PATH="/usr/local/bin:$PATH"

With Homebrew, you can now install node:

brew install node

Installing HomeBridge

Node brings with it npm, the Node Package Manager. You can use this to install HomeBridge and the LiftMaster2 plugin:

sudo npm install -g homebridge
sudo npm install -g git+https://github.com/luisiam/homebridge-liftmaster2.git

If you see warnings, you can try adding the flag –unsafe-perm to each npm call above. I believe having the Homebrew location on the path prevented me from seeing any warnings, but I’m not sure.

You can now try running HomeBridge:

homebridge

It should start up, and you’ll see a message about not having a configuration file installed. It will look for the file here:

nano ~/.homebridge/config.json

Evan provided his configuration file contents:

{
"bridge": {
"name": "Homebridge",
"username": "CC:22:3D:E3:CE:30",
"port": 51826,
"pin": "031-45-154"

},

"description": "JSON API",
"platforms": [{
"platform": "LiftMaster2",
"username": "me@email.com",
"password": "password"
}]
}

You’ll need to replace the username and password in the config.json file with your MyQ credentials. You can now try running homebridge again, and you should see a successful connection! You can add the bridge to the HomeKit database on your phone through the Home app.

Configuring launchd to Keep HomeBridge Alive

If you want to make sure HomeBridge is always running on your Mac, you can use these instructions to configure a Launch Agent.

You’ll need to create a plist file for the agent; I saved mine as ~/Library/LaunchAgents/com.homebridge.server.plist. The file contents should be:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>RunAtLoad</key>
    <true/>
    <key>KeepAlive</key>
    <true/>
    <key>Label</key>
    <string>com.homebridge.server</string>
    <key>ProgramArguments</key>
    <array>
        <string>/usr/local/bin/homebridge</string>
        <string>-I</string>
    </array>
    <key>EnvironmentVariables</key>
    <dict>
            <key>PATH</key>
            <string>/usr/local/bin/:$PATH</string>
    </dict>
</dict>
</plist>

This will start HomeBridge when your computer boots, and restart it if it dies. To manually start the process:

launchctl load ~/Library/LaunchAgents/com.homebridge.server.plist

And to stop it:

launchctl unload ~/Library/LaunchAgents/com.homebridge.server.plist

Next…

Now HomeBridge should be up and running, and you should be able to control your MyQ devices from Siri and Home on iOS. Next up, I want to tackle adding HomeKit support for my Nest devices.