I've had a few problems over the last year or so, with the machine occasionally rebooting itself or locking up. So I'd kept an eye out for a replacement, and back in February there was a sale on Woot for a Lenovo ThinkCentre tiny desktop (obviously, this one is Thinkbox). About twice as expensive as Eeebox had been, but more than twice as powerful in pretty much the same small footprint and with similar low power usage. So when the Eeebox hard drive started making seriously disturbing noises last week, I was ready to make the switch.
Ubuntu works fine as an operating system, so I saw no reason to change to anything new. Installation was straightforward via a USB drive, using the server version of Ubuntu since I don't plan to use any desktop applications. It was pretty obvious right away that Thinkbox is a much faster machine - installation and updates went much more quickly than just about anything I'd done on Eeebox. Recovering my file shares was as simple as plugging in those external drives and copying over the filesystem and sharing entries.
The bulk of my setup time was spent making sure that my VPN and proxy configuration was correct. The VPN software I use is openvpn, which is a standard package for Ubuntu, and my VPN provider has an easy download package with all the configuration files. The tricky part is that I use a three-network setup: my local home network, a US VPN connection, and a European VPN connection. (Why two VPN connections? Some things only work with one or the other.) It's easy to configure openvpn to start both connections - just put both in /etc/default/openvpn and put unique port numbers/device names in their configuration files - but then you need to make sure network traffic goes to the correct connection.
The way I accomplished this is using iptables. First, I configured both VPN connections so they don't try to take over the system's default routing with the route-noexec directive in their configuration files. Then, using this blog post as a guide, I created two sets of rules that enforce routing for each network interface. Using the route-up, up, and down directives in the VPN configuration files, those rules are updated every time the VPN connections start or stop. This means that I can still use my default network for basic stuff (like checking for OS updates or installing new software), but the two VPN connections can always be available at the same time. Finally, I use the dante proxy server to bind to the VPN network interface.
So what does all this do for me? The end result is that any machine connected to my local network can use a VPN connection simply by setting the proxy server. I can even have two different applications on the same machine (say, Chrome and Firefox) using separate connections at the same time. Depending on what I'm doing, I might use my normal Internet connection, the US VPN, or the European VPN - all I have to do to switch is update the proxy settings. No need to have VPN software installed on multiple machines or worry about turning the connections on and off.
Thinkbox has been up and running for a few days now and seems to be functioning just fine. With any luck, it will last at least as long as Eeebox did.
