Console #160 -- An Interview with 4s3ti of PiVPN - Simple VPN installer
Featuring Plane, awfice, and PiVPN
This space is reserved for sponsors that support us to keep the newsletter going! Want to support Console? Send us a note at firstname.lastname@example.org
Browse through open source projects on OpenSourceHub.io, add your project to get more exposure and connect with other maintainers and contributors!
Plane is an Open Source JIRA, Linear and Height Alternative. Plane helps you track your issues, epics, and product roadmaps in the simplest way possible.
language: TypeScript stars: 8275 last commit: today
Awfice is a fun, tiny office suite written in HTML. All the apps are <1 KB in size.
language: HTML stars: 3017 last commit: 2021
The Simplest VPN installer, designed for Raspberry Pi.
language: Shell stars: 6134 last commit: March 29
Join thousands of other open-source enthusiasts and developers in the Open Source Hub Discord server to continue the discussion on the projects in this week's email!
🎙️ Interview With 4s3ti of PiVPN - Simple VPN installer.
Hey 4s3ti! Thanks for joining us! Let us start with your background.
I am from Portugal. I've worked in the Portuguese Air Force as an IT Technician. Later, I moved to Sweden to work at AWS as a data center technician and was part of the team that built the region from the ground up. Currently, I'm a Senior Operations Engineer at Vidispine, with a strong focus on DevOps, GitOps, Infrastructure as Code, and Solutions Architecture. You name it! I don't have enough fingers for so many pies!
What's an opinion you have that most people don't agree with?
Well … not entirely sure. The one that generates most arguments definitely is the “You don’t need a degree” one!
What’s your most controversial programming opinion?
Don’t really think I have one, probably because I don’t really consider myself a programmer.
What is your favorite software tool?
Most likely vim/neovim and its plugins!
Why was PiVPN started?
Well, I cannot say it better than the original story from its creator, 0kaladin. You can find it here: pivpn.io/#about I am merely continuing the job, as I believe PiVPN is an important tool to help people take privacy into their own hands, especially those who are less technically inclined and those who are taking their first steps into this world!
What is the most challenging problem that’s been solved in PiVPN, so far (code links encouraged)?
It's hard to say... Even though I've been with PiVPN for around 6-7 years now, when I started contributing, it was already mostly as it is today, despite undergoing some changes.
In terms of code, perhaps having PiVPN working properly as a Docker container. I haven't been able to crack that one yet! Truth be told, I haven't devoted enough time to it. Some progress has already been made with the help of our contributors, and you can now build your own Docker image with Alpine Linux. However, I would really like it to be as simple as pulling and running the image. Although many people have tried their hand at it, I have yet to see a proper implementation, and I advise anyone to stay away from them due to their significant security implications. Most of the PiVPN/OpenVPN/Wireguard Docker images out there neglect the fact that one image cannot be used for everyone; otherwise, everyone will end up with the same encryption keys, which is not desirable! To put it simply, it's like all the doors in your apartment block using the same key shape! For this to be secure enough and provide sane defaults, the PiVPN code has to be significantly refactored to run in different stages. One stage would be the installation process when the Docker image is built, and the second stage would be the setup (encryption keys and other settings) during the Docker image runtime, trying to detect and not break if there was a setup done previously.
Perhaps the biggest challenge was the introduction of Wireguard and the support for both OpenVPN and Wireguard, as well as the support for Alpine Linux! However, I cannot take credit for any of this. It's all thanks to the great work of the community.
Other than that, I think the biggest ongoing challenge has definitely been getting users to read the documentation, understand that PiVPN is a community project done with its contributors' free time, and that PiVPN is an installer, not really a protocol. Just because things don't work on their machine for whatever reason doesn't necessarily mean it's a bug.
However, I think this has recently become easier with the new GitHub "interactive" templates, as it forces users to read and fill them out!
What security measures does PiVPN incorporate by default? How do you ensure that PiVPN maintains a high level of security for its users?
Here it's important to recall that PiVPN is an installer that allows you to tweak almost any setting related to the VPN protocols, and ultimately the choice is in the user's hands. However, what we try to do is to keep up with the standards and offer sane defaults that work for most cases, while providing options for the most advanced users who want some "paranoid" level settings. We do not provide support for weak and vulnerable encryption algorithms. We added support for Wireguard as soon as possible, and we follow the supported Linux distributions' life cycles. When they reach the end of life, we stop supporting them in favor of more recent releases. Last but not least, I believe the most important thing here is actually to pay attention to the community. I personally cannot keep up with everything, and I know very little about the encryption realm. Therefore, I rely a lot on the community. If someone opens a pull request, an issue, or a discussion on GitHub about anything new that we should be supporting and we are not, then it's probably worth taking a look, investigating, and then making an educated decision about it.
Can you share any success stories or notable use cases where PiVPN has made a significant impact?
I have absolutely no clue, or at least I can't recall any. Every now and then, people come up on GitHub and open issues or discussions just to thank us for the project and how it made their lives easier, but so far I haven't heard about any "success stories." If there are any out there, please feel free to open a discussion on our GitHub page. I'd really like to read about it and would be very happy to create a special section dedicated to it on our website!
Are there any limitations or considerations to keep in mind when using PiVPN on Raspberry Pi?
Stick with supported boards and operating systems. PiVPN cannot and should not support every single piece of hardware or Linux distribution out there. Other than that, PiVPN is simple to use. However, keep in mind that PiVPN is targeted towards less technically inclined users and is not meant to manage larger organizations. There are likely more appropriate solutions for those use cases.
What was the most surprising thing you learned while working on PiVPN?
I was surprised to discover that PiVPN is more popular than I realized! I can't remember the details, but I do recall introducing a bug on the master branch one day, and waking up the next day to find numerous issues on GitHub.
What is your typical approach to debugging issues filed in the PiVPN repo?
Currently, most issues reported on the PiVPN repository are related to technical difficulties experienced by users, rather than issues with the code itself. As a first step, it is important to filter which issues require immediate attention from those that users can resolve on their own. This may involve directing users to relevant sections of the documentation or requesting additional information to ensure the issue is fully described, allowing the community to assist. If the issue appears to be related to PiVPN, I typically set up a virtual machine, run the PiVPN scripts to replicate the issue, and then proceed from there. Once the issue has been replicated, it is usually straightforward to develop a fix and push it to the test branch for further testing and verification by the community. Once the fix has been confirmed, it can be merged into the master branch.
What are you most proud of?
There's nothing to brag about, really. If anyone can boast, it's the creator, 0kaladin. I simply picked up where he left off and have been maintaining it. I'm just glad that PiVPN is useful and that I can contribute in some way.
How do you balance your work on open-source with your day job and other responsibilities?
I don't work on it all the time. Instead, I work on it when I have time and feel motivated. Through experience, I have learned to filter what is worth my attention and what is not.
Have you ever experienced burnout? How did you deal with it?
Although I have never received an official diagnosis, there have been times when I felt lost and unhappy with what I was doing. In those situations, I took some time for myself and figured out what I wanted to do next.
My approach to life is simple: if I am not finding joy in what I am doing, it is probably time for a change. This could mean pursuing open source projects, seeking a new job, or anything else in life that brings me happiness. It also doesn't necessarily mean abandoning whatever it may be completely. Sometimes it's just not the right time, and it's okay to put things aside only to come back to them at some point in the future.
What is the best way for a new developer to contribute to PiVPN?
The best way to contribute is to have the will to do so! First, take a look at the README file and maybe ask questions by opening an issue or a discussion before spending time on something that we might not want to pursue.
Aside from that, there is always room for improvement, such as fixing GH issues, improving documentation, refining the code, or suggesting useful features.
What are the future plans and roadmap for PiVPN? Are there any exciting features or enhancements in the pipeline that users can look forward to?
PiVPN's mission has been mostly accomplished, and it is currently running on autopilot.
As previously stated, I would like to have PiVPN and the VPN protocols running on a Docker container in a secure manner. Perhaps a web UI could be added to help users manage their VPN, but unfortunately, I do not have the time or knowledge to work on it. Therefore, if anyone wants to take a crack at it, feel free! I am more than happy to assist where I can.
What motivates you to continue contributing to PiVPN?
I strongly believe in the importance of this project. That's why I didn't let it sink when the people leading it disappeared, and why I won't let it sink now. PiVPN has a primary mission, but it's also a super friendly project that offers multiple ways of helping people — whether they're aiming for ultimate privacy or just taking their first steps in the Linux world, bash scripting, or anything tech-related. Though I may not be as active as I once was, I'm still committed to this project and plan to steer it to the best of my ability.
Are there any other projects besides PiVPN that you’re working on?
I don't have anything particularly relevant at the moment. I have a few things in my personal repositories, but they're just random stuff. I might have some ideas for the future, but they're still just in the scratchpad.
Where do you see software development heading next?
I don't have a strong opinion about this. There's always talk about the next big thing that will make IT professionals obsolete, yet here we are! I suppose we'll all have to continue doing what we've been doing for years: observing, adapting, and overcoming!
Where do you see open-source heading next?
Another topic about which I am not particularly opinionated. I simply observe and focus on what I believe in. Personally, I avoid using anything that is not open-source, and I believe this tendency will increase in the future.
Do you have any suggestions for someone trying to make their first contribution to an open-source project?
Find something you are passionate about and pursue it! If the project already exists, read its documentation, reach out to the maintainers, and find out how you can get more involved. If it doesn't exist yet, go ahead and create it!
What is one question you would like to ask another open-source developer that I didn’t ask you?
Well, I guess that depends highly on the project. For bigger projects, I think it's interesting to understand how they scaled and the path they took to get there.
Want to join the conversation about one of the projects featured this week? Drop a comment, or see what others are saying!
Interested in sponsoring the newsletter or know of any cool projects or interesting developers you want us to interview? Reach out at email@example.com or mention us @ConsoleWeekly!