ODROID C4 Setup Guide

1. Booting the ODROID C4

Begin by connecting an ethernet cable, monitor, and power adapter to the C4. On first boot the image will expand itself to the full size of your drive, so don’t disconnect power during this stage, or the C4 may not boot any longer.

Once finished booting the C4 should come to a login prompt. Above that prompt should be the IP address that the C4 was assigned by your router. Write down the IP address as it will be used in the following steps to connect remotely to the C4.

2. Initial Login

The rest of the setup can now be done remotely from another computer far easier than on the C4 itself. From here on we will connect and control the C4 from another computer using a protocol called SSH. If you’re using Windows, click the Start button, and type Windows PowerShell and open it. If using a Mac press the Command key and the Spacebar together on your keyboard to bring up Spotlight, type terminal and open it. In the new window type the following command, substituting the actual IP address of the C4 for ipaddress.

ssh ameridroid@ipaddress

For example, if the IP address of your C4 is 192.168.1.57 you would type: ssh ameridroid@192.168.1.57 and then press enter on the keyboard. If this is the first time you’re connecting to the C4 over SSH you will be asked if you’re sure you want to connect. Type yes and press enter again. Lastly you’ll be asked to type the password for ameridroid, which is odroidc4. Type the password and press enter, but note that you will not see any characters on screen as you type, so take your time and make sure to type it correctly.

3. Registering Domain and Configuring DDNS (OPTIONAL)

Note: If you already have your own domain, or a static IP address you can skip this step. It’s meant for users with dynamic IP addresses from their ISP.

In order to connect to your VPN server while away, you’ll need to use the public IP address of your home network. The main problem with this is most home users do not have what’s called a static IP address. Meaning your public IP address always stays the same. Instead, your internet provider assigns you an address dynamically, which can change over time. To get around this limitation, the VPN server can be configured to use DDNS. This allows us to create a domain name, for example ameridroid.duckdns.com, that we can use to connect to the VPN server instead of directly using its public IP address, which changes over time.

There are a number of DDNS providers, some paid, some free. The VPN server is preconfigured to use Duck DNS as it’s free and doesn’t require monthly logins to keep it active. To register a domain with Duck DNS visit their website at www.duckdns.org. The simplest way to create an account with them is to sign in with your Google account. Duck DNS is free and to save costs they rely on Google to authenticate accounts. Just click the Sign in with Google button at the top of the page to create an account with Duck DNS.

Once signed in you should be able to see your token for Duck DNS. Copy or write this down as you’ll need it when configuring DDNS. The token is how Duck DNS verifies your account when the server updates your IP address. In the middle of the page there should be a black and white box that says sub domain .duckdns.org. This is where you’ll pick what you want the name of your domain to be. For example, ameridroid.duckdns.org. Type in your desired domain name and click the green add domain button. The name you pick should not have spaces in it.

With the domain now registered, we need to edit the config file for DDNS-Updater with the domain and token. For simplicity, the config file is on a network share that can be accessed from Windows or macOS. To access the shared folder from Windows, open File Explorer and type \\ipaddress\Config in the address bar and press Enter on the keyboard. Remember to replace ipaddress with the actual IP address of the server. To connect from a Mac, open Finder, then press the Command and K keys on your keyboard together. This should open the Connect to Server dialog window. In the address bar type smb://ipaddress/Config, then click connect. In either case, when prompted for a username and password for the network share, the username is dietpi and the password is sharingiscaring.

Once connected to the share you should see a single file called config.json. Open this file in either Notepad on Windows, or TextEdit on Mac. The contents of the file should look like the example below:

{
  "settings": [
    {
      "provider": "duckdns",
      "domain": "mydomain.duckdns.org",
      "token": "paste_token_here",
      "ip_version": "ipv4",
      "ipv6_suffix": ""
    }
  ]
}

We need to edit two lines of the config. The first is the domain. Change mydomain.duckdns.org to your actual Duck DNS domain. Second, replace paste_token_here with your Duck DNS token from the previous step. If you do not have your token go back to www.duckdns.org, sign in with the same account as before, and copy it from there. Once done, save the file and close Notepad/TextEdit.

Now that we’ve edited the DDNS config file, we can start its Docker container. To do this we need to log into the web interface by opening a web browser and navigating to http://ipaddress:5001. Once again the username is ameridroid and the password is odroidc4. From the Dockge homepage click ddns-updater on the left side. Next click the Start button to run the DDNS container.

DDNS-Updater should begin deploying and say “active” when it’s finished. We can verify that it’s working by visiting http://ipaddress:8000 in a web browser. There isn’t really anything to do from the webpage, it’s just meant to display the current public IP of your domain and let you know the last time it changed.

4. Configuring WireGuard

While still on the Dockge homepage, click wg-easy on the left side. Click the Edit button and in the box under where it says “compose.yaml” find the line WG_HOST=mydomain.duckdns.org. Just like before, change mydomain to match your actual domain. Click Save, then click Start. The container should say active when it’s started.

We can access WireGuard’s web interface by navigating to http://ipaddress:51821 in a web browser. The password to login to the web interface should be "odroidc4" without the quotes. From the web interface you can click New and enter a name to create a new client. Once created, if the client is a smartphone, you can click the Show QR Code button and scan the QR code with the WireGuard app on your phone to add the config to it. If your client is a computer click the Download Configuration button instead and select Import Tunnels from File in the WireGuard app on your computer. Any time you wish to use the VPN, open the WireGuard app and activate the connection first.

5. Reserve IP and Forward Port

The final two steps to make sure the server works must be done from your home router. You will need to login to your router and reserve the IP of the VPN server so that your router always gives it the same IP address. This is necessary for the next step where you need to forward UDP port 51820 to the IP address of the VPN server (port forwarding). Port 51820 is the port that WireGuard uses to communicate with clients. If you don’t forward it to the server from your router, clients will not be able to communicate with the server. Unfortunately, because every router has a different web interface, we cannot give direction how to perform these steps. You will need to lookup how to do them for your specific router.