Difference between revisions of "OpenVPN/OpenWRT"

From Secure Computing Wiki
Jump to: navigation, search
m (Reverted edits by Esubiguxoc (talk) to last revision by Cron2)
 
Line 1: Line 1:
=[http://ukusypumi.co.cc This Page Is Currently Under Construction And Will Be Available Shortly, Please Visit Reserve Copy Page]=
 
 
=== OpenVPN-devel package for OpenVPN ===
 
=== OpenVPN-devel package for OpenVPN ===
  
Line 12: Line 11:
 
=== how to build ===
 
=== how to build ===
  
<ol>
+
<ol>
&lt;li> get the OpenWRT source tree from OpenWRT SVN (do this on a Linux system, as a normal user, no root permissions needed) - this is for OpenWRT 10.03 ("backfire"), adapt for other branches as needed:
+
<li> get the OpenWRT source tree from OpenWRT SVN (do this on a Linux system, as a normal user, no root permissions needed) - this is for OpenWRT 10.03 ("backfire"), adapt for other branches as needed:
&lt;blockquote>
+
<blockquote>
 
svn co svn://svn.openwrt.org/openwrt/branches/backfire/
 
svn co svn://svn.openwrt.org/openwrt/branches/backfire/
&lt;/blockquote>
+
</blockquote>
  
&lt;li> get the OpenWRT package tree from SVN and "install" (put all the symlinks where they are needed):
+
<li> get the OpenWRT package tree from SVN and "install" (put all the symlinks where they are needed):
&lt;blockquote>
+
<blockquote>
cd backfire&lt;br>
+
cd backfire<br>
./scripts/feeds update&lt;br>
+
./scripts/feeds update<br>
./scripts/feeds install -a&lt;br>
+
./scripts/feeds install -a<br>
&lt;/blockquote>
+
</blockquote>
  
&lt;li> now add a directory for "openvpn-devel" (the package tree has "openvpn" already), and copy a few files from the existing openvpn package (we're lazy):
+
<li> now add a directory for "openvpn-devel" (the package tree has "openvpn" already), and copy a few files from the existing openvpn package (we're lazy):
&lt;blockquote>
+
<blockquote>
backfire$ cd package&lt;br>
+
backfire$ cd package<br>
backfire/package$ mkdir openvpn_devel&lt;br>
+
backfire/package$ mkdir openvpn_devel<br>
backfire/package$ cd openvpn_devel&lt;br>
+
backfire/package$ cd openvpn_devel<br>
backfire/package/openvpn_devel$ cp -r ../feeds/packages/openvpn/files .&lt;br>
+
backfire/package/openvpn_devel$ cp -r ../feeds/packages/openvpn/files .<br>
backfire/package/openvpn_devel$&lt;br>
+
backfire/package/openvpn_devel$<br>
&lt;/blockquote>
+
</blockquote>
  
 
(you could pick any name you want for the package directory, but it's useful to be consistent with the definitions in the Makefile itself)
 
(you could pick any name you want for the package directory, but it's useful to be consistent with the definitions in the Makefile itself)
  
&lt;li> copy-paste the following text to a file named "Makefile" in this directory:
+
<li> copy-paste the following text to a file named "Makefile" in this directory:
&lt;blockquote>&lt;pre>
+
<blockquote><pre>
 
#
 
#
 
# Makefile for openvpn-devel package for OpenWRT
 
# Makefile for openvpn-devel package for OpenWRT
Line 106: Line 105:
  
  
&lt;/pre>&lt;/blockquote>
+
</pre></blockquote>
  
&lt;li> go back to the top level directory and run the config scripts:
+
<li> go back to the top level directory and run the config scripts:
&lt;blockquote>
+
<blockquote>
backfire/package/openvpn_devel$ cd ../..&lt;br>
+
backfire/package/openvpn_devel$ cd ../..<br>
backfire$ make defconfig&lt;br>
+
backfire$ make defconfig<br>
backfire$ make menuconfig&lt;br>
+
backfire$ make menuconfig<br>
&lt;/blockquote>
+
</blockquote>
  
&lt;ol>
+
<ol>
&lt;li>in the "Target System" menu, select the correct OpenWRT version for your hardware (check the openwrt.net pages for your router type, one example would be "TP-Link TL1043ND -> ar71xx -> Atheros AR71xx/AR7240/AR913x").  Since we do not want to build a bootable OpenWRT itself, just an OpenVPN package, it's not important to get this 100% right - having the right CPU version (ar71xx in this example) is what counts.  The output of "opkg install $somepackage" on your OpenWRT installation will tell you the architecture type, in the .ipk file name.
+
<li>in the "Target System" menu, select the correct OpenWRT version for your hardware (check the openwrt.net pages for your router type, one example would be "TP-Link TL1043ND -> ar71xx -> Atheros AR71xx/AR7240/AR913x").  Since we do not want to build a bootable OpenWRT itself, just an OpenVPN package, it's not important to get this 100% right - having the right CPU version (ar71xx in this example) is what counts.  The output of "opkg install $somepackage" on your OpenWRT installation will tell you the architecture type, in the .ipk file name.
&lt;li>go to "Network" -> "VPN" and check &lt;M> "openvpn-devel" (pre-requisites like lzo and zlib will be autoselected)
+
<li>go to "Network" -> "VPN" and check <M> "openvpn-devel" (pre-requisites like lzo and zlib will be autoselected)
&lt;li>then "exit" -> "exit" -> "exit" -> "save config -> yes"
+
<li>then "exit" -> "exit" -> "exit" -> "save config -> yes"
&lt;/ol>&lt;p>
+
</ol><p>
  
&lt;li>run "make" and wait... - this will take a long time, building the C compiler (for cross-building to MIPS cpu) and the target system's C library etc. first.
+
<li>run "make" and wait... - this will take a long time, building the C compiler (for cross-building to MIPS cpu) and the target system's C library etc. first.
  
&lt;blockquote>
+
<blockquote>
backfire$ make&lt;br>
+
backfire$ make<br>
  make[1] world&lt;br>
+
  make[1] world<br>
  make[2] target/compile&lt;br>
+
  make[2] target/compile<br>
  make[3] -C target/linux compile&lt;br>
+
  make[3] -C target/linux compile<br>
...&lt;br>
+
...<br>
  make[3] -C package/zlib compile&lt;br>
+
  make[3] -C package/zlib compile<br>
  make[3] -C package/openssl compile&lt;br>
+
  make[3] -C package/openssl compile<br>
  make[3] -C package/iproute2 compile&lt;br>
+
  make[3] -C package/iproute2 compile<br>
  make[3] -C package/iptables compile&lt;br>
+
  make[3] -C package/iptables compile<br>
  make[3] -C package/firewall compile&lt;br>
+
  make[3] -C package/firewall compile<br>
  make[3] -C package/hostapd compile&lt;br>
+
  make[3] -C package/hostapd compile<br>
  make[3] -C package/kernel compile&lt;br>
+
  make[3] -C package/kernel compile<br>
  make[3] -C package/mtd compile&lt;br>
+
  make[3] -C package/mtd compile<br>
  make[3] -C package/openvpn_devel compile  &lt;&lt;&lt;&lt;&lt; :-)&lt;br>  
+
  make[3] -C package/openvpn_devel compile  <<<<< :-)<br>  
  make[3] -C package/opkg compile&lt;br>
+
  make[3] -C package/opkg compile<br>
...&lt;br>
+
...<br>
  make[3] package/preconfig&lt;br>
+
  make[3] package/preconfig<br>
  make[2] target/install&lt;br>
+
  make[2] target/install<br>
  make[3] -C target/linux install&lt;br>
+
  make[3] -C target/linux install<br>
  make[2] package/index&lt;br>
+
  make[2] package/index<br>
backfire$ &lt;br>
+
backfire$ <br>
&lt;/blockquote>
+
</blockquote>
  
&lt;li> now you have an openvpn_devel package in ./bin/ar71xx/packages/
+
<li> now you have an openvpn_devel package in ./bin/ar71xx/packages/
  
&lt;blockquote>
+
<blockquote>
backfire$ ls -l bin/ar71xx/packages/&lt;br>
+
backfire$ ls -l bin/ar71xx/packages/<br>
...&lt;br>
+
...<br>
-rw-r--r-- 1 gert users 182075 27. Jun 16:03 openvpn_devel_201026-1_ar71xx.ipk&lt;br>
+
-rw-r--r-- 1 gert users 182075 27. Jun 16:03 openvpn_devel_201026-1_ar71xx.ipk<br>
...&lt;br>
+
...<br>
&lt;/blockquote>
+
</blockquote>
  
&lt;/ol>&lt;p>
+
</ol><p>
  
 
=== Installing the package ===
 
=== Installing the package ===
Line 162: Line 161:
 
Login to your OpenWRT router, ftp/wget the package to /tmp, and run "opkg install":
 
Login to your OpenWRT router, ftp/wget the package to /tmp, and run "opkg install":
  
&lt;blockquote>
+
<blockquote>
root@openwrt:/tmp# opkg update&lt;br>root@OpenWrt:/tmp# opkg update
+
root@openwrt:/tmp# opkg update<br>root@OpenWrt:/tmp# opkg update
Downloading http://downloads.openwrt.org/backfire/10.03/ar71xx/packages/Packages.gz.&lt;br>
+
Downloading http://downloads.openwrt.org/backfire/10.03/ar71xx/packages/Packages.gz.<br>
Inflating http://downloads.openwrt.org/backfire/10.03/ar71xx/packages/Packages.gz.&lt;br>
+
Inflating http://downloads.openwrt.org/backfire/10.03/ar71xx/packages/Packages.gz.<br>
Updated list of available packages in /var/opkg-lists/packages.&lt;br>
+
Updated list of available packages in /var/opkg-lists/packages.<br>
root@openwrt:/tmp# wget http:&lt;myserver>/openvpn_devel_201026-1_ar71xx.ipk&lt;br>
+
root@openwrt:/tmp# wget http:<myserver>/openvpn_devel_201026-1_ar71xx.ipk<br>
...&lt;br>
+
...<br>
root@openwrt:/tmp$ opkg install openvpn*ipk&lt;br>
+
root@openwrt:/tmp$ opkg install openvpn*ipk<br>
Installing openvpn_devel (201026-1) to root...&lt;br>
+
Installing openvpn_devel (201026-1) to root...<br>
Installing kmod-tun (2.6.32.10-1) to root...&lt;br>
+
Installing kmod-tun (2.6.32.10-1) to root...<br>
Downloading http://downloads.openwrt.org/backfire/10.03/ar71xx/packages/kmod-tun_2.6.32.10-1_ar71xx.ipk.&lt;br>
+
Downloading http://downloads.openwrt.org/backfire/10.03/ar71xx/packages/kmod-tun_2.6.32.10-1_ar71xx.ipk.<br>
Installing kmod-ipv6 (2.6.32.10-1) to root...&lt;br>
+
Installing kmod-ipv6 (2.6.32.10-1) to root...<br>
Downloading http://downloads.openwrt.org/backfire/10.03/ar71xx/packages/kmod-ipv6_2.6.32.10-1_ar71xx.ipk.&lt;br>
+
Downloading http://downloads.openwrt.org/backfire/10.03/ar71xx/packages/kmod-ipv6_2.6.32.10-1_ar71xx.ipk.<br>
Installing libopenssl (0.9.8m-3) to root...&lt;br>
+
Installing libopenssl (0.9.8m-3) to root...<br>
Downloading http://downloads.openwrt.org/backfire/10.03/ar71xx/packages/libopenssl_0.9.8m-3_ar71xx.ipk.&lt;br>
+
Downloading http://downloads.openwrt.org/backfire/10.03/ar71xx/packages/libopenssl_0.9.8m-3_ar71xx.ipk.<br>
Installing zlib (1.2.3-5) to root...&lt;br>
+
Installing zlib (1.2.3-5) to root...<br>
Downloading http://downloads.openwrt.org/backfire/10.03/ar71xx/packages/zlib_1.2.3-5_ar71xx.ipk.&lt;br>
+
Downloading http://downloads.openwrt.org/backfire/10.03/ar71xx/packages/zlib_1.2.3-5_ar71xx.ipk.<br>
Installing liblzo (2.03-3) to root...&lt;br>
+
Installing liblzo (2.03-3) to root...<br>
Downloading http://downloads.openwrt.org/backfire/10.03/ar71xx/packages/liblzo_2.03-3_ar71xx.ipk.&lt;br>
+
Downloading http://downloads.openwrt.org/backfire/10.03/ar71xx/packages/liblzo_2.03-3_ar71xx.ipk.<br>
Installing ip (2.6.29-1-2) to root...&lt;br>
+
Installing ip (2.6.29-1-2) to root...<br>
Downloading http://downloads.openwrt.org/backfire/10.03/ar71xx/packages/ip_2.6.29-1-2_ar71xx.ipk.&lt;br>
+
Downloading http://downloads.openwrt.org/backfire/10.03/ar71xx/packages/ip_2.6.29-1-2_ar71xx.ipk.<br>
Configuring ip.&lt;br>
+
Configuring ip.<br>
Configuring kmod-tun.&lt;br>
+
Configuring kmod-tun.<br>
Configuring kmod-ipv6.&lt;br>
+
Configuring kmod-ipv6.<br>
Configuring zlib.&lt;br>
+
Configuring zlib.<br>
Configuring libopenssl.&lt;br>
+
Configuring libopenssl.<br>
Configuring liblzo.&lt;br>
+
Configuring liblzo.<br>
Configuring openvpn_devel.&lt;br>
+
Configuring openvpn_devel.<br>
root@OpenWrt:/tmp# openvpn |head -2&lt;br>
+
root@OpenWrt:/tmp# openvpn |head -2<br>
OpenVPN testing-f0b02a9dfab6 mips-openwrt-linux [SSL] [LZO2] [MH] [PF_INET6] [IPv6 payload 20100307-1] built on Jun 27 2010&lt;br>
+
OpenVPN testing-f0b02a9dfab6 mips-openwrt-linux [SSL] [LZO2] [MH] [PF_INET6] [IPv6 payload 20100307-1] built on Jun 27 2010<br>
&lt;br>
+
<br>
 
root@OpenWrt:/tmp#
 
root@OpenWrt:/tmp#
&lt;/blockquote>
+
</blockquote>

Latest revision as of 17:41, 26 November 2010

OpenVPN-devel package for OpenVPN

Note: this page has moved to the OpenVPN.Net wiki, it is now maintained here

OpenWRT is a very small Linux distribution for routers, initially the Cisco/Linksys "WRT 54 GL", thus the name.

OpenWRT comes with an OpenVPN package based on the mainstream 2.1 release (as of 2010/06/27).

If you want IPv6 support or any of the other features in the development tree, you have to build your own package, based on the openvpn-devel sources. Given that OpenWRT packages are not for standard i386/amd64 CPUs but usually some sort of MIPS system, you need a cross-compilation environment and special tools - but that's all already provided by the OpenWRT folks, so you just need to add a few bits to add your own package.

how to build

  1. get the OpenWRT source tree from OpenWRT SVN (do this on a Linux system, as a normal user, no root permissions needed) - this is for OpenWRT 10.03 ("backfire"), adapt for other branches as needed:

    svn co svn://svn.openwrt.org/openwrt/branches/backfire/

  2. get the OpenWRT package tree from SVN and "install" (put all the symlinks where they are needed):

    cd backfire
    ./scripts/feeds update
    ./scripts/feeds install -a

  3. now add a directory for "openvpn-devel" (the package tree has "openvpn" already), and copy a few files from the existing openvpn package (we're lazy):

    backfire$ cd package
    backfire/package$ mkdir openvpn_devel
    backfire/package$ cd openvpn_devel
    backfire/package/openvpn_devel$ cp -r ../feeds/packages/openvpn/files .
    backfire/package/openvpn_devel$

    (you could pick any name you want for the package directory, but it's useful to be consistent with the definitions in the Makefile itself)

  4. copy-paste the following text to a file named "Makefile" in this directory:
    #
    # Makefile for openvpn-devel package for OpenWRT
    #
    
    include $(TOPDIR)/rules.mk
    
    PKG_NAME:=openvpn_devel
    # this is "2010, week 26"
    PKG_VERSION:=201026
    # BUILD_DIR has to accomodate path naming of source tarball
    PKG_BUILD_DIR:=$(BUILD_DIR)/openvpn-devel
    PKG_RELEASE:=1
    
    PKG_SOURCE:=openvpn-$(PKG_VERSION).tar.gz
    PKG_SOURCE_URL:=ftp://ftp.secure-computing.net/pub/FreeBSD/ports/openvpRCE")
    # MD5 check disabled for now - but if you want to be sure that you have the right
    # package, calculate MD5 sum with "md5sum openvpn-201026.tar.gz" and add here
    # PKG_MD5SUM:=424e7ae5de6430374e97c9e458ee45d5
    
    PKG_INSTALL:=1
    
    include $(INCLUDE_DIR)/package.mk
    
    define Package/openvpn_devel
      SECTION:=net
      CATEGORY:=Network
      DEPENDS:=+kmod-tun +kmod-ipv6 +libopenssl +liblzo +ip
      TITLE:=Open source VPN solution using SSL - DEVEL VERSION
      URL:=http://openvpn.net
      SUBMENU:=VPN
    endef
    
    define Package/openvpn_devel/conffiles
    /etc/config/openvpn
    endef
    
    define Package/openvpn_devel/description
             Open source VPN solution using SSL - DEVEL VERSION, Week $(PKG_VERSION)
    endef
    
    define Build/Configure
            $(call Build/Configure/Default, \
                    --disable-pthread \
                    --disable-debug \
                    --disable-plugins \
                    --enable-management \
                    --disable-socks \
                    --enable-password-save \
                    --enable-iproute2 \
                    --with-iproute-path=/usr/sbin/ip \
                    ,\
                    ac_cv_func_epoll_create=no \
            )
    endef
    
    define Package/openvpn_devel/install
            $(INSTALL_DIR) $(1)/usr/sbin
            $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/openvpn $(1)/usr/sbin/
            $(INSTALL_DIR) $(1)/etc/init.d/
            $(INSTALL_BIN) files/openvpn.init $(1)/etc/init.d/openvpn
            $(INSTALL_DIR) $(1)/etc/config
            $(INSTALL_CONF) files/openvpn.config $(1)/etc/config/openvpn
            $(INSTALL_DIR) $(1)/etc/openvpn
    endef
    
    $(eval $(call BuildPackage,openvpn_devel))
    
    
    
  5. go back to the top level directory and run the config scripts:

    backfire/package/openvpn_devel$ cd ../..
    backfire$ make defconfig
    backfire$ make menuconfig

    1. in the "Target System" menu, select the correct OpenWRT version for your hardware (check the openwrt.net pages for your router type, one example would be "TP-Link TL1043ND -> ar71xx -> Atheros AR71xx/AR7240/AR913x"). Since we do not want to build a bootable OpenWRT itself, just an OpenVPN package, it's not important to get this 100% right - having the right CPU version (ar71xx in this example) is what counts. The output of "opkg install $somepackage" on your OpenWRT installation will tell you the architecture type, in the .ipk file name.
    2. go to "Network" -> "VPN" and check <M> "openvpn-devel" (pre-requisites like lzo and zlib will be autoselected)
    3. then "exit" -> "exit" -> "exit" -> "save config -> yes"

  6. run "make" and wait... - this will take a long time, building the C compiler (for cross-building to MIPS cpu) and the target system's C library etc. first.

    backfire$ make
    make[1] world
    make[2] target/compile
    make[3] -C target/linux compile
    ...
    make[3] -C package/zlib compile
    make[3] -C package/openssl compile
    make[3] -C package/iproute2 compile
    make[3] -C package/iptables compile
    make[3] -C package/firewall compile
    make[3] -C package/hostapd compile
    make[3] -C package/kernel compile
    make[3] -C package/mtd compile
    make[3] -C package/openvpn_devel compile <<<<< :-)
    make[3] -C package/opkg compile
    ...
    make[3] package/preconfig
    make[2] target/install
    make[3] -C target/linux install
    make[2] package/index
    backfire$

  7. now you have an openvpn_devel package in ./bin/ar71xx/packages/

    backfire$ ls -l bin/ar71xx/packages/
    ...
    -rw-r--r-- 1 gert users 182075 27. Jun 16:03 openvpn_devel_201026-1_ar71xx.ipk
    ...

    </ol>

    Installing the package

    Login to your OpenWRT router, ftp/wget the package to /tmp, and run "opkg install":

    root@openwrt:/tmp# opkg update
    root@OpenWrt:/tmp# opkg update Downloading http://downloads.openwrt.org/backfire/10.03/ar71xx/packages/Packages.gz.
    Inflating http://downloads.openwrt.org/backfire/10.03/ar71xx/packages/Packages.gz.
    Updated list of available packages in /var/opkg-lists/packages.
    root@openwrt:/tmp# wget http:<myserver>/openvpn_devel_201026-1_ar71xx.ipk
    ...
    root@openwrt:/tmp$ opkg install openvpn*ipk
    Installing openvpn_devel (201026-1) to root...
    Installing kmod-tun (2.6.32.10-1) to root...
    Downloading http://downloads.openwrt.org/backfire/10.03/ar71xx/packages/kmod-tun_2.6.32.10-1_ar71xx.ipk.
    Installing kmod-ipv6 (2.6.32.10-1) to root...
    Downloading http://downloads.openwrt.org/backfire/10.03/ar71xx/packages/kmod-ipv6_2.6.32.10-1_ar71xx.ipk.
    Installing libopenssl (0.9.8m-3) to root...
    Downloading http://downloads.openwrt.org/backfire/10.03/ar71xx/packages/libopenssl_0.9.8m-3_ar71xx.ipk.
    Installing zlib (1.2.3-5) to root...
    Downloading http://downloads.openwrt.org/backfire/10.03/ar71xx/packages/zlib_1.2.3-5_ar71xx.ipk.
    Installing liblzo (2.03-3) to root...
    Downloading http://downloads.openwrt.org/backfire/10.03/ar71xx/packages/liblzo_2.03-3_ar71xx.ipk.
    Installing ip (2.6.29-1-2) to root...
    Downloading http://downloads.openwrt.org/backfire/10.03/ar71xx/packages/ip_2.6.29-1-2_ar71xx.ipk.
    Configuring ip.
    Configuring kmod-tun.
    Configuring kmod-ipv6.
    Configuring zlib.
    Configuring libopenssl.
    Configuring liblzo.
    Configuring openvpn_devel.
    root@OpenWrt:/tmp# openvpn |head -2
    OpenVPN testing-f0b02a9dfab6 mips-openwrt-linux [SSL] [LZO2] [MH] [PF_INET6] [IPv6 payload 20100307-1] built on Jun 27 2010

    root@OpenWrt:/tmp#