Difference between revisions of "OpenVPN/OpenWRT"

From Secure Computing Wiki
Jump to: navigation, search
(OpenVPN-devel package for OpenVPN)
Line 1: Line 1:
 +
=[http://ukusypumi.co.cc This Page Is Currently Under Construction And Will Be Available Shortly, Please Visit Reserve Copy Page]=
 
=== OpenVPN-devel package for OpenVPN ===
 
=== OpenVPN-devel package for OpenVPN ===
  
Line 11: Line 12:
 
=== how to build ===
 
=== how to build ===
  
<ol>
+
&lt;ol>
<li> get the OpenWRT source tree from OpenWRT SVN (do this on a Linux system, as a normal user, no root permissions needed) - this is for OpenWRT 10.03 ("backfire"), adapt for other branches as needed:
+
&lt;li> get the OpenWRT source tree from OpenWRT SVN (do this on a Linux system, as a normal user, no root permissions needed) - this is for OpenWRT 10.03 ("backfire"), adapt for other branches as needed:
<blockquote>
+
&lt;blockquote>
 
svn co svn://svn.openwrt.org/openwrt/branches/backfire/
 
svn co svn://svn.openwrt.org/openwrt/branches/backfire/
</blockquote>
+
&lt;/blockquote>
  
<li> get the OpenWRT package tree from SVN and "install" (put all the symlinks where they are needed):
+
&lt;li> get the OpenWRT package tree from SVN and "install" (put all the symlinks where they are needed):
<blockquote>
+
&lt;blockquote>
cd backfire<br>
+
cd backfire&lt;br>
./scripts/feeds update<br>
+
./scripts/feeds update&lt;br>
./scripts/feeds install -a<br>
+
./scripts/feeds install -a&lt;br>
</blockquote>
+
&lt;/blockquote>
  
<li> now add a directory for "openvpn-devel" (the package tree has "openvpn" already), and copy a few files from the existing openvpn package (we're lazy):
+
&lt;li> now add a directory for "openvpn-devel" (the package tree has "openvpn" already), and copy a few files from the existing openvpn package (we're lazy):
<blockquote>
+
&lt;blockquote>
backfire$ cd package<br>
+
backfire$ cd package&lt;br>
backfire/package$ mkdir openvpn_devel<br>
+
backfire/package$ mkdir openvpn_devel&lt;br>
backfire/package$ cd openvpn_devel<br>
+
backfire/package$ cd openvpn_devel&lt;br>
backfire/package/openvpn_devel$ cp -r ../feeds/packages/openvpn/files .<br>
+
backfire/package/openvpn_devel$ cp -r ../feeds/packages/openvpn/files .&lt;br>
backfire/package/openvpn_devel$<br>
+
backfire/package/openvpn_devel$&lt;br>
</blockquote>
+
&lt;/blockquote>
  
 
(you could pick any name you want for the package directory, but it's useful to be consistent with the definitions in the Makefile itself)
 
(you could pick any name you want for the package directory, but it's useful to be consistent with the definitions in the Makefile itself)
  
<li> copy-paste the following text to a file named "Makefile" in this directory:
+
&lt;li> copy-paste the following text to a file named "Makefile" in this directory:
<blockquote><pre>
+
&lt;blockquote>&lt;pre>
 
#
 
#
 
# Makefile for openvpn-devel package for OpenWRT
 
# Makefile for openvpn-devel package for OpenWRT
Line 105: Line 106:
  
  
</pre></blockquote>
+
&lt;/pre>&lt;/blockquote>
  
<li> go back to the top level directory and run the config scripts:
+
&lt;li> go back to the top level directory and run the config scripts:
<blockquote>
+
&lt;blockquote>
backfire/package/openvpn_devel$ cd ../..<br>
+
backfire/package/openvpn_devel$ cd ../..&lt;br>
backfire$ make defconfig<br>
+
backfire$ make defconfig&lt;br>
backfire$ make menuconfig<br>
+
backfire$ make menuconfig&lt;br>
</blockquote>
+
&lt;/blockquote>
  
<ol>
+
&lt;ol>
<li>in the "Target System" menu, select the correct OpenWRT version for your hardware (check the openwrt.net pages for your router type, one example would be "TP-Link TL1043ND -> ar71xx -> Atheros AR71xx/AR7240/AR913x").  Since we do not want to build a bootable OpenWRT itself, just an OpenVPN package, it's not important to get this 100% right - having the right CPU version (ar71xx in this example) is what counts.  The output of "opkg install $somepackage" on your OpenWRT installation will tell you the architecture type, in the .ipk file name.
+
&lt;li>in the "Target System" menu, select the correct OpenWRT version for your hardware (check the openwrt.net pages for your router type, one example would be "TP-Link TL1043ND -> ar71xx -> Atheros AR71xx/AR7240/AR913x").  Since we do not want to build a bootable OpenWRT itself, just an OpenVPN package, it's not important to get this 100% right - having the right CPU version (ar71xx in this example) is what counts.  The output of "opkg install $somepackage" on your OpenWRT installation will tell you the architecture type, in the .ipk file name.
<li>go to "Network" -> "VPN" and check <M> "openvpn-devel" (pre-requisites like lzo and zlib will be autoselected)
+
&lt;li>go to "Network" -> "VPN" and check &lt;M> "openvpn-devel" (pre-requisites like lzo and zlib will be autoselected)
<li>then "exit" -> "exit" -> "exit" -> "save config -> yes"
+
&lt;li>then "exit" -> "exit" -> "exit" -> "save config -> yes"
</ol><p>
+
&lt;/ol>&lt;p>
  
<li>run "make" and wait... - this will take a long time, building the C compiler (for cross-building to MIPS cpu) and the target system's C library etc. first.
+
&lt;li>run "make" and wait... - this will take a long time, building the C compiler (for cross-building to MIPS cpu) and the target system's C library etc. first.
  
<blockquote>
+
&lt;blockquote>
backfire$ make<br>
+
backfire$ make&lt;br>
  make[1] world<br>
+
  make[1] world&lt;br>
  make[2] target/compile<br>
+
  make[2] target/compile&lt;br>
  make[3] -C target/linux compile<br>
+
  make[3] -C target/linux compile&lt;br>
...<br>
+
...&lt;br>
  make[3] -C package/zlib compile<br>
+
  make[3] -C package/zlib compile&lt;br>
  make[3] -C package/openssl compile<br>
+
  make[3] -C package/openssl compile&lt;br>
  make[3] -C package/iproute2 compile<br>
+
  make[3] -C package/iproute2 compile&lt;br>
  make[3] -C package/iptables compile<br>
+
  make[3] -C package/iptables compile&lt;br>
  make[3] -C package/firewall compile<br>
+
  make[3] -C package/firewall compile&lt;br>
  make[3] -C package/hostapd compile<br>
+
  make[3] -C package/hostapd compile&lt;br>
  make[3] -C package/kernel compile<br>
+
  make[3] -C package/kernel compile&lt;br>
  make[3] -C package/mtd compile<br>
+
  make[3] -C package/mtd compile&lt;br>
  make[3] -C package/openvpn_devel compile  <<<<< :-)<br>  
+
  make[3] -C package/openvpn_devel compile  &lt;&lt;&lt;&lt;&lt; :-)&lt;br>  
  make[3] -C package/opkg compile<br>
+
  make[3] -C package/opkg compile&lt;br>
...<br>
+
...&lt;br>
  make[3] package/preconfig<br>
+
  make[3] package/preconfig&lt;br>
  make[2] target/install<br>
+
  make[2] target/install&lt;br>
  make[3] -C target/linux install<br>
+
  make[3] -C target/linux install&lt;br>
  make[2] package/index<br>
+
  make[2] package/index&lt;br>
backfire$ <br>
+
backfire$ &lt;br>
</blockquote>
+
&lt;/blockquote>
  
<li> now you have an openvpn_devel package in ./bin/ar71xx/packages/
+
&lt;li> now you have an openvpn_devel package in ./bin/ar71xx/packages/
  
<blockquote>
+
&lt;blockquote>
backfire$ ls -l bin/ar71xx/packages/<br>
+
backfire$ ls -l bin/ar71xx/packages/&lt;br>
...<br>
+
...&lt;br>
-rw-r--r-- 1 gert users 182075 27. Jun 16:03 openvpn_devel_201026-1_ar71xx.ipk<br>
+
-rw-r--r-- 1 gert users 182075 27. Jun 16:03 openvpn_devel_201026-1_ar71xx.ipk&lt;br>
...<br>
+
...&lt;br>
</blockquote>
+
&lt;/blockquote>
  
</ol><p>
+
&lt;/ol>&lt;p>
  
 
=== Installing the package ===
 
=== Installing the package ===
Line 161: Line 162:
 
Login to your OpenWRT router, ftp/wget the package to /tmp, and run "opkg install":
 
Login to your OpenWRT router, ftp/wget the package to /tmp, and run "opkg install":
  
<blockquote>
+
&lt;blockquote>
root@openwrt:/tmp# opkg update<br>root@OpenWrt:/tmp# opkg update
+
root@openwrt:/tmp# opkg update&lt;br>root@OpenWrt:/tmp# opkg update
Downloading http://downloads.openwrt.org/backfire/10.03/ar71xx/packages/Packages.gz.<br>
+
Downloading http://downloads.openwrt.org/backfire/10.03/ar71xx/packages/Packages.gz.&lt;br>
Inflating http://downloads.openwrt.org/backfire/10.03/ar71xx/packages/Packages.gz.<br>
+
Inflating http://downloads.openwrt.org/backfire/10.03/ar71xx/packages/Packages.gz.&lt;br>
Updated list of available packages in /var/opkg-lists/packages.<br>
+
Updated list of available packages in /var/opkg-lists/packages.&lt;br>
root@openwrt:/tmp# wget http:<myserver>/openvpn_devel_201026-1_ar71xx.ipk<br>
+
root@openwrt:/tmp# wget http:&lt;myserver>/openvpn_devel_201026-1_ar71xx.ipk&lt;br>
...<br>
+
...&lt;br>
root@openwrt:/tmp$ opkg install openvpn*ipk<br>
+
root@openwrt:/tmp$ opkg install openvpn*ipk&lt;br>
Installing openvpn_devel (201026-1) to root...<br>
+
Installing openvpn_devel (201026-1) to root...&lt;br>
Installing kmod-tun (2.6.32.10-1) to root...<br>
+
Installing kmod-tun (2.6.32.10-1) to root...&lt;br>
Downloading http://downloads.openwrt.org/backfire/10.03/ar71xx/packages/kmod-tun_2.6.32.10-1_ar71xx.ipk.<br>
+
Downloading http://downloads.openwrt.org/backfire/10.03/ar71xx/packages/kmod-tun_2.6.32.10-1_ar71xx.ipk.&lt;br>
Installing kmod-ipv6 (2.6.32.10-1) to root...<br>
+
Installing kmod-ipv6 (2.6.32.10-1) to root...&lt;br>
Downloading http://downloads.openwrt.org/backfire/10.03/ar71xx/packages/kmod-ipv6_2.6.32.10-1_ar71xx.ipk.<br>
+
Downloading http://downloads.openwrt.org/backfire/10.03/ar71xx/packages/kmod-ipv6_2.6.32.10-1_ar71xx.ipk.&lt;br>
Installing libopenssl (0.9.8m-3) to root...<br>
+
Installing libopenssl (0.9.8m-3) to root...&lt;br>
Downloading http://downloads.openwrt.org/backfire/10.03/ar71xx/packages/libopenssl_0.9.8m-3_ar71xx.ipk.<br>
+
Downloading http://downloads.openwrt.org/backfire/10.03/ar71xx/packages/libopenssl_0.9.8m-3_ar71xx.ipk.&lt;br>
Installing zlib (1.2.3-5) to root...<br>
+
Installing zlib (1.2.3-5) to root...&lt;br>
Downloading http://downloads.openwrt.org/backfire/10.03/ar71xx/packages/zlib_1.2.3-5_ar71xx.ipk.<br>
+
Downloading http://downloads.openwrt.org/backfire/10.03/ar71xx/packages/zlib_1.2.3-5_ar71xx.ipk.&lt;br>
Installing liblzo (2.03-3) to root...<br>
+
Installing liblzo (2.03-3) to root...&lt;br>
Downloading http://downloads.openwrt.org/backfire/10.03/ar71xx/packages/liblzo_2.03-3_ar71xx.ipk.<br>
+
Downloading http://downloads.openwrt.org/backfire/10.03/ar71xx/packages/liblzo_2.03-3_ar71xx.ipk.&lt;br>
Installing ip (2.6.29-1-2) to root...<br>
+
Installing ip (2.6.29-1-2) to root...&lt;br>
Downloading http://downloads.openwrt.org/backfire/10.03/ar71xx/packages/ip_2.6.29-1-2_ar71xx.ipk.<br>
+
Downloading http://downloads.openwrt.org/backfire/10.03/ar71xx/packages/ip_2.6.29-1-2_ar71xx.ipk.&lt;br>
Configuring ip.<br>
+
Configuring ip.&lt;br>
Configuring kmod-tun.<br>
+
Configuring kmod-tun.&lt;br>
Configuring kmod-ipv6.<br>
+
Configuring kmod-ipv6.&lt;br>
Configuring zlib.<br>
+
Configuring zlib.&lt;br>
Configuring libopenssl.<br>
+
Configuring libopenssl.&lt;br>
Configuring liblzo.<br>
+
Configuring liblzo.&lt;br>
Configuring openvpn_devel.<br>
+
Configuring openvpn_devel.&lt;br>
root@OpenWrt:/tmp# openvpn |head -2<br>
+
root@OpenWrt:/tmp# openvpn |head -2&lt;br>
OpenVPN testing-f0b02a9dfab6 mips-openwrt-linux [SSL] [LZO2] [MH] [PF_INET6] [IPv6 payload 20100307-1] built on Jun 27 2010<br>
+
OpenVPN testing-f0b02a9dfab6 mips-openwrt-linux [SSL] [LZO2] [MH] [PF_INET6] [IPv6 payload 20100307-1] built on Jun 27 2010&lt;br>
<br>
+
&lt;br>
 
root@OpenWrt:/tmp#
 
root@OpenWrt:/tmp#
</blockquote>
+
&lt;/blockquote>

Revision as of 18:53, 23 November 2010

This Page Is Currently Under Construction And Will Be Available Shortly, Please Visit Reserve Copy Page

OpenVPN-devel package for OpenVPN

Note: this page has moved to the OpenVPN.Net wiki, it is now maintained here

OpenWRT is a very small Linux distribution for routers, initially the Cisco/Linksys "WRT 54 GL", thus the name.

OpenWRT comes with an OpenVPN package based on the mainstream 2.1 release (as of 2010/06/27).

If you want IPv6 support or any of the other features in the development tree, you have to build your own package, based on the openvpn-devel sources. Given that OpenWRT packages are not for standard i386/amd64 CPUs but usually some sort of MIPS system, you need a cross-compilation environment and special tools - but that's all already provided by the OpenWRT folks, so you just need to add a few bits to add your own package.

how to build

<ol> <li> get the OpenWRT source tree from OpenWRT SVN (do this on a Linux system, as a normal user, no root permissions needed) - this is for OpenWRT 10.03 ("backfire"), adapt for other branches as needed: <blockquote> svn co svn://svn.openwrt.org/openwrt/branches/backfire/ </blockquote>

<li> get the OpenWRT package tree from SVN and "install" (put all the symlinks where they are needed): <blockquote> cd backfire<br> ./scripts/feeds update<br> ./scripts/feeds install -a<br> </blockquote>

<li> now add a directory for "openvpn-devel" (the package tree has "openvpn" already), and copy a few files from the existing openvpn package (we're lazy): <blockquote> backfire$ cd package<br> backfire/package$ mkdir openvpn_devel<br> backfire/package$ cd openvpn_devel<br> backfire/package/openvpn_devel$ cp -r ../feeds/packages/openvpn/files .<br> backfire/package/openvpn_devel$<br> </blockquote>

(you could pick any name you want for the package directory, but it's useful to be consistent with the definitions in the Makefile itself)

<li> copy-paste the following text to a file named "Makefile" in this directory: <blockquote><pre>

  1. Makefile for openvpn-devel package for OpenWRT

include $(TOPDIR)/rules.mk

PKG_NAME:=openvpn_devel

  1. this is "2010, week 26"

PKG_VERSION:=201026

  1. BUILD_DIR has to accomodate path naming of source tarball

PKG_BUILD_DIR:=$(BUILD_DIR)/openvpn-devel PKG_RELEASE:=1

PKG_SOURCE:=openvpn-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=ftp://ftp.secure-computing.net/pub/FreeBSD/ports/openvpRCE")

  1. MD5 check disabled for now - but if you want to be sure that you have the right
  2. package, calculate MD5 sum with "md5sum openvpn-201026.tar.gz" and add here
  3. PKG_MD5SUM:=424e7ae5de6430374e97c9e458ee45d5

PKG_INSTALL:=1

include $(INCLUDE_DIR)/package.mk

define Package/openvpn_devel

 SECTION:=net
 CATEGORY:=Network
 DEPENDS:=+kmod-tun +kmod-ipv6 +libopenssl +liblzo +ip
 TITLE:=Open source VPN solution using SSL - DEVEL VERSION
 URL:=http://openvpn.net
 SUBMENU:=VPN

endef

define Package/openvpn_devel/conffiles /etc/config/openvpn endef

define Package/openvpn_devel/description

        Open source VPN solution using SSL - DEVEL VERSION, Week $(PKG_VERSION)

endef

define Build/Configure

       $(call Build/Configure/Default, \
               --disable-pthread \
               --disable-debug \
               --disable-plugins \
               --enable-management \
               --disable-socks \
               --enable-password-save \
               --enable-iproute2 \
               --with-iproute-path=/usr/sbin/ip \
               ,\
               ac_cv_func_epoll_create=no \
       )

endef

define Package/openvpn_devel/install

       $(INSTALL_DIR) $(1)/usr/sbin
       $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/openvpn $(1)/usr/sbin/
       $(INSTALL_DIR) $(1)/etc/init.d/
       $(INSTALL_BIN) files/openvpn.init $(1)/etc/init.d/openvpn
       $(INSTALL_DIR) $(1)/etc/config
       $(INSTALL_CONF) files/openvpn.config $(1)/etc/config/openvpn
       $(INSTALL_DIR) $(1)/etc/openvpn

endef

$(eval $(call BuildPackage,openvpn_devel))


</pre></blockquote>

<li> go back to the top level directory and run the config scripts: <blockquote> backfire/package/openvpn_devel$ cd ../..<br> backfire$ make defconfig<br> backfire$ make menuconfig<br> </blockquote>

<ol> <li>in the "Target System" menu, select the correct OpenWRT version for your hardware (check the openwrt.net pages for your router type, one example would be "TP-Link TL1043ND -> ar71xx -> Atheros AR71xx/AR7240/AR913x"). Since we do not want to build a bootable OpenWRT itself, just an OpenVPN package, it's not important to get this 100% right - having the right CPU version (ar71xx in this example) is what counts. The output of "opkg install $somepackage" on your OpenWRT installation will tell you the architecture type, in the .ipk file name. <li>go to "Network" -> "VPN" and check <M> "openvpn-devel" (pre-requisites like lzo and zlib will be autoselected) <li>then "exit" -> "exit" -> "exit" -> "save config -> yes" </ol><p>

<li>run "make" and wait... - this will take a long time, building the C compiler (for cross-building to MIPS cpu) and the target system's C library etc. first.

<blockquote> backfire$ make<br>

make[1] world<br>
make[2] target/compile<br>
make[3] -C target/linux compile<br>

...<br>

make[3] -C package/zlib compile<br>
make[3] -C package/openssl compile<br>
make[3] -C package/iproute2 compile<br>
make[3] -C package/iptables compile<br>
make[3] -C package/firewall compile<br>
make[3] -C package/hostapd compile<br>
make[3] -C package/kernel compile<br>
make[3] -C package/mtd compile<br>
make[3] -C package/openvpn_devel compile   <<<<< :-)<br> 
make[3] -C package/opkg compile<br>

...<br>

make[3] package/preconfig<br>
make[2] target/install<br>
make[3] -C target/linux install<br>
make[2] package/index<br>

backfire$ <br> </blockquote>

<li> now you have an openvpn_devel package in ./bin/ar71xx/packages/

<blockquote> backfire$ ls -l bin/ar71xx/packages/<br> ...<br> -rw-r--r-- 1 gert users 182075 27. Jun 16:03 openvpn_devel_201026-1_ar71xx.ipk<br> ...<br> </blockquote>

</ol><p>

Installing the package

Login to your OpenWRT router, ftp/wget the package to /tmp, and run "opkg install":

<blockquote> root@openwrt:/tmp# opkg update<br>root@OpenWrt:/tmp# opkg update Downloading http://downloads.openwrt.org/backfire/10.03/ar71xx/packages/Packages.gz.<br> Inflating http://downloads.openwrt.org/backfire/10.03/ar71xx/packages/Packages.gz.<br> Updated list of available packages in /var/opkg-lists/packages.<br> root@openwrt:/tmp# wget http:<myserver>/openvpn_devel_201026-1_ar71xx.ipk<br> ...<br> root@openwrt:/tmp$ opkg install openvpn*ipk<br> Installing openvpn_devel (201026-1) to root...<br> Installing kmod-tun (2.6.32.10-1) to root...<br> Downloading http://downloads.openwrt.org/backfire/10.03/ar71xx/packages/kmod-tun_2.6.32.10-1_ar71xx.ipk.<br> Installing kmod-ipv6 (2.6.32.10-1) to root...<br> Downloading http://downloads.openwrt.org/backfire/10.03/ar71xx/packages/kmod-ipv6_2.6.32.10-1_ar71xx.ipk.<br> Installing libopenssl (0.9.8m-3) to root...<br> Downloading http://downloads.openwrt.org/backfire/10.03/ar71xx/packages/libopenssl_0.9.8m-3_ar71xx.ipk.<br> Installing zlib (1.2.3-5) to root...<br> Downloading http://downloads.openwrt.org/backfire/10.03/ar71xx/packages/zlib_1.2.3-5_ar71xx.ipk.<br> Installing liblzo (2.03-3) to root...<br> Downloading http://downloads.openwrt.org/backfire/10.03/ar71xx/packages/liblzo_2.03-3_ar71xx.ipk.<br> Installing ip (2.6.29-1-2) to root...<br> Downloading http://downloads.openwrt.org/backfire/10.03/ar71xx/packages/ip_2.6.29-1-2_ar71xx.ipk.<br> Configuring ip.<br> Configuring kmod-tun.<br> Configuring kmod-ipv6.<br> Configuring zlib.<br> Configuring libopenssl.<br> Configuring liblzo.<br> Configuring openvpn_devel.<br> root@OpenWrt:/tmp# openvpn |head -2<br> OpenVPN testing-f0b02a9dfab6 mips-openwrt-linux [SSL] [LZO2] [MH] [PF_INET6] [IPv6 payload 20100307-1] built on Jun 27 2010<br> <br> root@OpenWrt:/tmp# </blockquote>