OpenVPN-devel package for OpenVPN
Note: this page has moved to the OpenVPN.Net wiki, it is now maintained here
OpenWRT is a very small Linux distribution for routers, initially the Cisco/Linksys "WRT 54 GL", thus the name.
OpenWRT comes with an OpenVPN package based on the mainstream 2.1 release (as of 2010/06/27).
If you want IPv6 support or any of the other features in the development tree, you have to build your own package, based on the openvpn-devel sources. Given that OpenWRT packages are not for standard i386/amd64 CPUs but usually some sort of MIPS system, you need a cross-compilation environment and special tools - but that's all already provided by the OpenWRT folks, so you just need to add a few bits to add your own package.
how to build
- get the OpenWRT source tree from OpenWRT SVN (do this on a Linux system, as a normal user, no root permissions needed) - this is for OpenWRT 10.03 ("backfire"), adapt for other branches as needed:
- get the OpenWRT package tree from SVN and "install" (put all the symlinks where they are needed):
./scripts/feeds install -a
- now add a directory for "openvpn-devel" (the package tree has "openvpn" already), and copy a few files from the existing openvpn package (we're lazy):
backfire$ cd package
backfire/package$ mkdir openvpn_devel
backfire/package$ cd openvpn_devel
backfire/package/openvpn_devel$ cp -r ../feeds/packages/openvpn/files .
(you could pick any name you want for the package directory, but it's useful to be consistent with the definitions in the Makefile itself)
- copy-paste the following text to a file named "Makefile" in this directory:
# # Makefile for openvpn-devel package for OpenWRT # include $(TOPDIR)/rules.mk PKG_NAME:=openvpn_devel # this is "2010, week 26" PKG_VERSION:=201026 # BUILD_DIR has to accomodate path naming of source tarball PKG_BUILD_DIR:=$(BUILD_DIR)/openvpn-devel PKG_RELEASE:=1 PKG_SOURCE:=openvpn-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=ftp://ftp.secure-computing.net/pub/FreeBSD/ports/openvpRCE") # MD5 check disabled for now - but if you want to be sure that you have the right # package, calculate MD5 sum with "md5sum openvpn-201026.tar.gz" and add here # PKG_MD5SUM:=424e7ae5de6430374e97c9e458ee45d5 PKG_INSTALL:=1 include $(INCLUDE_DIR)/package.mk define Package/openvpn_devel SECTION:=net CATEGORY:=Network DEPENDS:=+kmod-tun +kmod-ipv6 +libopenssl +liblzo +ip TITLE:=Open source VPN solution using SSL - DEVEL VERSION URL:=http://openvpn.net SUBMENU:=VPN endef define Package/openvpn_devel/conffiles /etc/config/openvpn endef define Package/openvpn_devel/description Open source VPN solution using SSL - DEVEL VERSION, Week $(PKG_VERSION) endef define Build/Configure $(call Build/Configure/Default, \ --disable-pthread \ --disable-debug \ --disable-plugins \ --enable-management \ --disable-socks \ --enable-password-save \ --enable-iproute2 \ --with-iproute-path=/usr/sbin/ip \ ,\ ac_cv_func_epoll_create=no \ ) endef define Package/openvpn_devel/install $(INSTALL_DIR) $(1)/usr/sbin $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/openvpn $(1)/usr/sbin/ $(INSTALL_DIR) $(1)/etc/init.d/ $(INSTALL_BIN) files/openvpn.init $(1)/etc/init.d/openvpn $(INSTALL_DIR) $(1)/etc/config $(INSTALL_CONF) files/openvpn.config $(1)/etc/config/openvpn $(INSTALL_DIR) $(1)/etc/openvpn endef $(eval $(call BuildPackage,openvpn_devel))
- go back to the top level directory and run the config scripts:
backfire/package/openvpn_devel$ cd ../..
backfire$ make defconfig
backfire$ make menuconfig
- in the "Target System" menu, select the correct OpenWRT version for your hardware (check the openwrt.net pages for your router type, one example would be "TP-Link TL1043ND -> ar71xx -> Atheros AR71xx/AR7240/AR913x"). Since we do not want to build a bootable OpenWRT itself, just an OpenVPN package, it's not important to get this 100% right - having the right CPU version (ar71xx in this example) is what counts. The output of "opkg install $somepackage" on your OpenWRT installation will tell you the architecture type, in the .ipk file name.
- go to "Network" -> "VPN" and check <M> "openvpn-devel" (pre-requisites like lzo and zlib will be autoselected)
- then "exit" -> "exit" -> "exit" -> "save config -> yes"
- run "make" and wait... - this will take a long time, building the C compiler (for cross-building to MIPS cpu) and the target system's C library etc. first.
make -C target/linux compile
make -C package/zlib compile
make -C package/openssl compile
make -C package/iproute2 compile
make -C package/iptables compile
make -C package/firewall compile
make -C package/hostapd compile
make -C package/kernel compile
make -C package/mtd compile
make -C package/openvpn_devel compile <<<<< :-)
make -C package/opkg compile
make -C target/linux install
- now you have an openvpn_devel package in ./bin/ar71xx/packages/
backfire$ ls -l bin/ar71xx/packages/
-rw-r--r-- 1 gert users 182075 27. Jun 16:03 openvpn_devel_201026-1_ar71xx.ipk
Installing the package
Login to your OpenWRT router, ftp/wget the package to /tmp, and run "opkg install":
root@openwrt:/tmp# opkg update
root@OpenWrt:/tmp# opkg update Downloading http://downloads.openwrt.org/backfire/10.03/ar71xx/packages/Packages.gz.
Updated list of available packages in /var/opkg-lists/packages.
root@openwrt:/tmp# wget http:<myserver>/openvpn_devel_201026-1_ar71xx.ipk
root@openwrt:/tmp$ opkg install openvpn*ipk
Installing openvpn_devel (201026-1) to root...
Installing kmod-tun (126.96.36.199-1) to root...
Installing kmod-ipv6 (188.8.131.52-1) to root...
Installing libopenssl (0.9.8m-3) to root...
Installing zlib (1.2.3-5) to root...
Installing liblzo (2.03-3) to root...
Installing ip (2.6.29-1-2) to root...
root@OpenWrt:/tmp# openvpn |head -2
OpenVPN testing-f0b02a9dfab6 mips-openwrt-linux [SSL] [LZO2] [MH] [PF_INET6] [IPv6 payload 20100307-1] built on Jun 27 2010