100 replies to this topic

[PaphosAL]

Satsearching did a maxvar build with tun support in kernel (and the bootlogo in there) and yes, it fits nicely, Pieter.

ok, I've added it Cool, thanks!

I didn't suggest removing the pretty boot logo from the image. But you might want to think about relocating it from the kernel to somewhere like /bin or /sbin in squashfs?

I assume (dont have a cdk box, never had one) that the reason why the bootlogo is in the kernel partition, must be that the bootloader has cramfs support, but no squashfs support.

Nah, it has nothing to do with the bootloader, Pieter. In OpenPLi, we have this little snippet near the top of /etc/init.d/rcS

mount -t cramfs /dev/mtdblock/6 /root
/bin/showlogo /root/root/platform/kernel/bild
umount /root

But a squashfs modder can easily pop his own boot logo into /bin or /sbin (or even on a mounted drive, like I do) and simply change that part of rcS to read:

/bin/showlogo /bin/bild

for example. Or maybe /bin/showlogo /var/bin/bild to make it easier to play with different boot logos. (Possibly more fun than watching the drivel they serve up on television)

Cheers- AL

[pieterg]

I mean before linux is running.
I assume the bootloader is displaying the bootlogo, before it loads/jumps to the kernel.
If not, I guess that's broken somehow. (I cannot imagine that an mvi is explicitly stored in the kernel cramfs, just for fun... But then again, many more strange constructions exist in 'the cdk'...)

[PaphosAL]

I've downloaded and flashed today's OpenPli Maxvar nightly build. dev/net/tun (0 bytes) now exists!! The cramfs kernel OS remains at 988,704 bytes, so hasn't been affected at all by the addition of tun support. The enigma binary has possibly grown by 768 bytes only.

My OpenVPN.tar.gz package installed itself perfectly via the blue button Manual Installer menu. Space in /var was 1,700kb after the install, so the package occupies just over 600kb, as predicted.

And following a reboot, OpenVPN is a running process, with a log in /var/etc/openvpn reporting "listening for incoming TCP connection"!! The yellow button VPN plugin GUI works fine, but opens with an error box. That's because I forgot to include a psuedo file in /var/etc - doh... This is attached.

So Gentlemen, we finally now have OpenVPN established as a viable add-on package for DM500 OpenPLi Maxvar. Enjoy!

Cheers- AL

Attached Files

•  smartcam.rar   311bytes   119 downloads

[hus52]

[PaphosAL]

IMPORTANT!!

Before installing the OpenVPN package, do please check to see if you are already using a /var/etc/init file!

If you are, then make a back-up of this to pc, as it will get overwritten by my new init file. After vpn installation, you can then edit my init by adding whatever was in your original init.

Cheers- AL

[PaphosAL]

Credits

Let's show credit where it's due, eh? Satsearching of UkCvs.org (Boz here on PLi) for discovering how to activate tun support in the PLi maxvar kernel. Also for creating a tuxbox OpenVPN build that gave us optimized ripped file sizes as follows (DS2 stats in brackets):

libcrypto.so.0.9.7 - 807kb (1.04MB)
libssl.so.0.9.7 - 139kb (191kb)
openvpn - 343kb (505kb)

Lincsat of UkCvs.org (and here) for patiently testing what must have been 30 attempts at getting OpenVPN to work in PLi (and above all, ssl handshake to a remote server).

And I suppose I can add myself, for eventually sussing that the tun.ko driver in DS2 was a non-functional red herring, LOL! For me, this has been a baptism of fire on DM500, and a great learning curve, proving that you CAN teach an old dog new tricks!

Cheers- AL

[malakudi]

Is it possible to build the openvpn binary with compression support? It would also require liblzo.so

[PaphosAL]

Is it possible to build the openvpn binary with compression support? It would also require liblzo.so

Are you talking E1 DM500 squashfs here, malakudi, or a different box altogether? As here, we run the 343kb tuxbox openvpn binary from /sbin in squashed root in OpenPli maxvar no problem. And things don't get much more compressed than that, do they?

Cheers- AL (PLi Rookie)

[malakudi]

Is it possible to build the openvpn binary with compression support? It would also require liblzo.so

Are you talking E1 DM500 squashfs here, malakudi, or a different box altogether? As here, we run the 343kb tuxbox openvpn binary from /sbin in squashed root in OpenPli maxvar no problem. And things don't get much more compressed than that, do they?

Cheers- AL (PLi Rookie)

I am talking about openvpn socket compression support (option comp-lzo in openvpn config files).

Sifteam 1.94c already support this in their maxvar image, but it would be great to have this in OpenPLI too

[nfnovice]

Well done PaphosAL
Well done to the guys from UkCvs.org
and well done to Pli team for their parts of the puzzle - and the table to build the puzzle on

[PaphosAL]

Thank you, nfnovice- you've made our day!

@DM600 OpenPLi > OpenVPN users:

I understand OpenVPN works fine for you, but that it's all 'manually-controlled' via telnet? If this is the case, perhaps one of you guys can try ripping the relevant bits out of my tarball, and try the auto-starting routine, and maybe the pretty OpenVPN Plugin GUI? (Credits to Nabilo for the latter, incidentally. Shere and share alike)

I don't know why Lincsat hasn't thought of trying this, as he's a DM600 OpenVPN user...

Cheers- AL

[fantomduck]

hi all,

i have downloaded the openpli 1.0.158 and installed the openVPN as per your instructions. I try to start the service and i get a strange error. Could you please help me on this?

Here is the log:

Sat Oct 2 09:27:25 2010 OpenVPN 2.0.5 powerpc-unknown-linux [SSL] [EPOLL] built on Nov 26 2005
Sat Oct 2 09:27:25 2010 Diffie-Hellman initialized with 1024 bit key
Sat Oct 2 09:27:25 2010 WARNING: file '/var/etc/openvpn/keys/server.key' is group or others accessible
Sat Oct 2 09:27:25 2010 TLS-Auth MTU parms [ L:1543 D:140 EF:40 EB:0 ET:0 EL:0 ]
Sat Oct 2 09:27:25 2010 TUN/TAP device tun0 opened
Sat Oct 2 09:27:25 2010 /sbin/ifconfig tun0 10.8.0.1 pointopoint 10.8.0.2 mtu 1500
Sat Oct 2 09:27:25 2010 /sbin/route add -net 10.8.0.0 netmask 255.255.255.0 gw 10.8.0.2
Sat Oct 2 09:27:25 2010 /sbin/route add -net 10.8.0.0 netmask 255.255.255.0 gw 10.8.0.2
route: SIOC[ADD|DEL]RT: File exists
Sat Oct 2 09:27:25 2010 ERROR: Linux route add command failed: shell command exited with error status: 1
Sat Oct 2 09:27:25 2010 Data Channel MTU parms [ L:1543 D:1450 EF:43 EB:4 ET:0 EL:0 ]
Sat Oct 2 09:27:25 2010 Listening for incoming TCP connection on [undef]:1194
Sat Oct 2 09:27:25 2010 TCPv4_SERVER link local (bound): [undef]:1194
Sat Oct 2 09:27:25 2010 TCPv4_SERVER link remote: [undef]
Sat Oct 2 09:27:25 2010 MULTI: multi_init called, r=256 v=256
Sat Oct 2 09:27:25 2010 IFCONFIG POOL: base=10.8.0.4 size=62
[highlight=#ff0000]/var/sbin/openvpn: relocation error: /var/sbin/openvpn: symbol epoll_create, version GLIBC_2.3.2 not defined in file libc.so.6 with link time reference[/highlight]

[malakudi]

When I run the Openvpn tuxbox plugin (openvpn.so), I get the message "Sorry, but I'm having a bad day. Please check I am installed correctly.". After that it works correctly (it monitors the status correctly and can start/stop the openvpn daemon). Can I get rid of this message?

[malakudi]

Answering my own question:

In order to avoid the above mentioned message, just create an empty file in /var/etc , named smartcam.config

[fantomduck]

hi,

with this configuration the server works:

# openvpn config for server p2p
# serverp2p.conf
port 1194
proto tcp-server
ifconfig 10.8.55.1 10.8.55.2
verb 5
dev tun
secret /var/etc/openvpn/keys/static.key
log  /var/etc/openvpn/openvpn.log

the problem comes when i enable the "server 10.8.0.0 ......" line

the configuration above is a secure one? i would like to use the ca cert files since they are secure but if i face this error maybe i could you the simple static.key file.

E.D

E.D

edit: please use codetags [#]

[PaphosAL]

Answering my own question:

In order to avoid the above mentioned message, just create an empty file in /var/etc , named smartcam.config

You have just re-invented the wheel, LOL! See my post above- 29-09-2010 10:15 - where I provided this solution...

Cheers- AL

[malakudi]

Answering my own question:

In order to avoid the above mentioned message, just create an empty file in /var/etc , named smartcam.config

You have just re-invented the wheel, LOL! See my post above- 29-09-2010 10:15 - where I provided this solution...

Cheers- AL

Indeed! Didn't realize you were mentioning the same problem.

tun supports works great. I use the openvpn binary package from sifteam that also implements comp-lzo (this increases the space usage a bit).

Is there an easy "step-by-step" howto to build my own squashfs image to include openvpn libraries and binaries inside? (better compression than when installed in jffs partition)

[PaphosAL]

Answering my own question:

In order to avoid the above mentioned message, just create an empty file in /var/etc , named smartcam.config

You have just re-invented the wheel, LOL! See my post above- 29-09-2010 10:15 - where I provided this solution...

Cheers- AL

Indeed! Didn't realize you were mentioning the same problem.

tun supports works great. I use the openvpn binary package from sifteam that also implements comp-lzo (this increases the space usage a bit).

Is there an easy "step-by-step" howto to build my own squashfs image to include openvpn libraries and binaries inside? (better compression than when installed in jffs partition)

In a nutshell, no my friend. And don't bother, because it won't work in any case. This is why we had to resort to using the tuxbox svn to compile the SSL and OpenVPN libs and binaries, then rip these for use in PLi. I'll do my best to explain...

The source code for OpenPLi is kind of based on a 'completed' image. Many of the source library files have already been stripped. In the case of SSL, the lib files are over-stripped, and seriously lacking stuff needed for OpenVPN to function properly.

The only people who can resolve this problem are the PLi crew, I'm afraid. By replacing their stripped libs with the proper 'full-fat' versions. Compare the screenshots, and you'll see what I mean. When the proper source libs are used, the build process then strips the binaries and libs properly, ready for the compile.

But as things stand, the source code for OpenPLi leaves very little room for third part development and enhancements because of this inherent problem...

Cheers- AL

Attached Files

•  pliscreen.jpg   46.79KB   51 downloads
•  tuxscreen.jpg   42.68KB   42 downloads

[hus52]

hey guys, finally got a decent openvpn setup which works on my pc, so now need to put it on my dm500 instead.
ive been given an client.ovpn file. does this just go in var/etc/openvpn?
thanks

[hus52]

ok scratch my last comment, figured it out, as then bummed out when realised my openvpn has to have lzo support, so im stuck again