Author Topic: Openvpn 2.0 (Read 5912 times)

doppiaemme · « **on:** July 04, 2005, 12:34:14 pm »

Hi!
I didn't find Openvpn in the stable and unstable feed, so I compiled it.
This is my first ipkg so it is really unstable and please, be tolerant
I tried it on my SL-6000 and it seems to work.

First I've to compile with the --disable-lzo in configure,
because can't find compression library. Any suggestion?

After installed,

# modprobe tun

the following dev and symlink are created

# ls -al /dev/net/tun*
lr-xr-xr-x 1 root root 12 Jul 4 17:57 /dev/net/tun -> misc/net/tun

I don't know if it's a bug, but openvpn didn't work, so I modified:
# ln -s /dev/misc/net/tun /dev/net/tun

Now:
# ls -al /dev/net/tun*
lr-xr-xr-x 1 root root 17 Jul 4 18:08 /dev/net/tun -> /dev/misc/net/tun

and it's ok.

I put conf files in /etc/openvpn and start with /etc/rc.d/init.d/openvpn start.

I make some tests....

tun0 Link encap:Point-to-Point Protocol
inet addr:10.8.0.4 P-t-P:10.8.0.3 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:30 errors:0 dropped:0 overruns:0 frame:0
TX packets:40 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:4097 (4.0 Kb) TX bytes:4216 (4.1 Kb)

# ping 10.8.0.3
PING 10.8.0.3 (10.8.0.3): 56 octets data
64 octets from 10.8.0.3: icmp_seq=0 ttl=64 time=9.6 ms
64 octets from 10.8.0.3: icmp_seq=1 ttl=64 time=9.1 ms
....

Max

fbdelivers · « **Reply #1 on:** July 06, 2005, 11:36:47 am »

Sweet - thanks for the package. I installed it last night and could get connected with no problems. The only problem is my routes don't seem to be working like they should. I can not ping my P-T-P.

It could be something wrong with another thin, and I have only tried UDP traffic instead of TCP. I'll keep messing with things today and see if I can get any further. If you can think of anything off hand that I might be missing let me know.

I'm using a 6000 BTW.

doppiaemme · « **Reply #2 on:** July 06, 2005, 03:54:28 pm »

Quote

Sweet - thanks for the package. I installed it last night and could get connected with no problems. The only problem is my routes don't seem to be working like they should. I can not ping my P-T-P.

Uhm... Have you looked at /var/log/messages ?? And route -n ?

I'm using a very simple configuration:

on the client:
#/etc/openvpn/vpn.conf

remote my.remote.server 65024
proto udp
dev tun
ifconfig 10.8.0.4 10.8.0.3
secret /etc/openvpn/mykey.key
#comp-lzo Should be fixed with the lzo library enabled!!!
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
user nobody
group nobody
daemon

on the server:
#/etc/openvpn/vpn.conf

dev tun
daemon
port 65024
proto udp
ifconfig 10.8.0.3 10.8.0.4
secret mykey.key
#comp-lzo
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
user nobody
group nogroup #check the correct group name!

fbdelivers · « **Reply #3 on:** July 06, 2005, 07:29:44 pm »

My routes look just fine with gateways and subnets. I'm wondering if it's an lzo thing though like you stated in your first post.

If I do a tcpdump -i tun0 I get the following when I ping from the Openvpn server itself:

IP15 bad-len 0
IP15 bad-len 0
IP15 bad-len 0
IP15 bad-len 0
.
.
.
IP15 bad-len 0

I'm going to disable lzo on the server and see if that is what's causing my problem next.

doppiaemme · « **Reply #4 on:** July 07, 2005, 06:29:32 am »

Quote

I'm going to disable lzo on the server and see if that is what's causing my problem next.
[div align=\"right\"][a href=\"index.php?act=findpost&pid=87323\"][{POST_SNAPBACK}][/a][/div]

I think lzo on server must be disabled! I had to compile without the lzo support and when I tried to connect it didn't work until i disabled comp-lzo on both sides. But this was pointed out by openvpn log!
I'll try to add the lzo library support recompiling the package...

juzam · « **Reply #5 on:** July 07, 2005, 06:44:32 am »

Quote

Quote

I'm going to disable lzo on the server and see if that is what's causing my problem next.
[div align=\"right\"][a href=\"index.php?act=findpost&pid=87323\"][{POST_SNAPBACK}][/a][/div]

I think lzo on server must be disabled! I had to compile without the lzo support and when I tried to connect it didn't work until i disabled comp-lzo on both sides. But this was pointed out by openvpn log!
I'll try to add the lzo library support recompiling the package...
[div align=\"right\"][a href=\"index.php?act=findpost&pid=87374\"][{POST_SNAPBACK}][/a][/div]

I look forward to having openvpn 2.0 with lzo support.. my c1000 is on its way...

thanks a lot!

Juz

fbdelivers · « **Reply #6 on:** July 07, 2005, 12:31:18 pm »

Yeah, it's LZO that causes the problem on the server side. Problem is I have to keep that on there since I have 30-40 others connecting to it throughout the day.

Other then that it looks really close and thanks for all the work.

olaf · « **Reply #7 on:** July 08, 2005, 04:55:34 pm »

Hi,

sorry for the late reply, but I currently have very little spare time for my Zaurus .

As to OpenVPN:
for LZO you need the LZO library and headers. The source can be found at http://www.oberhumer.com/opensource/lzo. It compiles fine under pdaxrom.
I hope the upload of my ipkgs of LZO (libraries only) and OpenVPN 2.0 with LZO (only the binary) works.

To get OpenVPN to run on my C-860 I had to do the following:

Add the following lines to /etc/devfsd.conf
# Create correct /dev/net/tun symlink
REGISTER ^misc/net/tun$ CFUNCTION GLOBAL unlink net/tun
REGISTER ^misc/net/tun$ CFUNCTION GLOBAL symlink /dev/$devname net/tun
UNREGISTER ^misc/net/tun$ CFUNCTION GLOBAL unlink net/tun

Add the following lines to /etc/modules.conf:
# tap device configuration
alias char-major-10-200 tun
alias tap0 tun
alias tap1 tun
alias tap2 tun
alias tap3 tun
alias tap4 tun
alias tap5 tun
alias tap6 tun
alias tap7 tun
alias tap8 tun
alias tap9 tun
alias tap10 tun
alias tap11 tun
alias tap12 tun
alias tap13 tun
alias tap14 tun
alias tap15 tun

Have fun ;-)

openvpn_2.0_armv5tel.ipk

[ Invalid Attachment ]

doppiaemme · « **Reply #8 on:** July 10, 2005, 07:13:55 am »

Thanks Olaf!

it works fine! I took your openvpn package and added the init.d script and the /etc/openvpn dir.

Now it seems complete, waiting for other feedback...

olaf · « **Reply #9 on:** July 10, 2005, 03:18:48 pm »

Quote

Thanks Olaf!

It's nice to hear that it works !

it works fine! I took your openvpn package and added the init.d script and the /etc/openvpn dir.

That was a good idea !
I don't use the init script as I start openvpn on my Zaurus and my notebook using a dhcpd-hook script that configures my systems defending on the location thay are at.
And my openvnd dir is not for the faint of heart either

Now it seems complete, waiting for other feedback...
[div align=\"right\"][a href=\"index.php?act=findpost&pid=87732\"][{POST_SNAPBACK}][/a][/div]

gen2 · « **Reply #10 on:** July 29, 2005, 07:22:15 pm »

Quote

Now it seems complete, waiting for other feedback...
[div align=\"right\"][a href=\"index.php?act=findpost&pid=87732\"][{POST_SNAPBACK}][/a][/div]

Super fine.
Been waitin long time for the right wifi security solution, this is it folks! Easy too!

Processing overhead is minimal, connection rock solid, works on pdaxrom, os x, linux, obsd...ovpn rules. Wake z, vpn auto-nogotiates, it's surf-ready immediately without any intervention. Good stuff.

thanks fo the pkg

News:

Author Topic: Openvpn 2.0 (Read 5912 times)