Let's bring up this question again. Is it possible to create a VPN solution in the router. It looks like there are several PPTP solutions available for Linux but I'm not sure if it will fit in.

As far as I could see this is not in the latest custom from Oleg. I'm running SSH with tunneling now but I would like to try a full blown connection.

Regards,
Feico.

Let's bring up this question again. Is it possible to create a VPN solution in the router. It looks like there are several PPTP solutions available for Linux but I'm not sure if it will fit in.

As far as I could see this is not in the latest custom from Oleg. I'm running SSH with tunneling now but I would like to try a full blown connection.


It is definitely possible. It's not difficult to compile to poptop server and add it to the custom firmware but the subsequent problem will be creating the web configuraiton on it. So it is not a matter of possible or not, it is a matter of who wants to tie the ring on the neck of the cat. :rolleyes:

Cheers

It is definitely possible. It's not difficult to compile to poptop server and add it to the custom firmware but the subsequent problem will be creating the web configuraiton on it. So it is not a matter of possible or not, it is a matter of who wants to tie the ring on the neck of the cat. :rolleyes:

Cheers

The SSH stuff has no web interface as well. Actually I don't mind that it would be command line stuff only. Save the real goodies for the experts. ;-)

Anyway, maybe it is time to install that tool chain to compile myself. To bad I don't have a Linux box available and VMware is $189.

no linux?
try knoppix -> www.knoppix.com
it's a live cd...no install needed
vmware-> you can get a 30d trial if you register

or try colinux, you can compile in your linux box while running windows.
And the best part... its free & no need to reboot, and in some cases faster than vmware

or try colinux, you can compile in your linux box while running windows.
And the best part... its free & no need to reboot, and in some cases faster than vmware
Thanks for the pointer. This coLinux thing seems to be very interesting and I will give it a try.

Thanks for the pointer. This coLinux thing seems to be very interesting and I will give it a try.

This thing actually seems to work. After installing with the Debian root package, a dist-upgrade and serveral extra packages, I finally got something compiling. Overall needing more than 2 GB of storage out of 4 GB allocated to get here.

However, the compile seems to break on something introduced in the 3c release. Is the patch incorrect or do I need to add the 7zip stuff manually? Af far as I could see I followed all steps needed to get to this point. The referenced directory is not on my system.

I used:
GPL_1927.zip
wl500g-1.9.2.7-3c.tar.gz

Error:
make -C /asus/broadcom/src/lzma/SRC/7zip/Compress/LZMA_Lib/
make: *** /asus/broadcom/src/lzma/SRC/7zip/Compress/LZMA_Lib/: No such file or directory. Stop.
make: *** [package-WL500g] Error 2

I used:
GPL_1927.zip
wl500g-1.9.2.7-3c.tar.gz

Error:
make -C /asus/broadcom/src/lzma/SRC/7zip/Compress/LZMA_Lib/
make: *** /asus/broadcom/src/lzma/SRC/7zip/Compress/LZMA_Lib/: No such file or directory. Stop.
make: *** [package-WL500g] Error 2

You need to do a make lzma or something from the patch folder.

Cheers

You need to do a make lzma or something from the patch folder.

Cheers

Ok, unzip is missing, guess that needs another package. ;-)

Thanks.

I've got a VPN running :)
I'm using the CIPE protocol for it, and I'm finishing off some things and cleaning up the code and I'll upload things in a couple of days.

Ok, unzip is missing, guess that needs another package. ;-)

Thanks.

And the last package to install was the zlib development one. After this the lzma stuff compiled and ... voila a *.trx file.

Now one thing, this file differs in size from Oleg's version. Is this normal because my development environment is different or is there a change I messed up somewhere.

I don't want to wreck my routed due to a bad firmware.

What is the trick to reconfigure, clean and compile everything again. Just a 'make clean' does not seem to be enough. Also I found a config file in the wl500* directory, but is this the right one to edit.

For a start I would like to add the st680 webcam driver (I happen to have one with that chipset).

Now one thing, this file differs in size from Oleg's version. Is this normal because my development environment is different or is there a change I messed up somewhere.

I don't want to wreck my routed due to a bad firmware.

I have the same concern as you are, and I asked the same question some time back, and there is no answer. Actually I tend to think now :-

1. Yes, there is indeed a difference. But I can't say if the difference is significant.

2. Even when the case of exact same source file, different compile will still produce different trx file (???) . There is no way to ensure two different compiles produces the same trx (???).

Changes in the file system are usually not so worrying because you could still use oleg's kernel and incorporate you own file system into it, say using the USB. But if you have to change the kernel, that's when I get most nervous about.

No solution so far.

Cheers

What is the trick to reconfigure, clean and compile everything again. Just a 'make clean' does not seem to be enough. Also I found a config file in the wl500* directory, but is this the right one to edit.

For a start I would like to add the st680 webcam driver (I happen to have one with that chipset).

This is what I do. I would go to /root/broadcom/src/linux/linux and do this :-

# cp .config oldconfig
# make mrproper
# cp oldconfig .config
# vi .config
# make dep

I am not sure if this is THE right way.

Cheers

This is what I do. I would go to /root/broadcom/src/linux/linux and do this :-

# cp .config oldconfig
# make mrproper
# cp oldconfig .config
# vi .config
# make dep

I am not sure if this is THE right way.


Missed one step, before make dep, I would do a make oldconfig.

Cheers

Missed one step, before make dep, I would do a make oldconfig.

Cheers

Ok, thanks a lot. I will give it a try when I have time. Up till now I reinstalled the whole source tree again and allthough it works, it is a bit to much.

Anyway, that way I already managed to compile the st680 module. When copied to the filesystem that now resides on a 64 MB usb memory stick now, the camera is at least recognized at kernel level. I can even get data from /dev/video.

This is great fun! Thanks Oleg for making this available.

Missed one step, before make dep, I would do a make oldconfig.

<plus other related post>

Cheers

After all I found that 'make menuconfig' works even better and is less prone to errors if you don't know what all the options mean. For those that don't have or want to use ncurses, 'make config' will do roughly the same.

After this, just 'make' and 'make install' in the 'gateway' directory and you are set. Doing a 'make menuconfig' in the 'gateway' directory will let you configurate both the router environment and the Linux kernel (two separate configs by the way).

Hi! I would use VPN on WL to. Can you send me bin?

Hi! I would use VPN on WL to. Can you send me bin?

I would if it was working. And despite the fact I got it working to the point it is actually accepting a connection and starting the PPP daemon, it thereafter fails with some GRE related messages. I didn't have time to go into details figuring out the problem yet. It seems that somewhere somehow a sort of handshaking (this is the level of detail I'm at now :( ) goes wrong.

In case you want to give it a try anyway, fetch the binary here.

http://www.deboer.demon.nl/pptpd-wl500g.zip

Thank you!

I would if it was working. And despite the fact I got it working to the point it is actually accepting a connection and starting the PPP daemon, it thereafter fails with some GRE related messages. I didn't have time to go into details figuring out the problem yet. It seems that somewhere somehow a sort of handshaking (this is the level of detail I'm at now :( ) goes wrong.

In case you want to give it a try anyway, fetch the binary here.

http://www.deboer.demon.nl/pptpd-wl500g.zip

Ok, these are the errors from the syslog. Can anybody give me a clue if I'm close or lost? As far as I can see I have all NAT GRE and connection tracking stuff applicable compiled into the kernel.

Mar 11 00:12:01 pptpd[227]: CTRL: Client 192.168.1.5 control connection started
Mar 11 00:12:01 pptpd[227]: CTRL: Starting call (launching pppd, opening GRE)
Mar 11 00:12:01 pppd[228]: pppd 2.4.2 started by admin, uid 0
Mar 11 00:12:01 pppd[228]: Using interface ppp0
Mar 11 00:12:01 pppd[228]: Connect: ppp0 <--> /dev/pts/2
Mar 11 00:12:01 kernel: ip_conntrack_pptp: error during exp_gre
Mar 11 00:12:02 kernel: ip_conntrack_pptp: error during exp_gre
Mar 11 00:12:04 kernel: ip_conntrack_pptp: error during exp_gre
Mar 11 00:12:07 kernel: ip_conntrack_pptp: error during exp_gre
Mar 11 00:12:14 kernel: ip_conntrack_pptp: error during exp_gre
Mar 11 00:12:27 kernel: ip_conntrack_pptp: error during exp_gre
Mar 11 00:12:31 pppd[228]: LCP: timeout sending Config-Requests
Mar 11 00:12:31 pppd[228]: Connection terminated.
Mar 11 00:12:31 pppd[228]: Exit.
Mar 11 00:12:31 pptpd[227]: GRE: read(fd=6,buffer=10000500,len=8196) from PTY failed: status = -1 error = Error 5, usually caused by unexpected termination of pppd, check option syntax and pppd logs
Mar 11 00:12:31 pptpd[227]: CTRL: PTY read or GRE write failed (pty,gre)=(6,8)
Mar 11 00:12:31 pptpd[227]: CTRL: Client 192.168.1.5 control connection finished

In order to get access to the router from the WAN, the post-firewall script needs the following addition:

# Allow access to PPTP server from WAN
iptables -A INPUT -p 47 -j ACCEPT
iptables -A INPUT -p tcp --syn --dport 1723 -j ACCEPT

This accepts GRE traffic and PPTP TCP traffic.

It does still not solve my other issue but allows me to connect from WAN to. Previous test were connecting from the LAN so I didn't notice this first.

It does still not solve my other issue but allows me to connect from WAN to. Previous test were connecting from the LAN so I didn't notice this first.

I am wondering how do u compile the pptp and how
to you set it up. Lots of things have been shown here,
but there is very little about how you actually set it up.
For example, how is your pptp configuration file look like.

Cheers

I am wondering how do u compile the pptp and how
to you set it up. Lots of things have been shown here,
but there is very little about how you actually set it up.
For example, how is your pptp configuration file look like.

Cheers

I'm actually using the compile time options because there is no pptpd.conf file. I modified the compile time options such that they correspond with the system settings. I don't have the stuff around right now but is there anything specific I should consider looking at.

Right now it is set up correctly to call the PPPD as is found in Oleg's 1.9.2.7-3c version firmware and the syslog shows it is actually doing that. Once it is there communication fails.

I'm actually using the compile time options because there is no pptpd.conf file. I modified the compile time options such that they correspond with the system settings. I don't have the stuff around right now but is there anything specific I should consider looking at.

Right now it is set up correctly to call the PPPD as is found in Oleg's 1.9.2.7-3c version firmware and the syslog shows it is actually doing that. Once it is there communication fails.

Interesting interesting but those options are what needed
to get it to work, without which we can only depends on the crystal balls.

Cheers

Interesting interesting but those options are what needed
to get it to work, without which we can only depends on the crystal balls.

Cheers

I think the following two files determine default settings:

config.embed.h:
#define HAVE_OPENPTY 1
#define STDC_HEADERS 1
#define HAVE_SETSID 1
#define HAVE_MEMMOVE 1
#define HAVE_STRING_H 1
#define HAVE_STRLCPY 1
#define PPP_BINARY "/usr/sbin/pppd"
#define BCRELAY_BIN "/usr/sbin/bcrelay"
#define SBINDIR "/usr/sbin"

defaults.h:
/*
* defaults.h
*
* This file contains some tuneable parameters, most of which can be overriden
* at run-time (note, MAX_CONNECTIONS can't!).
*
* $Id: defaults.h,v 1.6 2004/04/28 11:36:07 quozl Exp $
*/

#ifndef _PPTPD_DEFAULTS_H
#define _PPTPD_DEFAULTS_H

/* Definitions for true and false */

#ifndef FALSE
#define FALSE 0
#define TRUE !FALSE
#endif

/* String sizes for the config file */

#define MAX_CONFIG_FILENAME_SIZE 256
#define MAX_CONFIG_STRING_SIZE 512

/* For IP parser */

#define LOCAL 0
#define REMOTE 1

/* Default configuration values, mostly configurable */

#if !defined(PPPD_IP_ALLOC)
#define MAX_CONNECTIONS 16
#define DEFAULT_LOCAL_IP_LIST "192.168.2.1-127"
#define DEFAULT_REMOTE_IP_LIST "192.168.3.1-127"
#endif

#define MAX_CALLS_PER_TCP_LINK 128

#ifdef PNS_MODE
#define MAX_CALLS 60
#endif

#define PPP_SPEED_DEFAULT "115200"
#if EMBED
#define PPTPD_CONFIG_FILE_DEFAULT "/etc/config/pptpd.conf"
#else
#define PPTPD_CONFIG_FILE_DEFAULT "/etc/pptpd.conf"
#endif
#define PIDFILE_DEFAULT "/var/run/pptpd.pid"

#define STIMEOUT_DEFAULT 10 /* seconds */

/* Location of binaries */

#define PPTP_CTRL_BIN SBINDIR "/pptpctrl"
#define PPTPD_BIN SBINDIR "/pptpd"
#ifndef BCRELAY_BIN
#define BCRELAY_BIN SBINDIR "/bcrelay"
#endif

/* Parameters permitted in the config file */

#define SPEED_KEYWORD "speed"
#define PPPD_OPTION_KEYWORD "option"
#define DEBUG_KEYWORD "debug"
#ifdef BCRELAY
#define BCRELAY_KEYWORD "bcrelay"
#endif
#define LOCALIP_KEYWORD "localip"
#define REMOTEIP_KEYWORD "remoteip"
#define LISTEN_KEYWORD "listen"
#define PIDFILE_KEYWORD "pidfile"
#define STIMEOUT_KEYWORD "stimeout"
#define NOIPPARAM_KEYWORD "noipparam"
#define PPP_BINARY_KEYWORD "ppp"
#define LOGWTMP_KEYWORD "logwtmp"

#endif /* !_PPTPD_DEFAULTS_H */

I think the following two files determine default settings:


Among other things, I think the following are missing :-

1. pptpctrl - where is this program ?
2. authentication - the server is not going to allow every tom dick or harry to connect to, so where is the authentication part ?
3. mppe settings - there are quite a few mppe settings needed.

You may not agree with me, I would think you might want to you use a working configuration file as a starting point.

Cheers.

Among other things, I think the following are missing :-

1. pptpctrl - where is this program ?
2. authentication - the server is not going to allow every tom dick or harry to connect to, so where is the authentication part ?
3. mppe settings - there are quite a few mppe settings needed.

You may not agree with me, I would think you might want to you use a working configuration file as a starting point.

Cheers.
Where can I get pptpctrl compiled for MIPS cpu?
We have no compiler in wl-500gx... (also we haven't a normal tar)
I need to run VPN server on wl500g in some days. Please, help.
I heard some people done it successful.. my mail: stepdi(woof)mail(dot)ru

Sorry for pour english..

sorry for my english...

I installed poptop (ipkg install poptop), set it up..
I can connect to pptp from lan, but can't connect from WAN.

I entered some commands (iptables)..
# Allow access to PPTP server from WAN
iptables -A INPUT -p 47 -j ACCEPT
iptables -A INPUT -p tcp --syn --dport 1723 -j ACCEPT

But I also can't connect from WAN. There is no info about connection in the syslog.

PLease help! I need working PPTP server in few days

The problem is, that the last rule in the firewall chains is a "DROP" and appending a rule with "-A" after that dosn't help. Try

iptables -I INPUT -p 47 -j ACCEPT
iptables -I INPUT -p tcp --syn --dport 1723 -j ACCEPT

instead, to insert the rule. I would suggest to change the policy to "DROP" rather having a rule at the end of the chain.

Darkstar.

I set up the poptop-ipkg-package successfully. It is possible to dial in from WAN and LAN side.
There is a little problem with dial in from a WinXP clients, they must repeat the dial-in
process two or three times until they get a IP. Does anybody has the same problem?
But it's not as bad as that.

The real problem is another. If the Client dials in successfully he gets a valid IP-address.
The Client can connect to the webinterface from the wl500g as well, but not to the dropbear or telnet server.

It is 'only' a iptables problem, I think.
Does anybody know which rule I must setup?

Some infos about my net:

192.168.200.0 / 24 --> LAN
192.168.200.1 / 24 --> wl500g

192.168.201.0 / 24 --> pptp dial-in-net
192.168.201.1 / 24 --> pptp-server
192.168.201.2-3 / 24 --> pptp-clients

(sorry for my english)

Kind regards,

mmX