OpenVPN

[gwl]

I tried to install openvpn, but got this error:

[admin@wl500g root]$ ipkg install openvpn
Installing openvpn (2.0.2-1) to root...
Downloading http://ipkg.nslu2-linux.org/feeds/un...2-1_mipsel.ipk
Nothing to be done
An error ocurred, return value: 1.
Collected errors:
ERROR: Cannot satisfy the following dependencies for openvpn:
kernel-module-tun

...
I had previously done:
mkdir -p /dev/net
mknod /dev/net/tun c 10 200
insmod tun.o

so, the kernel module was active...

Can I force the install with :
ipkg install -nodeps openvpn

will it work?

thanks,

[suitrevor]

I think you can try
#ipkg install -force-depends openvpn

and try to follow steps at this thread
http://wl500g.info/showthread.php?t=...hlight=openvpn

that work for me

P.S And pls make sure to use the correct path for the tun.o driver.

[gwl]

I installed it with --nodeps, and it seems to work.
I can use open vpn in my laptop (client), and ping the router(Server), in a secure channel, but I can't use the router as client to link to a server in the internet.... I think it's the firewall beween my wl500g and the internet....

[suitrevor]

Do you mean to using the wl500g as a openvpn client and connect to another openvpn server? I just don't understand. Can you ping the vpn server(the internet one) in tun0. Can you pls describe the situation more precisely. Thank you.

[gwl]

test 1:
wl500g=openvpn server ; laptop=client
result ok:I can ping the router from the laptop.

test 2:
wl500g=openvpn client ; RemotePC(online) =openvpn server
result: from a shell inside the router, I can't ping the remote pc.
(on the remote pc, some requests are seen, but I don't get any replyes)

[pfugl]

Has anyone had succes configuring an OPENVPN server in bridge mode on the WL500G? I am using Oleg's firmware latest release.
My problem is that the tap device is not found when I try to add it to the BR0 bridge.
I have done a INSMOD TUN before that. Is there anything else I need to do?
/Peter

[pfugl]

Found it myself on: http://openvpn.net/bridge.html#linuxscript :

Code:

openvpn --mktun --dev tap0

[kfaessen]

I would like to implement one of those 2 on my router within the flash is that possible and if so can someone make a step-by-step guide for it?

The reason is that I want to get into my network from school with my own laptop.

I've oleg's latest (1.9.2.7-6c) firmware. I've already searched the forum for help but al the information is so much spreaded that I couldn't find out how to start.

I don't want to have it on my usb harddrive because I want to take it with me sometimes so the router will have a problem then.

Is this possible?

[HanseHouse]

Hi,

you can buy a cheap USB stick and store /opt/ in it so you don't need a hard drive.
I store the whole filesystem on the USB stick - this has many opportunities: If you misconfigure anything and the router doesn't respond any more you can simply remove the USB drive and the router uses the internal flash. Or you can edit files on the USB stick with your PC running Linux.
http://oleg.wl500g.info/ "Root file system on the external USB drive"

Matthias

[seanboc]

Firmware Used: 1.9.2.7-7c
Unit: WL500g
OpenVpn Version being used: openvpn_2.0.2-1_mipsel.ipk from unslung
Bridge Configuration: Wireless link and LAN connections (eth0 and eth2)
Firewall Configuration: Accept All
Description of Problem:

Have installed Openvpn successfully and it works fine for Tap0 based upon the out-of-the-box TLS configuration. My problem is related to using the Tap0 connection in the br0 bridge. If the tap0 network connection is added into br0 using brctl addif br0 tap0, no traffic passes through the tap0, although I do see the ARP request/responses. There is no firewall up, iptables is configured to accept all traffic as the default policy. If I remove tap0 out of the br, bridge, all traffic flows from the Wl500g and my wireless connected laptop (vice versa) over the OpenVPN negotiated connection. The problem is the same for LAN connected boxes, if tap0 is added to br0 so ti is not specific to the wireless conection.

I have cecked br0 on its own using tap0, when openvpn is not running and traffic flows between tap0 and br0 successfully so it is not a firewall problem. the output from route looks fine also i.e. all my VPN traffic is roited on the Wl500g via tap0. The problem occurrs when openvpn is brought online and tap0 is put in the bridge, br0. Any help on this one, much appreciated as I have banging my head on a virtual wall for a few days. It appears to be an issue with bridging and OpenVPN.

I have also tested my OpenVPN connection on Mandrake with same settings, etc and it works fine. Much appreciated on ideas?

Sean

[wfleck]

Did you already try to restart OpenVPN *after* you added tap0 to the bridge?
At least for me this works.

[seanboc]

Yep I tried restarting openvpn after the tap0 device is added to br0 but that does not make any differeence. When I delete tap0 from br0, it works fine. The settings for br0 are standard out of the box firmware settings. It is something specifically related to openvpn and br0. Could you share your server and client VPN settings, (obviously without keys and specific IP settings0 so I can do a comparsion on what I am doing. Cheers

[wfleck]

Here comes my configuration:

The interfaces:

Code:

[admin@(none) /tmp]$ ifconfig
br0       Link encap:Ethernet  HWaddr 00:0E:A6:B7:DB:6B
          inet addr:192.168.2.1  Bcast:192.168.2.255  Mask:255.255.255.0
          inet6 addr: fe80::20e:a6ff:feb7:db6b/10 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:91929 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6775 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:2954039 (2.8 MiB)  TX bytes:5991009 (5.7 MiB)

br1       Link encap:Ethernet  HWaddr 00:0E:A6:B7:DB:6B
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::20e:a6ff:feb7:db6b/10 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1473565 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1633100 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:566525409 (540.2 MiB)  TX bytes:1170141654 (1.0 GiB)

eth0      Link encap:Ethernet  HWaddr 00:0E:A6:B7:DB:6B
          inet6 addr: fe80::20e:a6ff:feb7:db6b/10 Scope:Link
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:1473628 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1653938 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:593055204 (565.5 MiB)  TX bytes:1171392947 (1.0 GiB)
          Interrupt:3 Base address:0x2000

eth1      Link encap:Ethernet  HWaddr 00:0E:A6:B7:DB:6B
          inet6 addr: fe80::20e:a6ff:feb7:db6b/10 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1638815 errors:2 dropped:0 overruns:0 frame:1
          TX packets:1479407 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:1196221196 (1.1 GiB)  TX bytes:592413341 (564.9 MiB)
          Interrupt:4 Base address:0x8000

eth2      Link encap:Ethernet  HWaddr 00:0E:A6:B7:DB:6B
          inet6 addr: fe80::20e:a6ff:feb7:db6b/10 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:91902 errors:0 dropped:0 overruns:0 frame:18589
          TX packets:133040 errors:17 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:4238047 (4.0 MiB)  TX bytes:12787514 (12.1 MiB)
          Interrupt:6 Base address:0x2000

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING MULTICAST  MTU:16436  Metric:1
          RX packets:54674 errors:0 dropped:0 overruns:0 frame:0
          TX packets:54674 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:5272540 (5.0 MiB)  TX bytes:5272540 (5.0 MiB)

ppp0      Link encap:Point-Point Protocol
          inet addr:217.191.169.42  P-t-P:213.20.95.16  Mask:255.255.255.255
          UP POINTOPOINT RUNNING MULTICAST  MTU:1492  Metric:1
          RX packets:1634259 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1474867 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3
          RX bytes:1153438866 (1.0 GiB)  TX bytes:559828399 (533.8 MiB)

tap0      Link encap:Ethernet  HWaddr 00:FF:28:23:EB:A7
          inet6 addr: fe80::2ff:28ff:fe23:eba7/10 Scope:Link
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:518 errors:0 dropped:30453 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:0 (0.0 B)  TX bytes:28139 (27.4 KiB)

wds0.4915 Link encap:Ethernet  HWaddr 00:0E:A6:B7:DB:6B
          inet6 addr: fe80::20e:a6ff:feb7:db6b/10 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

Bridge #0 (WLAN):

Code:

[admin@(none) /tmp]$ brctl showbr br0
br0
 bridge id              8000.000ea6b7db6b
 designated root        8000.000ea6b7db6b
 root port                 0                    path cost                  0
 max age                  20.00                 bridge max age            20.00
 hello time                2.00                 bridge hello time          2.00
 forward delay             0.00                 bridge forward delay       0.00
 ageing time              42.30                 gc interval                4.00
 hello timer               0.52                 tcn timer                  0.00
 topology change timer     0.00                 gc timer                   2.53
 flags


eth2 (2)
 port id                8002                    state                   forwarding
 designated root        8000.000ea6b7db6b       path cost                100
 designated bridge      8000.000ea6b7db6b       message age timer          0.00
 designated port        8002                    forward delay timer        0.00
 designated cost           0                    hold timer                 0.52
 flags

wds0.49153 (3)
 port id                8003                    state                   forwarding
 designated root        8000.000ea6b7db6b       path cost                100
 designated bridge      8000.000ea6b7db6b       message age timer          0.00
 designated port        8003                    forward delay timer        0.00
 designated cost           0                    hold timer                 0.52
 flags

Bridge #1 (LAN):

Code:

[admin@(none) /tmp]$ brctl showbr br1
br1
 bridge id              8000.000ea6b7db6b
 designated root        8000.000ea6b7db6b
 root port                 0                    path cost                  0
 max age                  20.00                 bridge max age            20.00
 hello time                2.00                 bridge hello time          2.00
 forward delay            15.00                 bridge forward delay      15.00
 ageing time              42.30                 gc interval                4.00
 hello timer               1.84                 tcn timer                  0.00
 topology change timer     0.00                 gc timer                   3.86
 flags


eth0 (1)
 port id                8001                    state                   forwarding
 designated root        8000.000ea6b7db6b       path cost                100
 designated bridge      8000.000ea6b7db6b       message age timer          0.00
 designated port        8001                    forward delay timer        0.00
 designated cost           0                    hold timer                 0.00
 flags

tap0 (2)
 port id                8002                    state                   forwarding
 designated root        8000.000ea6b7db6b       path cost                100
 designated bridge      8000.000ea6b7db6b       message age timer          0.00
 designated port        8002                    forward delay timer        0.00
 designated cost           0                    hold timer                 0.00
 flags

OpenVPN config:

Code:

[admin@(none) openvpn]$ cat openvpn.conf|grep -v ^#|grep -v '^;'|grep -v '^ *$'
port 1194
proto udp
dev tap0
ca flexoft-cacert.crt
cert wl-500g-cert.crt
key wl-500g-key.pem
dh dh1024.pem
ifconfig-pool-persist ipp.txt
server-bridge 192.168.1.1 255.255.255.0 192.168.1.64 192.168.1.127
push "route 192.168.1.0 255.255.255.0"
keepalive 10 120
comp-lzo

Bridge start script:

Code:

[admin@(none) openvpn]$ cat bridge-start
#!/bin/sh

#################################
# Set up Ethernet bridge on Linux
# Requires: bridge-utils
#################################

PATH=/opt/sbin:/opt/bin:$PATH
export PATH

# Define Bridge Interface
br="br1"

# Define list of TAP interfaces to be bridged,
# for example tap="tap0 tap1 tap2".
tap="tap0"

# Define physical ethernet interface to be bridged
# with TAP interface(s) above.
eth="eth0"
eth_ip="192.168.1.1"
eth_netmask="255.255.255.0"
eth_broadcast="192.168.1.255"

for t in $tap; do
  openvpn --mktun --dev $t
done

brctl addbr $br
brctl addif $br $eth

for t in $tap; do
  brctl addif $br $t
done

for t in $tap; do
  ifconfig $t 0.0.0.0 promisc up
done

ifconfig $eth 0.0.0.0 promisc up

ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast

This is what I have in my firewall script:

Code:

ifconfig br0 0.0.0.0
brctl delif br0 eth0
ifconfig br0 192.168.2.1
ifconfig eth0 192.168.1.1

Hope this helps!

[seanboc]

Br0 is a bridge between eth2 and eth1 into whcih I also add tap0. When Tap0 is added into the bridge I cannot send any traffic on the VPN connection. I have no problem establishing the VPN connection but bridging is not working. I have also tried adding in a new bridge on its own between eth0 and tap0 (as in your example) but the same behaviour is found. What version of the Oleg WL500g firmware and openvpn package are you using? I am using the latets from unslung and similar firmware. Cheers

[wfleck]

I'm using firmware 1.9.2.7-6c-pre5 and my openvpn is

Code:

[admin@(none) /proc]$ ipkg status openvpn
Package: openvpn
Version: 2.0_rc17-3
Depends: openssl, lzo, kernel-module-tun
Status: install user installed
Architecture: mipsel

[admin@(none) /proc]$ ipkg status openssl
Package: openssl
Version: 0.9.7d-4
Status: install user installed
Section: libs
Architecture: mipsel
maintainer: NSLU2 Linux <nslu2-linux@yahoogroups.com>
MD5Sum: 688c2dbadad18c1bc6bae109bd6aac93
Size: 946871
Filename: openssl_0.9.7d-4_mipsel.ipk
Source: http://www.openssl.org/source/openssl-0.9.7d.tar.gz
Description: Openssl provides the ssl implementation in libraries libcrypto and libssl, and is needed by many other applications and libraries.

[admin@(none) /proc]$ ipkg status lzo
Package: lzo
Version: 1.08-2
Status: install user installed
Section: lib
Architecture: mipsel
maintainer: Inge Arnesen <inge.arnesen@gmail.com>
MD5Sum: ab7fe86f9fc106884106b1a21b9de053
Size: 103649
Filename: lzo_1.08-2_mipsel.ipk
Source: http://www.oberhumer.com/opensource/lzo/download//lzo-1.08.tar.gz
Description: Compression library

kernel-module-tun is not installed