From NMTWiki

How to install OpenVPN on NMT

• First part describes how to install OpenVPN
• Second part explains how I proceed to compile TUN module and OpenVPN

Contents 1 Installation and configuration 1.1 Download 1.2 Install TUN module 1.3 Install OpenVPN 2 Compilation process 2.1 Pre-requisites 2.2 Compile TUN module 2.3 Compile OpenVPN 2.3.1 lzo 2.3.2 OpenSSL 2.3.3 OpenVPN

Installation and configuration

Download

Download binaries (cross-compiled and tested on HDX1000 and PCH):

• TUN module tun.ko http://ospy.free.fr/public/NMT/tun.ko
• OpenVPN (with SSL/TLS support and LZO compression) http://ospy.free.fr/public/NMT/openvpn

Install TUN module

Copy tun.ko on your NMT in folder /lib/modules/2.6.15-sigma/kernel/drivers/net/

Load module in the kernel

insmod -v /lib/modules/2.6.15-sigma/kernel/drivers/net/tun.ko

Check that's ok

lsmod
Module Size Used by Tainted: PF 
tun 10992 1 
em8xxx 878848 2 
arusb_lnx 393168 0 
ide_generic 1248 0 
ide_cd 48384 0 
ide_disk 20784 4 
tangox_bmide 13024 0 
ide_core 127120 4 ide_generic,ide_cd,ide_disk,tangox_bmide
llad 116128 3 em8xxx

Check also in system logs

dmesg | tail 
Adding 506036k swap on /dev/hda2. Priority:-1 extents:1 across:506036k
ir: Enable NEC decoder (0x00000000)
ir: Enable RC5 decoder (0x80001e00)
ir: Enable RC6 decoder
NFSD: Using /var/lib/nfs/v4recovery as the NFSv4 state recovery directory
NFSD: recovery directory /var/lib/nfs/v4recovery doesn't exist
NFSD: starting 90-second grace period
Algorithmics/MIPS FPU Emulator v1.5
tun: Universal TUN/TAP device driver, 1.6
tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com>;

Remark: after each reboot you will need to copy again the module into /lib/...

Install OpenVPN

I've installed my OpenVPN + conf file in /share/Apps/openvpn:

/share/Apps/openvpn/bin/openvpn
/share/Apps/openvpn/etc/server.conf

To setup OpenVPN configuration and generate certificates, follow any tutorial on OpenVPN such as http://howto.landure.fr/gnu-linux/debian-4-0-etch-en/install-and-setup-openvpn-on-debian-4-0-etch

Also a french reference: http://www.coagul.org/article.php3?id_article=422

My NMT has IP 192.168.0.5 on my LAN, and I decided to use 10.20.30.x for my VPN.

So my OpenVPN configuration file on the NMT (server.conf) looks like:

port 443
proto tcp
dev tun
ca ca.crt
cert hdxVPN.crt
key hdxVPN.key # This file should be kept secret
dh dh1024.pem
server 10.20.30.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.0.0 255.255.255.0"
client-to-client
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3

To start OpenVPN on the NMT, run for instance:

/share/Apps/openvpn/bin/openvpn --writepid /var/run/openvpn.server.pid --daemon ovpn-server --cd /share/Apps/openvpn/etc --config /share/Apps/openvpn/etc/server.conf

Check that a virtual interface TUN has been created

ifconfig tun0
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 
inet addr:10.20.30.1 P-t-P:10.20.30.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:6853 errors:0 dropped:0 overruns:0 frame:0
TX packets:13577 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100 
RX bytes:500293 (488.5 KiB) TX bytes:8059310 (7.6 MiB)

And you can ping it

ping 10.20.30.1
PING 10.20.30.1 (10.20.30.1): 56 data bytes
64 bytes from 10.20.30.1: seq=0 ttl=64 time=0.6 ms

And to stop it:

kill `cat /var/run/openvpn.server.pid`
rm /var/run/openvpn.server.pid
/var/run/openvpn.server.status

---

You can stop here.

Next part explains how I compiled TUN module and OpenVPN.

Compilation process

Pre-requisites

This howto is based on a Linux Ubuntu workstation.

1. Install Lundman's toolchain here
2. Download Syabas' Linux kernel here
3. Set your environment for cross-compilation:

TOOLCHAIN=/usr/local/mips
export PATH=${TOOLCHAIN}/bin:${PATH}
export CC=${TOOLCHAIN}/bin/mipsel-linux-uclibc-gcc
export LDFLAGS=-L/usr/mipsel-linux-uclibc/lib
export CPPFLAGS=-I/usr/mipsel-linux-uclibc/include
export CPP=${TOOLCHAIN}/bin/mipsel-linux-uclibc-cpp
export CROSS_COMPILE=mipsel-linux-uclibc-
export ARCH=mips

Compile TUN module

Uncompress Linux kernel archive in a working directory (on my workstation it's /work/mips/linux-2.6.15/)

Add to Makefile:

EXTRAVERSION = -sigma

Comment line 358 (do not include kconfig file that doesn't exist)

#include $(RUA_DIR)/../../syabas/customer/$(customer)/kconfig

Generate .config:

make menuconfig

Select option -> Device Drivers -> Network device support -> Universal TUN/TAP device driver support

<M> Universal TUN/TAP device driver support

Edit .config file that has just been generated and replace:

CONFIG_INITRAMFS_SOURCE="$(SMP86XX_ROOTFS_PATH)/build_mipsel/root"
CONFIG_INITRAMFS_ROOT_UID=504
CONFIG_INITRAMFS_ROOT_GID=500

with :

CONFIG_INITRAMFS_SOURCE=""

Modify the 3 following Makefile ; replace mipsel-linux- with mipsel-linux-uclibc-

./arch/mips/Makefile

32bit-tool-prefix = mipsel-linux-uclibc-

./arch/mips/tangox/fctrl/lib/Makefile

CROSS = mipsel-linux-uclibc-

./arch/mips/tangox/fctrl/lib/fc/Makefile

CROSS = mipsel-linux-uclibc-

Generate modules:

make modules 

TUN module should be generated in ./drivers/net/tun.ko

Compile OpenVPN

How to compile OpenVPN with SSL/TLS support and LZO compression

Set up environnement for cross compilation:

TOOLCHAIN=/usr/local/mips
export PATH=${TOOLCHAIN}/bin:${PATH}
export CC=${TOOLCHAIN}/bin/mipsel-linux-uclibc-gcc
export LDFLAGS=-L/usr/mipsel-linux-uclibc/lib
export CPPFLAGS=-I/usr/mipsel-linux-uclibc/include
export CPP=${TOOLCHAIN}/bin/mipsel-linux-uclibc-cpp
export CROSS_COMPILE=mipsel-linux-uclibc-
export ARCH=mips

lzo

Download lzo, version 2.02 (http://www.oberhumer.com/opensource/lzo/download/lzo-2.02.tar.gz)

Note: I couldn't cross compile the last stable version, so I used version 2.02

./configure --prefix=/usr/local/mips/ --host=mipsel-linux-uclibc
make
make install

OpenSSL

Download last OpenSSL toolkit, version 0.9.8k (http://www.openssl.org/source/openssl-0.9.8k.tar.gz)

Download the following required patches for MIPS environment (for more explanations, refer to Community Driven BLFS for cross compilation details on OpenSSL at http://cblfs.cross-lfs.org/index.php/OpenSSL)

• http://svn.cross-lfs.org/svn/repos/patches/openssl/openssl-0.9.8k-fix_manpages-1.patch
• http://svn.cross-lfs.org/svn/repos/patches/openssl/openssl-0.9.8k-build_fix-1.patch
• http://svn.cross-lfs.org/svn/repos/patches/openssl/openssl-0.9.8k-mips_support-1.patch

Patch OpenSSL for MIPS environment (32 bits + Little-Endian):

patch -Np1 -i ../openssl-0.9.8k-fix_manpages-1.patch
patch -Np1 -i ../openssl-0.9.8k-build_fix-1.patch
patch -Np1 -i ../openssl-0.9.8k-mips_support-1.patch

Then configure and make as follows:

./Configure linux-mipsel --prefix=/usr/local/mips 
make
make install

OpenVPN

Download latest stable version of OpenVPN, version 2.0.9 (http://openvpn.net/release/openvpn-2.0.9.tar.gz)

Then cross compile using lzo and OpenSSL libraries & headers compiled previously and installed in /usr/local/mips as follows:

./configure --host=mipsel-linux-uclibc --prefix=/usr/local/mips --with-lzo-headers=/usr/local/mips/include/ --with-lzo-lib=/usr/local/mips/lib/ --with-ssl-headers=/usr/local/mips/include/ --with-ssl-lib=/usr/local/mips/lib/
make
make install

That's all.