plugout.net

[firwareslut]

I added the new kernel and setup the vpn. I copied the exact config from an openvpn server I have running that I know works.

Code: Select all


root@fvdwsl-base:/usr/sbin # /usr/sbin/openvpn --config /etc/openvpn/openvpn.conf
Fri May 18 11:25:12 2012 OpenVPN 2.2.2 armv5tel-unknown-linux-gnueabi [SSL] [EPOLL] [eurephia] built on May 12 2012
Fri May 18 11:25:12 2012 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x.  Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Fri May 18 11:25:12 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Fri May 18 11:25:12 2012 Diffie-Hellman initialized with 1024 bit key
Fri May 18 11:25:12 2012 WARNING: file '/etc/openvpn/easy-rsa/keys/server.key' is group or others accessible
Fri May 18 11:25:12 2012 TLS-Auth MTU parms [ L:1541 D:138 EF:38 EB:0 ET:0 EL:0 ]
Fri May 18 11:25:12 2012 Socket Buffers: R=[110592->131072] S=[110592->131072]
Fri May 18 11:25:12 2012 ROUTE default_gateway=192.168.0.1
Fri May 18 11:25:12 2012 Note: Cannot open TUN/TAP dev /dev/net/tun: No such file or directory (errno=2)
Fri May 18 11:25:12 2012 /sbin/ifconfig  10.8.0.1 pointopoint 10.8.0.2 mtu 1500
ifconfig: SIOCSIFADDR: No such device
Fri May 18 11:25:12 2012 Linux ifconfig failed: external program exited with error status: 1
Fri May 18 11:25:12 2012 Exiting


Here is my config if you have any suggestions

Code: Select all


dev tun
proto udp
port 2224

ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key
dh /etc/openvpn/easy-rsa/keys/dh1024.pem

user nobody
group nogroup

server 10.8.0.0 255.255.255.0
push "redirect-gateway def1"
keepalive 10 120
duplicate-cn
max-clients 10

persist-key
persist-tun

verb 3
client-to-client


[fvdw]

From the output you gave it seems the deivice node that the tun driver needs is is not present think creating that might solve your problem
After some googling I found that this might be the right command to create it but I am unsure

Code: Select all

mknod /dev/net/tun c 10 200

PS if directory /dev/net doesn't exist create it using mkdir /dev/net

[fvdw]

also this seems to be important

To get routing set up properly on the server so that remote clients, when they connect, can reach more than just the server itself, you will need to enable IP forwarding. This can be done by the following:

Code: Select all

echo 1 > /proc/sys/net/ipv4/ip_forward

[firwareslut]

Still the same. Should modprobe report anything?

root@fvdwsl-base:/ # modprobe tun
modprobe: module 'tun' not found

[fvdw]

The tun/tap driver is already loaded at boot, see output of command dmesg. No need to use modprobe and of course it won't be listed buy lsmod command as it is not loaded as module.
The only thing it needs is a device node, did you create that ? (to be able to create the dev node you need to create the directory /dev/net first using mkdir /dev/net

Look here that the tun/tap driver is loaded at boot (use dmesg command to list boot output)

Code: Select all

# dmesg

<snip>

mv643xx_eth_port mv643xx_eth_port.0: eth0: port 0 with MAC address 00:d0:4b:8d:a9:74
PPP generic driver version 2.4.2
PPP Deflate Compression module registered
PPP MPPE Compression module registered
NET: Registered protocol family 24
tun: Universal TUN/TAP device driver, 1.6
tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com>
ipddp.c:v0.01 8/28/97 Bradford W. Johnson <johns393@maroon.tc.umn.edu>
ipddp0: Appletalk-IP Encap. mode by Bradford W. Johnson <johns393@maroon.tc.umn.edu>
pegasus: v0.6.14 (2006/09/27), Pegasus/Pegasus II USB Ethernet driver
usbcore: registered new interface driver pegasus
usbcore: registered new interface driver ipheth
aoe: AoE v47 initialised.

<snip>


[fvdw]

Out of curiosity I made my own keys and tried to run openvpn

After creating the device node it does... :bananadance

Code: Select all

root@fvdwsl-nwsp2:/etc/openvpn/easy-rsa/keys # openvpn --config /etc/openvpn/openvpn.conf
Thu May 17 20:29:25 2012 OpenVPN 2.2.2 armv5tel-unknown-linux-gnueabi [SSL] [EPOLL] [eurephia] built on May 12 2012
Thu May 17 20:29:25 2012 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x.  Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Thu May 17 20:29:25 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Thu May 17 20:29:25 2012 Diffie-Hellman initialized with 1024 bit key
Thu May 17 20:29:25 2012 TLS-Auth MTU parms [ L:1541 D:138 EF:38 EB:0 ET:0 EL:0 ]
Thu May 17 20:29:25 2012 Socket Buffers: R=[110592->131072] S=[110592->131072]
Thu May 17 20:29:25 2012 ROUTE default_gateway=192.168.1.1
Thu May 17 20:29:25 2012 TUN/TAP device tun0 opened
Thu May 17 20:29:25 2012 TUN/TAP TX queue length set to 100
Thu May 17 20:29:25 2012 /sbin/ifconfig tun0 10.8.0.1 pointopoint 10.8.0.2 mtu 1500
Thu May 17 20:29:25 2012 /sbin/route add -net 10.8.0.0 netmask 255.255.255.0 gw 10.8.0.2
Thu May 17 20:29:25 2012 Data Channel MTU parms [ L:1541 D:1450 EF:41 EB:4 ET:0 EL:0 ]
Thu May 17 20:29:25 2012 GID set to nobody
Thu May 17 20:29:25 2012 UID set to nobody
Thu May 17 20:29:25 2012 UDPv4 link local (bound): [undef]:2224
Thu May 17 20:29:25 2012 UDPv4 link remote: [undef]
Thu May 17 20:29:25 2012 MULTI: multi_init called, r=256 v=256
Thu May 17 20:29:25 2012 IFCONFIG POOL: base=10.8.0.4 size=62
Thu May 17 20:29:25 2012 Initialization Sequence Completed


Code: Select all

ps-ef

<snip>
root     15037     2  0 20:20 ?        00:00:00 [flush-7:0]
nobody   15374 13807  0 20:29 ttyp0    00:00:00 openvpn --config /etc/openvpn/openvpn.conf
root     15426   920  5 20:29 ?        00:00:00 dropbear -p 22 -r /rw_fs/etc/dropbear/dropbear_rsa_host_key
root     15443 15426  0 20:29 ttyp1    00:00:00 -sh
root     15459 15443  0 20:30 ttyp1    00:00:00 ps -ef


What did I do I made the certificates and keys

I created the tun device node

Code: Select all

mkdir /dev/net
mknod /dev/net/tun c 10 200


I used your conf file but modified the sentence "group nogroup" in "group nobody" as the there is no group "nogroup" in the firmware.

Code: Select all

dev tun
proto udp
port 2224

ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key
dh /etc/openvpn/easy-rsa/keys/dh1024.pem

user nobody
group nobody

server 10.8.0.0 255.255.255.0
push "redirect-gateway def1"
keepalive 10 120
duplicate-cn
max-clients 10

persist-key
persist-tun

verb 3
client-to-client


Then I fired up open vpn using command

Code: Select all

openvpn --config /etc/openvpn/openvpn.conf


That produced above output and the vpn server is alive and running ;)

[firwareslut]

I created the device exactly as you described. Will reboot the NAS and try again.

[fvdw]

well then it should work

below a picture where I created the device node

It must be in the root file system of the firmware ( /dev/net/tun) ps in Linux names are case sensitive !

tun.JPG

[firwareslut]

I copied over the kernel again and rebooted. Maybe you need to reboot after creating the device node, which I don't think I did before.

The vpn now initialised :) Now for some testing :D

[fvdw]

:punk lets see if you can get it working the way you want

(ps i did not reboot after making the device node)