DSM-G600, DNS-3xx and NSA-220 Hack Forum

Hi, Dude
No affence, but why not OpenSwan?
Which is security (IPSEC) and convenient (modern OS has built in support, no extra client software needed)?
Thanks for your contribution anyway.

Hi, crs2027
There is no OpenSwan package released for DNS 323, neither for Tomato or DD-WRT.

Hi there:

I've installed your openvpn build on a DNS321 I just set up and I can't get the tun module to load. If I try and manually load it I get this:

insmod: cannot insert 'lib/modules/2.6.12.6-arm1/kernel/drivers/net/tun.ko': invalid module format

Is this a library or kernel difference on the 321? Any ideas on how to fix this would be appreciated.

Thanks,

John

thanks for the HOWTO!

it works on my dns-323 but it is very slow, 68 kb/s

would changes on the mtu make it faster?

Last edited by sloci (2009-03-23 23:52:12)

doesn't openvpn have a 'ping' like setting to keep the tunnel open or keep activity going - if so this could be causing the hdds to never shutdown

Can you post your server conf file here?

iScape wrote:

I'm running 1.06 firmware using kernel 2.6.12.6-arm1.  I'm doubting about trying to install your binaries on my box.

I'm running firmware 1.05 unmodified, but as far as i know, the kernel versions are the same, do you confirm ?

2. Do you know if there is a chance I will get your binaries workig on my kernel?

I have not compiled the binaries on my own, I have repackaged them. Another user here has tried to recompiled them, so if you have a different kernel, look in this thread and you could ask to him

Does anybody have experience running posted binaries on the firmware 1.06?

It would be nice, so I get some feedback and migrate to 1.06 too

It looks ok.

Good.
Thanks for the feedback !

Electrocut wrote:

Hi !

I don't think there is already a binary version available for the DNS-313. That's why I would like to build the tun.ko module on my own, for the DNS-313.

Could you please post more details, about building the tun.ko module from source ?

I've been struggling with this very problem all day.  Here's how far I've come:

1) Download the linux kernel from linux.org
2) Copy to your device and extract
3) Make sure you have all the necessary packages installed on your device for compilation (gcc, make, automake, binutils, pkg-config, etc - might as well just install them all, it'll save you a LOT of headache...trust me)
4) "make menuconfig", which'll let you select what you want.  Make sure "Enable loadable module support" is selected, as is "Device Drivers -> Network Device Support -> Universal TUN/TAP" (AS <M>, not <*>, so it'll be compiled as a module).  When done, this creates a ".config" file.
5) make (takes forever)
6) tun.ko is avaliable in drivers/net/tun.ko

...But the tun.ko file STILL generates the "invalid module format"!

Anyone?

édit : update version below

Last edited by Zdai (2009-10-27 03:52:19)

Hi,

I have follow this tuto to set openvpn up on my DNS-323 under firmware 1.06.

As I have had some difficulties with the ssl stuff, I share what I found so fare.

Based on openssl for on windows ( binaries here : http://www.openssl.org/related/binaries.html )

1 Install OpenSSL on your computer running windows
2 Go into "bin" folder of the instalation, you have to see the openssl.exe file
3  Create a batch file int this folder (create any txt file and rename it as "Cert.bat")
4  Edit Cert.batch (right click and "modify")
5 Past this code into :

rem based on : http://www.garex.net/apache/

MKDIR Cert

rem 1. Create Certificate Authority
pause

rem Create CA key with 1024 bit
openssl genrsa -out ./Cert/Authority.key
rem Create Certificate Request
openssl req -new -key ./Cert/Authority.key -out ./Cert/Authority.csr
rem Self-sign certificate
openssl x509 -req -days 365 -in ./Cert/Authority.csr -out ./Cert/Authority.crt -signkey ./Cert/Authority.key

rem 2. Creating the webserver certificate & DH file
pause

rem Generating the webservers key
openssl genrsa -out ./Cert/ServerPrivate.key
rem  Generating the webservers certificate request
openssl req -new -key ./Cert/ServerPrivate.key -out ./Cert/Server.csr
rem Sign the webservers certificate request with the CA key
openssl ca -in ./Cert/Server.csr -cert ./Cert/Authority.crt -keyfile ./Cert/Authority.key -out ./Cert/Server.crt
rem Generate the Private pem key
openssl rsa -in ./Cert/ServerPrivate.key -out ./Cert/ServerPrivate.pem
rem Check the certificate
openssl x509 -in ./Cert/Server.crt -text
pause

rem 3. Generate DH Server file
openssl dhparam -out ./Cert/dh1024.pem 1024

rem 4. Creating the client certificate
pause

rem Generating the webservers key
openssl genrsa -out ./Cert/ClientPrivate.key
rem  Generating the webservers certificate request
openssl req -new -key ./Cert/ClientPrivate.key -out ./Cert/Client.csr
rem Sign the webservers certificate request with the CA key
openssl ca -in ./Cert/Client.csr -cert ./Cert/Authority.crt -keyfile ./Cert/Authority.key -out ./Cert/Client.crt
rem Generate the Private pem key
openssl rsa -in ./Cert/ClientPrivate.key -out ./Cert/ClientPrivate.pem
rem Check the certificate
openssl x509 -in ./Cert/Client.crt -text


rem 5. Done ! Read up to be sure of what append

pause

This file is going to :
Create cert and key for the authority (know as Certificate Authority (ca) )
Create cert and key for the Server and sign the cert by previous ca
Create the Diffie hellman parameters file
Create cert and key for one Client and sign the cert by previous ca

During the execution of the script, some information are going to be asked. 3 times. First time for authority, second time for server and third for client. Information have to be different at least for the Common Name.

6 To use the generated file with a unmodified config file from openvpn :
Go to cert folder
rename Authority.crt as ca.mycert.crt
rename Server.crt as mycert.crt
rename ClientPrivate.pem as mycert.pem (<= Do not share this one nor Private.key !)

7 Paste all the 3 previous file and the dh1024.pem to your "cert" folder of openvpn on your DNS-323 (in /fpp/etc/openvpn/certs/)
8 Configure OpenVPN as you want ! Do not forget to protect your key
9 For a windows client, downnload openvpn-gui (here : http://openvpn.se/download.html, choose installation package with TAP driver)
10 Install and run
11 Create your xxx.ovpn client config file in %APP%/OpenVPN/config/
12 Copy/Paste the previously generated Authority.crt, Client.crt and ClientPrivate.key into the same directory. Be sure to protect .key file !
13 Set your client profil according to your server configuration and previously paste crt and key file.
14 Route everythings on your router and connect your client to your server !


Script is based on information found on this website : http://www.garex.net/apache/ and on HowTo section of http://www.openvpn.net/ andhttp://www.openvpn.se/ website

ps : it seems that is not very secure. If i succed to improve the setup in the direction, I will tell you. If you have any idea to do that, I would really enjoy any help