DSM-G600, DNS-3xx and NSA-220 Hack Forum

Unfortunately no one can be told what fun_plug is - you have to see it for yourself.

You are not logged in.

Announcement

#1 2008-12-11 21:07:06

GabrieleV
Member
From: Como
Registered: 2008-12-08
Posts: 17
Website

[REL] OpenVPN for fonz fun_plug 0.5

I'm  a newbie with fun_plug and the DNS-323.
I appreciated a lot the work by fonz and the other contributors of the forum.
I have built a package for OpenVPN compatible with fonz fun_plug 0.5 and firmware 1.5, based on the binaries published here on the forum (PLEASE, I ask the author to contact me to insert credits here !)

Download the file and install it with:
# funpkg -i openvpn-2.0.9-1.tgz

The package comes with
* the binary module tun.ko compiled for the kernel contained in firmware 1.5
* a sample configuration file for a roadwarrior vpn using SSL certificate

To use the pre-packaged config file you only need to put 4 files in /ffp/etc/openvpn/certs
* an ssl ca certificate
* an ssl private key without a password
* an ssl public certificate
* a DH fingerprint (i suggest you to generate it on a desktop machine running
   # openssl dhparam -out dh1024.pem 1024

You can debug the configuration using
# . /ffp/start/openvpn.sh debug

After this you can start and stop the daemon using
# . /ffp/start/openvpn.sh start
and
# . /ffp/start/openvpn.sh stop

To let the VPN start at boot, make the start script executable:
# chmod +x  /ffp/start/openvpn.sh

Please send me feedback, because this is my first package.

Download: openvpn-2.0.9-1.tgz

EDIT: The original files on which this package has been built on where posted here: http://dns323.kood.org/forum/viewtopic. … 95&p=1

Last edited by GabrieleV (2008-12-12 15:32:18)

Offline

 

#2 2009-02-01 00:16:06

drlektro
New member
Registered: 2009-02-01
Posts: 1

Re: [REL] OpenVPN for fonz fun_plug 0.5

I'll try the package asap. Thanks in advance!

Offline

 

#3 2009-02-03 06:35:08

kenyloveg
Member
Registered: 2008-04-10
Posts: 41

Re: [REL] OpenVPN for fonz fun_plug 0.5

Hi, Dude
No affence, but why not OpenSwan?
Which is security (IPSEC) and convenient (modern OS has built in support, no extra client software needed)?
Thanks for your contribution anyway.

Offline

 

#4 2009-02-03 15:30:04

crs2027
Member
Registered: 2008-10-14
Posts: 46

Re: [REL] OpenVPN for fonz fun_plug 0.5

Kenyloveg: Is openswan available for download for the DNS-323?  Would you please provide a link?

GabrieleV: Thanks for making a package, I might give it a go soon and let you know where I get..

Thanks!

Offline

 

#5 2009-02-04 09:53:14

kenyloveg
Member
Registered: 2008-04-10
Posts: 41

Re: [REL] OpenVPN for fonz fun_plug 0.5

Hi, crs2027
There is no OpenSwan package released for DNS 323, neither for Tomato or DD-WRT.

Offline

 

#6 2009-02-21 19:38:47

GabrieleV
Member
From: Como
Registered: 2008-12-08
Posts: 17
Website

Re: [REL] OpenVPN for fonz fun_plug 0.5

kenyloveg wrote:

No affence, but why not OpenSwan?

IPSEC is hard to configure compared to SSL VPNs like the one of OpenVPN ...
Yes, you can say OpenVPN is less secure, but for home use is very easy to setup big_smile

Offline

 

#7 2009-02-25 16:06:13

tangential
New member
Registered: 2009-02-23
Posts: 1

Re: [REL] OpenVPN for fonz fun_plug 0.5

Hi there:

I've installed your openvpn build on a DNS321 I just set up and I can't get the tun module to load. If I try and manually load it I get this:

insmod: cannot insert 'lib/modules/2.6.12.6-arm1/kernel/drivers/net/tun.ko': invalid module format

Is this a library or kernel difference on the 321? Any ideas on how to fix this would be appreciated.

Thanks,

John

Offline

 

#8 2009-02-26 11:08:57

GabrieleV
Member
From: Como
Registered: 2008-12-08
Posts: 17
Website

Re: [REL] OpenVPN for fonz fun_plug 0.5

I think the kernel on the 321 is differento form the one of the 323, so you can't use the compiled module.
You have to compile it on your own.
:-(

Offline

 

#9 2009-03-23 23:51:49

sloci
Member
Registered: 2009-03-22
Posts: 5

Re: [REL] OpenVPN for fonz fun_plug 0.5

thanks for the HOWTO!

it works on my dns-323 but it is very slow, 68 kb/s

would changes on the mtu make it faster?

Last edited by sloci (2009-03-23 23:52:12)

Offline

 

#10 2009-03-24 19:15:46

sloci
Member
Registered: 2009-03-22
Posts: 5

Re: [REL] OpenVPN for fonz fun_plug 0.5

it me again
i am using the openvpn for ffp and since ithe service is started automaticaly the hdds will not shut down after then minutes

any idea???

Offline

 

#11 2009-03-24 20:52:54

luusac
Member
Registered: 2008-04-29
Posts: 360

Re: [REL] OpenVPN for fonz fun_plug 0.5

doesn't openvpn have a 'ping' like setting to keep the tunnel open or keep activity going - if so this could be causing the hdds to never shutdown

Offline

 

#12 2009-03-24 21:07:27

blahsome
Member
Registered: 2008-03-02
Posts: 157

Re: [REL] OpenVPN for fonz fun_plug 0.5

Hard disks not spinning down means there is activity writing to the disk. You can try disabling OpenVPN and if the disk spins down normally, then you know OpenVPN is causing it. The most common reason, for example, may be it's writing to a log.

Offline

 

#13 2009-03-25 10:25:27

dkl
Member
From: Toulouse
Registered: 2007-06-16
Posts: 104

Re: [REL] OpenVPN for fonz fun_plug 0.5

Can you post your server conf file here?

Offline

 

#14 2009-03-27 00:25:26

iScape
New member
Registered: 2009-03-27
Posts: 3

Re: [REL] OpenVPN for fonz fun_plug 0.5

2GabrieleV:
I'm running 1.06 firmware using kernel 2.6.12.6-arm1.  I'm doubting about trying to install your binaries on my box. So I have couple of questions:
1. What is your firmware kernel version (just in case "uname -r")?
2. Do you know if there is a chance I will get your binaries workig on my kernel?

2All:
Does anybody have experience running posted binaries on the firmware 1.06?

Offline

 

#15 2009-03-27 10:56:39

GabrieleV
Member
From: Como
Registered: 2008-12-08
Posts: 17
Website

Re: [REL] OpenVPN for fonz fun_plug 0.5

iScape wrote:

I'm running 1.06 firmware using kernel 2.6.12.6-arm1.  I'm doubting about trying to install your binaries on my box.

I'm running firmware 1.05 unmodified, but as far as i know, the kernel versions are the same, do you confirm ?

2. Do you know if there is a chance I will get your binaries workig on my kernel?

I have not compiled the binaries on my own, I have repackaged them. Another user here has tried to recompiled them, so if you have a different kernel, look in this thread and you could ask to him wink

Does anybody have experience running posted binaries on the firmware 1.06?

It would be nice, so I get some feedback and migrate to 1.06 too wink

Offline

 

#16 2009-03-28 01:11:51

iScape
New member
Registered: 2009-03-27
Posts: 3

Re: [REL] OpenVPN for fonz fun_plug 0.5

I've tried to install your binaries. I have not gone through complete cycle of verification by connecting from outside as I screwed up with keys/certs generation, but so far it looks good.

/mnt/HD_a2/ffp/start # ./openvpn debug
/ffp/bin/sh: ./openvpn: not found
/mnt/HD_a2/ffp/start # ./openvpn.sh  debug
Starting OpenVPN
Creating devices...
Loading modules ...
Starting /ffp/bin/openvpn --config /ffp/etc/openvpn/openvpn_config
....
Sat Mar 28 01:08:55 2009 us=192913 OpenVPN 2.0.9 arm-unknown-linux [SSL] [LZO] [EPOLL] built on Jan 17 2008
Sat Mar 28 01:08:55 2009 us=496279 Diffie-Hellman initialized with 1024 bit key
Sat Mar 28 01:08:55 2009 us=507621 WARNING: file '/ffp/etc/openvpn/certs/mycert.pem' is group or others accessible
Sat Mar 28 01:08:55 2009 us=513788 TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sat Mar 28 01:08:55 2009 us=590532 TUN/TAP device tun0 opened
Sat Mar 28 01:08:55 2009 us=591117 TUN/TAP TX queue length set to 100
Sat Mar 28 01:08:55 2009 us=591802 /sbin/ifconfig tun0 10.10.0.1 pointopoint 10.10.0.2 mtu 1500
Sat Mar 28 01:08:55 2009 us=610479 /sbin/route add -net 10.10.0.0 netmask 255.255.255.0 gw 10.10.0.2
Sat Mar 28 01:08:55 2009 us=623926 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Sat Mar 28 01:08:55 2009 us=624553 Socket Buffers: R=[104448->131072] S=[104448->131072]
Sat Mar 28 01:08:55 2009 us=625162 UDPv4 link local (bound): 192.168.0.198:22
Sat Mar 28 01:08:55 2009 us=625796 UDPv4 link remote: [undef]
Sat Mar 28 01:08:55 2009 us=626376 MULTI: multi_init called, r=256 v=256
Sat Mar 28 01:08:55 2009 us=627110 IFCONFIG POOL: base=10.10.0.4 size=62
Sat Mar 28 01:08:55 2009 us=627936 Initialization Sequence Completed

Last edited by iScape (2009-03-30 20:51:28)

Offline

 

#17 2009-03-30 12:47:26

GabrieleV
Member
From: Como
Registered: 2008-12-08
Posts: 17
Website

Re: [REL] OpenVPN for fonz fun_plug 0.5

It looks ok.

Offline

 

#18 2009-03-31 23:02:10

iScape
New member
Registered: 2009-03-27
Posts: 3

Re: [REL] OpenVPN for fonz fun_plug 0.5

Today I was able to connect to my home vpn from outside (telnet and webconfig on NAS). So I can confirm that binaries posted in the 1st post works on firmware 1.6

Offline

 

#19 2009-04-01 13:18:55

GabrieleV
Member
From: Como
Registered: 2008-12-08
Posts: 17
Website

Re: [REL] OpenVPN for fonz fun_plug 0.5

Good.
Thanks for the feedback !

Offline

 

#20 2009-04-11 01:50:33

Electrocut
Member
From: France
Registered: 2009-04-05
Posts: 195

Re: [REL] OpenVPN for fonz fun_plug 0.5

Hi !

I'm very interrested in installing Openvpn on my DNS-313 device.

I don't think there is already a binary version available for the DNS-313. That's why I would like to build the tun.ko module on my own, for the DNS-313.

Could you please post more details, about building the tun.ko module from source ?

Thanks !

For your information, on my DNS-313:

Code:

/ # uname -a
Linux DNS-313 2.6.15 #235 Sun Dec 7 14:20:05 EST 2008 armv4l unknown

DNS-313

Offline

 

#21 2009-05-05 06:58:27

metal450
Member
Registered: 2009-05-02
Posts: 29

Re: [REL] OpenVPN for fonz fun_plug 0.5

Electrocut wrote:

Hi !

I don't think there is already a binary version available for the DNS-313. That's why I would like to build the tun.ko module on my own, for the DNS-313.

Could you please post more details, about building the tun.ko module from source ?

I've been struggling with this very problem all day.  Here's how far I've come:

1) Download the linux kernel from linux.org
2) Copy to your device and extract
3) Make sure you have all the necessary packages installed on your device for compilation (gcc, make, automake, binutils, pkg-config, etc - might as well just install them all, it'll save you a LOT of headache...trust me)
4) "make menuconfig", which'll let you select what you want.  Make sure "Enable loadable module support" is selected, as is "Device Drivers -> Network Device Support -> Universal TUN/TAP" (AS <M>, not <*>, so it'll be compiled as a module).  When done, this creates a ".config" file.
5) make (takes forever)
6) tun.ko is avaliable in drivers/net/tun.ko

...But the tun.ko file STILL generates the "invalid module format"!

Anyone?

Offline

 

#22 2009-05-05 13:39:33

Electrocut
Member
From: France
Registered: 2009-04-05
Posts: 195

Re: [REL] OpenVPN for fonz fun_plug 0.5

Hi !

Thanks for your reply.

metal450 wrote:

...But the tun.ko file STILL generates the "invalid module format"!

Install syslogd package, and have a look at the log (/var/log/messages), you will have more information about the "invalid module format" error. It must be because you built your kernel with gcc 4.1 (the kernel was built with gcc 3.4)

It takes me some times to succeffuly built the tun.ko module, but finaly, I got it working:

- the kernel module needs to be built with gcc 3.4 (and Funplug provides gcc 4.1), so I had to built gcc 3.4 from source myself (takes forever too)

- there are error in kernel module source provided by Dlink, so it doesn't compile, without manual editing some .c files ...

- crc32.ko kernel module needs to be built too, and loaded before tun.ko.

I've posted the package, and information about the build procedure, here: Working: Openvpn 2.0.9

Last edited by Electrocut (2009-05-05 13:45:10)


DNS-313

Offline

 

#23 2009-10-26 03:26:49

Zdai
New member
Registered: 2009-10-26
Posts: 4

Re: [REL] OpenVPN for fonz fun_plug 0.5

édit : update version below

Last edited by Zdai (2009-10-27 03:52:19)

Offline

 

#24 2009-10-26 19:18:41

qryptiq
Member
From: New Ro
Registered: 2009-03-10
Posts: 49

Re: [REL] OpenVPN for fonz fun_plug 0.5

i will have to try this

thanks


~~~~~~~~~~~~~~~~~~~
DNS-321, 2x1.5tb Barracudas

Offline

 

#25 2009-10-27 03:51:49

Zdai
New member
Registered: 2009-10-26
Posts: 4

Re: [REL] OpenVPN for fonz fun_plug 0.5

Hi,

I have follow this tuto to set openvpn up on my DNS-323 under firmware 1.06.

As I have had some difficulties with the ssl stuff, I share what I found so fare.

Based on openssl for on windows ( binaries here : http://www.openssl.org/related/binaries.html )

1 Install OpenSSL on your computer running windows
2 Go into "bin" folder of the instalation, you have to see the openssl.exe file
3  Create a batch file int this folder (create any txt file and rename it as "Cert.bat")
4  Edit Cert.batch (right click and "modify")
5 Past this code into :

Code:

rem based on : http://www.garex.net/apache/

MKDIR Cert

rem 1. Create Certificate Authority
pause

rem Create CA key with 1024 bit
openssl genrsa -out ./Cert/Authority.key
rem Create Certificate Request
openssl req -new -key ./Cert/Authority.key -out ./Cert/Authority.csr
rem Self-sign certificate
openssl x509 -req -days 365 -in ./Cert/Authority.csr -out ./Cert/Authority.crt -signkey ./Cert/Authority.key

rem 2. Creating the webserver certificate & DH file
pause

rem Generating the webservers key
openssl genrsa -out ./Cert/ServerPrivate.key
rem  Generating the webservers certificate request
openssl req -new -key ./Cert/ServerPrivate.key -out ./Cert/Server.csr
rem Sign the webservers certificate request with the CA key
openssl ca -in ./Cert/Server.csr -cert ./Cert/Authority.crt -keyfile ./Cert/Authority.key -out ./Cert/Server.crt
rem Generate the Private pem key
openssl rsa -in ./Cert/ServerPrivate.key -out ./Cert/ServerPrivate.pem
rem Check the certificate
openssl x509 -in ./Cert/Server.crt -text
pause

rem 3. Generate DH Server file
openssl dhparam -out ./Cert/dh1024.pem 1024

rem 4. Creating the client certificate
pause

rem Generating the webservers key
openssl genrsa -out ./Cert/ClientPrivate.key
rem  Generating the webservers certificate request
openssl req -new -key ./Cert/ClientPrivate.key -out ./Cert/Client.csr
rem Sign the webservers certificate request with the CA key
openssl ca -in ./Cert/Client.csr -cert ./Cert/Authority.crt -keyfile ./Cert/Authority.key -out ./Cert/Client.crt
rem Generate the Private pem key
openssl rsa -in ./Cert/ClientPrivate.key -out ./Cert/ClientPrivate.pem
rem Check the certificate
openssl x509 -in ./Cert/Client.crt -text


rem 5. Done ! Read up to be sure of what append

pause

This file is going to :
Create cert and key for the authority (know as Certificate Authority (ca) )
Create cert and key for the Server and sign the cert by previous ca
Create the Diffie hellman parameters file
Create cert and key for one Client and sign the cert by previous ca

During the execution of the script, some information are going to be asked. 3 times. First time for authority, second time for server and third for client. Information have to be different at least for the Common Name.

6 To use the generated file with a unmodified config file from openvpn :
Go to cert folder
rename Authority.crt as ca.mycert.crt
rename Server.crt as mycert.crt
rename ClientPrivate.pem as mycert.pem (<= Do not share this one nor Private.key !)

7 Paste all the 3 previous file and the dh1024.pem to your "cert" folder of openvpn on your DNS-323 (in /fpp/etc/openvpn/certs/)
8 Configure OpenVPN as you want ! Do not forget to protect your key
9 For a windows client, downnload openvpn-gui (here : http://openvpn.se/download.html, choose installation package with TAP driver)
10 Install and run
11 Create your xxx.ovpn client config file in %APP%/OpenVPN/config/
12 Copy/Paste the previously generated Authority.crt, Client.crt and ClientPrivate.key into the same directory. Be sure to protect .key file !
13 Set your client profil according to your server configuration and previously paste crt and key file.
14 Route everythings on your router and connect your client to your server !


Script is based on information found on this website : http://www.garex.net/apache/ and on HowTo section of http://www.openvpn.net/ andhttp://www.openvpn.se/ website

ps : it seems that is not very secure. If i succed to improve the setup in the direction, I will tell you. If you have any idea to do that, I would really enjoy any help smile

Offline

 

Board footer

Powered by PunBB
© Copyright 2002–2010 PunBB