DSM-G600, DNS-3xx and NSA-220 Hack Forum

Unfortunately no one can be told what fun_plug is - you have to see it for yourself.

You are not logged in.

#26 2008-03-27 12:23:46

HaydnH
Member
Registered: 2007-09-28
Posts: 187

Re: Compiled & Working: OpenVPN

Hi Audrey,

Glad you got it working and thanks for confirmation that the echo command works - still haven't got around to testing that myself!

Haydn.

Offline

 

#27 2008-04-02 02:45:15

andrey
Member
Registered: 2008-03-22
Posts: 34

Re: Compiled & Working: OpenVPN

HaydnH, any plans to recompile OpenVPN using 2.1_rc7 code base?

Offline

 

#28 2008-04-02 12:23:56

HaydnH
Member
Registered: 2007-09-28
Posts: 187

Re: Compiled & Working: OpenVPN

Unfortunately I have no time do compile all the Beta's as well as releases unless there is a specific reason for doing so (i.e: something broken in last release). Hopefully I'll have more time soon.

Haydn.

Offline

 

#29 2008-06-18 19:12:19

luusac
Member
Registered: 2008-04-29
Posts: 360

Re: Compiled & Working: OpenVPN

does anybody have any openvpn config files (ie client & server) that they can share - preferably where the dns323 is behind a router and where the client connects using a dyndns address?  I have tried the examples on the openvpn website and have not managed to get it working consistently yet, I keep getting
"WARNING: 'ifconfig' is used inconsistently, local='ifconfig 10.8.0.2 10.8.0.1', remote='ifconfig 10.8.0.1 10.8.0.2'"
thanks
lu

Offline

 

#30 2008-06-18 20:13:02

andrey
Member
Registered: 2008-03-22
Posts: 34

Re: Compiled & Working: OpenVPN

Here are some basic config files to get you started. Note that you'd need to generate appropriate server and client keys in order to get this to work.

server.conf

local <your DNS-323 IP>
port <your DNS-323 port>  #forward this port on your router
proto udp

;dev tap
dev tun0

tls-server
tls-auth ta.key 0        # server

# root certificates
ca etc/ca.crt
dh etc/dh1024.pem

# server certificates
cert etc/dns323.crt
key etc/dns323.key       # server

server 10.10.0.0 255.255.255.0

push "route 10.0.0.0 255.255.255.0"
push "dhcp-option DNS 10.0.0.1"

# direct all traffic through VPN
;push "redirect-gateway"

;ifconfig-pool-persist ip.lst

# allow clients to be able to "see" each other.
client-to-client
# allow multiple clients to connect
duplicate-cn

keepalive 10 120

# extra security

;cipher BF-CBC        # Blowfish
;cipher AES-128-CBC   # AES
;cipher DES-EDE3-CBC  # Triple-DES

# enable compression on the VPN link.
comp-lzo

max-clients 10
persist-key
persist-tun

;verb 3
;status openvpn-status.log

client.ovpn

remote <DNS-323 IP or ddns address> <port #>

dev tun
;dev tap

proto udp

resolv-retry infinite

nobind

persist-key
persist-tun

# server security
tls-client
tls-auth ta.key 1

# mute repated wireless packets
mute-replay-warnings

# connection keys
ca keys/ca.crt

# unique client keys
cert keys/client.crt
key keys/client.key

# ensure connection to a server
ns-cert-type server


# cryptographic cipher.
;cipher AES-128-CBC

# enable compression
comp-lzo

;verb 3

Last edited by andrey (2008-06-18 20:14:09)

Offline

 

#31 2008-06-19 02:59:49

luusac
Member
Registered: 2008-04-29
Posts: 360

Re: Compiled & Working: OpenVPN

Thanks for these.  Do you have an example which uses a simple static key?  I want to get as simple an example as possible working before I use certificates (also the compiled version HaydnH made available doesn't contain what is necessary to build the certificates, ... or does it?  I think the same is true of the optware openvpn package - ie I can't find build-key / build-key-server etc).  I modified your example, thus:

local 192.168.1.2
port 1194 
proto udp

dev tun0

server 10.10.0.0 255.255.255.0

push "route 10.0.0.0 255.255.255.0"
push "dhcp-option DNS 10.0.0.1"
client-to-client

keepalive 10 120

comp-lzo

persist-key
persist-tun

secret static.key

but openvpn won't run - it complains "Options error: --server and --secret cannot be used together (you must use SSL/TLS keys)"

thanks
lu

Offline

 

#32 2008-06-19 03:08:34

andrey
Member
Registered: 2008-03-22
Posts: 34

Re: Compiled & Working: OpenVPN

lu,

You're correct, HaydnH doesn't contain necessary files to compile certificate keys. I would suggest installing "etch" debian for that. However, I'm not sure how efficient VPN will without any security so to speak.

If you'd like to eliminate certificates, simply comment them out from configuration that I posted earlier.

Offline

 

#33 2008-06-19 03:37:56

luusac
Member
Registered: 2008-04-29
Posts: 360

Re: Compiled & Working: OpenVPN

andrey wrote:

If you'd like to eliminate certificates, simply comment them out from configuration that I posted earlier.

I removed them entirely (as per my repost of your config), but what do I do about the "server 10.10.0.0 255.255.255.0" line - that is what openvpn is complaining about as I have added "secret static.key" in place of the certificate entries?
thanks
lu

Offline

 

#34 2008-06-19 19:07:53

andrey
Member
Registered: 2008-03-22
Posts: 34

Re: Compiled & Working: OpenVPN

you shouldn't have "secret static.key" option enabled since you haven't compiled the keys, comment it out.

Offline

 

#35 2008-06-19 19:39:01

Sinobato
Member
Registered: 2008-06-16
Posts: 18

Re: Compiled & Working: OpenVPN

Hi, noob here.

How would you generate the keys mentioned here? Also, the key mentions etc/ca.rt and etc/key. Does that mean that I need to put the keys there once I am able to generate it?

Thanks.


DNS-323:  F/W:1.07  H/W:B1  ffp:0.5  HDDs: 2x1TB Standalone HDD (Hitachi HDS721010KLA330, Seagate ST31000528AS)

Offline

 

#36 2008-06-19 19:43:37

andrey
Member
Registered: 2008-03-22
Posts: 34

Re: Compiled & Working: OpenVPN

Sinobato,

To generate keys you would need to install debian "etch" (see my post above or Wiki), install OpenVPN there using 'apt get install openvpn', generate keys that way and copy them into your working OpenVPN folder. Perhaps that's not the simplest way, but it works.

-- Andrey

Offline

 

#37 2008-06-19 20:21:57

Sinobato
Member
Registered: 2008-06-16
Posts: 18

Re: Compiled & Working: OpenVPN

Andrey,

I have another box with Ubuntu x86 installed. Can I use it and install OpenVPN and generate the keys there, and just copy the keys to my DNS-323 OpenVPN folder? That way, I don't have to install Debian on the NAS?


DNS-323:  F/W:1.07  H/W:B1  ffp:0.5  HDDs: 2x1TB Standalone HDD (Hitachi HDS721010KLA330, Seagate ST31000528AS)

Offline

 

#38 2008-06-19 20:35:02

luusac
Member
Registered: 2008-04-29
Posts: 360

Re: Compiled & Working: OpenVPN

about the keys - I have generated the key by
./openvpn --genkey --secret static.key
(as per openvpn documentation)
then copied the key to both the client & server, so afaik the entry to the key in the config is ok, but then that still leaves the problem of the  "server 10.10.0.0 255.255.255.0" line.
thanks
lu

Offline

 

#39 2008-10-12 16:12:03

halfsoul
Member
Registered: 2008-01-28
Posts: 57

Re: Compiled & Working: OpenVPN

@luusac: You can't use a server parameter and a static key at the same time.  They are mutually exclusive.

@andrey: Are you sure the push-route and push-dhcp commands are being processed?  The reason I ask is that there is no "pull" in your client config file.  From OpenVPN 2.0.x Manual:

--push option
Push a config file option back to the client for remote execution. Note that option must be enclosed in double quotes (""). The client must specify --pull in its config file.

(emphasis added)

The reason I ask is that I am trying to view the rest of my network.  VPN works, but I can only see the DNS-323, and nothing else.  I've executed the echo ip forwarding command, and verified it is set correctly with cat.  Still no luck.

Server config:

Code:

dev tun
ifconfig 10.8.0.1 10.8.0.2
secret static.key

# Use compression on the VPN link
comp-lzo

# Make the link more resistent to connection failures
keepalive 10 60
ping-timer-rem
persist-tun
persist-key

Client config:

Code:

remote ip.add.censored.here 1194
dev tun
ifconfig 10.8.0.2 10.8.0.1
secret static.key

# Use compression on the VPN link
comp-lzo

# Make the link more resistent to connection failures
keepalive 10 60
ping-timer-rem
persist-tun
persist-key

# Allow client to reach entire server subnet
;route 192.168.0.0 255.255.255.0
;route add -net 192.168.0.2 netmask 255.255.255.0 gw 10.8.0.1
;route 10.8.0.0 255.255.255.0 192.168.0.2

(note the 3 of many failed route params)
Any suggestions?

Last edited by halfsoul (2008-10-12 16:14:00)

Offline

 

#40 2008-10-14 21:07:26

mastervol
Member
Registered: 2008-09-06
Posts: 81

Re: Compiled & Working: OpenVPN

maybe useful:
openvpn portable
http://sourceforge.net/projects/ovpnp


DNS-323     F/W: 1.06  H/W: ??  ffp: 0.5  Drives (normal mode): 1 x 1,5 TB Seagate SATA II ST31500341AS, 1 x 250 GB Western Digital SATA I

Offline

 

#41 2008-10-15 22:06:38

halfsoul
Member
Registered: 2008-01-28
Posts: 57

Re: Compiled & Working: OpenVPN

mastervol wrote:

maybe useful:
openvpn portable
http://sourceforge.net/projects/ovpnp

What is the advantage of this over the normal OpenVPN GUI?  I couldn't get very much info from the short sourceforge description.

Offline

 

#42 2008-11-05 18:20:23

eak
Member
Registered: 2007-11-01
Posts: 16

Re: Compiled & Working: OpenVPN

I have built openvpn but it did not build the kernel module.
Do I have to recompile the kernel and upgrade the one in my dns-313?
I hawe no clue how to config the kernel on it it's not a PC.
or is the kernel config extractable from the old kernel?
(I tried downloading the package here but it tells me invalid module format)

Last edited by eak (2008-11-05 18:55:59)

Offline

 

#43 2008-12-30 19:33:07

mastervol
Member
Registered: 2008-09-06
Posts: 81

Re: Compiled & Working: OpenVPN

halfsoul wrote:

mastervol wrote:

maybe useful:
openvpn portable
http://sourceforge.net/projects/ovpnp

What is the advantage of this over the normal OpenVPN GUI?  I couldn't get very much info from the short sourceforge description.

you don't have to install openvpn portable.
my guess is you have to install openvpn gui in order to use it.

Last edited by mastervol (2008-12-30 19:38:08)


DNS-323     F/W: 1.06  H/W: ??  ffp: 0.5  Drives (normal mode): 1 x 1,5 TB Seagate SATA II ST31500341AS, 1 x 250 GB Western Digital SATA I

Offline

 

#44 2009-05-02 05:18:22

metal450
Member
Registered: 2009-05-02
Posts: 29

Re: Compiled & Working: OpenVPN

Hey all,

I've been trying to get this working on my DNS-321 all day but to no avail.  After downloading and extracting the tarball, I simply cannot run openvpn: I always get the error message

./openvpn: ./openvpn: cannot execute binary file

"file ./openvpn" shows me:

./openvpn: ELF 32-bit LSB executable, ARM, version 1, dynamically linked (uses shared libs), stripped

Any ideas why I can't get this to execute?

I've thus far successfully setup Transmission, Subversion, vsftpd, lighttpd...this is the only one i can't seem to crack...

Last edited by metal450 (2009-05-02 05:28:41)

Offline

 

#45 2009-05-02 20:37:22

luusac
Member
Registered: 2008-04-29
Posts: 360

Re: Compiled & Working: OpenVPN

it could be that it won't work on the 321 having been compiled for the 323.  It may be a library issue...  You could try compiling it yourself on the 321.

Offline

 

#46 2009-05-02 22:43:15

metal450
Member
Registered: 2009-05-02
Posts: 29

Re: Compiled & Working: OpenVPN

>>it could be that it won't work on the 321 having been compiled for the 323.

Hmm, I'd thought of that, but seems somehow unlikely as every other binary i've tried that was compiled for the 323 worked perfectly...

>>It may be a library issue...

I'd think this is the most likely issue, although I'm not really experienced enough in Linux to figure out the issue - I haven't programmed on linux since college, 10 years ago...  Do you (or anyone) by chance know of any way i could determine this, i.e. get more specific error message, etc?

>>You could try compiling it yourself on the 321.

I'd thought of that also, and tried to figure out if i could "easily" compile just by installing gcc and make, but the following thread scared me a little bit: seems like getting a build environment setup on this thing is damn complex.  Am i wrong? (http://dns323.kood.org/howto:crosscompile)

Offline

 

#47 2009-05-02 22:48:47

metal450
Member
Registered: 2009-05-02
Posts: 29

Re: Compiled & Working: OpenVPN

(Or, if anyone who's successfully built OpenVPN for this device might be able to give me a quick rundown on how, i'd be MUCH appreciative smile)

Offline

 

#48 2009-05-03 05:39:30

luusac
Member
Registered: 2008-04-29
Posts: 360

Re: Compiled & Working: OpenVPN

metal450 wrote:

I'd think this is the most likely issue, although I'm not really experienced enough in Linux to figure out the issue - I haven't programmed on linux since college, 10 years ago...  Do you (or anyone) by chance know of any way i could determine this, i.e. get more specific error message, etc?

strace ./openvpn
?

metal450 wrote:

>>You could try compiling it yourself on the 321.

I'd thought of that also, and tried to figure out if i could "easily" compile just by installing gcc and make, but the following thread scared me a little bit: seems like getting a build environment setup on
this thing is damn complex.  Am i wrong? (http://dns323.kood.org/howto:crosscompile)

The page you refer to is about *cross* compiling - i.e. compiling on one platform to execute on another platform - e.g. compile source on an x86 machine (PC) to produce an executable that will run on the arm (321) architecture.  What you can do as an alternative, is compile natively - i.e. compile on the machine that you want to run the software on (321)
You would need to install more than gcc and make, but I think it is straigthforward enough - search the forums to deturmine what you need.  I haven't done it myself, but I think Fonz provides all of the packages that you need for native compilation (you need to download them and install them under ffp).

Last edited by luusac (2009-05-03 05:41:51)

Offline

 

#49 2009-05-04 10:03:42

metal450
Member
Registered: 2009-05-02
Posts: 29

Re: Compiled & Working: OpenVPN

luusac wrote:

strace ./openvpn
?

it says execve("./openvpn", ["./openvpn"], [/* 18 vars */]) = -1 ENOENT (No such file or directory)

...Which is obviously weird, but about on par with this error in general.  Calling "./openvpn" results in "./openvpn: No such file or directory", and "bash ./openvpn" says "cannot execute binary file".

luusac wrote:

The page you refer to is about *cross* compiling - i.e. compiling on one platform to execute on another platform.

Aha!! Thanx for the tip...I'll look into this too (if u have no other ideas regarding the above!) smile

Offline

 

#50 2009-05-04 22:49:12

metal450
Member
Registered: 2009-05-02
Posts: 29

Re: Compiled & Working: OpenVPN

Got it to compile!  Thanx for the tip...it was way simpler than I expected smile

Basically, all I had to do was install the required packages (http://www.shadowandy.net/2008/08/addin … ns-323.htm), run ./configure, and make!

Offline

 

Board footer

Powered by PunBB
© Copyright 2002–2010 PunBB