Goal: OpenVPN on WGR614v8

30 posts / 0 new
Last post
Goddchen
Goddchen's picture
Goal: OpenVPN on WGR614v8

Hi :)

I need to get openvpn running on a WGR614v8. What is the best way to achieve this? OpenWRT, DD-WRT, something else?

 

Greets Goddchen

John Lauro
John Lauro's picture
My guess is VPN version of DD

My guess is VPN version of DD-WRT.

achilles
achilles's picture
I think DD-WRT is a good

I think DD-WRT is a good choice .... Have u checked for this feature in DD-WRT mini build avlbl at this site ...
Even if u dnt get this feature in DD-WRT builds avlbl at this site , you can copy the .config file corresponding to openvpn to the .config file present in DD-WRT/src/router and build corresponding image ...

Goddchen
Goddchen's picture
hi, thanks for your answers :

hi, thanks for your answers :)
I tried to get OpenWRT running for some days now, without success :(
I already once installed the mini image of DD-WRT. But unfortunately it hasn't openvpn support :( I'll try out your hint achilles today and report if it worked :)

Goddchen

Goddchen
Goddchen's picture
OK, i'm a little lost... :(

OK, i'm a little lost... :(
DD-WRT mini doesn't seem to include openvpn.

you can copy the .config file corresponding to openvpn to the .config file present in DD-WRT/src/router and build corresponding image ...

Where do i get that .config file of openvpn configuration? And where can i download a stable release source code of dd-wrt? I only found svn access, should i use that one?

Goddchen

achilles
achilles's picture
Goddchen said:

Goddchen said:
OK, i'm a little lost... :(
DD-WRT mini doesn't seem to include openvpn.

you can copy the .config file corresponding to openvpn to the .config file present in DD-WRT/src/router and build corresponding image ...

Where do i get that .config file of openvpn configuration? And where can i download a stable release source code of dd-wrt? I only found svn access, should i use that one?
Goddchen

Ya u can get the DD-WRT src code from svn.dd-wrt.com  .... As far as .config file is concerned u will get it in DD-WRT/src/router/.config_openvpn.v24 ....

Just copy this to .config file in router directory and then u should get a build with openvpn feature .... :)

Keep the cmnty posted abt ur proceedings in this regard .... it may help others also .....

 

John Lauro
John Lauro's picture
At http://www.dd-wrt.com/dd

At http://www.dd-wrt.com/dd-wrtv3/dd-wrt/hardware.html
put in netgear wgr614 and click on your version, you can then download a vpn version.

achilles
achilles's picture
John Lauro said:

John Lauro said:
At http://www.dd-wrt.com/dd-wrtv3/dd-wrt/hardware.html
put in netgear wgr614 and click on your version, you can then download a vpn version.

Thnx john ... this link looks good as it has several builds corresponding to different features so it will be easier for people to test different features without needing to compile the DD-WRT ....

BTW I observed that it contains maximum builds in bin format wheras we need chk format to flash WGR614L ... how can one convert these to chk directly ... 

If they can't be converted to chk then I think these builds can be used if we do f/w upgrade through GUI ....

John Lauro
John Lauro's picture
achilles said:

achilles said:

John Lauro said: At http://www.dd-wrt.com/dd-wrtv3/dd-wrt/hardware.html put in netgear wgr614 and click on your version, you can then download a vpn version.

Thnx john ... this link looks good as it has several builds corresponding to different features so it will be easier for people to test different features without needing to compile the DD-WRT .... BTW I observed that it contains maximum builds in bin format wheras we need chk format to flash WGR614L ... how can one convert these to chk directly ...  If they can't be converted to chk then I think these builds can be used if we do f/w upgrade through GUI ....

I have not tested it myself, but according to the documentation that is what you do.  They have one minimal .chk format and they say you flash with that first (as standard firmware will not take .bin), and then upgrade via the gui to the desired .bin version.  I don't think a generic conversion program has been written to convert the .bin files directly.

achilles
achilles's picture
John Lauro said:

John Lauro said:
At http://www.dd-wrt.com/dd-wrtv3/dd-wrt/hardware.html
put in netgear wgr614 and click on your version, you can then download a vpn version.

Well I tested this f/w and to much of my dismay it did not work ..... moreover once I flash my board with open vpn build it fails to even reboot properly ...

Given below is the log that I get after flashing my WGR614L ......

The free memory is enough, writing image once.
write=[3698688]        
linux: CRC OK
Writing image to flash, waiting a moment...
Write len/chksum @ 0x003AFFF8...done.
uploading [3698737]
erase[65536]
Restarting system.
Please stand by while rebooting the system...
Decompressing..........done

CFE for WGR614v8 version: 1.3
Build Date: Fri Apr 20 14:04:44 CST 2007
et0: Broadcom BCM47xx 10/100 Mbps Ethernet Controller 4.138.1.0
Committing NVRAM...done

CFE for WGR614v8 version: 1.3
Build Date: Fri Apr 20 14:04:44 CST 2007
et0: Broadcom BCM47xx 10/100 Mbps Ethernet Controller 4.138.1.0
Device eth0:  hwaddr 00-1E-2A-07-AC-8A, ipaddr 192.168.1.1, mask 255.255.255.0
        gateway not set, nameserver not set
Loading ...........................................
too long file.
LZMA boot failed
Loader:raw Filesys:raw Dev:flash0.os File: Options:(null)
Loading: .. 3856 bytes read
Entry at 0x80001000
Closing network.
Starting program at 0x80001000
CPU revision is: 00029029
Linux version 2.4.36 (root@dd-wrt) (gcc version 3.4.6 (OpenWrt-2.0)) #345 Mon Jul 28 00:47:00 CE8
Setting the PFC to its default value
Determined physical RAM map:
 memory: 01000000 @ 00000000 (usable)
On node 0 totalpages: 4096
zone(0): 4096 pages.
zone(1): 0 pages.
zone(2): 0 pages.
Kernel command line: root=/dev/mtdblock2 rootfstype=squashfs,jffs2 noinitrd console=ttyS0,115200
CPU: BCM5354 rev 1 at 240 MHz
Using 120.000 MHz high precision timer.
Calibrating delay loop... 239.20 BogoMIPS
Dentry cache hash table entries: 2048 (order: 2, 16384 bytes)
Inode cache hash table entries: 1024 (order: 1, 8192 bytes)
Mount cache hash table entries: 512 (order: 0, 4096 bytes)
Buffer cache hash table entries: 1024 (order: 0, 4096 bytes)
Page-cache hash table entries: 4096 (order: 2, 16384 bytes)
Checking for 'wait' instruction...  unavailable.
POSIX conformance testing by UNIFIX
PCI: no core
PCI: Fixing up bus 0
Initializing RT netlink socket
Starting kswapd
devfs: v1.12c (20020818) Richard Gooch ([email protected])
devfs: boot_options: 0x1
squashfs: version 3.0 (2006/03/15) Phillip Lougher
pty: 256 Unix98 ptys configured
Serial driver version 5.05c (2001-07-08) with MANY_PORTS SHARE_IRQ SERIAL_PCI enabled
ttyS00 at 0xb8000300 (irq = 3) is a 16550A
ttyS01 at 0xb8000400 (irq = 3) is a 16550A
PCI: Setting latency timer of device 00:01.0 to 64
PCI: Setting latency timer of device 00:05.0 to 64
sb_doattach: incoming bus is PCI but it's a lie, switching to SB devid:0x4318
unregister_netdevice: device eth%d/8036e620 never was registered
Universal TUN/TAP device driver 1.5 (C)1999-2002 Maxim Krasnyansky
pflash: found no supported devices
sflash not supported on this router
Initializing Cryptographic API
IP Protocols: ICMP, UDP, TCP, IGMP
IP: routing cache hash table of 512 buckets, 4Kbytes
TCP: Hash tables configured (established 1024 bind 2048)
ip_conntrack version 2.1 (512 buckets, 4096 max) - 336 bytes per conntrack
ip_tables: (C) 2000-2002 Netfilter core team
ipt_random match loaded
netfilter PSD loaded - (c) astaro AG
ipt_osf: Startng OS fingerprint matching module.
ipt_IPV4OPTSSTRIP loaded
NET4: Unix domain sockets 1.0/SMP for Linux NET4.0.
802.1Q VLAN Support v1.8 Ben Greear <[email protected]>
All bugs added by David S. Miller <[email protected]>
VFS: Cannot open root device "mtdblock2" or 1f:02
Please append a correct "root=" boot option
Kernel panic: VFS: Unable to mount root fs on 1f:02
 <0>Rebooting in 5 seconds..Please stand by while rebooting the system...
Decompressing..........done

CFE for WGR614v8 version: 1.3
Build Date: Fri Apr 20 14:04:44 CST 2007
et0: Broadcom BCM47xx 10/100 Mbps Ethernet Controller 4.138.1.0
Device eth0:  hwaddr 00-1E-2A-07-AC-8A, ipaddr 192.168.1.1, mask 255.255.255.0
        gateway not set, nameserver not set
Loading ...........................................
too long file.
LZMA boot failed
[Same sequence of messages as above and I m stuck in a loop ]..

It keeps rebooting .....

Has any body at all tested this image ... If yes plz let me know where can I be wrong .. 

Goddchen
Goddchen's picture
hm, it cannot mount root file

hm, it cannot mount root file sytem. that weird :(
and you used the precompiled firmware image, you didn't create your own (then a missing filesystem in the kernel could be the problem, or something like that)?
it's very strange that it cannot load the root filesystem as it should be contained in the firmware file.
Perhaps there's something in you nvram that messes things up. You could try flashing a working firmware and resetting the settings. just an idea...

achilles
achilles's picture
Goddchen said:

Goddchen said:
hm, it cannot mount root file sytem. that weird :(
and you used the precompiled firmware image, you didn't create your own (then a missing filesystem in the kernel could be the problem, or something like that)?
it's very strange that it cannot load the root filesystem as it should be contained in the firmware file.
Perhaps there's something in you nvram that messes things up. You could try flashing a working firmware and resetting the settings. just an idea...

Ya ... I had flashed my board with mini build avlbl at this site and it was working OK .... then I tried to flash it with openvpn build and things got messed .... I dnt know why it shows "too long file LZMA failed "... this thing has nothing to do with nvram ..

BTW I have just flashed my board with the mini build and things are working fine .....

I am working towards building a stable chk image with OpenVPN feature and will post this once I m done with it .... 

Goddchen
Goddchen's picture
have a look here:http://www

have a look here:
http://www.myopenrouter.com/forum/thread/10876/Compiling-DD-WRT-with-Ope...
we're trying the same thing currently...

achilles
achilles's picture
Goddchen said:

Goddchen said:
have a look here:
http://www.myopenrouter.com/forum/thread/10876/Compiling-DD-WRT-with-OpenVPN-...
we're trying the same thing currently...

I have created a chk image with openvpn feature but I m not able to test this .....

Reason : If I flash my board with this file I am not able to ping a host connected to my board's LAN port ...

I need to do :

ifconfig br0 down

ifconfig eth0 192.168.1.1 up

to get the ping working but still GUI does not come up ..... any ideas ... :)

Goddchen
Goddchen's picture
I'm currently facing the

I'm currently facing the exact same problem... I'll leavy a message if i make any progress...

achilles
achilles's picture
Goddchen said:

Goddchen said:
I'm currently facing the exact same problem... I'll leavy a message if i make any progress...

thnx .... could u plz tell me how did u get rid of the assertion pblm .....

Goddchen
Goddchen's picture
i did "make menuconfig" in

i did "make menuconfig" in src/router and disabled the rflow feature... ;)

achilles
achilles's picture
Now I have an image with

Now I have an image with OpenVPN feature and it provides GUI access ....
I am getting some errors in OpenVPN server set up ... Once I m done with the testing I will provide the corresponding chk file ...

Goddchen
Goddchen's picture
I'd be more happy with your

I'd be more happy with your .config files, rather then the compiled chk file... would be nice if you would provide them too, so that other users (like me, of course ;) ) can try to compile with your config, too.

achilles
achilles's picture
Goddchen said:

Goddchen said:
I'd be more happy with your .config files, rather then the compiled chk file... would be nice if you would provide them too, so that other users (like me, of course ;) ) can try to compile with your config, too.

I will provide them too ... But I m not sure it is related to .config bcoz I used the same .config files for router and linux with three svn versions of DD-WRT and ping and GUI access problem was automatically solved with one of them ....

Luckily I have that distribution .... I will try to upload it too ..

BTW I have configure a VPN server on WGR614L but it is not starting ... I dnt know why .. I m using static key method and not getting any error messages but some how ps is not showing vpn running ... :( ...

I m trying and will update u if I make any progress ... 

Goddchen
Goddchen's picture
i got openvpn running

i got openvpn running smoothly (with autostart) on one of the precompiled images.
can you start openvpn manually per command line?

achilles
achilles's picture
Goddchen said:

Goddchen said:
i got openvpn running smoothly (with autostart) on one of the precompiled images.
can you start openvpn manually per command line?

hey that's grt ... could u plz tell me where did u get the image  or u have created it urself and what steps did u take ...

 

I am taking the steps as specified in the given link for VPN server with static key :

http://www.dd-wrt.com/wiki/index.php/OpenVPN#Server_Configuration

Plz let me know if it z ok ... 

 

 

Goddchen
Goddchen's picture
i used this image:http://www

i used this image:
http://www.dd-wrt.com/dd-wrtv2/downloads/others/eko/V24_TNG/svn11604/dd-...
but remember to first flash the xxx_mini.chk image and the via webinterface the bin image you want...
but i really need to be able to build my own image...
i didn't do any steps in any tutorial or guide. i just setup my openvpn config with certificates like i always do...
i created a file /jffs/etc/config/openvpn.startup where i start the server.
one problem: you need to create a symlink from /tmp/myvpn to your openvpn binary, otherwise the process will shutdown after a few seconds when it was started with autostart...

achilles
achilles's picture
Goddchen said:

Goddchen said:
i used this image:
http://www.dd-wrt.com/dd-wrtv2/downloads/others/eko/V24_TNG/svn11604/dd-wrt.v...
but remember to first flash the xxx_mini.chk image and the via webinterface the bin image you want...
but i really need to be able to build my own image...
i didn't do any steps in any tutorial or guide. i just setup my openvpn config with certificates like i always do...
i created a file /jffs/etc/config/openvpn.startup where i start the server.
one problem: you need to create a symlink from /tmp/myvpn to your openvpn binary, otherwise the process will shutdown after a few seconds when it was started with autostart...

OK but I dnt know how to start it with autostart (may be it z a silly thing to ask  :))... what command u r giving to the shell ...

Goddchen
Goddchen's picture
my /jffs/etc/config/openvpn

my /jffs/etc/config/openvpn.startup file looks like this:

openvpn --mktun --dev tap0
brctl addif br0 tap0
ifconfig tap0 0.0.0.0 promisc up
iptables -I FORWARD -i br0 -o tap0 -j ACCEPT
iptables -I FORWARD -i tap0 -o br0 -j ACCEPT
iptables -I INPUT -i tap0 -j ACCEPT
sleep 5
ln -s /usr/sbin/openvpn /tmp/myvpn
/tmp/myvpn --config /jffs/openvpn/openvpn.conf --daemon

i don't know if these iptables lines are really neccessary. i found them somewhere here or in dd-wrt forums...

achilles
achilles's picture
OK thnx ... I am using static

OK thnx ... I am using static key method and running the command :
/tmp/myvpn --dev tap0 --secret /tmp/static.key --comp-lzo --port 1194 --proto udp --verb3 gives me the following error :
NOTE : OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Insufficient key material or header text not found in file '/tmp/static.key'

I dnt know how is it getting static.key to be of size 0 ...any ideas ??

Goddchen
Goddchen's picture
how exactly did you create

how exactly did you create that key? why don't you just copy it somewhere to /jffs/?
You can ignore that warning about the script security, since you don't you any user scripts...

achilles
achilles's picture
Well ...at last I got it

Well ...at last I got it running ... I m using a linux host right now to generate the static.key ..and giving the commands one by one ..
Now I need to test them using a start up script and also with keys generated in a windows machine (seems I m doing some silly mistake in this case )..
Once I m done with these I will provide the chk file and also corresponding .config files ....
thnx a lot for ur help ..

achilles
achilles's picture
Hi all,

Hi all,
I have created a dd-wrt build (chk format)with openvpn feature for WGr614L and have tested it for ststic key configuration.
I m yet to do the other testings ... BTW if any one wants to test it or use it he/she can send me a PM with his/her mail id ....
Once this is fully tested I will upload it here also ...

anonyproz
anonyproz's picture
OpenVPN Based Virtual Private

OpenVPN Based Virtual Private Network for Internet Security

http://www.anonyproz.com

Someone May Be Snooping On You Right Now!

Secure All Your Applications with One Click.

Secure & Anonymous Surfing

Anonyproz OpenVPN is the fast, easy way to secure your PC's Internet data and protect your privacy.

Makes all of your web surfing anonymous

Secures Web, email, video, IM, P2P... all automatically

Simple, one-click operation!

Uses industrial strength encryption & hides your IP

To learn more and sign up, visit:http://www.anonyproz.com