Since none of the dd-wrt releases include ip6tables support, I added it myself. The standard kernel does support module loading, so you can simply add additional kernel features without reflashing the device. You do need some writable storage. I use the remaining 4MB of flash using JFFS, but using an external storage (USB, network, …) is also possible.

Since you can’t run a complete build environment on the router itself, you’ll have to set up a cross-compiling environment on your own machine. As I found out, this isn’t always very easy to do…

Since there are some requirements on the development host (64bit host, case-sensitive filesystem), I used a clean Ubuntu-64bit 10.04 install in a virtual machine.

Preparations

Start by getting the sources for the 2.6.24.111 kernel:

# svn checkout svn://svn.dd-wrt.com/DD-WRT/src/linux/brcm/linux-2.6.23 -r 14929
# head -n5 linux-2.6.23/Makefile
VERSION = 2
PATCHLEVEL = 6
SUBLEVEL = 24
EXTRAVERSION = .111
NAME = Arr Matey! A Hairy Bilge Rat!

See, I told you it’s 2.6.24.111!

Next we’ll get the cross-compiling toolchain:

# cd /opt
# wget http://www.dd-wrt.com/dd-wrtv2/downloads/others/sourcecode/toolchains/current-toolchains.tar.bz2
# tar jxvf current-toolchains.tar.bz2

Configuring the kernel

First some cleanup to do: I don’t need the madwifi drivers, so I remove their reference. The config.h file is a broken softlink, so I remove that as well. For some reason, jhash2.h is not included (presumably because jhash.h is included first). This causes JHASH_GOLDEN_RATIO not to be defined. There are probably nicer ways to solve this, but I just redefine the constant outside of the #ifndef‘s

# grep -v madwifi drivers/net/wireless/Kconfig > drivers/net/wireless/Kconfig.new
# mv drivers/net/wireless/Kconfig{.new,}
#
# rm include/linux/config.h
#
# echo "#define JHASH_GOLDEN_RATIO    0x9e3779b9" >> include/linux/jhash2.h

Next configure the options you want, starting from dd-wrt’s default:

# cp .config_std .config
# make menuconfig
# PATH=$PATH:/opt/toolchain-mipsel_gcc4.1.2/bin make modules

Stripping the modules

Now just cherry-pick the modules you want. If you really want to squeeze out every last byte, you can strip each individual module:

# /opt/toolchain-mipsel_gcc4.1.2/bin/mipsel-linux-strip --strip-unneeded ipv6.ko

Then copy these modules onto your router and insmod them, probably in a script.

33 Comments

  1. bv says:

    Did you see this error when trying to run the “make” command…

    [root@F14VMCORE linux-2.6.23]# make menuconfig
    Makefile:443: *** mixed implicit and normal rules. Stop.

    [root@F14VMCORE linux-2.6.23]# PATH=$PATH:/opt/toolchain-mipsel_gcc4.1.2/bin make modules
    Makefile:1501: *** mixed implicit and normal rules. Stop.

  2. Niobos says:

    No, my build went without a glitch… Where did you get your sources?

  3. bv says:

    I ran the same commands you did.

    # svn checkout svn://svn.dd-wrt.com/DD-WRT/src/linux/brcm/linux-2.6.23 -r 14929

    I’m running on Fedora 14 x86_64

    All I really want is to compile a tun.ko module!

    Thanks,

  4. Niobos says:

    The error message you get seems to indicate that your version of Make is confused by some rule in the Makefile. So either the sources are different from mine, or your Make is different.

    I use GNU Make 3.81, the standard Ubuntu 10.04 x86_64 version. My Makefile MD5s to d910fbbac759ac4892ccc5959f3e518d. Hopefully you can pinpoint your problem with this info.

  5. bv says:

    Thanks for the reply. I finally got is working by doing what you did; installing a Ubuntu VM. But now I have a new problem, I compile the tun.ko fine but when I “try” to load it with insmod /mnt/tun.ko I get this error in dmesg …

    root@Zation1:~# insmod /mnt/tun.ko
    insmod: cannot insert ‘/mnt/tun.ko’: Success

    #Dmesg output.
    tun: Universal TUN/TAP device driver, 1.6
    tun: (C) 1999-2004 Max Krasnyansky
    tun: Can’t register misc device 200

    Any ideas?

  6. Niobos says:

    I have no experience with the TUN driver, but maybe it has dependencies on other modules? Does /dev/tun already exist? Is the module loaded, even after the confusing “cannot insert: success”?

  7. bv says:

    I know! that “cannot insert: success” is confusing.
    No, /dev/tun doesn’t exist, and the module doesn’t load.

    I’ll start looking for deps.

    Thanks,

    BV

  8. Daniël van Eeden says:

    I’ve compiled the modules for ipv6 netfilter but I can’t get ip6tables to work…

    root@DD-WRT:~# uname -a
    Linux DD-WRT 2.6.24.111 #2823 Sun Dec 19 18:13:40 CET 2010 mips unknown
    root@DD-WRT:~# lsmod
    Module Size Used by
    nf_conntrack_ipv6 16384 0
    ip6table_filter 4096 0
    ip6t_rt 4096 0
    ip6t_ipv6header 4096 0
    ip6t_REJECT 4096 0
    ip6t_LOG 8192 0
    ip6_tables 12288 4 ip6table_filter,ip6t_rt,ip6t_ipv6header,ip6t_LOG
    nf_nat_pptp 4096 0
    nf_conntrack_pptp 4096 1 nf_nat_pptp
    nf_nat_proto_gre 4096 1 nf_nat_pptp
    nf_conntrack_proto_gre 4096 1 nf_conntrack_pptp
    etherip 8192 0
    sit 12288 0
    ipv6 266240 21 nf_conntrack_ipv6,ip6t_REJECT,sit
    jffs2 86016 1
    switch_robo 8192 0
    switch_core 8192 1 switch_robo
    bcm57xx 110592 0
    root@DD-WRT:~# ip6tables -A INPUT -i lo -j ACCEPT
    ip6tables v1.4.0: Couldn’t load target `standard’:File not found

    Try `ip6tables -h’ or ‘ip6tables –help’ for more information.

  9. Niobos says:

    Daniël, did you copy the libxt_standard.so file as I described in my IPv6 post?

  10. harry says:

    Hi

    I want to edit the dd-wrt firmware to have ipv6 capabilities. I am new to linux. Can you help me where to start and road map to do this.
    I found your blog very useful for me.

    Also is there no way to compile the dd-wrt on 32 bit machine?

    I know how lo load the firmware into router but arises here that whether i need to compile the dd-wrt as mentioned in link (http://blog.dest-unreach.be/2010/12/01/compiling-custom-dd-wrt-kernel-modules) and then move the module to router through some protocol ?

    any help will be appreciated

  11. Niobos says:

    Hi Harry,

    If you are new to linux, are you sure that the first thing you want to do is fiddle with kernel modules on an embedded platform? It’s like being new to cars and wanting to tune a race-car engine…

    dd-wrt can no doubt be compiled on a 32bit machine. However, the toolchain provided by the dd-wrt devs only works on 64bit, so you’ll need to set up your own cross-compile toolchain to do that.

    As for moving the modules, you can use whatever protocol you like: SCP, FTP, HTTP; I usually use SCP, since it’s the easiest in my workflow.

    Niobos

  12. BobLfoot says:

    MY LOG of FAILURE — Submitted to ridicule and review — after all I barely understand what I am doing.
    Compiling dd-wrt ipv6 modules for V24sp2 build 14929

    1. Working through – http://www.dd-wrt.com/wiki/index.php/IPv6#Prerequisites bring you to a howto for building ipv6 modules.
    2. Used Website http://blog.dest-unreach.be/2010/12/01/compiling-custom-dd-wrt-kernel-modules proports to have instructions which worked at the time with Ubuntu 10.
    working as root
    3. Used Development Platform was Centos 6.2.x86_64 current updated 2012-01-02 and with make 3.81 same as the recorded ubuntu 10.
    A. Basic 200 package text mode install
    B. Group Install Development Tools
    C. Add ncurses package
    D. Add mlocate package
    E. Add tree package
    4. # mkdir /dev-env
    5. # cd /dev-env
    6. # svn checkout svn://svn.dd-wrt.com/DD-WRT/src/linux/brcm/linux-2.6.23 -r 14929
    7. # head -n5 linux-2.6.23/Makefile
    VERSION = 2
    PATCHLEVEL = 6
    SUBLEVEL = 24
    EXTRAVERSION = .111
    NAME = Arr Matey! A Hairy Bilge Rat!
    8. # cd /opt
    9. # wget http://www.dd-wrt.com/dd-wrtv2/downloads/others/sourcecode/toolchains/current-toolchains.tar.bz2 ##NOTE## file is 986MB so will take some download time
    10. # tar jxvf current-toolchains.tar.bz2
    11. # cd /dev-env/linux-2.6.23/
    12. # # grep -v madwifi drivers/net/wireless/Kconfig > drivers/net/wireless/Kconfig.new
    13. # mv drivers/net/wireless/Kconfig{.new,}
    14. # rm include/linux/config.h
    15. # echo “#define JHASH_GOLDEN_RATIO 0x9e3779b9” >> include/linux/jhash2.h
    16. # cp .config_std .config
    17. # make menuconfig ##NOTE## I took the defaults on my first pass attempt
    18. # PATH=$PATH:/opt/toolchain-mipsel_gcc4.1.2/bin make modules
    19. # updatedb
    20. # locate .ko — ##NOTE## the only 2.6.23 ko that I could find was ipv6.ko none of the other mentioned ko’s existed on my system
    21. # PATH=$PATH:/opt/toolchain-mipsel_gcc4.1.2/bin make all ##NOTE## tried this hoping for different results
    22. still no luck — this is crashed – guess I’ll have to trust lazytom for now.

  13. Niobos says:

    BobLfoot,

    Some ideas that might help you further
    * Instead of steps 19-20 (updatedb & locate), use the find command: find . -name '*.ko'
    * What does the output of the make modules command give? Does it says it’s compiling the right modules?
    * What module are you exactly looking for? Is that particular module enabled in the config?

  14. BobLfoot says:

    I am trying to build modules ip6_tables.ko, ip6table_filter.ko and nf_conntrack_ipv6.ko. for use on my linksys-wrt300v1.1 running build 14929 of dd-wrt.

    As far as I can tell every networking module is enabled that can be enabled.

    make modules says a bunch of stuff and generates no errors.

  15. BobLfoot says:

    big light bulb went off — I am compiling 2.4.37 stuff now and it worked. Turns out I didn’t need the 2.6 stuff.

  16. Harish says:

    I did as same, what you told but at the time of make module it give this error and stop.

    make module
    /bin/sh: /xfs/toolchains/toolchain-mipsel_gcc4.1.2/bin/mipsel-linux-uclibc-gcc: not found
    /bin/sh: /xfs/toolchains/toolchain-mipsel_gcc4.1.2/bin/mipsel-linux-uclibc-gcc: not found
    make: /xfs/toolchains/toolchain-mipsel_gcc4.1.2/bin/mipsel-linux-uclibc-gcc: Command not found
    make: *** No rule to make target `module’. Stop.

    PATH is already set. I am using Ubuntu 64 bit 11.10.

    Is there any help

    Thanks

  17. Harish says:

    I got the solution. Thanks again….

  18. tony says:

    I have default firmware in my wifi station. i want to change this to dd-wrt. But i am new bie to dd wrt. Please guide me.
    What i have to do?

    Is this need to follow all above step and done.?

  19. Niobos says:

    tony,

    You’d better look at my previous post. This one is to modify the dd-wrt kernel.

    Niobos

  20. tony says:

    Thanks niobos.
    sorry for again asking …
    How to make .bin file. In your blog its showing for default created .bin file.

    Can i make from your above process…

    Thanks again

  21. Niobos says:

    tony,

    No, the above post is for making custom kernel modules, not for making custom firmware images. Since you indicated you are a newbie to dd-wrt, I would recommend to start with pre-built firmwares.

    Niobos

  22. goctala says:

    Hi Niobos,
    I tried using your method in order to make a tun.o module. However in the step when I try to make the modules with:
    PATH=$PATH:/opt/toolchain-mipsel_gcc4.1.2/bin make modules
    I get the following errors:

    root@goctala:/home/user/Desktop/dd-wrt_m# PATH=$PATH:/opt/toolchain-mipsel_gcc4.1.2/bin make modules
    make -C arch/mips/tools CFLAGS=”-D__KERNEL__ -I/home/user/Desktop/dd-wrt_m/include -Wall -Wstrict-prototypes -Wno-trigraphs -fno-strict-aliasing -fno-common -fno-builtin-strpbrk -fno-builtin-sprintf -DBCMDRIVER -DBCMVISTAROUTER -DBCM5354 -DBCMWPA2 -fomit-frame-pointer -I /home/user/Desktop/dd-wrt_m/include/asm/gcc -G 0 -mno-abicalls -fno-pic -pipe -DBCMGPIO2 -O2 -mtune=r4600 -mips2 -Wa,–trap -DMODULE -mlong-calls -fno-common” MAKING_MODULES=1 modules
    make[1]: Entering directory `/home/user/Desktop/dd-wrt_m/arch/mips/tools’
    make[1]: Nothing to be done for `modules’.
    make[1]: Leaving directory `/home/user/Desktop/dd-wrt_m/arch/mips/tools’
    make -C kernel CFLAGS=”-D__KERNEL__ -I/home/user/Desktop/dd-wrt_m/include -Wall -Wstrict-prototypes -Wno-trigraphs -fno-strict-aliasing -fno-common -fno-builtin-strpbrk -fno-builtin-sprintf -DBCMDRIVER -DBCMVISTAROUTER -DBCM5354 -DBCMWPA2 -fomit-frame-pointer -I /home/user/Desktop/dd-wrt_m/include/asm/gcc -G 0 -mno-abicalls -fno-pic -pipe -DBCMGPIO2 -O2 -mtune=r4600 -mips2 -Wa,–trap -DMODULE -mlong-calls -fno-common” MAKING_MODULES=1 modules
    make[1]: Entering directory `/home/user/Desktop/dd-wrt_m/kernel’
    make[1]: Nothing to be done for `modules’.
    make[1]: Leaving directory `/home/user/Desktop/dd-wrt_m/kernel’
    make -C drivers CFLAGS=”-D__KERNEL__ -I/home/user/Desktop/dd-wrt_m/include -Wall -Wstrict-prototypes -Wno-trigraphs -fno-strict-aliasing -fno-common -fno-builtin-strpbrk -fno-builtin-sprintf -DBCMDRIVER -DBCMVISTAROUTER -DBCM5354 -DBCMWPA2 -fomit-frame-pointer -I /home/user/Desktop/dd-wrt_m/include/asm/gcc -G 0 -mno-abicalls -fno-pic -pipe -DBCMGPIO2 -O2 -mtune=r4600 -mips2 -Wa,–trap -DMODULE -mlong-calls -fno-common” MAKING_MODULES=1 modules
    make[1]: Entering directory `/home/user/Desktop/dd-wrt_m/drivers’
    make -C block modules
    make[2]: Entering directory `/home/user/Desktop/dd-wrt_m/drivers/block’
    make[2]: Nothing to be done for `modules’.
    make[2]: Leaving directory `/home/user/Desktop/dd-wrt_m/drivers/block’
    make -C cdrom modules
    make[2]: Entering directory `/home/user/Desktop/dd-wrt_m/drivers/cdrom’
    /opt/3.3.6/bin/mipsel-linux-uclibc-gcc -D__KERNEL__ -I/home/user/Desktop/dd-wrt_m/include -Wall -Wstrict-prototypes -Wno-trigraphs -fno-strict-aliasing -fno-common -fno-builtin-strpbrk -fno-builtin-sprintf -DBCMDRIVER -DBCMVISTAROUTER -DBCM5354 -DBCMWPA2 -fomit-frame-pointer -I /home/user/Desktop/dd-wrt_m/include/asm/gcc -G 0 -mno-abicalls -fno-pic -pipe -DBCMGPIO2 -O2 -mtune=r4600 -mips2 -Wa,–trap -DMODULE -mlong-calls -fno-common -nostdinc -iwithprefix include -DKBUILD_BASENAME=cdrom -DEXPORT_SYMTAB -c cdrom.c
    make[2]: /opt/3.3.6/bin/mipsel-linux-uclibc-gcc: Command not found
    make[2]: *** [cdrom.o] Error 127
    make[2]: Leaving directory `/home/user/Desktop/dd-wrt_m/drivers/cdrom’
    make[1]: *** [_modsubdir_cdrom] Error 2
    make[1]: Leaving directory `/home/user/Desktop/dd-wrt_m/drivers’
    make: *** [_mod_drivers] Error 2

    /goctala

  23. Harish says:

    hi goctala,

    make[2]: /opt/3.3.6/bin/mipsel-linux-uclibc-gcc: Command not found
    make[2]: *** [cdrom.o] Error 127
    make[2]: Leaving directory `/home/user/Desktop/dd-wrt_m/drivers/cdrom’
    make[1]: *** [_modsubdir_cdrom] Error 2
    make[1]: Leaving directory `/home/user/Desktop/dd-wrt_m/drivers’
    make: *** [_mod_drivers] Error 2

    you need to set path in make file. Its hard coded there. Search and change it.

  24. goctala says:

    Thank you Harish, After I fixed the path I have another error:

    cifs_debug.c: In function ‘cifsFYI_write’:
    cifs_debug.c:430: error: read-only variable ‘__gu_val’ used as ‘asm’ output
    cifs_debug.c:430: error: read-only variable ‘__gu_val’ used as ‘asm’ output
    cifs_debug.c:430: error: read-only variable ‘__gu_val’ used as ‘asm’ output
    cifs_debug.c:430: error: read-only variable ‘__gu_val’ used as ‘asm’ output
    cifs_debug.c: In function ‘oplockEnabled_write’:
    cifs_debug.c:469: error: read-only variable ‘__gu_val’ used as ‘asm’ output
    cifs_debug.c:469: error: read-only variable ‘__gu_val’ used as ‘asm’ output
    cifs_debug.c:469: error: read-only variable ‘__gu_val’ used as ‘asm’ output
    cifs_debug.c:469: error: read-only variable ‘__gu_val’ used as ‘asm’ output
    cifs_debug.c: In function ‘quotaEnabled_write’:
    cifs_debug.c:509: error: read-only variable ‘__gu_val’ used as ‘asm’ output
    cifs_debug.c:509: error: read-only variable ‘__gu_val’ used as ‘asm’ output
    cifs_debug.c:509: error: read-only variable ‘__gu_val’ used as ‘asm’ output
    cifs_debug.c:509: error: read-only variable ‘__gu_val’ used as ‘asm’ output
    cifs_debug.c: In function ‘linuxExtensionsEnabled_write’:
    cifs_debug.c:549: error: read-only variable ‘__gu_val’ used as ‘asm’ output
    cifs_debug.c:549: error: read-only variable ‘__gu_val’ used as ‘asm’ output
    cifs_debug.c:549: error: read-only variable ‘__gu_val’ used as ‘asm’ output
    cifs_debug.c:549: error: read-only variable ‘__gu_val’ used as ‘asm’ output
    cifs_debug.c: In function ‘lookupFlag_write’:
    cifs_debug.c:589: error: read-only variable ‘__gu_val’ used as ‘asm’ output
    cifs_debug.c:589: error: read-only variable ‘__gu_val’ used as ‘asm’ output
    cifs_debug.c:589: error: read-only variable ‘__gu_val’ used as ‘asm’ output
    cifs_debug.c:589: error: read-only variable ‘__gu_val’ used as ‘asm’ output
    cifs_debug.c: In function ‘traceSMB_write’:
    cifs_debug.c:627: error: read-only variable ‘__gu_val’ used as ‘asm’ output
    cifs_debug.c:627: error: read-only variable ‘__gu_val’ used as ‘asm’ output
    cifs_debug.c:627: error: read-only variable ‘__gu_val’ used as ‘asm’ output
    cifs_debug.c:627: error: read-only variable ‘__gu_val’ used as ‘asm’ output
    cifs_debug.c: In function ‘multiuser_mount_write’:
    cifs_debug.c:666: error: read-only variable ‘__gu_val’ used as ‘asm’ output
    cifs_debug.c:666: error: read-only variable ‘__gu_val’ used as ‘asm’ output
    cifs_debug.c:666: error: read-only variable ‘__gu_val’ used as ‘asm’ output
    cifs_debug.c:666: error: read-only variable ‘__gu_val’ used as ‘asm’ output
    cifs_debug.c: In function ‘extended_security_write’:
    cifs_debug.c:705: error: read-only variable ‘__gu_val’ used as ‘asm’ output
    cifs_debug.c:705: error: read-only variable ‘__gu_val’ used as ‘asm’ output
    cifs_debug.c:705: error: read-only variable ‘__gu_val’ used as ‘asm’ output
    cifs_debug.c:705: error: read-only variable ‘__gu_val’ used as ‘asm’ output
    cifs_debug.c: In function ‘ntlmv2_enabled_write’:
    cifs_debug.c:744: error: read-only variable ‘__gu_val’ used as ‘asm’ output
    cifs_debug.c:744: error: read-only variable ‘__gu_val’ used as ‘asm’ output
    cifs_debug.c:744: error: read-only variable ‘__gu_val’ used as ‘asm’ output
    cifs_debug.c:744: error: read-only variable ‘__gu_val’ used as ‘asm’ output
    cifs_debug.c: In function ‘packet_signing_enabled_write’:
    cifs_debug.c:783: error: read-only variable ‘__gu_val’ used as ‘asm’ output
    cifs_debug.c:783: error: read-only variable ‘__gu_val’ used as ‘asm’ output
    cifs_debug.c:783: error: read-only variable ‘__gu_val’ used as ‘asm’ output
    cifs_debug.c:783: error: read-only variable ‘__gu_val’ used as ‘asm’ output
    make[2]: *** [cifs_debug.o] Error 1
    make[2]: Leaving directory `/home/user/Desktop/dd-wrt_m/fs/cifs’
    make[1]: *** [_modsubdir_cifs] Error 2
    make[1]: Leaving directory `/home/user/Desktop/dd-wrt_m/fs’
    make: *** [_mod_fs] Error 2

  25. Niobos says:

    what version of gcc are you using? It seems like you’re running a “too recent” version.

  26. rick says:

    hi~ Niobos.
    thanks for your support to all newbies include me. haha~
    I got the following errors after run make. have you any idea about that? waiting for you reply.
    ——————————————————————————————————-
    /home/xxx/tools/toolchain-mipsel_gcc4.1.2/bin/mipsel-linux-uclibc-gcc: 1: Syntax error: “(” unexpected
    /home/xxx/tools/toolchain-mipsel_gcc4.1.2/bin/mipsel-linux-uclibc-gcc: 1: Syntax error: “(” unexpected
    /home/xxx/tools/toolchain-mipsel_gcc4.1.2/bin/mipsel-linux-uclibc-gcc: 1: Syntax error: “(” unexpected
    CHK include/linux/version.h
    CHK include/linux/utsrelease.h
    CC arch/mips/kernel/asm-offsets.s
    /home/xxx/tools/toolchain-mipsel_gcc4.1.2/bin/mipsel-linux-uclibc-gcc: 1: Syntax error: “(” unexpected
    make[1]: *** [arch/mips/kernel/asm-offsets.s] Error 2
    make: *** [prepare0] Error 2
    ——————————————————————————————————-

  27. Niobos says:

    Hi rick,
    what system are you running this on? Is it a clean ubuntu install? What version?

  28. rick says:

    Hi Niobos, Thank’s for your response.
    I just solution that problem yesterday and now i will share that.
    my system is Ubuntu.10 32 bit and that’s the key point which cause that problem.
    some body in ddwrt forum said that toolchains must be running under 64 bit system. so I installed a Ubuntu 10 64 bit, and install all software:
    sudo apt-get install bison flex build-essential patch libncurses5-dev
    then set PATH
    ….

    everything works perfect now~
    hope some one who have this problem can get this information from your website.

  29. Stan says:

    Hi guys,

    I have compiled the kernel and modules without a problem but when I try to insert the modules to the dd wrt I am getting the below error:

    Jul 31 16:03:48 DD-WRT kern.warn kernel: ip_gre: Unknown symbol __secpath_destroy
    Jul 31 15:45:59 DD-WRT kern.warn kernel: xfrm4_mode_transport: Unknown symbol xfrm_unregister_mode

    Any ideas?
    Thanks in advance!

  30. Niobos says:

    Hi Stan,

    How do you try to insert the module? Using `insmod`, or using `modprobe`? If using `insmod`, you need to take care yourself that all dependencies are loaded.

    However, I see that an xfrm-symbol is not found. What modules are you trying to build? According to this forum post, the kernel is NOT build with CONFIG_XFRM, and that can’t be added as a module.

    Niobos

  31. Stan says:

    Hi Niobos,

    thanks very much for your response! I am trying to load the IPSEC and GRE modules. I would like to run the openswan or the strongswan with gre (gre over ipsec) which requires these modules. I am trying to load it with insmod. I have built the kernel with all of the required modules for ipsec and gre and I have copied the “xfrm.ko” and ip_gre.ko modules to my opt dir (usb) but they do not load. Apparently I am missing something..

    If you have any ideas I will appreciate it.

    Thanks in advance!

  32. Niobos says:

    Stan,

    I’ve also tried to get IPsec in dd-wrt, but the problem is that the kernel itself is missing support for XFRM. Even when xfrm.ko is a module, there are still some things in the kernel itself that change, so you can’t add xfrm.so afterwards. The forum-link that I posted in my previous comment is precisely about this issue.

    If you really want IPsec support, you need to recompile the whole kernel, build a new image with that kernel, and re-flash the device.

    Why do you need IPsec? Is OpenVPN an alternative?

    Niobos

  33. Stan says:

    Thanks Niobos, you`ve answered my question. I read the post for ipsec support above. It seems that they will eventually implement it and it will be a paid service.

    I will use the openvpn for now.

    Thanks again!