As described before, I chose to use the mini-build of dd-wrt on my Linksys WRT320N. Since I wanted OpenVPN support, I needed to add it myself.
Installing
I again used the openwrt modules, openvpn has its own package. There are, however, several dependencies:
- libssl.so.0.9.8 and libcrypto.so.0.9.8 from libopenssl
- liblzo2.so.2.0.0 (and symlinks) from liblzo
I already had libcrypto installed, so I only needed 713kB of free space.
Configuring
Setup was fairly straightforward. Just make sure to do all heavy calculations on your desktop computer (i.e. generating keys). I installed the CA and host certificate into /jffs/etc/ssl, and added my openvpn-specific config files into /jffs/etc/openvpn. I did rewrite the verify-cn script from perl to bash, since dd-wrt doesn’t come with perl.
Next, I wrote a very simple wanup script to get openvpn (re)started at the appropriate time:
# openvpn.wanup if [ -e /tmp/openvpn.pid ] ; then kill -HUP `cat /tmp/openvpn.pid` else /jffs/sbin/openvpn --cd /jffs/etc/openvpn --config server.conf --daemon --log /tmp/openvpn.log --writepid /tmp/openvpn.pid fi
Obviously: don’t forget to add the corresponding configuration to the firewall.
HMkX2 says:
Hey, I actually have a similar problem to this.
I actually took the opportunity to type up everything on DD-wrt’s forums – with attribution, of course. I wanted to let you know how to fix a couple issues with OpenVPN – and possibly OPKG
1) The Kamikaze 2.4 packages you used are rather old and outdated, but Trunk packages use kernel 3.3 – too new for Eko’s DD-wrt 2.6 builds. By cannibalizing DD-WRT’s standalone binaries, you can upgrade to OpenVPN 2.2.1 rather easily while using less space.
(Ignore that – while typing I found what lib was crashing and found a way to install the most up-to-date packages, including OpenVPN 2.2.2!!)
2) OpenVPN on DD-wrt is notorious for being inaccessible on its external IP from inside the LAN. (I run multiple NAT’ed networks, and sometimes want to hop across them.) I found a way to fix that via IPTables rules, which I posted above. In the process I also discovered a bug in OpenVPN XP 2.3 alpha’s routing protocols.
3) OPKG is rather tricky to get going, but I have gotten the hang of it and even have some config files/quick-configs handy. I was getting Segmentation Faults earlier, but now have the ‘Attitude Adjustment’ trunk OpenVPN build working!. I’ve included the “quick setup” script (for brcm47xx – 320N, 610N, etc) below – I frequently wipe, so these come incredibly handy
4) A recommendation for an Windows OpenVPN client – tunXten – it is commercial/free-lite, but seems to be the most aesthetically pleasing. The ‘OpenVPN MI GUI’ seems to be the most admin-friendly.
Usage: Edit your USB mount location into “Ramirez” and “preinstall”. Edit your architecture/download links into “opkg install”. Then dump them all in the same folder, chmod +x *.sh, and let Ramirez do… everything.
– -HMkX2.Core
2012-07-29, 3:18