Cannot add XFRM or VTI Interfaces

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking
Goto page 1, 2  Next
Author Message
tkmds
DD-WRT User


Joined: 04 Sep 2011
Posts: 92
Location: SA

PostPosted: Sun Jun 21, 2020 3:15    Post subject: Cannot add XFRM or VTI Interfaces Reply with quote
Hello,

What is the correct syntax to add XFRMI or VTI interfaces?

root@DD-WRT:~# ip link add xfrm0 type xfrm dev ipsec0 if_id 42
ip: RTNETLINK answers: Not supported
root@DD-WRT:~# ip link add vti0 type vti dev ipsec0 if_id 42
ip: RTNETLINK answers: Not supported
root@DD-WRT:~#

Or perhaps I'm missing a module?

DD-WRT v3.0-r40854 std (08/29/19)

Linux DD-WRT 4.4.190 #1092 SMP Thu Aug 29 11:32:59 +04 2019 armv7l DD-WRT

[ EDIT ] ----------------------------------

BACKGROUND

Configuring StrongSwan on DD-WRT. Everything works fine and tunnels are created however I can't ping or access REMOTE VM's.

According to https://wiki.strongswan.org/projects/strongswan/wiki/KernelModules I need a few modules. Interestingly, what I do have is:


root@DD-WRT:~# find / -iname tunnel*
/lib/modules/4.4.190/tunnel4.ko
/lib/modules/4.4.190/tunnel6.ko
root@DD-WRT:~# find / -iname exp4*
root@DD-WRT:~# find / -iname esp4*
root@DD-WRT:~# find / -iname esp*
/lib/modules/4.4.190/esp6.ko
root@DD-WRT:~# find / -iname xfrm*
/lib/modules/4.4.190/xfrm6_mode_beet.ko
/lib/modules/4.4.190/xfrm6_mode_ro.ko
/lib/modules/4.4.190/xfrm6_mode_transport.ko
/lib/modules/4.4.190/xfrm6_mode_tunnel.ko
/lib/modules/4.4.190/xfrm6_tunnel.ko
/lib/modules/4.4.190/xfrm_algo.ko
/lib/modules/4.4.190/xfrm_ipcomp.ko
/proc/sys/net/core/xfrm_acq_expires
/proc/sys/net/core/xfrm_aevent_etime
/proc/sys/net/core/xfrm_aevent_rseqth
/proc/sys/net/core/xfrm_larval_drop
/proc/sys/net/ipv4/xfrm4_gc_thresh
root@DD-WRT:~#
root@DD-WRT:~#
root@DD-WRT:~# find / -iname ip_tunnel*
/lib/modules/4.4.190/ip_tunnel.ko
root@DD-WRT:~#


( Why is xfrm6_tunnel.ko installed but xfrm4_tunnel.ko missing? Should it even be there in the kernel image? )


Pinging, ssh etc access works find from REMOTE to LOCAL. But not LOCAL to REMOTE with strongswan-kernel-libipsec included. This I find odd because it seems to indicate the Remote to Strongswan connection is fine, just routing and forwarding packets from the DD-WRT router over to the Remote instances isn't working. Tried a tcpdump, but no reply:

root@DD-WRT:~# tcpdump -i ipsec0 -s 0 -n
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ipsec0, link-type RAW (Raw IP), snapshot length 262144 bytes
08:44:28.318516 IP 100.100.100.100 > 10.10.0.4: ICMP echo request, id 36426, seq 0, length 64
08:44:29.325741 IP 100.100.100.100 > 10.10.0.4: ICMP echo request, id 36426, seq 1, length 64

What's also interesting, is that with this new config:

conn REMOTE-VLANS
authby=secret
auto=start
type=tunnel
keyexchange=ikev2
keylife=3600s
ikelifetime=28800s
rekey=yes
rekeymargin=3m
keyingtries=1
mobike=no
dpdaction=restart
left=100.100.100.100
leftsubnet=192.168.0.0/24
lefthostaccess=yes
right=123.123.123.123
rightsubnet=10.10.0.0/24
esp=aes256gcm16,aes256-sha2_256,aes256-sha1-modp2048,aes256-sha1,aes128-sha1!
ike=aes256-sha2_256-modp1024,aes256-sha1-modp1024,aes128-sha1-modp1024!

I no longer have to run:

ip route add 10.10.0.0/24 dev ipsec0

for packets to show up on ipsec0:


root@DD-WRT:~# tcpdump -i ipsec0 -s 0 -n
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ipsec0, link-type RAW (Raw IP), snapshot length 262144 bytes
08:44:28.318516 IP 100.100.100.100 > 10.10.0.4: ICMP echo request, id 36426, seq 0, length 64
08:44:29.325741 IP 100.100.100.100 > 10.10.0.4: ICMP echo request, id 36426, seq 1, length 64

but not anymore. Connection is established fine:

root@DD-WRT:~# ipsec status
Security Associations (1 up, 0 connecting):
REMOTE-VLANS[1]: ESTABLISHED 2 seconds ago, 100.100.100.100[100.100.100.100]...123.123.123.123[123.123.123.123]
REMOTE-VLANS{1}: INSTALLED, TUNNEL, reqid 1, ESP in UDP SPIs: 2170db44_i 27817e76_o
REMOTE-VLANS{1}: 192.168.0.0/24 === 10.10.0.0/24
root@DD-WRT:~#


However, I don't see anything going further than the ipsec0 interface that ipsec creates when starting up. It's a bit of a black box between there and the remote machine.


The only time I couldn't ping from REMOTE to LOCAL is when I was missing these F/W rules.


iptables -I FORWARD -s 10.10.0.0/24 -d 192.168.0.0/24 -j ACCEPT
iptables -I INPUT -p icmp -s 10.10.0.0/24 -d 192.168.0.1/32 -j ACCEPT


Thinking something similar was needed but for the reverse. Still looking at some StrongSwan recommendations to add XFRM, VTI or GRE interfaces, however, I get:


root@DD-WRT:~# ip link add xfrm0 type xfrm dev ipsec0 if_id 42
ip: RTNETLINK answers: Not supported
root@DD-WRT:~# ip link add vti0 type vti dev ipsec0 if_id 42
ip: RTNETLINK answers: Not supported
root@DD-WRT:~#

Trying GRE but:

root@DD-WRT:~# ip tunnel add ipsec01 local 100.100.100.100 remote 123.123.123.123 mode gre
ip: ioctl 0x89f1 failed: No such device
root@DD-WRT:~#

REMOTE is not running StrongSwan btw.


Tyvm,

_________________
Cheers, TK
------------------------
Sponsor
tkmds
DD-WRT User


Joined: 04 Sep 2011
Posts: 92
Location: SA

PostPosted: Tue Jun 23, 2020 6:22    Post subject: Reply with quote
I tried to compile the XFRM modules to then drop them in but ran into some issues. Is this still the correct way to create the modules?

https://wiki.dd-wrt.com/wiki/index.php?title=Development#Requirements

Code:
 root  ~  linux-2.6.23  make modules
ccache: error: execv of /xfs/toolchains/toolchain-mipsel_gcc4.1.2/bin/mipsel-linux-uclibc-gcc failed: No such file or directory
scripts/kconfig/conf -s arch/mips/Kconfig
drivers/mtd/devices/Kconfig:8:warning: leading whitespace ignored
.config:816:warning: trying to assign nonexistent symbol MADWIFI
.config:991:warning: trying to assign nonexistent symbol USB_EHCI_SPLIT_ISO
.config:1093:warning: trying to assign nonexistent symbol USB_BERRY_CHARGE
*
* Restart config...
*
*
* Support for Broadcom MIPS based boards
*
Support for Broadcom BCM947XX (BCM947XX) [Y/n] y
  Support for Broadcom BCM47XX processors (BCM47XX) [Y/n] y
  Nvram size 60k (NVRAM_60K) [N/y] (NEW) y
  Nvram size 64k (NVRAM_64K) [N/y] (NEW) y
  Support for Using DSCP based IP forwarding (BCMIPDSCP) [N/y] n
  Support for performance profiling (HND_BMIPS3300_PROF) [N/y] n
*
* Networking options
*
Packet socket (PACKET) [Y/n/m/?] y
  Packet socket: mmapped IO (PACKET_MMAP) [Y/n/?] y
Unix domain sockets (UNIX) [Y/n/m/?] y
Transformation user configuration interface (XFRM_USER) [N/m/y/?] (NEW) y
Transformation sub policy support (EXPERIMENTAL) (XFRM_SUB_POLICY) [N/y/?] (NEW) y
Transformation migrate database (EXPERIMENTAL) (XFRM_MIGRATE) [N/y/?] (NEW) y
PF_KEY sockets (NET_KEY) [N/m/y/?] n
PF_RING sockets (EXPERIMENTAL) (RING) [Y/n/m/?] y
TCP/IP networking (INET) [Y/n/?] y
  IP: multicasting (IP_MULTICAST) [Y/n/?] y
  IP: advanced router (IP_ADVANCED_ROUTER) [Y/n/?] y
    Choose IP: FIB lookup algorithm (choose FIB_HASH if unsure)
    > 1. FIB_HASH (ASK_IP_FIB_HASH)
      2. FIB_TRIE (IP_FIB_TRIE)
    choice[1-2]: 1
  IP: policy routing (IP_MULTIPLE_TABLES) [Y/n/?] y
  IP: equal cost multipath (IP_ROUTE_MULTIPATH) [Y/n/?] y
  IP: verbose route monitoring (IP_ROUTE_VERBOSE) [N/y/?] n
  IP: kernel level autoconfiguration (IP_PNP) [N/y/?] n
  IP: tunneling (NET_IPIP) [Y/n/m/?] y
  IP: GRE tunnels over IP (NET_IPGRE) [Y/n/m/?] y
    IP: broadcast GRE over IP (NET_IPGRE_BROADCAST) [Y/n/?] y
  IP: ethernet-in-IP tunneling (NET_ETHERIP) [N/m/y/?] (NEW) y
  IP: multicast routing (IP_MROUTE) [Y/n/?] y
    IP: PIM-SM version 1 support (IP_PIMSM_V1) [Y/n/?] y
    IP: PIM-SM version 2 support (IP_PIMSM_V2) [Y/n/?] y
  IP: ARP daemon support (EXPERIMENTAL) (ARPD) [N/y/?] n
  IP: TCP syncookie support (disabled per default) (SYN_COOKIES) [Y/n/?] y
  IP: AH transformation (INET_AH) [N/m/y/?] n
  IP: ESP transformation (INET_ESP) [N/m/y/?] n
  IP: IPComp transformation (INET_IPCOMP) [N/m/y/?] n
  IP: IPsec transport mode (INET_XFRM_MODE_TRANSPORT) [Y/n/m/?] (NEW) Y
  IP: IPsec tunnel mode (INET_XFRM_MODE_TUNNEL) [Y/n/m/?] (NEW) Y
  IP: IPsec BEET mode (INET_XFRM_MODE_BEET) [Y/n/m/?] (NEW) Y
  INET: socket monitoring interface (INET_DIAG) [Y/n/m/?] y
  TCP: MD5 Signature Option support (RFC2385) (EXPERIMENTAL) (TCP_MD5SIG) [N/y/?] n
  The IPv6 protocol (IPV6) [M/n/y/?] m
    IPv6: Privacy Extensions support (IPV6_PRIVACY) [Y/n/?] y
    IPv6: Router Preference (RFC 4191) support (IPV6_ROUTER_PREF) [Y/n/?] y
      IPv6: Route Information (RFC 4191) support (EXPERIMENTAL) (IPV6_ROUTE_INFO) [Y/n/?] y
    IPv6: Enable RFC 4429 Optimistic DAD (EXPERIMENTAL) (IPV6_OPTIMISTIC_DAD) [Y/n/?] y
    IPv6: AH transformation (INET6_AH) [N/m/?] n
    IPv6: ESP transformation (INET6_ESP) [N/m/?] n
    IPv6: IPComp transformation (INET6_IPCOMP) [N/m/?] n
    IPv6: Mobility (EXPERIMENTAL) (IPV6_MIP6) [N/m/?] n
  IPv6: IPsec transport mode (INET6_XFRM_MODE_TRANSPORT) [M/n/?] (NEW) M
  IPv6: IPsec tunnel mode (INET6_XFRM_MODE_TUNNEL) [M/n/?] (NEW) M
  IPv6: IPsec BEET mode (INET6_XFRM_MODE_BEET) [M/n/?] (NEW) M
  IPv6: MIPv6 route optimization mode (EXPERIMENTAL) (INET6_XFRM_MODE_ROUTEOPTIMIZATION) [N/m/?] (NEW) m
  IPv6: IPv6-in-IPv4 tunnel (SIT driver) (IPV6_SIT) [M/n/?] m
  IPv6: IPv6-in-IPv6 tunnel (IPV6_TUNNEL) [N/m/?] n
  IPv6: Multiple Routing Tables (IPV6_MULTIPLE_TABLES) [N/y/?] n
Security Marking (NETWORK_SECMARK) [Y/n/?] y
*
* Core Netfilter Configuration
*
Netfilter netlink interface (NETFILTER_NETLINK) [Y/n/m/?] y
  Netfilter NFQUEUE over NFNETLINK interface (NETFILTER_NETLINK_QUEUE) [Y/n/m/?] y
  Netfilter LOG over NFNETLINK interface (NETFILTER_NETLINK_LOG) [Y/n/m/?] y
Netfilter connection tracking support (NF_CONNTRACK_ENABLED) [Y/n/m/?] y
Connection tracking flow accounting (NF_CT_ACCT) [Y/?] y
Connection mark tracking support (NF_CONNTRACK_MARK) [Y/?] y
Connection tracking security mark support (NF_CONNTRACK_SECMARK) [Y/n/?] y
Connection tracking events (EXPERIMENTAL) (NF_CONNTRACK_EVENTS) [Y/n/?] y
SCTP protocol connection tracking support (EXPERIMENTAL) (NF_CT_PROTO_SCTP) [Y/n/m/?] y
UDP-Lite protocol connection tracking support (EXPERIMENTAL) (NF_CT_PROTO_UDPLITE) [Y/n/m/?] y
Amanda backup protocol support (NF_CONNTRACK_AMANDA) [Y/n/m/?] y
FTP protocol support (NF_CONNTRACK_FTP) [Y/n/m/?] y
H.323 protocol support (EXPERIMENTAL) (NF_CONNTRACK_H323) [M/n/?] m
IRC protocol support (NF_CONNTRACK_IRC) [Y/n/m/?] y
NetBIOS name service protocol support (EXPERIMENTAL) (NF_CONNTRACK_NETBIOS_NS) [Y/n/m/?] y
PPtP protocol support (NF_CONNTRACK_PPTP) [M/n/y/?] m
SANE protocol support (EXPERIMENTAL) (NF_CONNTRACK_SANE) [N/m/y/?] n
SIP protocol support (EXPERIMENTAL) (NF_CONNTRACK_SIP) [N/m/y/?] n
TFTP protocol support (NF_CONNTRACK_TFTP) [Y/n/m/?] y
Connection tracking netlink interface (EXPERIMENTAL) (NF_CT_NETLINK) [Y/n/m/?] y
Netfilter Xtables support (required for ip_tables) (NETFILTER_XTABLES) [Y/?] y
  "CLASSIFY" target support (NETFILTER_XT_TARGET_CLASSIFY) [Y/n/m/?] y
  "CONNMARK" target support (NETFILTER_XT_TARGET_CONNMARK) [Y/n/m/?] y
  "DSCP" target support (NETFILTER_XT_TARGET_DSCP) [Y/n/m/?] y
  "MARK" target support (NETFILTER_XT_TARGET_MARK) [Y/n/m/?] y
  "NFQUEUE" target Support (NETFILTER_XT_TARGET_NFQUEUE) [Y/n/m/?] y
  "NFLOG" target support (NETFILTER_XT_TARGET_NFLOG) [Y/n/m/?] y
  "NOTRACK" target support (NETFILTER_XT_TARGET_NOTRACK) [Y/n/m/?] y
  "TRACE" target support (NETFILTER_XT_TARGET_TRACE) [N/m/y/?] n
  "SECMARK" target support (NETFILTER_XT_TARGET_SECMARK) [Y/n/m/?] y
  "CONNSECMARK" target support (NETFILTER_XT_TARGET_CONNSECMARK) [Y/n/m/?] y
  "TCPMSS" target support (NETFILTER_XT_TARGET_TCPMSS) [Y/n/m/?] y
  "comment" match support (NETFILTER_XT_MATCH_COMMENT) [Y/n/m/?] y
  "connbytes" per-connection counter match support (NETFILTER_XT_MATCH_CONNBYTES) [Y/n/m/?] y
  "connlimit" match support" (NETFILTER_XT_MATCH_CONNLIMIT) [Y/n/m/?] y
  "connmark" connection mark match support (NETFILTER_XT_MATCH_CONNMARK) [M/n/y/?] m
  "conntrack" connection tracking match support (NETFILTER_XT_MATCH_CONNTRACK) [Y/n/m/?] y
  "DCCP" protocol match support (NETFILTER_XT_MATCH_DCCP) [Y/n/m/?] y
  "DSCP" match support (NETFILTER_XT_MATCH_DSCP) [Y/n/m/?] y
  "ESP" match support (NETFILTER_XT_MATCH_ESP) [Y/n/m/?] y
  "helper" match support (NETFILTER_XT_MATCH_HELPER) [Y/n/m/?] y
  "length" match support (NETFILTER_XT_MATCH_LENGTH) [Y/n/m/?] y
  "limit" match support (NETFILTER_XT_MATCH_LIMIT) [Y/n/m/?] y
  "mac" address match support (NETFILTER_XT_MATCH_MAC) [M/n/y/?] m
  "mark" match support (NETFILTER_XT_MATCH_MARK) [M/n/y/?] m
  IPsec "policy" match support (NETFILTER_XT_MATCH_POLICY) [N/m/y/?] (NEW) y
  Multiple port match support (NETFILTER_XT_MATCH_MULTIPORT) [Y/n/m/?] y
  "physdev" match support (NETFILTER_XT_MATCH_PHYSDEV) [N/m/y/?] n
  "pkttype" packet type match support (NETFILTER_XT_MATCH_PKTTYPE) [Y/n/m/?] y
  "quota" match support (NETFILTER_XT_MATCH_QUOTA) [Y/n/m/?] y
  "realm" match support (NETFILTER_XT_MATCH_REALM) [Y/n/m/?] y
  "sctp" protocol match support (EXPERIMENTAL) (NETFILTER_XT_MATCH_SCTP) [Y/n/m/?] y
  "state" match support (NETFILTER_XT_MATCH_STATE) [Y/n/m/?] y
  "statistic" match support (NETFILTER_XT_MATCH_STATISTIC) [Y/n/m/?] y
  "string" match support (NETFILTER_XT_MATCH_STRING) [Y/n/m/?] y
  "tcpmss" match support (NETFILTER_XT_MATCH_TCPMSS) [Y/n/m/?] y
  "u32" match support (NETFILTER_XT_MATCH_U32) [Y/n/m/?] y
  "hashlimit" match support (NETFILTER_XT_MATCH_HASHLIMIT) [Y/n/m/?] y
Asynchronous Transfer Mode (ATM) (EXPERIMENTAL) (ATM) [N/m/y/?] n
802.1d Ethernet Bridging (BRIDGE) [Y/n/m/?] y
802.1Q VLAN Support (VLAN_8021Q) [Y/n/m/?] y
DECnet Support (DECNET) [N/m/y/?] n
ANSI/IEEE 802.2 LLC type 2 Support (LLC2) [N/m/y/?] n
The IPX protocol (IPX) [N/m/y/?] n
Appletalk protocol support (ATALK) [N/m/y/?] n
CCITT X.25 Packet Layer (EXPERIMENTAL) (X25) [N/m/y/?] n
LAPB Data Link Driver (EXPERIMENTAL) (LAPB) [N/m/y/?] n
Acorn Econet/AUN protocols (EXPERIMENTAL) (ECONET) [N/m/y/?] n
WAN router (WAN_ROUTER) [N/m/y/?] n
#
# configuration written to .config
#
ccache: error: execv of /xfs/toolchains/toolchain-mipsel_gcc4.1.2/bin/mipsel-linux-uclibc-gcc failed: No such file or directory
ccache: error: execv of /xfs/toolchains/toolchain-mipsel_gcc4.1.2/bin/mipsel-linux-uclibc-gcc failed: No such file or directory
ccache: error: execv of /xfs/toolchains/toolchain-mipsel_gcc4.1.2/bin/mipsel-linux-uclibc-gcc failed: No such file or directory
  CHK     include/linux/version.h
  UPD     include/linux/version.h
  CHK     include/linux/utsrelease.h
  UPD     include/linux/utsrelease.h
  SYMLINK include/asm -> include/asm-mips
  CC      arch/mips/kernel/asm-offsets.s
ccache: error: execv of /xfs/toolchains/toolchain-mipsel_gcc4.1.2/bin/mipsel-linux-uclibc-gcc failed: No such file or directory
make[1]: *** [arch/mips/kernel/asm-offsets.s] Error 1
make: *** [prepare0] Error 2
 root  ~  linux-2.6.23  find ./ -iname mipsel-linux-uclibc-gcc*
 root  ~  linux-2.6.23  find ./ -iname *mipsel-linux-uclibc-gcc*
 root  ~  linux-2.6.23  pwd
/root/linux-2.6.23
 root  ~  linux-2.6.23  find ./ -iname *mipsel-linux-uclibc-gcc*
 root  ~  linux-2.6.23  


 root  ~  linux-2.6.23  
 root  ~  linux-2.6.23  
 root  ~  linux-2.6.23  find ./ -iname *mipsel-linux-uclibc-gcc*
 root  ~  linux-2.6.23  vi .config
 root  ~  linux-2.6.23  vi arch/mips/kernel/asm-offsets.s
fi root  ~  linux-2.6.23  find ./ -iname asm-offsets.s*
./arch/arm/kernel/asm-offsets.s
 root  ~  linux-2.6.23  vi ./arch/arm/kernel/asm-offsets.s


 root  ~  linux-2.6.23  

 root  ~  linux-2.6.23  
 root  ~  linux-2.6.23  
 root  ~  linux-2.6.23  vi arch/mips/kernel/asm-offsets.s
 root  ~  linux-2.6.23  vi arch/mips/kernel/asm-offsets.c
 root  ~  linux-2.6.23  grep -Ei mipsel .config
 root  ~  linux-2.6.23  vi .config
 root  ~  linux-2.6.23 

_________________
Cheers, TK
------------------------
tkmds
DD-WRT User


Joined: 04 Sep 2011
Posts: 92
Location: SA

PostPosted: Wed Jun 24, 2020 4:41    Post subject: Reply with quote
Tricked it and managed to compile the modules by creating a symbolic link like this:

Code:
 root  ~  linux-4.4  ls -altri /xfs/
total 4
    128 dr-xr-xr-x. 26 root root 4096 Jun 23 23:00 ..
1448898 lrwxrwxrwx.  1 root root   16 Jun 23 23:01 toolchains -> /root/toolchains
1448897 drwxr-xr-x.  2 root root   23 Jun 23 23:01 .
 root  ~  linux-4.4 


However the modules weren't compatible:

Code:
root@DD-WRT:/opt/xfrm4# insmod xfrm4_mode_beet.ko
insmod: cannot insert 'xfrm4_mode_beet.ko': invalid module format
root@DD-WRT:/opt/xfrm4# insmod xfrm4_mode_transport.ko
insmod: cannot insert 'xfrm4_mode_transport.ko': invalid module format
root@DD-WRT:/opt/xfrm4# insmod xfrm4_mode_tunnel.ko
insmod: cannot insert 'xfrm4_mode_tunnel.ko': invalid module format
root@DD-WRT:/opt/xfrm4#


What's the correct src repo for compiling the Broadcom modules for BCM4708? Tried a few. not working:

Code:
 root  ~  linux-4.4  history|grep svn
  873  yum install svn
  874  svn co svn://svn.dd-wrt.com/browser/src/linux/brcm/linux.v24_2
  875  svn co svn://svn.dd-wrt.com/browser/src/linux/brcm/
  876  svn co  https://svn.dd-wrt.com/browser/src/linux/brcm/
  877  svn co  http://svn.dd-wrt.com/browser/src/linux/brcm/
  878  svn co https://svn.dd-wrt.com/browser/src/linux/brcm/linux.v24_2
  879  svn co svn://svn.dd-wrt.com/DD-WRT/src/linux/brcm/linux-2.6.23
  880  svn co svn://svn.dd-wrt.com/DD-WRT/src/linux/brcm/linux/linux.v24_2
  881  svn co svn://svn.dd-wrt.com/DD-WRT/src/linux/brcm/linux.v24_2
  891  svn co svn://svn.dd-wrt.com/DD-WRT/src/linux/brcm/linux.v24
 1060  history|grep svn
 1062  svn co https://svn.dd-wrt.com/browser/src/linux/universal/linux-4.4
 1063  svn co https://svn.dd-wrt.com/DD-WRT/src/linux/universal/linux-4.4
 1064  svn co httpssvn://svn.dd-wrt.com/DD-WRT/src/linux/universal/linux-4.4
 1065  svn co svn://svn.dd-wrt.com/DD-WRT/src/linux/universal/linux-4.4
 1108  history|grep svn
 root  ~  linux-4.4  make config
Makefile:534: arch//Makefile: No such file or directory
make: *** No rule to make target `arch//Makefile'.  Stop.
 root  ~  linux-4.4  make clean
Makefile:632: arch//Makefile: No such file or directory
make: *** No rule to make target `arch//Makefile'.  Stop.
 root  ~  linux-4.4  
 root  ~  linux-4.4  make modules
Makefile:632: arch//Makefile: No such file or directory
make: *** No rule to make target `arch//Makefile'.  Stop.
 root  ~  linux-4.4  




Cheers,
TK

_________________
Cheers, TK
------------------------
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 7182
Location: Texas, USA

PostPosted: Wed Jun 24, 2020 9:34    Post subject: Reply with quote
It would help to know what target router you are referring to. Here's the old thread for Compiling DD-WRT that used to be in the Broadcom forum:

https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=269372

Perhaps @egc, @yoyoma2, @rkboni or one of the other collaborators can shed some light on your situation.

_________________
Official Forum Rules, Guidelines, and Helpful InformationFirmware FAQInstallation WikiWhere Do I Download Firmware?
DON'T use Chromium-based browsersRTFM/STFW - TL;DR is NOT an excuse. • Why Should I Care What Color the Bikeshed Is?
Please DO NOT PM me with questions; Ask in the forum.

---------------------------------------------------------

Linux User #377467 counter.li.org / linuxcounter.net
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 3780
Location: UK, London, just across the river..

PostPosted: Wed Jun 24, 2020 12:52    Post subject: Reply with quote
v3.0-r40854 is an old build...and Kong builds ware ok with SSW and IPsec but not BS builds......according to the SVN IPsec and SSw... things ware WIP by that time try a newer build...it may help...

I guess you use R7000...

_________________
Atheros
TP-Link WR740Nv1 ------DD-WRT 44251 BS AP,NAT
TP-Link WR740Nv4 ------DD-WRT 44251 BS WAP/Switch
TP-Link WR1043NDv2 ----DD-WRT 444406 BS AP,NAT,AP Isolation,Firewall,Local DNS,Forced DNS,DoT,VPN
TP-Link WR1043NDv2 ----DD-WRT 44340 BS AP,NAT,AD Block,Firewall,Local DNS,Forced DNS,DoT,VPN
TP-Link WR1043NDv2 ----Gargoyle OS 1.12.0 AP,NAT,QoS,Quotas
Qualcomm/IPQ8065
Netgear R7800 -------DD-WRT 44340 BS AP,NAT,AD-Block,AP&Net Isolation,VLAN's,Firewall,Local DNS,DoT
Broadcom
Netgear R7000 -------DD-WRT 44340 BS AP,Wi-Fi OFF,NAT,AD-Block,Firewall,Local DNS,Forced DNS,DoT,VPN
------------------------------------------------------------------------------------------------
Stubby for DNS over TLS I DNSCrypt v2 by mac913
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 7182
Location: Texas, USA

PostPosted: Wed Jun 24, 2020 12:57    Post subject: Reply with quote
The modules could also be used from a comparable kernel version from the OpenWRT repo.
_________________
Official Forum Rules, Guidelines, and Helpful InformationFirmware FAQInstallation WikiWhere Do I Download Firmware?
DON'T use Chromium-based browsersRTFM/STFW - TL;DR is NOT an excuse. • Why Should I Care What Color the Bikeshed Is?
Please DO NOT PM me with questions; Ask in the forum.

---------------------------------------------------------

Linux User #377467 counter.li.org / linuxcounter.net
tkmds
DD-WRT User


Joined: 04 Sep 2011
Posts: 92
Location: SA

PostPosted: Wed Jun 24, 2020 13:06    Post subject: Reply with quote
Reason why I use this build, since at the time, only this version supported FRRouting / OSPF / Quagga properly.

https://svn.dd-wrt.com/ticket/6937

https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=322299

And I really need OSPF. Do you gentlemen know if FRRouting has been tested on any of the newer versions since I posted the two above?

This is what I have:

Asus RT-AC68U
Firmware Version DD-WRT v3.0-r40854 std (08/29/19)
Linux 4.4.190 #1092 SMP Thu Aug 29 11:32:59 +04 2019 armv7l
Broadcom BCM4708

I'll try OpenWRT later tonight. Now do you mean there could be a direct links to where I can at least find the xfrm_user.ko modules off their site or do you mean I would have to source and compile off their page? What would be the link?

Also, what would be the correct SVN link and toolchains to successfully compile off the DD-WRT sources? Ones I tried above weren't working.

Cheers,
TK

_________________
Cheers, TK
------------------------
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 7182
Location: Texas, USA

PostPosted: Wed Jun 24, 2020 13:22    Post subject: Reply with quote
Almost thought I misspoke about the OpenWRT capability. The kmod packages listed in this directory are the ones that are available for k4.4 Broadcom ARM:

https://downloads.openwrt.org/releases/17.01.7/targets/bcm53xx/generic/packages/

Only way to find out if it's been fixed is check the svn log or flash 43502 and test it, I don't recall any commits that stand out.

_________________
Official Forum Rules, Guidelines, and Helpful InformationFirmware FAQInstallation WikiWhere Do I Download Firmware?
DON'T use Chromium-based browsersRTFM/STFW - TL;DR is NOT an excuse. • Why Should I Care What Color the Bikeshed Is?
Please DO NOT PM me with questions; Ask in the forum.

---------------------------------------------------------

Linux User #377467 counter.li.org / linuxcounter.net
tkmds
DD-WRT User


Joined: 04 Sep 2011
Posts: 92
Location: SA

PostPosted: Wed Jun 24, 2020 14:51    Post subject: Reply with quote
Glanced over the link briefly.

https://downloads.openwrt.org/releases/17.01.7/targets/brcm47xx/generic/packages/kmod-ipsec4_4.4.182-1_mipsel_mips32.ipk

Guessing it might be one of these IPSec repos. Don't see anything specific for XFRM.

Will look again later in the day.

Cheers,
TK

_________________
Cheers, TK
------------------------
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 7182
Location: Texas, USA

PostPosted: Wed Jun 24, 2020 16:27    Post subject: Reply with quote
I linked you to the ARM cache, and you look in the MIPS cache. Are you *not* looking to do this on ARM?? BCM4708 is ARM!
_________________
Official Forum Rules, Guidelines, and Helpful InformationFirmware FAQInstallation WikiWhere Do I Download Firmware?
DON'T use Chromium-based browsersRTFM/STFW - TL;DR is NOT an excuse. • Why Should I Care What Color the Bikeshed Is?
Please DO NOT PM me with questions; Ask in the forum.

---------------------------------------------------------

Linux User #377467 counter.li.org / linuxcounter.net
tkmds
DD-WRT User


Joined: 04 Sep 2011
Posts: 92
Location: SA

PostPosted: Wed Jun 24, 2020 19:09    Post subject: Reply with quote
Sorry, I should have elaborated a bit more.

I did look here.

https://downloads.openwrt.org/releases/17.01.7/targets/bcm53xx/generic/packages/

But the CPU model is Broadcom BCM4708, not bcm53xxx, so I thought you meant for me to look under:

https://downloads.openwrt.org/releases/17.01.7/targets/brcm47xx/generic/packages/

not realizing what you mentioned. But taking a closer look, I see what you mean now. Sorry totally missed one is ARM the other is MIPS. Wink ( I blame useless meetings for this.)

Then what I need is:

https://downloads.openwrt.org/releases/17.01.7/targets/bcm53xx/generic/packages/kmod-ipsec4_4.4.182-1_arm_cortex-a9.ipk

I suppose. Trying to list the contents of it.

Code:
root@DD-WRT:/opt# ipkg list kmod-ipsec4_4.4.182-1_arm_cortex-a9.ipk
ERROR: File not found: //usr/local/lib/ipkg/lists/bluering
       You probably want to run `ipkg update'
root@DD-WRT:/opt#
root@DD-WRT:/opt#
root@DD-WRT:/opt# ipkg files kmod-ipsec4_4.4.182-1_arm_cortex-a9.ipk
root@DD-WRT:/opt# echo $?
0
root@DD-WRT:/opt# ipkg update
mkdir: can't create directory '//usr/local/lib/': Read-only file system
root@DD-WRT:/opt#


Hmm, looks like I'll have to spend some time reading about ipkg (not configured, yet) vs opkg (works, configured). Couldn't list the contents. Still, it installed ok.

Code:
root@DD-WRT:/opt# df -h
Filesystem                Size      Used Available Use% Mounted on
/dev/root                26.1M     26.1M         0 100% /
/dev/mtdblock/4          96.0M      2.4M     93.6M   2% /jffs
/dev/sda                  3.8G     53.8M      3.5G   1% /opt
root@DD-WRT:/opt#



Code:
root@DD-WRT:/jffs# ipkg -d root install /opt/kmod-ipsec4_4.4.182-1_arm_cortex-a9.ipk
ERROR: File not found: //usr/local/lib/ipkg/lists/bluering
       You probably want to run `ipkg update'
Unpacking kmod-ipsec4...Done.
Configuring kmod-ipsec4...Done.
root@DD-WRT:/jffs#


Apparently these are the files:

Code:
root@DD-WRT:/jffs# find / -iname xfrm*
/jffs/lib/modules/4.4.182/xfrm4_mode_beet.ko
/jffs/lib/modules/4.4.182/xfrm4_mode_tunnel.ko
/jffs/lib/modules/4.4.182/xfrm4_tunnel.ko
/jffs/lib/modules/4.4.182/xfrm4_mode_transport.ko


But I'm missing xfrm4_user. Anyway, loaded them up but the router froze then restarted.

Code:
root@DD-WRT:/jffs#
root@DD-WRT:/jffs# insmod /jffs/lib/modules/4.4.182/xfrm4_mode_beet.ko /jffs/lib/modules/4.4.182/xfrm4_mode_tunnel.ko /jffs/lib/modules/4.4.182/xfrm4_tunnel.ko /jffs/lib/modules/4.4.182/xfrm4_mode_transport.ko
root@DD-WRT:/jffs#
root@DD-WRT:/jffs#
root@DD-WRT:/jffs# lsmod|grep xfrm


Kernel panic? I'll try to load one at a time later this evening.

Cheers,
TK

_________________
Cheers, TK
------------------------
tkmds
DD-WRT User


Joined: 04 Sep 2011
Posts: 92
Location: SA

PostPosted: Thu Jun 25, 2020 1:37    Post subject: Reply with quote
Hmm, nope. Loading /jffs/lib/modules/4.4.182/xfrm4_tunnel.ko is fine.

But when typing lsmod, that is when it crashes:

Code:

Message from syslogd@dd-wrt.mds.xyz at Jun 24 21:28:20 ...
 kernel: Internal error: Oops - BUG: 7 [#1] SMP ARM

Message from syslogd@192.168.0.6 at Jun 24 21:28:20 ...
 kernel: Process lsmod (pid: 27046, stack limit = 0x8785a190)

Message from syslogd@192.168.0.6 at Jun 24 21:28:20 ...
 kernel: Stack: (0x8785be38 to 0x8785c000)

Message from syslogd@192.168.0.6 at Jun 24 21:28:20 ...
 kernel: be20:                                                       8785be80 8785bf78

Message from syslogd@192.168.0.6 at Jun 24 21:28:20 ...
 kernel: be40: 8785be64 85ef2880 7fb5e384 00000000 00000000 85d2e280 8785bebc 8785be68

Message from syslogd@192.168.0.6 at Jun 24 21:28:20 ...
 kernel: be60: 800efeb8 80091f84 00000000 00000000 8785bf78 76f615d8 85ef28b0 00000400

Message from syslogd@192.168.0.6 at Jun 24 21:28:20 ...
 kernel: be80: 00000000 00000000 00000000 00000000 00000000 800efc90 87b83580 00000000

Message from syslogd@192.168.0.6 at Jun 24 21:28:20 ...
 kernel: bea0: 00000000 00000001 00000000 00000000 8785bedc 8785bec0 80113ec8 800efc9c

Message from syslogd@192.168.0.6 at Jun 24 21:28:20 ...
 kernel: bec0: 85d2e280 80113e60 8785bf78 8785bf78 8785bf44 8785bee0 800cc288 80113e6c

Message from syslogd@192.168.0.6 at Jun 24 21:28:20 ...
 kernel: bee0: 00000000 00000000 00000000 00000000 00000000 72610000 6c37766d 00000000

Message from syslogd@192.168.0.6 at Jun 24 21:28:20 ...
 kernel: bf00: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000

Message from syslogd@192.168.0.6 at Jun 24 21:28:20 ...
 kernel: bf20: 85d2e280 85d2e280 00000400 85d2e280 76f615d8 8785bf78 8785bf74 8785bf48

Message from syslogd@192.168.0.6 at Jun 24 21:28:20 ...
 kernel: bf40: 800ccb88 800cc264 00000000 00000000 85d2e280 85d2e280 00000400 76f615d8

Message from syslogd@192.168.0.6 at Jun 24 21:28:20 ...
 kernel: bf60: 00000000 00000000 8785bfa4 8785bf78 800cd41c 800ccb14 00000000 00000000

Message from syslogd@192.168.0.6 at Jun 24 21:28:20 ...
 kernel: bf80: 76f61540 00000001 7e89db7f 00000003 80009744 8785a000 00000000 8785bfa8

Message from syslogd@192.168.0.6 at Jun 24 21:28:20 ...
 kernel: bfa0: 80009580 800cd3d0 76f61540 00000001 00000003 76f615d8 00000400 00000000

Message from syslogd@192.168.0.6 at Jun 24 21:28:20 ...
 kernel: bfc0: 76f61540 00000001 7e89db7f 00000003 76f619f0 00000000 00000000 00000002

Message from syslogd@192.168.0.6 at Jun 24 21:28:20 ...
 kernel: bfe0: 76ffb33c 7e89db50 76fc397c 76fc361c 60000010 00000003 00000000 00000000




Code:

Jun 24 22:01:44 dd-wrt charon: 16[NET] received packet: from 123.123.123.123[4500] to 100.100.100.100[4500] (76 bytes)
Jun 25 02:23:37 dd-wrt kernel: Unable to handle kernel paging request at virtual address ff6cc7f0
Jun 25 02:23:37 dd-wrt kernel: pgd = 85f1c000
Jun 25 02:23:37 dd-wrt kernel: [ff6cc7f0] *pgd=07b1d811, *pte=00000000, *ppte=00000000
Jun 24 22:23:37 dd-wrt charon: 16[NET] received packet: from 123.123.123.123[4500] to 100.100.100.100[4500] (76 bytes)
Jun 24 22:23:37 dd-wrt charon: 16[ENC] parsed INFORMATIONAL request 597 [ ]
Jun 24 22:23:37 dd-wrt charon: 16[ENC] generating INFORMATIONAL response 597 [ ]
Jun 24 22:23:37 dd-wrt charon: 16[NET] sending packet: from 100.100.100.100[4500] to 123.123.123.123[4500] (76 bytes)
Jun 25 02:23:37 dd-wrt kernel: Internal error: Oops - BUG: 7 [#1] SMP ARM
Jun 25 02:23:37 dd-wrt kernel: Modules linked in: xfrm4_mode_tunnel nf_nat_pptp nf_conntrack_pptp nf_nat_proto_gre nf_conntrack_proto_gre xt_opendpi tun fast_classifier ext4 jbd2 mbcache crc16 jffs2 lzo_decompress lzo_compress lzma_decompress(P) lzma_compress
Jun 25 02:23:37 dd-wrt kernel: CPU: 1 PID: 8064 Comm: lsmod Tainted: P                4.4.190 #1092
Jun 25 02:23:37 dd-wrt kernel: Hardware name: Northstar Prototype
Jun 25 02:23:37 dd-wrt kernel: task: 87224400 ti: 85f62000 task.ti: 85f62000
Jun 25 02:23:37 dd-wrt kernel: PC is at m_show+0x70/0x170
Jun 25 02:23:37 dd-wrt kernel: LR is at vsnprintf+0xac/0x358
Jun 25 02:23:37 dd-wrt kernel: 3e40: 85f63e64 87376c80 7fb66384 00000000 00000000 85f29100 85f63ebc 85f63e68
Jun 24 22:23:50 dd-wrt 2078: 6w4d: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/21, changed state to down
Jun 24 22:23:51 dd-wrt 2079: 6w4d: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/21, changed state to down
Jun 24 22:23:54 dd-wrt 2080: 6w4d: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/21, changed state to up
Jun 24 22:23:54 dd-wrt 2081: 6w4d: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/21, changed state to up

_________________
Cheers, TK
------------------------
tkmds
DD-WRT User


Joined: 04 Sep 2011
Posts: 92
Location: SA

PostPosted: Thu Jun 25, 2020 6:18    Post subject: Reply with quote
I've upgraded to:

DD-WRT v3.0-r43502 std (06/23/20)


And reconfigured OSPF. Unlike my earlier post, I managed to reconfigure without FRRouting. So it works well again. As for XFRM, no luck. Same situation.

Code:

# find / -iname xfrm*
/lib/modules/4.4.228/xfrm6_mode_beet.ko
/lib/modules/4.4.228/xfrm6_mode_ro.ko
/lib/modules/4.4.228/xfrm6_mode_transport.ko
/lib/modules/4.4.228/xfrm6_mode_tunnel.ko
/lib/modules/4.4.228/xfrm6_tunnel.ko
/lib/modules/4.4.228/xfrm_algo.ko
/lib/modules/4.4.228/xfrm_ipcomp.ko
/opt/xfrm4
/opt/xfrm4/xfrm4_mode_beet.ko
/opt/xfrm4/xfrm4_mode_transport.ko
/opt/xfrm4/xfrm4_mode_tunnel.ko
/proc/sys/net/core/xfrm_acq_expires
/proc/sys/net/core/xfrm_aevent_etime
/proc/sys/net/core/xfrm_aevent_rseqth
/proc/sys/net/core/xfrm_larval_drop
/proc/sys/net/ipv4/xfrm4_gc_thresh

_________________
Cheers, TK
------------------------
tkmds
DD-WRT User


Joined: 04 Sep 2011
Posts: 92
Location: SA

PostPosted: Thu Jun 25, 2020 7:11    Post subject: Reply with quote
Tried to install the modules again:

Code:

root@DD-WRT:/jffs/lib/modules/4.4.182# ls -altri /opt/kmod-ipsec*arm*
    433 -rw-r--r--    1 root     root         12131 Jun 24 14:38 /opt/kmod-ipsec4_4.4.182-1_arm_cortex-a9.ipk
    453 -rw-r--r--    1 root     root         31436 Jun 25 02:57 /opt/kmod-ipsec_4.4.182-1_arm_cortex-a9.ipk
root@DD-WRT:/jffs/lib/modules/4.4.182# ls -altri
total 102
    450 -rw-r--r--    1 root     root         26440 Jun 21  2019 xfrm_user.ko
    452 -rw-r--r--    1 root     root          5492 Jun 21  2019 xfrm_ipcomp.ko
    449 -rw-r--r--    1 root     root          6048 Jun 21  2019 xfrm_algo.ko
    481 -rw-r--r--    1 root     root          3480 Jun 21  2019 xfrm4_tunnel.ko
    479 -rw-r--r--    1 root     root          2992 Jun 21  2019 xfrm4_mode_tunnel.ko
    482 -rw-r--r--    1 root     root          2196 Jun 21  2019 xfrm4_mode_transport.ko
    478 -rw-r--r--    1 root     root          2964 Jun 21  2019 xfrm4_mode_beet.ko
    477 -rw-r--r--    1 root     root          4148 Jun 21  2019 ipcomp.ko
    483 -rw-r--r--    1 root     root          8544 Jun 21  2019 esp4.ko
    480 -rw-r--r--    1 root     root          7860 Jun 21  2019 ah4.ko
    451 -rw-r--r--    1 root     root         31400 Jun 21  2019 af_key.ko
    447 drwxr-xr-x    3 root     root             0 Jun 25 02:58 ..
    448 drwxr-xr-x    2 root     root             0 Jun 25 02:58 .
root@DD-WRT:/jffs/lib/modules/4.4.182#



This time the modules just don't load. Confirmed by lsmod.

Code:
kmod-ipsec4_4.4.182-1_arm_cortex-a9.ipk
kmod-ipsec_4.4.182-1_arm_cortex-a9.ipk

insmod: cannot insert 'xfrm4_tunnel.ko': unknown symbol in module
insmod: cannot insert 'xfrm_user.ko': unknown symbol in module

_________________
Cheers, TK
------------------------
tkmds
DD-WRT User


Joined: 04 Sep 2011
Posts: 92
Location: SA

PostPosted: Thu Jun 25, 2020 19:32    Post subject: Reply with quote
Is there any other options for compiling and getting the modules into my build?

In the least need xfrm_user.ko if not the others.

https://wiki.strongswan.org/projects/strongswan/wiki/KernelModules

_________________
Cheers, TK
------------------------
Goto page 1, 2  Next Display posts from previous:    Page 1 of 2
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum