DD-WRT :: View topic - Cannot add XFRM or VTI Interfaces

Cannot add XFRM or VTI Interfaces

DD-WRT Forum Index -> Advanced Networking

Goto page 1, 2 Next

View previous topic :: View next topic

Author

Message

tkmds
DD-WRT User

Joined: 04 Sep 2011
Posts: 161
Location: SA

Posted: Sun Jun 21, 2020 3:15 Post subject: Cannot add XFRM or VTI Interfaces

Hello,

What is the correct syntax to add XFRMI or VTI interfaces?

root@DD-WRT:~# ip link add xfrm0 type xfrm dev ipsec0 if_id 42
ip: RTNETLINK answers: Not supported
root@DD-WRT:~# ip link add vti0 type vti dev ipsec0 if_id 42
ip: RTNETLINK answers: Not supported
root@DD-WRT:~#

Or perhaps I'm missing a module?

DD-WRT v3.0-r40854 std (08/29/19)

Linux DD-WRT 4.4.190 #1092 SMP Thu Aug 29 11:32:59 +04 2019 armv7l DD-WRT

[ EDIT ] ----------------------------------

BACKGROUND

Configuring StrongSwan on DD-WRT. Everything works fine and tunnels are created however I can't ping or access REMOTE VM's.

According to https://wiki.strongswan.org/projects/strongswan/wiki/KernelModules I need a few modules. Interestingly, what I do have is:

root@DD-WRT:~# find / -iname tunnel*
/lib/modules/4.4.190/tunnel4.ko
/lib/modules/4.4.190/tunnel6.ko
root@DD-WRT:~# find / -iname exp4*
root@DD-WRT:~# find / -iname esp4*
root@DD-WRT:~# find / -iname esp*
/lib/modules/4.4.190/esp6.ko
root@DD-WRT:~# find / -iname xfrm*
/lib/modules/4.4.190/xfrm6_mode_beet.ko
/lib/modules/4.4.190/xfrm6_mode_ro.ko
/lib/modules/4.4.190/xfrm6_mode_transport.ko
/lib/modules/4.4.190/xfrm6_mode_tunnel.ko
/lib/modules/4.4.190/xfrm6_tunnel.ko
/lib/modules/4.4.190/xfrm_algo.ko
/lib/modules/4.4.190/xfrm_ipcomp.ko
/proc/sys/net/core/xfrm_acq_expires
/proc/sys/net/core/xfrm_aevent_etime
/proc/sys/net/core/xfrm_aevent_rseqth
/proc/sys/net/core/xfrm_larval_drop
/proc/sys/net/ipv4/xfrm4_gc_thresh
root@DD-WRT:~#
root@DD-WRT:~#
root@DD-WRT:~# find / -iname ip_tunnel*
/lib/modules/4.4.190/ip_tunnel.ko
root@DD-WRT:~#

( Why is xfrm6_tunnel.ko installed but xfrm4_tunnel.ko missing? Should it even be there in the kernel image? )

Pinging, ssh etc access works find from REMOTE to LOCAL. But not LOCAL to REMOTE with strongswan-kernel-libipsec included. This I find odd because it seems to indicate the Remote to Strongswan connection is fine, just routing and forwarding packets from the DD-WRT router over to the Remote instances isn't working. Tried a tcpdump, but no reply:

root@DD-WRT:~# tcpdump -i ipsec0 -s 0 -n
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ipsec0, link-type RAW (Raw IP), snapshot length 262144 bytes
08:44:28.318516 IP 100.100.100.100 > 10.10.0.4: ICMP echo request, id 36426, seq 0, length 64
08:44:29.325741 IP 100.100.100.100 > 10.10.0.4: ICMP echo request, id 36426, seq 1, length 64

What's also interesting, is that with this new config:

conn REMOTE-VLANS
authby=secret
auto=start
type=tunnel
keyexchange=ikev2
keylife=3600s
ikelifetime=28800s
rekey=yes
rekeymargin=3m
keyingtries=1
mobike=no
dpdaction=restart
left=100.100.100.100
leftsubnet=192.168.0.0/24
lefthostaccess=yes
right=123.123.123.123
rightsubnet=10.10.0.0/24
esp=aes256gcm16,aes256-sha2_256,aes256-sha1-modp2048,aes256-sha1,aes128-sha1!
ike=aes256-sha2_256-modp1024,aes256-sha1-modp1024,aes128-sha1-modp1024!

I no longer have to run:

ip route add 10.10.0.0/24 dev ipsec0

for packets to show up on ipsec0:

root@DD-WRT:~# tcpdump -i ipsec0 -s 0 -n
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ipsec0, link-type RAW (Raw IP), snapshot length 262144 bytes
08:44:28.318516 IP 100.100.100.100 > 10.10.0.4: ICMP echo request, id 36426, seq 0, length 64
08:44:29.325741 IP 100.100.100.100 > 10.10.0.4: ICMP echo request, id 36426, seq 1, length 64

but not anymore. Connection is established fine:

root@DD-WRT:~# ipsec status
Security Associations (1 up, 0 connecting):
REMOTE-VLANS[1]: ESTABLISHED 2 seconds ago, 100.100.100.100[100.100.100.100]...123.123.123.123[123.123.123.123]
REMOTE-VLANS{1}: INSTALLED, TUNNEL, reqid 1, ESP in UDP SPIs: 2170db44_i 27817e76_o
REMOTE-VLANS{1}: 192.168.0.0/24 === 10.10.0.0/24
root@DD-WRT:~#

However, I don't see anything going further than the ipsec0 interface that ipsec creates when starting up. It's a bit of a black box between there and the remote machine.

The only time I couldn't ping from REMOTE to LOCAL is when I was missing these F/W rules.

iptables -I FORWARD -s 10.10.0.0/24 -d 192.168.0.0/24 -j ACCEPT
iptables -I INPUT -p icmp -s 10.10.0.0/24 -d 192.168.0.1/32 -j ACCEPT

Thinking something similar was needed but for the reverse. Still looking at some StrongSwan recommendations to add XFRM, VTI or GRE interfaces, however, I get:

root@DD-WRT:~# ip link add xfrm0 type xfrm dev ipsec0 if_id 42
ip: RTNETLINK answers: Not supported
root@DD-WRT:~# ip link add vti0 type vti dev ipsec0 if_id 42
ip: RTNETLINK answers: Not supported
root@DD-WRT:~#

Trying GRE but:

root@DD-WRT:~# ip tunnel add ipsec01 local 100.100.100.100 remote 123.123.123.123 mode gre
ip: ioctl 0x89f1 failed: No such device
root@DD-WRT:~#

REMOTE is not running StrongSwan btw.

Tyvm,
_________________
Cheers, TK
------------------------

Sponsor

tkmds
DD-WRT User

Joined: 04 Sep 2011
Posts: 161
Location: SA

Posted: Tue Jun 23, 2020 6:22 Post subject:

I tried to compile the XFRM modules to then drop them in but ran into some issues. Is this still the correct way to create the modules?

https://wiki.dd-wrt.com/wiki/index.php?title=Development#Requirements

Code:

root  ~  linux-2.6.23  make modules
ccache: error: execv of /xfs/toolchains/toolchain-mipsel_gcc4.1.2/bin/mipsel-linux-uclibc-gcc failed: No such file or directory
scripts/kconfig/conf -s arch/mips/Kconfig
drivers/mtd/devices/Kconfig:8:warning: leading whitespace ignored
.config:816:warning: trying to assign nonexistent symbol MADWIFI
.config:991:warning: trying to assign nonexistent symbol USB_EHCI_SPLIT_ISO
.config:1093:warning: trying to assign nonexistent symbol USB_BERRY_CHARGE
*
* Restart config...
*
*
* Support for Broadcom MIPS based boards
*
Support for Broadcom BCM947XX (BCM947XX) [Y/n] y
Support for Broadcom BCM47XX processors (BCM47XX) [Y/n] y
Nvram size 60k (NVRAM_60K) [N/y] (NEW) y
Nvram size 64k (NVRAM_64K) [N/y] (NEW) y
Support for Using DSCP based IP forwarding (BCMIPDSCP) [N/y] n
Support for performance profiling (HND_BMIPS3300_PROF) [N/y] n
*
* Networking options
*
Packet socket (PACKET) [Y/n/m/?] y
Packet socket: mmapped IO (PACKET_MMAP) [Y/n/?] y
Unix domain sockets (UNIX) [Y/n/m/?] y
Transformation user configuration interface (XFRM_USER) [N/m/y/?] (NEW) y
Transformation sub policy support (EXPERIMENTAL) (XFRM_SUB_POLICY) [N/y/?] (NEW) y
Transformation migrate database (EXPERIMENTAL) (XFRM_MIGRATE) [N/y/?] (NEW) y
PF_KEY sockets (NET_KEY) [N/m/y/?] n
PF_RING sockets (EXPERIMENTAL) (RING) [Y/n/m/?] y
TCP/IP networking (INET) [Y/n/?] y
IP: multicasting (IP_MULTICAST) [Y/n/?] y
IP: advanced router (IP_ADVANCED_ROUTER) [Y/n/?] y
Choose IP: FIB lookup algorithm (choose FIB_HASH if unsure)
> 1. FIB_HASH (ASK_IP_FIB_HASH)
2. FIB_TRIE (IP_FIB_TRIE)
choice[1-2]: 1
IP: policy routing (IP_MULTIPLE_TABLES) [Y/n/?] y
IP: equal cost multipath (IP_ROUTE_MULTIPATH) [Y/n/?] y
IP: verbose route monitoring (IP_ROUTE_VERBOSE) [N/y/?] n
IP: kernel level autoconfiguration (IP_PNP) [N/y/?] n
IP: tunneling (NET_IPIP) [Y/n/m/?] y
IP: GRE tunnels over IP (NET_IPGRE) [Y/n/m/?] y
IP: broadcast GRE over IP (NET_IPGRE_BROADCAST) [Y/n/?] y
IP: ethernet-in-IP tunneling (NET_ETHERIP) [N/m/y/?] (NEW) y
IP: multicast routing (IP_MROUTE) [Y/n/?] y
IP: PIM-SM version 1 support (IP_PIMSM_V1) [Y/n/?] y
IP: PIM-SM version 2 support (IP_PIMSM_V2) [Y/n/?] y
IP: ARP daemon support (EXPERIMENTAL) (ARPD) [N/y/?] n
IP: TCP syncookie support (disabled per default) (SYN_COOKIES) [Y/n/?] y
IP: AH transformation (INET_AH) [N/m/y/?] n
IP: ESP transformation (INET_ESP) [N/m/y/?] n
IP: IPComp transformation (INET_IPCOMP) [N/m/y/?] n
IP: IPsec transport mode (INET_XFRM_MODE_TRANSPORT) [Y/n/m/?] (NEW) Y
IP: IPsec tunnel mode (INET_XFRM_MODE_TUNNEL) [Y/n/m/?] (NEW) Y
IP: IPsec BEET mode (INET_XFRM_MODE_BEET) [Y/n/m/?] (NEW) Y
INET: socket monitoring interface (INET_DIAG) [Y/n/m/?] y
TCP: MD5 Signature Option support (RFC2385) (EXPERIMENTAL) (TCP_MD5SIG) [N/y/?] n
The IPv6 protocol (IPV6) [M/n/y/?] m
IPv6: Privacy Extensions support (IPV6_PRIVACY) [Y/n/?] y
IPv6: Router Preference (RFC 4191) support (IPV6_ROUTER_PREF) [Y/n/?] y
IPv6: Route Information (RFC 4191) support (EXPERIMENTAL) (IPV6_ROUTE_INFO) [Y/n/?] y
IPv6: Enable RFC 4429 Optimistic DAD (EXPERIMENTAL) (IPV6_OPTIMISTIC_DAD) [Y/n/?] y
IPv6: AH transformation (INET6_AH) [N/m/?] n
IPv6: ESP transformation (INET6_ESP) [N/m/?] n
IPv6: IPComp transformation (INET6_IPCOMP) [N/m/?] n
IPv6: Mobility (EXPERIMENTAL) (IPV6_MIP6) [N/m/?] n
IPv6: IPsec transport mode (INET6_XFRM_MODE_TRANSPORT) [M/n/?] (NEW) M
IPv6: IPsec tunnel mode (INET6_XFRM_MODE_TUNNEL) [M/n/?] (NEW) M
IPv6: IPsec BEET mode (INET6_XFRM_MODE_BEET) [M/n/?] (NEW) M
IPv6: MIPv6 route optimization mode (EXPERIMENTAL) (INET6_XFRM_MODE_ROUTEOPTIMIZATION) [N/m/?] (NEW) m
IPv6: IPv6-in-IPv4 tunnel (SIT driver) (IPV6_SIT) [M/n/?] m
IPv6: IPv6-in-IPv6 tunnel (IPV6_TUNNEL) [N/m/?] n
IPv6: Multiple Routing Tables (IPV6_MULTIPLE_TABLES) [N/y/?] n
Security Marking (NETWORK_SECMARK) [Y/n/?] y
*
* Core Netfilter Configuration
*
Netfilter netlink interface (NETFILTER_NETLINK) [Y/n/m/?] y
Netfilter NFQUEUE over NFNETLINK interface (NETFILTER_NETLINK_QUEUE) [Y/n/m/?] y
Netfilter LOG over NFNETLINK interface (NETFILTER_NETLINK_LOG) [Y/n/m/?] y
Netfilter connection tracking support (NF_CONNTRACK_ENABLED) [Y/n/m/?] y
Connection tracking flow accounting (NF_CT_ACCT) [Y/?] y
Connection mark tracking support (NF_CONNTRACK_MARK) [Y/?] y
Connection tracking security mark support (NF_CONNTRACK_SECMARK) [Y/n/?] y
Connection tracking events (EXPERIMENTAL) (NF_CONNTRACK_EVENTS) [Y/n/?] y
SCTP protocol connection tracking support (EXPERIMENTAL) (NF_CT_PROTO_SCTP) [Y/n/m/?] y
UDP-Lite protocol connection tracking support (EXPERIMENTAL) (NF_CT_PROTO_UDPLITE) [Y/n/m/?] y
Amanda backup protocol support (NF_CONNTRACK_AMANDA) [Y/n/m/?] y
FTP protocol support (NF_CONNTRACK_FTP) [Y/n/m/?] y
H.323 protocol support (EXPERIMENTAL) (NF_CONNTRACK_H323) [M/n/?] m
IRC protocol support (NF_CONNTRACK_IRC) [Y/n/m/?] y
NetBIOS name service protocol support (EXPERIMENTAL) (NF_CONNTRACK_NETBIOS_NS) [Y/n/m/?] y
PPtP protocol support (NF_CONNTRACK_PPTP) [M/n/y/?] m
SANE protocol support (EXPERIMENTAL) (NF_CONNTRACK_SANE) [N/m/y/?] n
SIP protocol support (EXPERIMENTAL) (NF_CONNTRACK_SIP) [N/m/y/?] n
TFTP protocol support (NF_CONNTRACK_TFTP) [Y/n/m/?] y
Connection tracking netlink interface (EXPERIMENTAL) (NF_CT_NETLINK) [Y/n/m/?] y
Netfilter Xtables support (required for ip_tables) (NETFILTER_XTABLES) [Y/?] y
"CLASSIFY" target support (NETFILTER_XT_TARGET_CLASSIFY) [Y/n/m/?] y
"CONNMARK" target support (NETFILTER_XT_TARGET_CONNMARK) [Y/n/m/?] y
"DSCP" target support (NETFILTER_XT_TARGET_DSCP) [Y/n/m/?] y
"MARK" target support (NETFILTER_XT_TARGET_MARK) [Y/n/m/?] y
"NFQUEUE" target Support (NETFILTER_XT_TARGET_NFQUEUE) [Y/n/m/?] y
"NFLOG" target support (NETFILTER_XT_TARGET_NFLOG) [Y/n/m/?] y
"NOTRACK" target support (NETFILTER_XT_TARGET_NOTRACK) [Y/n/m/?] y
"TRACE" target support (NETFILTER_XT_TARGET_TRACE) [N/m/y/?] n
"SECMARK" target support (NETFILTER_XT_TARGET_SECMARK) [Y/n/m/?] y
"CONNSECMARK" target support (NETFILTER_XT_TARGET_CONNSECMARK) [Y/n/m/?] y
"TCPMSS" target support (NETFILTER_XT_TARGET_TCPMSS) [Y/n/m/?] y
"comment" match support (NETFILTER_XT_MATCH_COMMENT) [Y/n/m/?] y
"connbytes" per-connection counter match support (NETFILTER_XT_MATCH_CONNBYTES) [Y/n/m/?] y
"connlimit" match support" (NETFILTER_XT_MATCH_CONNLIMIT) [Y/n/m/?] y
"connmark" connection mark match support (NETFILTER_XT_MATCH_CONNMARK) [M/n/y/?] m
"conntrack" connection tracking match support (NETFILTER_XT_MATCH_CONNTRACK) [Y/n/m/?] y
"DCCP" protocol match support (NETFILTER_XT_MATCH_DCCP) [Y/n/m/?] y
"DSCP" match support (NETFILTER_XT_MATCH_DSCP) [Y/n/m/?] y
"ESP" match support (NETFILTER_XT_MATCH_ESP) [Y/n/m/?] y
"helper" match support (NETFILTER_XT_MATCH_HELPER) [Y/n/m/?] y
"length" match support (NETFILTER_XT_MATCH_LENGTH) [Y/n/m/?] y
"limit" match support (NETFILTER_XT_MATCH_LIMIT) [Y/n/m/?] y
"mac" address match support (NETFILTER_XT_MATCH_MAC) [M/n/y/?] m
"mark" match support (NETFILTER_XT_MATCH_MARK) [M/n/y/?] m
IPsec "policy" match support (NETFILTER_XT_MATCH_POLICY) [N/m/y/?] (NEW) y
Multiple port match support (NETFILTER_XT_MATCH_MULTIPORT) [Y/n/m/?] y
"physdev" match support (NETFILTER_XT_MATCH_PHYSDEV) [N/m/y/?] n
"pkttype" packet type match support (NETFILTER_XT_MATCH_PKTTYPE) [Y/n/m/?] y
"quota" match support (NETFILTER_XT_MATCH_QUOTA) [Y/n/m/?] y
"realm" match support (NETFILTER_XT_MATCH_REALM) [Y/n/m/?] y
"sctp" protocol match support (EXPERIMENTAL) (NETFILTER_XT_MATCH_SCTP) [Y/n/m/?] y
"state" match support (NETFILTER_XT_MATCH_STATE) [Y/n/m/?] y
"statistic" match support (NETFILTER_XT_MATCH_STATISTIC) [Y/n/m/?] y
"string" match support (NETFILTER_XT_MATCH_STRING) [Y/n/m/?] y
"tcpmss" match support (NETFILTER_XT_MATCH_TCPMSS) [Y/n/m/?] y
"u32" match support (NETFILTER_XT_MATCH_U32) [Y/n/m/?] y
"hashlimit" match support (NETFILTER_XT_MATCH_HASHLIMIT) [Y/n/m/?] y
Asynchronous Transfer Mode (ATM) (EXPERIMENTAL) (ATM) [N/m/y/?] n
802.1d Ethernet Bridging (BRIDGE) [Y/n/m/?] y
802.1Q VLAN Support (VLAN_8021Q) [Y/n/m/?] y
DECnet Support (DECNET) [N/m/y/?] n
ANSI/IEEE 802.2 LLC type 2 Support (LLC2) [N/m/y/?] n
The IPX protocol (IPX) [N/m/y/?] n
Appletalk protocol support (ATALK) [N/m/y/?] n
CCITT X.25 Packet Layer (EXPERIMENTAL) (X25) [N/m/y/?] n
LAPB Data Link Driver (EXPERIMENTAL) (LAPB) [N/m/y/?] n
Acorn Econet/AUN protocols (EXPERIMENTAL) (ECONET) [N/m/y/?] n
WAN router (WAN_ROUTER) [N/m/y/?] n
#
# configuration written to .config
#
ccache: error: execv of /xfs/toolchains/toolchain-mipsel_gcc4.1.2/bin/mipsel-linux-uclibc-gcc failed: No such file or directory
ccache: error: execv of /xfs/toolchains/toolchain-mipsel_gcc4.1.2/bin/mipsel-linux-uclibc-gcc failed: No such file or directory
ccache: error: execv of /xfs/toolchains/toolchain-mipsel_gcc4.1.2/bin/mipsel-linux-uclibc-gcc failed: No such file or directory
CHK include/linux/version.h
UPD include/linux/version.h
CHK include/linux/utsrelease.h
UPD include/linux/utsrelease.h
SYMLINK include/asm -> include/asm-mips
CC arch/mips/kernel/asm-offsets.s
ccache: error: execv of /xfs/toolchains/toolchain-mipsel_gcc4.1.2/bin/mipsel-linux-uclibc-gcc failed: No such file or directory
make[1]: *** [arch/mips/kernel/asm-offsets.s] Error 1
make: *** [prepare0] Error 2
root  ~  linux-2.6.23  find ./ -iname mipsel-linux-uclibc-gcc*
root  ~  linux-2.6.23  find ./ -iname *mipsel-linux-uclibc-gcc*
root  ~  linux-2.6.23  pwd
/root/linux-2.6.23
root  ~  linux-2.6.23  find ./ -iname *mipsel-linux-uclibc-gcc*
root  ~  linux-2.6.23 

root  ~  linux-2.6.23 
root  ~  linux-2.6.23 
root  ~  linux-2.6.23  find ./ -iname *mipsel-linux-uclibc-gcc*
root  ~  linux-2.6.23  vi .config
root  ~  linux-2.6.23  vi arch/mips/kernel/asm-offsets.s
fi root  ~  linux-2.6.23  find ./ -iname asm-offsets.s*
./arch/arm/kernel/asm-offsets.s
root  ~  linux-2.6.23  vi ./arch/arm/kernel/asm-offsets.s

root  ~  linux-2.6.23 

root  ~  linux-2.6.23 
root  ~  linux-2.6.23 
root  ~  linux-2.6.23  vi arch/mips/kernel/asm-offsets.s
root  ~  linux-2.6.23  vi arch/mips/kernel/asm-offsets.c
root  ~  linux-2.6.23  grep -Ei mipsel .config
root  ~  linux-2.6.23  vi .config
root  ~  linux-2.6.23 

_________________
Cheers, TK
------------------------

tkmds
DD-WRT User

Joined: 04 Sep 2011
Posts: 161
Location: SA

Posted: Wed Jun 24, 2020 4:41 Post subject:

Tricked it and managed to compile the modules by creating a symbolic link like this:

Code:

root  ~  linux-4.4  ls -altri /xfs/
total 4
128 dr-xr-xr-x. 26 root root 4096 Jun 23 23:00 ..
1448898 lrwxrwxrwx. 1 root root 16 Jun 23 23:01 toolchains -> /root/toolchains
1448897 drwxr-xr-x. 2 root root 23 Jun 23 23:01 .
root  ~  linux-4.4 

However the modules weren't compatible:

Code:

root@DD-WRT:/opt/xfrm4# insmod xfrm4_mode_beet.ko
insmod: cannot insert 'xfrm4_mode_beet.ko': invalid module format
root@DD-WRT:/opt/xfrm4# insmod xfrm4_mode_transport.ko
insmod: cannot insert 'xfrm4_mode_transport.ko': invalid module format
root@DD-WRT:/opt/xfrm4# insmod xfrm4_mode_tunnel.ko
insmod: cannot insert 'xfrm4_mode_tunnel.ko': invalid module format
root@DD-WRT:/opt/xfrm4#

What's the correct src repo for compiling the Broadcom modules for BCM4708? Tried a few. not working:

Code:

root  ~  linux-4.4  history|grep svn
873 yum install svn
874 svn co svn://svn.dd-wrt.com/browser/src/linux/brcm/linux.v24_2
875 svn co svn://svn.dd-wrt.com/browser/src/linux/brcm/
876 svn co https://svn.dd-wrt.com/browser/src/linux/brcm/
877 svn co http://svn.dd-wrt.com/browser/src/linux/brcm/
878 svn co https://svn.dd-wrt.com/browser/src/linux/brcm/linux.v24_2
879 svn co svn://svn.dd-wrt.com/DD-WRT/src/linux/brcm/linux-2.6.23
880 svn co svn://svn.dd-wrt.com/DD-WRT/src/linux/brcm/linux/linux.v24_2
881 svn co svn://svn.dd-wrt.com/DD-WRT/src/linux/brcm/linux.v24_2
891 svn co svn://svn.dd-wrt.com/DD-WRT/src/linux/brcm/linux.v24
1060 history|grep svn
1062 svn co https://svn.dd-wrt.com/browser/src/linux/universal/linux-4.4
1063 svn co https://svn.dd-wrt.com/DD-WRT/src/linux/universal/linux-4.4
1064 svn co httpssvn://svn.dd-wrt.com/DD-WRT/src/linux/universal/linux-4.4
1065 svn co svn://svn.dd-wrt.com/DD-WRT/src/linux/universal/linux-4.4
1108 history|grep svn
root  ~  linux-4.4  make config
Makefile:534: arch//Makefile: No such file or directory
make: *** No rule to make target `arch//Makefile'. Stop.
root  ~  linux-4.4  make clean
Makefile:632: arch//Makefile: No such file or directory
make: *** No rule to make target `arch//Makefile'. Stop.
root  ~  linux-4.4 
root  ~  linux-4.4  make modules
Makefile:632: arch//Makefile: No such file or directory
make: *** No rule to make target `arch//Makefile'. Stop.
root  ~  linux-4.4 

Cheers,
TK
_________________
Cheers, TK
------------------------

kernel-panic69
DD-WRT Guru

Joined: 08 May 2018
Posts: 14221
Location: Texas, USA

Posted: Wed Jun 24, 2020 9:34 Post subject:

It would help to know what target router you are referring to. Here's the old thread for Compiling DD-WRT that used to be in the Broadcom forum:

https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=269372

Perhaps @egc, @yoyoma2, @rkboni or one of the other collaborators can shed some light on your situation.
_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net

Alozaros
DD-WRT Guru

Joined: 16 Nov 2015
Posts: 6437
Location: UK, London, just across the river..

Posted: Wed Jun 24, 2020 12:52 Post subject:

v3.0-r40854 is an old build...and Kong builds ware ok with SSW and IPsec but not BS builds......according to the SVN IPsec and SSw... things ware WIP by that time try a newer build...it may help...

I guess you use R7000...
_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913

kernel-panic69
DD-WRT Guru

Joined: 08 May 2018
Posts: 14221
Location: Texas, USA

Posted: Wed Jun 24, 2020 12:57 Post subject:

The modules could also be used from a comparable kernel version from the OpenWRT repo.
_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net

tkmds
DD-WRT User

Joined: 04 Sep 2011
Posts: 161
Location: SA

Posted: Wed Jun 24, 2020 13:06 Post subject:

Reason why I use this build, since at the time, only this version supported FRRouting / OSPF / Quagga properly.

https://svn.dd-wrt.com/ticket/6937

https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=322299

And I really need OSPF. Do you gentlemen know if FRRouting has been tested on any of the newer versions since I posted the two above?

This is what I have:

Asus RT-AC68U
Firmware Version DD-WRT v3.0-r40854 std (08/29/19)
Linux 4.4.190 #1092 SMP Thu Aug 29 11:32:59 +04 2019 armv7l
Broadcom BCM4708

I'll try OpenWRT later tonight. Now do you mean there could be a direct links to where I can at least find the xfrm_user.ko modules off their site or do you mean I would have to source and compile off their page? What would be the link?

Also, what would be the correct SVN link and toolchains to successfully compile off the DD-WRT sources? Ones I tried above weren't working.

Cheers,
TK
_________________
Cheers, TK
------------------------

kernel-panic69
DD-WRT Guru

Joined: 08 May 2018
Posts: 14221
Location: Texas, USA

Posted: Wed Jun 24, 2020 13:22 Post subject:

Almost thought I misspoke about the OpenWRT capability. The kmod packages listed in this directory are the ones that are available for k4.4 Broadcom ARM:

https://downloads.openwrt.org/releases/17.01.7/targets/bcm53xx/generic/packages/

Only way to find out if it's been fixed is check the svn log or flash 43502 and test it, I don't recall any commits that stand out.
_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net

tkmds
DD-WRT User

Joined: 04 Sep 2011
Posts: 161
Location: SA

Posted: Wed Jun 24, 2020 14:51 Post subject:
Glanced over the link briefly. https://downloads.openwrt.org/releases/17.01.7/targets/brcm47xx/generic/packages/kmod-ipsec4_4.4.182-1_mipsel_mips32.ipk Guessing it might be one of these IPSec repos. Don't see anything specific for XFRM. Will look again later in the day. Cheers, TK _________________ Cheers, TK ------------------------

kernel-panic69
DD-WRT Guru

Joined: 08 May 2018
Posts: 14221
Location: Texas, USA

Posted: Wed Jun 24, 2020 16:27 Post subject:

I linked you to the ARM cache, and you look in the MIPS cache. Are you *not* looking to do this on ARM?? BCM4708 is ARM!
_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net

tkmds
DD-WRT User

Joined: 04 Sep 2011
Posts: 161
Location: SA

Posted: Wed Jun 24, 2020 19:09 Post subject:

Sorry, I should have elaborated a bit more.

I did look here.

https://downloads.openwrt.org/releases/17.01.7/targets/bcm53xx/generic/packages/

But the CPU model is Broadcom BCM4708, not bcm53xxx, so I thought you meant for me to look under:

https://downloads.openwrt.org/releases/17.01.7/targets/brcm47xx/generic/packages/

not realizing what you mentioned. But taking a closer look, I see what you mean now. Sorry totally missed one is ARM the other is MIPS. Wink

( I blame useless meetings for this.)

Then what I need is:

https://downloads.openwrt.org/releases/17.01.7/targets/bcm53xx/generic/packages/kmod-ipsec4_4.4.182-1_arm_cortex-a9.ipk

I suppose. Trying to list the contents of it.

Code:

root@DD-WRT:/opt# ipkg list kmod-ipsec4_4.4.182-1_arm_cortex-a9.ipk
ERROR: File not found: //usr/local/lib/ipkg/lists/bluering
You probably want to run `ipkg update'
root@DD-WRT:/opt#
root@DD-WRT:/opt#
root@DD-WRT:/opt# ipkg files kmod-ipsec4_4.4.182-1_arm_cortex-a9.ipk
root@DD-WRT:/opt# echo $?
0
root@DD-WRT:/opt# ipkg update
mkdir: can't create directory '//usr/local/lib/': Read-only file system
root@DD-WRT:/opt#

Hmm, looks like I'll have to spend some time reading about ipkg (not configured, yet) vs opkg (works, configured). Couldn't list the contents. Still, it installed ok.

Code:

root@DD-WRT:/opt# df -h
Filesystem Size Used Available Use% Mounted on
/dev/root 26.1M 26.1M 0 100% /
/dev/mtdblock/4 96.0M 2.4M 93.6M 2% /jffs
/dev/sda 3.8G 53.8M 3.5G 1% /opt
root@DD-WRT:/opt#

Code:

root@DD-WRT:/jffs# ipkg -d root install /opt/kmod-ipsec4_4.4.182-1_arm_cortex-a9.ipk
ERROR: File not found: //usr/local/lib/ipkg/lists/bluering
You probably want to run `ipkg update'
Unpacking kmod-ipsec4...Done.
Configuring kmod-ipsec4...Done.
root@DD-WRT:/jffs#

Apparently these are the files:

Code:

root@DD-WRT:/jffs# find / -iname xfrm*
/jffs/lib/modules/4.4.182/xfrm4_mode_beet.ko
/jffs/lib/modules/4.4.182/xfrm4_mode_tunnel.ko
/jffs/lib/modules/4.4.182/xfrm4_tunnel.ko
/jffs/lib/modules/4.4.182/xfrm4_mode_transport.ko

But I'm missing xfrm4_user. Anyway, loaded them up but the router froze then restarted.

Code:

root@DD-WRT:/jffs#
root@DD-WRT:/jffs# insmod /jffs/lib/modules/4.4.182/xfrm4_mode_beet.ko /jffs/lib/modules/4.4.182/xfrm4_mode_tunnel.ko /jffs/lib/modules/4.4.182/xfrm4_tunnel.ko /jffs/lib/modules/4.4.182/xfrm4_mode_transport.ko
root@DD-WRT:/jffs#
root@DD-WRT:/jffs#
root@DD-WRT:/jffs# lsmod|grep xfrm

Kernel panic? I'll try to load one at a time later this evening.

Cheers,
TK
_________________
Cheers, TK
------------------------

tkmds
DD-WRT User

Joined: 04 Sep 2011
Posts: 161
Location: SA

Posted: Thu Jun 25, 2020 1:37 Post subject:

Hmm, nope. Loading /jffs/lib/modules/4.4.182/xfrm4_tunnel.ko is fine.

But when typing lsmod, that is when it crashes:

Code:

Message from syslogd@dd-wrt.mds.xyz at Jun 24 21:28:20 ...
kernel: Internal error: Oops - BUG: 7 [#1] SMP ARM

Message from syslogd@192.168.0.6 at Jun 24 21:28:20 ...
kernel: Process lsmod (pid: 27046, stack limit = 0x8785a190)

Message from syslogd@192.168.0.6 at Jun 24 21:28:20 ...
kernel: Stack: (0x8785be38 to 0x8785c000)

Message from syslogd@192.168.0.6 at Jun 24 21:28:20 ...
kernel: be20: 8785be80 8785bf78

Message from syslogd@192.168.0.6 at Jun 24 21:28:20 ...
kernel: be40: 8785be64 85ef2880 7fb5e384 00000000 00000000 85d2e280 8785bebc 8785be68

Message from syslogd@192.168.0.6 at Jun 24 21:28:20 ...
kernel: be60: 800efeb8 80091f84 00000000 00000000 8785bf78 76f615d8 85ef28b0 00000400

Message from syslogd@192.168.0.6 at Jun 24 21:28:20 ...
kernel: be80: 00000000 00000000 00000000 00000000 00000000 800efc90 87b83580 00000000

Message from syslogd@192.168.0.6 at Jun 24 21:28:20 ...
kernel: bea0: 00000000 00000001 00000000 00000000 8785bedc 8785bec0 80113ec8 800efc9c

Message from syslogd@192.168.0.6 at Jun 24 21:28:20 ...
kernel: bec0: 85d2e280 80113e60 8785bf78 8785bf78 8785bf44 8785bee0 800cc288 80113e6c

Message from syslogd@192.168.0.6 at Jun 24 21:28:20 ...
kernel: bee0: 00000000 00000000 00000000 00000000 00000000 72610000 6c37766d 00000000

Message from syslogd@192.168.0.6 at Jun 24 21:28:20 ...
kernel: bf00: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000

Message from syslogd@192.168.0.6 at Jun 24 21:28:20 ...
kernel: bf20: 85d2e280 85d2e280 00000400 85d2e280 76f615d8 8785bf78 8785bf74 8785bf48

Message from syslogd@192.168.0.6 at Jun 24 21:28:20 ...
kernel: bf40: 800ccb88 800cc264 00000000 00000000 85d2e280 85d2e280 00000400 76f615d8

Message from syslogd@192.168.0.6 at Jun 24 21:28:20 ...
kernel: bf60: 00000000 00000000 8785bfa4 8785bf78 800cd41c 800ccb14 00000000 00000000

Message from syslogd@192.168.0.6 at Jun 24 21:28:20 ...
kernel: bf80: 76f61540 00000001 7e89db7f 00000003 80009744 8785a000 00000000 8785bfa8

Message from syslogd@192.168.0.6 at Jun 24 21:28:20 ...
kernel: bfa0: 80009580 800cd3d0 76f61540 00000001 00000003 76f615d8 00000400 00000000

Message from syslogd@192.168.0.6 at Jun 24 21:28:20 ...
kernel: bfc0: 76f61540 00000001 7e89db7f 00000003 76f619f0 00000000 00000000 00000002

Message from syslogd@192.168.0.6 at Jun 24 21:28:20 ...
kernel: bfe0: 76ffb33c 7e89db50 76fc397c 76fc361c 60000010 00000003 00000000 00000000

Code:

Jun 24 22:01:44 dd-wrt charon: 16[NET] received packet: from 123.123.123.123[4500] to 100.100.100.100[4500] (76 bytes)
Jun 25 02:23:37 dd-wrt kernel: Unable to handle kernel paging request at virtual address ff6cc7f0
Jun 25 02:23:37 dd-wrt kernel: pgd = 85f1c000
Jun 25 02:23:37 dd-wrt kernel: [ff6cc7f0] *pgd=07b1d811, *pte=00000000, *ppte=00000000
Jun 24 22:23:37 dd-wrt charon: 16[NET] received packet: from 123.123.123.123[4500] to 100.100.100.100[4500] (76 bytes)
Jun 24 22:23:37 dd-wrt charon: 16[ENC] parsed INFORMATIONAL request 597 [ ]
Jun 24 22:23:37 dd-wrt charon: 16[ENC] generating INFORMATIONAL response 597 [ ]
Jun 24 22:23:37 dd-wrt charon: 16[NET] sending packet: from 100.100.100.100[4500] to 123.123.123.123[4500] (76 bytes)
Jun 25 02:23:37 dd-wrt kernel: Internal error: Oops - BUG: 7 [#1] SMP ARM
Jun 25 02:23:37 dd-wrt kernel: Modules linked in: xfrm4_mode_tunnel nf_nat_pptp nf_conntrack_pptp nf_nat_proto_gre nf_conntrack_proto_gre xt_opendpi tun fast_classifier ext4 jbd2 mbcache crc16 jffs2 lzo_decompress lzo_compress lzma_decompress(P) lzma_compress
Jun 25 02:23:37 dd-wrt kernel: CPU: 1 PID: 8064 Comm: lsmod Tainted: P 4.4.190 #1092
Jun 25 02:23:37 dd-wrt kernel: Hardware name: Northstar Prototype
Jun 25 02:23:37 dd-wrt kernel: task: 87224400 ti: 85f62000 task.ti: 85f62000
Jun 25 02:23:37 dd-wrt kernel: PC is at m_show+0x70/0x170
Jun 25 02:23:37 dd-wrt kernel: LR is at vsnprintf+0xac/0x358
Jun 25 02:23:37 dd-wrt kernel: 3e40: 85f63e64 87376c80 7fb66384 00000000 00000000 85f29100 85f63ebc 85f63e68
Jun 24 22:23:50 dd-wrt 2078: 6w4d: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/21, changed state to down
Jun 24 22:23:51 dd-wrt 2079: 6w4d: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/21, changed state to down
Jun 24 22:23:54 dd-wrt 2080: 6w4d: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/21, changed state to up
Jun 24 22:23:54 dd-wrt 2081: 6w4d: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/21, changed state to up

_________________
Cheers, TK
------------------------

tkmds
DD-WRT User

Joined: 04 Sep 2011
Posts: 161
Location: SA

Posted: Thu Jun 25, 2020 6:18 Post subject:

I've upgraded to:

DD-WRT v3.0-r43502 std (06/23/20)

And reconfigured OSPF. Unlike my earlier post, I managed to reconfigure without FRRouting. So it works well again. As for XFRM, no luck. Same situation.

Code:

# find / -iname xfrm*
/lib/modules/4.4.228/xfrm6_mode_beet.ko
/lib/modules/4.4.228/xfrm6_mode_ro.ko
/lib/modules/4.4.228/xfrm6_mode_transport.ko
/lib/modules/4.4.228/xfrm6_mode_tunnel.ko
/lib/modules/4.4.228/xfrm6_tunnel.ko
/lib/modules/4.4.228/xfrm_algo.ko
/lib/modules/4.4.228/xfrm_ipcomp.ko
/opt/xfrm4
/opt/xfrm4/xfrm4_mode_beet.ko
/opt/xfrm4/xfrm4_mode_transport.ko
/opt/xfrm4/xfrm4_mode_tunnel.ko
/proc/sys/net/core/xfrm_acq_expires
/proc/sys/net/core/xfrm_aevent_etime
/proc/sys/net/core/xfrm_aevent_rseqth
/proc/sys/net/core/xfrm_larval_drop
/proc/sys/net/ipv4/xfrm4_gc_thresh

_________________
Cheers, TK
------------------------

tkmds
DD-WRT User

Joined: 04 Sep 2011
Posts: 161
Location: SA

Posted: Thu Jun 25, 2020 7:11 Post subject:

Tried to install the modules again:

Code:

root@DD-WRT:/jffs/lib/modules/4.4.182# ls -altri /opt/kmod-ipsec*arm*
433 -rw-r--r-- 1 root root 12131 Jun 24 14:38 /opt/kmod-ipsec4_4.4.182-1_arm_cortex-a9.ipk
453 -rw-r--r-- 1 root root 31436 Jun 25 02:57 /opt/kmod-ipsec_4.4.182-1_arm_cortex-a9.ipk
root@DD-WRT:/jffs/lib/modules/4.4.182# ls -altri
total 102
450 -rw-r--r-- 1 root root 26440 Jun 21 2019 xfrm_user.ko
452 -rw-r--r-- 1 root root 5492 Jun 21 2019 xfrm_ipcomp.ko
449 -rw-r--r-- 1 root root 6048 Jun 21 2019 xfrm_algo.ko
481 -rw-r--r-- 1 root root 3480 Jun 21 2019 xfrm4_tunnel.ko
479 -rw-r--r-- 1 root root 2992 Jun 21 2019 xfrm4_mode_tunnel.ko
482 -rw-r--r-- 1 root root 2196 Jun 21 2019 xfrm4_mode_transport.ko
478 -rw-r--r-- 1 root root 2964 Jun 21 2019 xfrm4_mode_beet.ko
477 -rw-r--r-- 1 root root 4148 Jun 21 2019 ipcomp.ko
483 -rw-r--r-- 1 root root 8544 Jun 21 2019 esp4.ko
480 -rw-r--r-- 1 root root 7860 Jun 21 2019 ah4.ko
451 -rw-r--r-- 1 root root 31400 Jun 21 2019 af_key.ko
447 drwxr-xr-x 3 root root 0 Jun 25 02:58 ..
448 drwxr-xr-x 2 root root 0 Jun 25 02:58 .
root@DD-WRT:/jffs/lib/modules/4.4.182#

This time the modules just don't load. Confirmed by lsmod.

Code:

kmod-ipsec4_4.4.182-1_arm_cortex-a9.ipk
kmod-ipsec_4.4.182-1_arm_cortex-a9.ipk

insmod: cannot insert 'xfrm4_tunnel.ko': unknown symbol in module
insmod: cannot insert 'xfrm_user.ko': unknown symbol in module

_________________
Cheers, TK
------------------------

tkmds
DD-WRT User

Joined: 04 Sep 2011
Posts: 161
Location: SA

Posted: Thu Jun 25, 2020 19:32 Post subject:
Is there any other options for compiling and getting the modules into my build? In the least need xfrm_user.ko if not the others. https://wiki.strongswan.org/projects/strongswan/wiki/KernelModules _________________ Cheers, TK ------------------------

Goto page 1, 2 Next

Display posts from previous:

Page 1 of 2

DD-WRT Forum Index -> Advanced Networking

All times are GMT

Navigation

Jump to:

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum

Log in

Cannot add XFRM or VTI Interfaces

Quick Links

Log in