Adding vpnc to DD-WRT

Post new topic   Reply to topic    DD-WRT Forum Index -> Contributions Upload
Goto page Previous  1, 2
Author Message
t_j_k
DD-WRT Novice


Joined: 09 Oct 2006
Posts: 6
Location: Poland

PostPosted: Sun Oct 22, 2006 20:33    Post subject: Reply with quote
I searched through dd-wrt v23SP1 source and I think that you can try to create
scripts:
/etc/config/.ipup
/jffs2/etc/config/.ipup
/jffs2/etc/config/.ipup

or start vpnc by rc_firewall nvram variable :


dd-wrt.v23.SP1-Final.src/DD-WRT/src/router/rc/rc.c

/* udhcpc [ deconfig bound renew ] */
else if (strstr (base, "udhcpc"))
return start_main ("udhcpc", argc, argv);

servicemanager.c :

start_main (char *name, int argc, char **argv)
{
cprintf ("start_main\n");
void *handle = load_service (name);
if (handle == NULL)
{
return -1;
}
int (*fptr) (int, char **);
char service[64];
sprintf (service, "%s_main", name);
cprintf ("resolving %s\n", service);
fptr = (int (*)(int, char **)) dlsym (handle, service);
if (fptr)
(*fptr) (argc, argv);
else
fprintf (stderr, "function %s not found \n", service);
dlclose (handle);
cprintf ("start_main done()\n");
return 0;
}

load_service (char *name)
{
cprintf ("load service %s\n", name);
void *handle = dlopen (SERVICE_MODULE, RTLD_LAZY);
cprintf ("done()\n");
if (handle == NULL && name != NULL)
{
cprintf ("not found, try to load alternate\n");
char dl[64];
sprintf (dl, "/usr/lib/%s_service.so", name);
cprintf ("try to load %s\n", dl);
handle = dlopen (dl, RTLD_LAZY);
if (handle == NULL)
{
fprintf (stderr, "cannot load %s\n", dl);
return NULL;
}
}
cprintf ("found it, returning handle\n");
return handle;
}

it calls udhcpc_main in module udhcpc_service.so

./router/services/udhcpc.c:udhcpc_main (int argc, char **argv)

udhcpc_main (int argc, char **argv)
{
if (check_action () != ACT_IDLE)
return -1;

if (!argv[1])
return EINVAL;
else if (strstr (argv[1], "deconfig"))
return deconfig ();
else if (strstr (argv[1], "bound"))
return bound ();
else if (strstr (argv[1], "renew"))
return renew ();
else if (strstr (argv[1], "update"))
return update_value ();
else
return EINVAL;
}

/*
* bound: This argument is used when udhcpc moves from an unbound, to
* a bound state. All of the paramaters are set in enviromental
* variables, The script should configure the interface, and set any
* other relavent parameters (default gateway, dns server, etc).
*/
static int
bound (void)
{
...
stop_firewall ();
cprintf ("configure to IF[%s] , IP[%s], MASK[%s]\n", wan_ifname,
nvram_safe_get ("wan_ipaddr"), nvram_safe_get ("wan_netmask"));
... if wan_proto is dhcp:
else
{
cprintf ("start wan done\n");
start_wan_done (wan_ifname);
}

./router/services/network.c

void
start_wan_done (char *wan_ifname)
{
...
/* save dns to resolv.conf */
cprintf ("dns to resolv\n");
dns_to_resolv ();

cprintf ("stop start dhcp server\n");
/* Restart DHCP server */
stop_udhcpd ();
start_udhcpd ();
cprintf ("restart dns proxy\n");
/* Restart DNS proxy */
stop_dnsmasq ();
start_dnsmasq ();
cprintf ("start firewalL\n");
/* Start firewall */
start_firewall ();
...
cprintf ("running custom DD-WRT ipup scripts\n");
runStartup ("/etc/config", ".ipup");
#ifdef HAVE_RB500
runStartup ("/usr/local/etc/config", ".ipup");
#else
runStartup ("/jffs/etc/config", ".ipup");
runStartup ("/mmc/etc/config", ".ipup");
#endif

./router/services/firewall.c :

start_firewall (void)
{
...
stop_vpn_modules ();
start_vpn_modules ();
...
/* run rc_firewall script */
cprintf ("Exec RC Filewall\n");
if (create_rc_file (RC_FIREWALL) == 0)
{
setenv ("PATH", "/sbin:/bin:/usr/sbin:/usr/bin", 1);
system ("/tmp/.rc_firewall");
}
Sponsor
tulmad
DD-WRT Novice


Joined: 07 Oct 2006
Posts: 4

PostPosted: Fri Oct 27, 2006 20:41    Post subject: Reply with quote
I'm actually working on an ASP page for router that you can just connect to from the local network. That way you can start and stop it whenever you need to, instead of having it run all of the time.
bear_m
DD-WRT Novice


Joined: 31 Oct 2006
Posts: 1

PostPosted: Mon Nov 06, 2006 23:53    Post subject: Reply with quote
tulmad:
I'm interesting in web-interface for VPNC too. Can i help you?
tulmad
DD-WRT Novice


Joined: 07 Oct 2006
Posts: 4

PostPosted: Thu Nov 09, 2006 22:17    Post subject: Reply with quote
I honestly haven't had a chance to look at it again since I posted that. I might try to get to it this weekend.
firestormo
DD-WRT Novice


Joined: 14 Dec 2006
Posts: 1

PostPosted: Thu Dec 14, 2006 11:25    Post subject: v23sp2 Reply with quote
I installed the ipkgs from the links provided above (copying to /jffs) but when i try and run vpnc i still get the cant resolve sysbol 'mlock' what else do i need to patch and all to get this to work. also when i installed kmod_tun it complained about a dependency called kernel that did not exist in the ipkg list.




Joined: 01 Jan 1970
Posts:

PostPosted: Sat Dec 16, 2006 21:42    Post subject: Reply with quote
Why not simply switch over to OpenWrt WhiteRussian and webif^2?
  • flash OpenWrt WhiteRussian RC6
  • add the RC6 backports repository to /etc/ipkg.conf
  • run 'ipkg update' and 'ipkg install vpnc'
There is also a howto in the OpenWrt wiki.

Things can be so easy, why go the difficult way?
sneumann
DD-WRT Novice


Joined: 20 Sep 2006
Posts: 9

PostPosted: Thu Jan 04, 2007 22:06    Post subject: Re: v23sp2 Reply with quote
firestormo wrote:
I installed the ipkgs from the links provided above (copying to /jffs) but when i try and run vpnc i still get the cant resolve sysbol 'mlock' what else do i need to patch and all to get this to work. also when i installed kmod_tun it complained about a dependency called kernel that did not exist in the ipkg list.


Hi,

sorry for replying so late.

I just checked the four *.ipkg I had posted,
and none of them contains an "mlock".
Can you check the md5sums ?

Code:

 39586 2006-10-22 696249ad690d47344b719f668e422403 vpnc-rekey_0.3.3-1_mipsel.ipk
 39186 2006-10-21 4f12bd366a3e02123165356d891e02f7 vpnc_0.3.3-1_mipsel.ipk
  5228 2006-10-18 1554e6ac7b8aca7f2747f2c1b2ef4d3b libgpg-error_1.0-0_mipsel.ipk
156928 2006-10-18 b0d25b95ec9ae84b0e3edd896317e069 libgcrypt_1.2.1-0_mipsel.ipk


Can you also check which of you files contains the mlock:

Code:

find /jffs -type f | xargs grep mlock


the kmod-tun is easy, it's just taken from
http://downloads.openwrt.org/whiterussian/rc5/packages/

ipkg info kmod-tun
Package: kmod-tun
Version: 2.4.30-brcm-3
Depends: kernel (2.4.30-brcm-3)
Section: sys
Architecture: mipsel
Maintainer: OpenWrt Developers Team <openwrt-devel@openwrt.org>
MD5Sum: e1e1d20c8fdc4d77763a31fc7bf04aa1
Size: 4855
Filename: kmod-tun_2.4.30-brcm-3_mipsel.ipk
Source: http://svn.openwrt.org/openwrt/branches/whiterussian/openwrt/target/linux/linux-2.4
Description: Kernel TUN/TAP extension
Skywave
DD-WRT Novice


Joined: 17 Jun 2006
Posts: 44

PostPosted: Mon Jan 15, 2007 20:08    Post subject: Reply with quote
[quote="tulmad"]I honestly haven't had a chance to look at it again since I posted that. I might try to get to it this weekend.[/quote

Had a chance yet? Not to give you the feeling that we are urging you to do it but you just a kind way of asking
mick
DD-WRT Novice


Joined: 13 Feb 2007
Posts: 2

PostPosted: Tue Mar 06, 2007 12:15    Post subject: Reply with quote
Timbuktu wrote:
Why not simply switch over to OpenWrt WhiteRussian and webif^2?[list][*] flash OpenWrt WhiteRussian RC6
...
Things can be so easy, why go the difficult way?


Things are not easy if you try get work the following setup:

Client (wired) --> OpenWrt (e.g. with webif^2) --> WLAN --> AP --> Cisco VPN Concentrator

This is for example the basic setup if you want to get an internet connection at a German University. All of them have open WLANs w/o any Security enabled on the WLAN side but a Cisco VPN concentrator (mostly the very polular 3000 series) separating the WLAN from the university's network and the Internet.

The problem using OpenWrt is the very ugly handled setup of Client-mode using OpenWrt: There is no way to set up a DHCP Client on the WLAN using webif^2! On the other hand you have to set up new firewall rules _or_ (much more better) like DD-WRT have to modify the bridges. This can't be done by webif^2 at this time. I've tried this several ways but can't get any connection.

So I am using fli4l with vpnc as router/VPN termination on the local net, then the (reflashed with DD-WRT) buffalo for the WLAN Connection. The setup works really stable. The connection ist terminated after 24h. So i have to reconnect manually or do it by script. The throughput of the vpnc depends only on the fli4l hardware. On a 468DX40 it is about 8KByte/s (really poor Smile)

mick.
mick
DD-WRT Novice


Joined: 13 Feb 2007
Posts: 2

PostPosted: Wed Mar 28, 2007 8:59    Post subject: Reply with quote
mick wrote:


So I am using fli4l with vpnc as router/VPN termination on the local net, then the (reflashed with DD-WRT) buffalo for the WLAN Connection. The setup works really stable. The connection ist terminated after 24h. So i have to reconnect manually or do it by script. The throughput of the vpnc depends only on the fli4l hardware. On a 468DX40 it is about 8KByte/s (really poor Smile)

mick.


It's over now since i got another wireless connection from a different provider using PPTP. DD-WRT works really fine in this environment.

So for me there ist no need to use the cisco vpnc anymore.
razahel
DD-WRT Novice


Joined: 12 Oct 2006
Posts: 2

PostPosted: Mon Jun 18, 2007 18:39    Post subject: Is their still somebody working on vpnc Reply with quote
Hi,


I have read this thread and would like to know, if there is some progress
or
maybe a working version of dd-wrt with vpnc in client mode?

I checked the new openwrt release
but the AP will not connect to the network and
with dd-wrt he does without any flaws so I thought I'll give it a try.
Goto page Previous  1, 2 Display posts from previous:    Page 2 of 2
Post new topic   Reply to topic    DD-WRT Forum Index -> Contributions Upload All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum