| 1 |
I'm not sure if this is the proper place to suggest this but, anyway... |
| 2 |
|
| 3 |
I have a bootable proof-of-concept CD, build from gnetoo-embedded, that |
| 4 |
probably could do what you want without you needing compiling anything. |
| 5 |
|
| 6 |
fetch latest iso from http://jv.lmdata.org/alpine/hardened/isoimages/ |
| 7 |
|
| 8 |
This is totally undocumented (still alfa, but I think you should be able |
| 9 |
to use it). All runtimes are installed in RAM so you need at least 64MB, |
| 10 |
probably more. |
| 11 |
|
| 12 |
boot the cd. |
| 13 |
|
| 14 |
configure your network (debian/busybox style) |
| 15 |
in /etc/network/interfaces. You can install nano or vim runtimes for |
| 16 |
that with: |
| 17 |
|
| 18 |
apk_add openvpn |
| 19 |
|
| 20 |
(You migh want to install dhcpcd or pump for dhcp. busybox internal |
| 21 |
doesnt work because of no /share/ directory containing the scripts) |
| 22 |
|
| 23 |
install openvpn runtimes: |
| 24 |
|
| 25 |
apk_add openvpn |
| 26 |
|
| 27 |
configure openvpn (you might want to install bash for running the |
| 28 |
openvpn scripts: apk_add bash) |
| 29 |
|
| 30 |
bridgeutils are available with: |
| 31 |
|
| 32 |
apk_add bridge-utils |
| 33 |
|
| 34 |
shorewall is available with: |
| 35 |
|
| 36 |
apk_add shorewall |
| 37 |
|
| 38 |
Now as soon you reboot you would lose your configs so you would want to |
| 39 |
store it on floppy or usb. |
| 40 |
|
| 41 |
To add files to the save-to-writeable-media-list use: |
| 42 |
|
| 43 |
lbu_add FILE... |
| 44 |
|
| 45 |
for example: |
| 46 |
|
| 47 |
lbu_add /etc/resolv.conf /etc/network/interfaces /etc/ssl /etc/openvpn |
| 48 |
|
| 49 |
To really preform the write to floppy, use: |
| 50 |
|
| 51 |
lbu_commit floppy |
| 52 |
|
| 53 |
You could store configs to usb stick too but then you will need usbd. |
| 54 |
|
| 55 |
apk_add usbd |
| 56 |
/etc/init.d/usbd start |
| 57 |
modprobe ub |
| 58 |
lbu_commit usb |
| 59 |
|
| 60 |
Now next reboot, everythign in the lbu_add'ed files will be restored and |
| 61 |
all pacakges installed will be reinstalled during boot. |
| 62 |
|
| 63 |
make symblinks in /etc/rc2.d and add those links to local backup list |
| 64 |
with lbu_add and the services will be started too. |
| 65 |
|
| 66 |
For manpages on apk_add apk_delete and friends, visit |
| 67 |
http://apk-tools.sf.net |
| 68 |
|
| 69 |
I know atleast one person using this cd for openvpn. |
| 70 |
|
| 71 |
On ons, 2005-12-28 at 19:09 +0000, João Brázio wrote: |
| 72 |
> Dear Thierry, |
| 73 |
> It works great but now I've got another problem, I'm trying to compile |
| 74 |
> GNAP with nylon, a sock proxy and the following error occurs: |
| 75 |
> |
| 76 |
> File: myspecs/extensions.conf |
| 77 |
> extensions: nylon |
| 78 |
> |
| 79 |
> nylon/packlist: nylon libevent |
| 80 |
> nylon/cleanup: /usr/share |
| 81 |
> |
| 82 |
> Portage: |
| 83 |
> http://mirrors.tds.net/gentoo/snapshots/portage-20051227.tar.bz2 |
| 84 |
> |
| 85 |
> |
| 86 |
> # gnap_make -t extensions -e myspecs -p portage-20051227.tar.bz2 |
| 87 |
> GNAP Core Building tool gnap_make version 1.8.2 |
| 88 |
> * Checking parameters... |
| 89 |
> [ ok ] |
| 90 |
> * 'livecd-stage1' or 'extensions' was selected without 'stage3'. |
| 91 |
> * Should I use the seed stage as stage3 result ? [N]: y |
| 92 |
> * The following targets will be called: |
| 93 |
> * [extensions] |
| 94 |
> * Preparing portage snapshot... |
| 95 |
> [ ok ] |
| 96 |
> * [extensions] stage start... |
| 97 |
> [ ok ] |
| 98 |
> * Building nylon extension... |
| 99 |
> [ !! ] |
| 100 |
> * Extension build failed, see ./gnap_make-20051228.err and .out for |
| 101 |
> det [ !! ] |
| 102 |
> * Cleaning temporary directories... |
| 103 |
> [ ok ] |
| 104 |
> Build failed, try man gnap_make for more help |
| 105 |
> |
| 106 |
> |
| 107 |
> # cat gnap_make-20051228.err |
| 108 |
> >>> Regenerating /etc/ld.so.cache... |
| 109 |
> |
| 110 |
> |
| 111 |
> Performing Global Updates: /usr/portage/profiles/updates/4Q-2005 |
| 112 |
> (Could take a couple of minutes if you have a lot of binary |
| 113 |
> packages.) |
| 114 |
> .='update pass' *='binary update' @='/var/db move' |
| 115 |
> s='/var/db SLOT move' S='binary SLOT move' |
| 116 |
> p='update /etc/portage/package.*' |
| 117 |
> |
| 118 |
> |
| 119 |
> # cat gnap_make-20051228.out |
| 120 |
> ........................ |
| 121 |
> Calculating dependencies |
| 122 |
> |
| 123 |
> !!! Problem in sys-apps/portage dependencies. |
| 124 |
> !!! [Errno 38] Function not implemented: |
| 125 |
> '/var/cache/edb/dep//usr/portage/sys-apps/.update.8098.portage-2.0.53' |
| 126 |
> exceptions |
| 127 |
> Calculating dependencies |
| 128 |
> |
| 129 |
> !!! Problem in net-proxy/nylon dependencies. |
| 130 |
> !!! [Errno 38] Function not implemented: |
| 131 |
> '/var/cache/edb/dep//usr/portage/net-proxy/.update.8144.nylon-1.2-r2' |
| 132 |
> exceptions |
| 133 |
> Gentoo Catalyst, version 1.1.10.10 |
| 134 |
> Copyright 2003-2005 The Gentoo Foundation |
| 135 |
> Distributed under the GNU General Public License version 2 |
| 136 |
> |
| 137 |
> Using command line specified Catalyst configuration |
| 138 |
> file, /etc/catalyst/catalyst.conf |
| 139 |
> Setting storedir to config file value "/var/tmp/catalyst" |
| 140 |
> Setting portdir to default value "/usr/portage" |
| 141 |
> Setting distdir to config file value "/usr/portage/distfiles" |
| 142 |
> Setting options to config file value "pkgcache kerncache" |
| 143 |
> Setting sharedir to config file value "/usr/lib/catalyst" |
| 144 |
> Package cache support enabled. |
| 145 |
> Kernel cache support enabled. |
| 146 |
> |
| 147 |
> WARNING: No value set for key: grp/use |
| 148 |
> deleting key: grp/use |
| 149 |
> |
| 150 |
> Building natively for x86 |
| 151 |
> Checking for processes running in chroot and killing them. |
| 152 |
> Running command |
| 153 |
> "/bin/bash /usr/lib/catalyst/targets/support/kill-chroot-pids.sh" |
| 154 |
> Running action sequence: dir_setup |
| 155 |
> Setting up directories... |
| 156 |
> Running action sequence: unpack_and_bind |
| 157 |
> Unpacking stage tarball... |
| 158 |
> Running command "/bin/tar |
| 159 |
> xjpf /var/tmp/catalyst/builds/gnap/stage3-x86-20051228.tar.bz2 |
| 160 |
> -C /var/tmp/catalyst/tmp/gnap/grp-x86-20051228" |
| 161 |
> Unpacking portage tree snapshot... |
| 162 |
> Running command "/bin/tar xjpf /var/tmp/catalyst/snapshots/portage- |
| 163 |
> 20051228.tar.bz2 -C /var/tmp/catalyst/tmp/gnap/grp-x86-20051228/usr" |
| 164 |
> Configuring profile link... |
| 165 |
> Running command "rm |
| 166 |
> -f /var/tmp/catalyst/tmp/gnap/grp-x86-20051228/etc/make.profile" |
| 167 |
> Running command "ln |
| 168 |
> -sf ../usr/portage/profiles/uclibc/x86/hardened /var/tmp/catalyst/tmp/gnap/grp-x86-20051228/etc/make.profile" |
| 169 |
> Running action sequence: chroot_setup |
| 170 |
> Setting up chroot... |
| 171 |
> Running command |
| 172 |
> "cp /etc/resolv.conf /var/tmp/catalyst/tmp/gnap/grp-x86-20051228/etc" |
| 173 |
> Running command |
| 174 |
> "mv /var/tmp/catalyst/tmp/gnap/grp-x86-20051228/etc/hosts /var/tmp/catalyst/tmp/gnap/grp-x86-20051228/etc/hosts.bck" |
| 175 |
> Running command |
| 176 |
> "cp /etc/hosts /var/tmp/catalyst/tmp/gnap/grp-x86-20051228/etc/hosts" |
| 177 |
> Running command "rm |
| 178 |
> -f /var/tmp/catalyst/tmp/gnap/grp-x86-20051228/etc/make.conf" |
| 179 |
> Running action sequence: setup_environment |
| 180 |
> Running action sequence: run_local |
| 181 |
> Running command "/bin/bash /usr/lib/catalyst/targets/grp/grp.sh run |
| 182 |
> pkgset nylon 'nylon' 'libevent'" |
| 183 |
> |
| 184 |
> Traceback (most recent call last): |
| 185 |
> File "modules/grp_target.py", line 44, in run_local |
| 186 |
> cmd("/bin/bash "+self.settings["sharedir"]+\ |
| 187 |
> File "/usr/lib/catalyst/modules/catalyst_support.py", line 102, in |
| 188 |
> cmd |
| 189 |
> raise CatalystError,myexc |
| 190 |
> CatalystError: <unprintable instance object> |
| 191 |
> None |
| 192 |
> |
| 193 |
> !!! catalyst: GRP build aborting due to error. |
| 194 |
> |
| 195 |
> On 12/28/05, Thierry Carrez <koon@g.o> wrote: |
| 196 |
> João Brázio wrote: |
| 197 |
> |
| 198 |
> > I've been trying to configure GNAP as a VPN server without |
| 199 |
> any success. |
| 200 |
> > |
| 201 |
> > I want to allow 10 clients connected to the VPN server at |
| 202 |
> the same time |
| 203 |
> > and each one of them should have a different local IP |
| 204 |
> address. This is |
| 205 |
> > possible to do with a bridge. |
| 206 |
> |
| 207 |
> This is also possible to do without a bridge, using OpenVPN |
| 208 |
> 2.0 "server" |
| 209 |
> mode. See http://openvpn.net/howto.html |
| 210 |
> |
| 211 |
> > I need to create br0 bridge with eth0 with tap0. The problem |
| 212 |
> is that I |
| 213 |
> > can't see the interfaces when I do ifconfig -a altought i |
| 214 |
> can see |
| 215 |
> > /dev/net/tun so I think TUN/TAP module is loaded. |
| 216 |
> |
| 217 |
> GNAP vanilla kernel is missing bridge support. |
| 218 |
> |
| 219 |
> > Can this be done with a vanilla GNAP system ? |
| 220 |
> > How is supposed to use the USE_VPN flag on GNAP, p2p VPN or |
| 221 |
> a |
| 222 |
> > Server-to-many solution ? |
| 223 |
> |
| 224 |
> USE_VPN triggers the use of OpenVPN. It supports both modes. |
| 225 |
> |
| 226 |
> -- |
| 227 |
> Thierry Carrez (Koon) |
| 228 |
> GNAP Developer |
| 229 |
> -- |
| 230 |
> gentoo-embedded@g.o mailing list |
| 231 |
> |
| 232 |
> |
| 233 |
> |
| 234 |
> |
| 235 |
> -- |
| 236 |
> |
| 237 |
> Cumprimentos, |
| 238 |
> João Brázio. |
| 239 |
|
| 240 |
-- |
| 241 |
gentoo-embedded@g.o mailing list |
Archives