1 |
I'm not sure if this is the proper place to suggest this but, anyway... |
2 |
|
3 |
I have a bootable proof-of-concept CD, build from gnetoo-embedded, that |
4 |
probably could do what you want without you needing compiling anything. |
5 |
|
6 |
fetch latest iso from http://jv.lmdata.org/alpine/hardened/isoimages/ |
7 |
|
8 |
This is totally undocumented (still alfa, but I think you should be able |
9 |
to use it). All runtimes are installed in RAM so you need at least 64MB, |
10 |
probably more. |
11 |
|
12 |
boot the cd. |
13 |
|
14 |
configure your network (debian/busybox style) |
15 |
in /etc/network/interfaces. You can install nano or vim runtimes for |
16 |
that with: |
17 |
|
18 |
apk_add openvpn |
19 |
|
20 |
(You migh want to install dhcpcd or pump for dhcp. busybox internal |
21 |
doesnt work because of no /share/ directory containing the scripts) |
22 |
|
23 |
install openvpn runtimes: |
24 |
|
25 |
apk_add openvpn |
26 |
|
27 |
configure openvpn (you might want to install bash for running the |
28 |
openvpn scripts: apk_add bash) |
29 |
|
30 |
bridgeutils are available with: |
31 |
|
32 |
apk_add bridge-utils |
33 |
|
34 |
shorewall is available with: |
35 |
|
36 |
apk_add shorewall |
37 |
|
38 |
Now as soon you reboot you would lose your configs so you would want to |
39 |
store it on floppy or usb. |
40 |
|
41 |
To add files to the save-to-writeable-media-list use: |
42 |
|
43 |
lbu_add FILE... |
44 |
|
45 |
for example: |
46 |
|
47 |
lbu_add /etc/resolv.conf /etc/network/interfaces /etc/ssl /etc/openvpn |
48 |
|
49 |
To really preform the write to floppy, use: |
50 |
|
51 |
lbu_commit floppy |
52 |
|
53 |
You could store configs to usb stick too but then you will need usbd. |
54 |
|
55 |
apk_add usbd |
56 |
/etc/init.d/usbd start |
57 |
modprobe ub |
58 |
lbu_commit usb |
59 |
|
60 |
Now next reboot, everythign in the lbu_add'ed files will be restored and |
61 |
all pacakges installed will be reinstalled during boot. |
62 |
|
63 |
make symblinks in /etc/rc2.d and add those links to local backup list |
64 |
with lbu_add and the services will be started too. |
65 |
|
66 |
For manpages on apk_add apk_delete and friends, visit |
67 |
http://apk-tools.sf.net |
68 |
|
69 |
I know atleast one person using this cd for openvpn. |
70 |
|
71 |
On ons, 2005-12-28 at 19:09 +0000, João Brázio wrote: |
72 |
> Dear Thierry, |
73 |
> It works great but now I've got another problem, I'm trying to compile |
74 |
> GNAP with nylon, a sock proxy and the following error occurs: |
75 |
> |
76 |
> File: myspecs/extensions.conf |
77 |
> extensions: nylon |
78 |
> |
79 |
> nylon/packlist: nylon libevent |
80 |
> nylon/cleanup: /usr/share |
81 |
> |
82 |
> Portage: |
83 |
> http://mirrors.tds.net/gentoo/snapshots/portage-20051227.tar.bz2 |
84 |
> |
85 |
> |
86 |
> # gnap_make -t extensions -e myspecs -p portage-20051227.tar.bz2 |
87 |
> GNAP Core Building tool gnap_make version 1.8.2 |
88 |
> * Checking parameters... |
89 |
> [ ok ] |
90 |
> * 'livecd-stage1' or 'extensions' was selected without 'stage3'. |
91 |
> * Should I use the seed stage as stage3 result ? [N]: y |
92 |
> * The following targets will be called: |
93 |
> * [extensions] |
94 |
> * Preparing portage snapshot... |
95 |
> [ ok ] |
96 |
> * [extensions] stage start... |
97 |
> [ ok ] |
98 |
> * Building nylon extension... |
99 |
> [ !! ] |
100 |
> * Extension build failed, see ./gnap_make-20051228.err and .out for |
101 |
> det [ !! ] |
102 |
> * Cleaning temporary directories... |
103 |
> [ ok ] |
104 |
> Build failed, try man gnap_make for more help |
105 |
> |
106 |
> |
107 |
> # cat gnap_make-20051228.err |
108 |
> >>> Regenerating /etc/ld.so.cache... |
109 |
> |
110 |
> |
111 |
> Performing Global Updates: /usr/portage/profiles/updates/4Q-2005 |
112 |
> (Could take a couple of minutes if you have a lot of binary |
113 |
> packages.) |
114 |
> .='update pass' *='binary update' @='/var/db move' |
115 |
> s='/var/db SLOT move' S='binary SLOT move' |
116 |
> p='update /etc/portage/package.*' |
117 |
> |
118 |
> |
119 |
> # cat gnap_make-20051228.out |
120 |
> ........................ |
121 |
> Calculating dependencies |
122 |
> |
123 |
> !!! Problem in sys-apps/portage dependencies. |
124 |
> !!! [Errno 38] Function not implemented: |
125 |
> '/var/cache/edb/dep//usr/portage/sys-apps/.update.8098.portage-2.0.53' |
126 |
> exceptions |
127 |
> Calculating dependencies |
128 |
> |
129 |
> !!! Problem in net-proxy/nylon dependencies. |
130 |
> !!! [Errno 38] Function not implemented: |
131 |
> '/var/cache/edb/dep//usr/portage/net-proxy/.update.8144.nylon-1.2-r2' |
132 |
> exceptions |
133 |
> Gentoo Catalyst, version 1.1.10.10 |
134 |
> Copyright 2003-2005 The Gentoo Foundation |
135 |
> Distributed under the GNU General Public License version 2 |
136 |
> |
137 |
> Using command line specified Catalyst configuration |
138 |
> file, /etc/catalyst/catalyst.conf |
139 |
> Setting storedir to config file value "/var/tmp/catalyst" |
140 |
> Setting portdir to default value "/usr/portage" |
141 |
> Setting distdir to config file value "/usr/portage/distfiles" |
142 |
> Setting options to config file value "pkgcache kerncache" |
143 |
> Setting sharedir to config file value "/usr/lib/catalyst" |
144 |
> Package cache support enabled. |
145 |
> Kernel cache support enabled. |
146 |
> |
147 |
> WARNING: No value set for key: grp/use |
148 |
> deleting key: grp/use |
149 |
> |
150 |
> Building natively for x86 |
151 |
> Checking for processes running in chroot and killing them. |
152 |
> Running command |
153 |
> "/bin/bash /usr/lib/catalyst/targets/support/kill-chroot-pids.sh" |
154 |
> Running action sequence: dir_setup |
155 |
> Setting up directories... |
156 |
> Running action sequence: unpack_and_bind |
157 |
> Unpacking stage tarball... |
158 |
> Running command "/bin/tar |
159 |
> xjpf /var/tmp/catalyst/builds/gnap/stage3-x86-20051228.tar.bz2 |
160 |
> -C /var/tmp/catalyst/tmp/gnap/grp-x86-20051228" |
161 |
> Unpacking portage tree snapshot... |
162 |
> Running command "/bin/tar xjpf /var/tmp/catalyst/snapshots/portage- |
163 |
> 20051228.tar.bz2 -C /var/tmp/catalyst/tmp/gnap/grp-x86-20051228/usr" |
164 |
> Configuring profile link... |
165 |
> Running command "rm |
166 |
> -f /var/tmp/catalyst/tmp/gnap/grp-x86-20051228/etc/make.profile" |
167 |
> Running command "ln |
168 |
> -sf ../usr/portage/profiles/uclibc/x86/hardened /var/tmp/catalyst/tmp/gnap/grp-x86-20051228/etc/make.profile" |
169 |
> Running action sequence: chroot_setup |
170 |
> Setting up chroot... |
171 |
> Running command |
172 |
> "cp /etc/resolv.conf /var/tmp/catalyst/tmp/gnap/grp-x86-20051228/etc" |
173 |
> Running command |
174 |
> "mv /var/tmp/catalyst/tmp/gnap/grp-x86-20051228/etc/hosts /var/tmp/catalyst/tmp/gnap/grp-x86-20051228/etc/hosts.bck" |
175 |
> Running command |
176 |
> "cp /etc/hosts /var/tmp/catalyst/tmp/gnap/grp-x86-20051228/etc/hosts" |
177 |
> Running command "rm |
178 |
> -f /var/tmp/catalyst/tmp/gnap/grp-x86-20051228/etc/make.conf" |
179 |
> Running action sequence: setup_environment |
180 |
> Running action sequence: run_local |
181 |
> Running command "/bin/bash /usr/lib/catalyst/targets/grp/grp.sh run |
182 |
> pkgset nylon 'nylon' 'libevent'" |
183 |
> |
184 |
> Traceback (most recent call last): |
185 |
> File "modules/grp_target.py", line 44, in run_local |
186 |
> cmd("/bin/bash "+self.settings["sharedir"]+\ |
187 |
> File "/usr/lib/catalyst/modules/catalyst_support.py", line 102, in |
188 |
> cmd |
189 |
> raise CatalystError,myexc |
190 |
> CatalystError: <unprintable instance object> |
191 |
> None |
192 |
> |
193 |
> !!! catalyst: GRP build aborting due to error. |
194 |
> |
195 |
> On 12/28/05, Thierry Carrez <koon@g.o> wrote: |
196 |
> João Brázio wrote: |
197 |
> |
198 |
> > I've been trying to configure GNAP as a VPN server without |
199 |
> any success. |
200 |
> > |
201 |
> > I want to allow 10 clients connected to the VPN server at |
202 |
> the same time |
203 |
> > and each one of them should have a different local IP |
204 |
> address. This is |
205 |
> > possible to do with a bridge. |
206 |
> |
207 |
> This is also possible to do without a bridge, using OpenVPN |
208 |
> 2.0 "server" |
209 |
> mode. See http://openvpn.net/howto.html |
210 |
> |
211 |
> > I need to create br0 bridge with eth0 with tap0. The problem |
212 |
> is that I |
213 |
> > can't see the interfaces when I do ifconfig -a altought i |
214 |
> can see |
215 |
> > /dev/net/tun so I think TUN/TAP module is loaded. |
216 |
> |
217 |
> GNAP vanilla kernel is missing bridge support. |
218 |
> |
219 |
> > Can this be done with a vanilla GNAP system ? |
220 |
> > How is supposed to use the USE_VPN flag on GNAP, p2p VPN or |
221 |
> a |
222 |
> > Server-to-many solution ? |
223 |
> |
224 |
> USE_VPN triggers the use of OpenVPN. It supports both modes. |
225 |
> |
226 |
> -- |
227 |
> Thierry Carrez (Koon) |
228 |
> GNAP Developer |
229 |
> -- |
230 |
> gentoo-embedded@g.o mailing list |
231 |
> |
232 |
> |
233 |
> |
234 |
> |
235 |
> -- |
236 |
> |
237 |
> Cumprimentos, |
238 |
> João Brázio. |
239 |
|
240 |
-- |
241 |
gentoo-embedded@g.o mailing list |