Date: Fri, 5 Aug 2016 19:16:24 -0700 From: Adrian Chadd <adrian@freebsd.org> To: "freebsd-mips@freebsd.org" <freebsd-mips@freebsd.org>, "freebsd-embedded@freebsd.org" <freebsd-embedded@freebsd.org> Subject: freebsd-wifi-build is now building some cross-ports, acting as a NAT gateway, and can be an openvpn client Message-ID: <CAJ-VmokcEfK-=mvrLrbMsy2ZFRaRFruzfokTbBBFo-UwUoK7Tw@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
hiya, I've been working on adding some very basic (shell-driven! yay!) cross building support to cross build the handful of things that I'd like to put on these routers. I now have dropbear, dnsmasq, lua, liblzo2 and openvpn cross compiling in my little environment, using the cross compiler packages and metadata that bapt setup a while ago. It's not using the port framework itself; just the pre-built compilers that bapt has put together to cross-build things like buildworld/buildkernel. My eventual eventual aim is to be able to use the external gcc toolchain to cross build both the kernel/world /and/ packages - which isn't much more work, I just haven't committed it yet. But, I digress. So, I now have a git branch with this enabled for two builds - the carambola2 and the tl-wdr3600/4300. Others are easy to do - just look at the config files and add in the ports targets and build steps. It'll then automagically get done for you as part of building. I've added in enough hooks to allow: * normal bridging mode; * simple NAT config (using in-kernel nat + ipfw2) for a LAN/WAN scenario; * being able to run an openvpn client (with a client config generated with in-line certificates); * being able to NAT the openvpn client session; * being able to /disable/ non-VPN traffic from going public (ie, LAN traffic doesn't make it out the WAN interface, so data doesn't leak); * runs ntpdate periodically to get the clocks in sync; * run an interface in STA mode so it can connect to an AP - open and wpa/wpa2 are currently supported. All of this work is in the increasingly incorrectly named branch 'ahc_20160611_add_pkgbuilding' in github.com/erikarn/freebsd-wifi-build . I'd like to merge this to the trunk branch soon so I'd appreciate some testing. https://github.com/erikarn/freebsd-wifi-build/tree/ahc_20160611_add_pkgbuilding is the direct link to the branch. So, I'd appreciate feedback and testing, even if it's just "it still works, and I get dropbear!". Since I really haven't updated the documentation yet, here's my example config file. You can see how to flip on/off things. === system_hostname="freebsd-tl-wdr4300" # Modules to load kernel_modules="bridgestp if_bridge random ipfw libalias ipfw_nat if_gre if_gif if_vlan if_tap if_tun" # Services to start services_list="dropbear dnsmasq openvpn" forwarding_enable="YES" firewall_nat_enable="YES" firewall_nat_alias_interface="wlan0" firewall_nat_public_interface="wlan0" firewall_nat_deny_in="YES" firewall_nat_log="YES" # Don't allow lan/wan traffic between bridge0 out via wlan0 # (ie, it has to go via a VPN) firewall_nat_block_lan_wan="bridge0" # Configure openvpn; have it do NAT for us openvpn_enable="YES" openvpn_config="/etc/cfg/openvpn-client.conf" openvpn_nat_enable="YES" openvpn_nat_rule_id="100" # Enable dnsmasq for DHCP/DNS dnsmasq_enable="YES" dnsmasq_dns_enable="YES" dnsmasq_listen_interface="bridge0" dnsmasq_dhcp_ipv4_range="192.168.13.65,192.168.13.127,24h" # dropbear configuration dropbear_enable="YES" dropbear_listen_address="192.168.13.1:22" # These interfaces are configured in-order network_interfaces="arge1 wlan0 wlan1 bridge0" # Create arge1, no interface address netif_arge1_enable="YES" netif_arge1_type="ether" netif_arge1_addrtype="none" netif_arge1_descr="default" netif_arge1_name="arge1" netif_arge0_enable="YES" netif_arge0_type="ether" netif_arge0_addrtype="none" netif_arge0_descr="default" netif_arge0_name="arge0" netif_wlan0_enable="YES" netif_wlan0_type="wifi" netif_wlan0_addrtype="dhcp" netif_wlan0_name="wlan0" # for wpa/wpa network #netif_wlan0_wifi_sta_ssid="SSID" #netif_wlan0_wifi_sta_passphrase="PSKTIME" # for open network - ssid, then key_mgmt=NONE netif_wlan0_wifi_sta_ssid="FLAMINGO" netif_wlan0_wifi_sta_key_mgmt="NONE" netif_wlan0_wifi_mode="sta" netif_wlan0_wifi_parent="ath0" # configure up a hostap instance netif_wlan1_enable="YES" netif_wlan1_type="wifi" netif_wlan1_wifi_mode="hostap" netif_wlan1_descr="default" netif_wlan1_addrtype="none" netif_wlan1_name="wlan1" netif_wlan1_wifi_parent="ath1" netif_wlan1_wifi_channel="40:ht/20" netif_wlan1_wifi_country="US" netif_wlan1_wifi_hostap_ssid="TPLINK-5GHZ" netif_wlan1_wifi_hostap_wpa_passphrase="HAHAHAHAHAHAHAH" netif_wlan1_wifi_hostap_wpa_mode=3 netif_wlan1_wifi_hostap_wpa_key_mgmt="WPA-PSK" netif_wlan1_wifi_hostap_wpa_pairwise="CCMP TKIP" # Create a bridge, flip on an IPv4 static address netif_bridge0_type="bridge" netif_bridge0_addrtype="static" netif_bridge0_descr="default" netif_bridge0_name="bridge0" # These are bridge members w/ STP enabled netif_bridge0_members_stp="arge0 arge1 wlan1" # These are bridge members w/ STP disabled netif_bridge0_members="" netif_bridge0_ipv4_address="192.168.13.1" netif_bridge0_ipv4_netmask="255.255.255.0" # Set LEDs sysctl_list="ath_1_softled ath_1_ledon ath_1_ledpin" sysctl_ath_1_softled="dev.ath.1.softled=1" sysctl_ath_1_ledpin="dev.ath.1.ledpin=1" sysctl_ath_1_ledon="dev.ath.1.ledon=1" === thanks! -a
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAJ-VmokcEfK-=mvrLrbMsy2ZFRaRFruzfokTbBBFo-UwUoK7Tw>