howdy all!
I am totally blown away by openwrt. I have been playing with it all day now -lol

anyhow, I have some questions..

I am using nico's firmware with the tun support in it. I installed openvpn and try running it and get an error saying there's no /dev/net/tun file. I researched this and tried using mknod command to create one but there is no mknod with the busybox...there a way to creat the /dev/net/tun using mkfifo?

any suggestions?

I don't mind using openswan, but openvpn is so much easier when nating and other firewall bs that you cant control...

Hi,
AFAIK openvpn can create the needed tun device. However I am planning to have openvpn running this night on my wrt54g so I am going to drop you an eMail as soon as I have a setup running.

     Thomas

Hi,

the /dev/net/nut appears when you load the module, thanks to devfs.

--
Nico

that was it Nico, I had to insmod /lib/modules/2.4.20/tun.o

I installed Nico's tun-module, base-system, and openvpn from his site. I created /etc/openvpn to store all my stuff in.

I didn't see a modules.conf anywhere. So to get around that and load up my tunnel, I put the following at the bottom of /etc/init.d/rcS

insmod /lib/modules/2.4.20/tun.o
/usr/bin/dropbear
cd /etc/openvpn
/etc/openvpn/seymour.sh &
sleep 10
/etc/openvpn/seymour-route.sh

Here's my scripts contents...
/etc/openvpn/seymour.sh

openvpn --port 5009 --ping 15 --comp-lzo --float --remote "ip of remote server" --dev tun1 --ifconfig 10.4.0.9 10.4.0.1 --verb 5 --secret /etc/openvpn/key

/etc/openvpn/seymour-route.sh

route add -net 10.10.0.0 netmask 255.255.0.0 gw 10.4.0.1
route add -net 192.168.1.0 netmask 255.255.255.0 gw 10.4.0.1

My next step would be to pipe all traffic through the tunnel. I want to use these at some of our remote sites to tunnel all the traffic through using wrt54g's.

works like a champ aside from some errors. I am tunneling to a 1.6 version of openvpn. I need to figure out the whole cert ssl stuff as version 2 of openvpn won't let you use static keys anymore

So 2 questions on this post..
Is there a better way to load the tun module at startup?
How can I route ALL the traffic through tun1?

Thank you very much Nico for putting this stuff together.

1. No, there is no such thing like /etc/modules.conf. You have to load modules by script or commandline, but you can leave out the path, if the modules are stored in /lib/modules/`uname -r`
2. Maybe if you set up a default route through tun1? To force connections to go through tun1, you can reject traffic at the "physical" interface with iptables and start syslogd with logfile i.e. /tmp/messages *and* "klogd -c1" to see the traffic trying to pass around tun1.
But beware, don't lock yourself out of the box ;-)

Only suggestions, maybe they are helpful.