Menu
What's new
By:
Filters Better Search

RT-AC87U - 384.13_10 : Use openvpn-openssl 2.5.4-1 from entware possible?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Matteo Guglielmi

Matteo Guglielmi

Regular Contributor
Dear forum,

despite the router not being supported anymore by merlin's fw, I would need to update the version of my openvpn server.

I noticed that I could install openvpn 2.5.X from entware:

Code: 
admin@BRTO3:/tmp/home/root# opkg list openvpn-openssl
openvpn-openssl - 2.5.4-1 - Open source VPN solution using OpenSSL

and that openvpn seems to be started using a simple symbolic link which currently points to merlin's openvpn:

Code: 
admin@BRTO3:/tmp/home/root# ps | grep openvpn
  784 admin     5592 S    /etc/openvpn/vpnserver1 --cd /etc/openvpn/server1 --config config.ovpn
  786 admin     5244 S    /etc/openvpn/vpnserver1 --cd /etc/openvpn/server1 --config config.ovpn
 2803 admin     4728 R    grep openvpn
admin@BRTO3:/tmp/home/root# ll /etc/openvpn/vpnserver1
lrwxrwxrwx    1 admin    root            17 Mar 28 03:02 /etc/openvpn/vpnserver1 -> /usr/sbin/openvpn*

Is there a way to update such link so that it will point to entware's openvpn binary?

Thank you.
 
You could try creating a /jffs/scripts/openvpnserver1.postconf file as follows:
Code: 
#!/bin/sh
ln -sf /opt/sbin/openvpn /etc/openvpn/vpnserver1
This assumes that Entware is already mounted when the VPN server starts.

But I don't think this will work as a direct replacement because /opt/sbin/openvpn would need to run against the Entware libraries rather than the default firmware libraries. You might have to move your VPN server config fully over to Entware (/opt/etc/openvpn) and not use the Asus GUI at all.
 
ColinTaylor said:
You could try creating a /jffs/scripts/openvpnserver1.postconf file as follows:
Code: 
#!/bin/sh
ln -sf /opt/sbin/openvpn /etc/openvpn/vpnserver1
This assumes that Entware is already mounted when the VPN server starts.

But I don't think this will work as a direct replacement because /opt/sbin/openvpn would need to run against the Entware libraries rather than the default firmware libraries. You might have to move your VPN server config fully over to Entware (/opt/etc/openvpn) and not use the Asus GUI at all.
Click to expand...
Well it works but the way Entware compiled openvpn is quite different from merlin's fw way.

In particular, all the following options are set to off in Entware:

enable_iproute2=yes
enable_management=yes
enable_plugin_auth_pam=yes
enable_plugin_down_root=yes
enable_plugins=yes
enable_server=yes

Do you know how to create custom Entware packages?

(I'm currently looking for some howto...)
 
You must log in or register to reply here.

Similar threads

T
openvpn issue
Replies
4
Views
1K
ColinTaylor
C
B
ASUS RT-AC86U as VPN server - how to route client network to server LAN
Replies
2
Views
4K
BosseSwede
B
D
BRT-AC828 Questions wrt firmware compilation and fixing OpenVPN issue
Replies
14
Views
3K
RMerlin
RMerlin
C
Asus RT-AC86U and Debian Bullseye + Nextcloud
2 3
Replies
45
Views
8K
Darkje
D
S
OpenVPN LAN to LAN: bad source address from client [172.26.1.78], packet dropped
Replies
3
Views
2K
sverker
S
Similar threads
Thread starter Title Forum Replies Date
Marty RT-AC87U & OpenVPN: Using insecure hash algorithm in CA Sig ASUS Wireless 6
WhoYaGonnaCall OpenVPN Performance vs router models ASUS Wireless 2
S Configure ASUS OpenVPN server to allow client-client access ASUS Wireless 2

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 921 (members: 25, guests: 896)
Top