I'm a bit confused. How do I change the Certificates/Keys used? Do I have to regen the OS to do this.
I'm very interested in working through that process to learn, but you start with Building uClibc. I assume I first need to download some source library to a Linux box, and configure a cross compiler, but you skip over that step--I guess you assume that whomever is here would already know what to do here--I don't.
I'd like to add a SQUID PROXY to this to do some blocking of certain sites, so want to add to what you've put together here. . .
Can you point me in the right direction to get ready to start with Building uClibc?
Thanks.
The documentation on this sit
The documentation on this site assumes that you are familiar with the original Linksys source code (at least you should have successfully built the original Linksys firmware) before proceeding with my firmware modifications.
The OpenVPN certificate and keys used by my firmware are stored in NVRAM and can therefore be changed by setting the appropriate NVRAM values (see the configuration section of the documentation).
Squid might not fit into the firmware or might use too much RAM (I am not sure, but Squid definitely wasn't built for embedded devices in mind, but rather for big servers with lots of RAM and disk space).
How to change certificates?
I'm very excited about your distro for this product, and thank you for all of your support here.
I see the nvram command, which can set/show paths, and see that I can change a referenced file, and think I have it figured out. . .
I reread the instructions, and based on the paths, I went back and determined that /tmp is actually in NVRAM and you can write to these files. . .
Suggestion: Stating clearly that the user should create these files in /tmp/ with syntax on how to set the parameters in NVRAM using the /usr/sbin/nvram command, on the page (http://cmeerw.org/dev/book/view/119) where you reference those NVRAM keys would be very helpful to new users. . .
Suggestion: If you set up the boot scripts to look at a NVRAM key for the path to the openvpn.conf file, then check for the existance of that file, and if it does not exist, copy the default from firmware (i.e. /etc/openvpn.conf) to it (say /tmp/openvpn.conf). This way, you could reconfigure this file to allow static tunnels, reconfigure it to push DNS/DHCP info to the remote client, etc.
This would allow one to do site-to-site VPNs, or remote directly into the site using the Windows/Linux OpenVPN client.
Once I've got the development environment set up, I wouldn't think it would take me more than an hour to set this up, and create site-to-site tunnels with your distro. If you agree, you might even want to add it to your standard firmware.
By the way, I'd like to make a small contrubution to you for your work here--do you accept pay-pal?
Build-Install
I have built an image using the patches and configs from this site and downloaded it to the box (it comes up!)
Some issues:
1. Had to add symlinks to get busybox1.0 to compile
mipsel-linux-uclibc-ar
mipsel-linux-uclibc-gcc
mipsel-linux-uclibc-strip
Busybox added the "linux-uclibc" it seems everywhere else in the scripts, they are either linux or uclibc - not both...
2. I still have 2 show stopper issues:
a. I don't see anything in the patched scripts that installs openvpn and bird libs/exes into the cramfs (see them in the precompiled image, but looking in the source, I just don't see how they get there, nor do I see them compiled when I cat the whole thing to a log file (cd release/src ; make))
What am I missing?
b. I see that my other issue is enabling various services (most importantly telnet), having the same confusion as the prior poster in terms of mapping those config bits back to the nvram settings - that one I guess requires more reading... Any pointers are appreciated...
Thanks again,
/mike
Nvram - which doc?
Where do you see discussion of the nvram command... I have been doing recursive greps of the build area for most of the afternoon, obviously, I am missing something...
Thanks,
/mike