Running GroupVPN on OpenWRT Emulator
These instructions are for Ubuntu 12.04 or Debian Wheezy
This uses Qemu mipsel to run OpenWRT malta (designed specifically for Qemu)
-
Install qemu and necessary utils
sudo apt-get update sudo apt-get install qemu-system qemu-user qemu-utils
-
Download OpenWRT malta kernel image
wget http://downloads.openwrt.org/attitude_adjustment/12.09-rc1/malta/generic/openwrt-malta-le-vmlinux.elf
-
Run OpenWRT image on Qemu (make sure you use ```-nographic`` flag)
qemu-system-mipsel -kernel openwrt-malta-le-vmlinux.elf -m 256 -nographic
-
Run DHCP on bridge interface br-lan to get internet connectivity and set up DNS server
udhcpc -i br-lan echo "nameserver 8.8.8.8" >> /etc/resolv.conf
-
Update packages list and install dependencies
sed -i 's/le/generic/g' /etc/opkg.conf sed -i 's/\/overlay/\/tmp/g' /etc/opkg.conf opkg update; opkg install python-mini librt libstdcpp kmod-tun kmod-ipv6 libpthread wget
-
Download GroupVPN and extract for OpenWRT
wget -O ipop-openwrt-malta_14.01.tgz http://goo.gl/iXB3LJ tar xvzf ipop-openwrt-malta_14.01.tgz cd ipop-openwrt-malta_14.01 -
Update
config.json. It is important to include the following configurations in yourconfig.jsonfile, you have to enable router_mode, along withrouter_ip4_mask,router_ip6_mask,subnet_mask, androuter_ip. It should looks as the following:{ "ip4": "192.168.1.0", "xmpp_username": "username@gmail.com", "xmpp_host": "talk.google.com", "xmpp_password": "password", "router_mode": true, "router_ip": "192.168.0.0", "router_ip4_mask": 16, "router_ip6_mask": 64, "subnet_mask": 24 }-
ip4: should be set to the subnet of the local LAN, you can find that information underect/config/dhcp -
router_mode: should be set to true -
router_ip: should be the network that IPOP will handle -
router_ip4_mask: IPv4 network mask -
router_ip6_mask: IPv6 network mask -
subnet_mask: network mask for the router
-
-
Configure your OpenWRT system by adding the GroupVPN interface (ipop) to the network file, this network is configured for 192.168.0.0/16 therefore any packet destined for that subnet will be sent to ipop interface.
cat <<EOF >> /etc/config/network config interface ipop option ifname ipop option proto static option ipaddr 192.168.0.0 option netmask 255.255.0.0 EOF
cat <<EOF >> /etc/config/firewall config zone option name ipop option network 'ipop' option input ACCEPT option output ACCEPT option forward ACCEPT config forwarding option src ipop option dest lan EOF
-
Launch ipop-tincan (
-ntflag is really important for this setup to disable translation)./ipop-tincan -nt 1> out.log 2> err.log &
-
Start the appropriate controller
./gvpn_controller.py -c config.json &> log.txt &
-
Check on the current status of your network using netcat
echo -e '\x02\x01{"m":"get_state"}' | netcat -q 1 -u 127.0.0.1 5800 ```
-
Check the network devices and ip address for your device
/sbin/ifconfig ipop
Run GroupVPN on another machine using same credentials and they will connect with each other.
-
Kill GroupVPN
ps kill <process-id-of-ipop-tincan> kill <process-id-of-gvpn_controller.py>
It is common practice to use a watchdog process to monitor and respawn long running processes. We have designed a simple watchdog process that spawns ipop-tincan and respawns it up to three times if necessary.
Our watchdog process automatically starts the ipop-tincan, so that you do not have to run it separately. (the path of the binary should be specified in configuration file). If the ipop-tincan crashes or is not responding, the watchdog process terminates the ipop-tincan process and starts it as a new process.
sudo ./watchdog.py -c config.json