Overview

OpenVPN requires lzo, zlib, and openssl. All are statically linked for easier deployment. This DroboApp requires the TUN/TAP kernel module.

Preparation

Make sure you have a cross-compiling virtual machine properly setup.

Compilation

First you have to compile the kernel modules required. To do that, look at the TUN/TAP section in here.

export DEST=/mnt/DroboFS/Shares/DroboApps/portmap
cd ~/code

mkdir -p $DEST/modules
cd kernel
cp drivers/net/tun.ko $DEST/modules
cd ..

wget -O lzo-2.06.tar.gz http://www.oberhumer.com/opensource/lzo/download/lzo-2.06.tar.gz
tar zxf lzo-2.06.tar.gz
cd lzo-2.06/
CFLAGS="$CFLAGS -Os -mthumb -ffunction-sections -fdata-sections" LDFLAGS="$LDFLAGS -Wl,--gc-sections" ./configure --host=arm-none-linux-gnueabi --prefix=$DEST
make clean && make
LZO=`pwd`
cd ..

wget -O zlib-1.2.7.tar.gz http://zlib.net/zlib-1.2.7.tar.gz
tar zxf zlib-1.2.7.tar.gz
cd zlib-1.2.7
CFLAGS="$CFLAGS -Os -mthumb -ffunction-sections -fdata-sections" LDFLAGS="$LDFLAGS -Wl,--gc-sections" ./configure --prefix=$DEST --static
make clean && make
ZLIB=`pwd`
cd ..

wget -O openssl-1.0.1c.tar.gz http://www.openssl.org/source/openssl-1.0.1c.tar.gz
tar zxf openssl-1.0.1c.tar.gz
cd openssl-1.0.1c
./Configure linux-generic32 -DL_ENDIAN --prefix=$DEST --openssldir=$DEST/etc/ssl no-shared no-zlib-dynamic --with-zlib-include=$ZLIB --with-zlib-lib=$ZLIB
sed -i -e "s/\-O3/${CFLAGS} -Os -mthumb -ffunction-sections -fdata-sections/g" Makefile
make clean && LDFLAGS="$LDFLAGS -Wl,--gc-sections" make && make install_sw
rm -fr $DEST/include $DEST/lib
OPENSSL=`pwd`
cd ..

wget -O openvpn-2.2.2.tar.gz http://swupdate.openvpn.org/community/releases/openvpn-2.2.2.tar.gz
tar zxf openvpn-2.2.2.tar.gz
cd openvpn-2.2.2
CFLAGS="$CFLAGS -Os -mthumb -ffunction-sections -fdata-sections" LDFLAGS="$LDFLAGS -Wl,--gc-sections" ./configure --host=arm-none-linux-gnueabi --prefix=$DEST --with-lzo-headers=$LZO/include --with-lzo-lib=$LZO/src/.libs --with-ssl-headers=$OPENSSL/include --with-ssl-lib=$OPENSSL
make clean && make && make install
$STRIP -s -R .comment -R .note -R .note.ABI-tag $DEST/bin/*
$STRIP -s -R .comment -R .note -R .note.ABI-tag $DEST/sbin/*

Packaging

cd $DEST
mkdir -p var/log var/run var/empty
wget -O service.functions http://www.droboports.com/app-repository/service.functions
wget -O service.sh http://www.droboports.com/app-repository/openvpn-2-2-2/service.sh
wget -O etc/server.ovpn.default http://www.droboports.com/app-repository/openvpn-2-2-2/server.ovpn.default
wget -O etc/client.ovpn.default http://www.droboports.com/app-repository/openvpn-2-2-2/client.ovpn.default
chmod a+x service.sh
chmod -R g+w etc var
~/bin/package.sh

Installing

Download the TGZ file below and place it in you DroboApps share. If you do not have SSH access, reboot your Drobo. Otherwise, SSH in and type:

/usr/bin/DroboApps.sh install

Final remarks

The default configuration uses the static key example from the OpenVPN site. To test the configuration, just copy etc/client.ovpn.default (rename it to client.ovpn) and etc/static.key to your client in the same folder. Edit the first line of client.ovpn to match the name of your DroboFS, and connect. Although easy to test, the static key configuration is not advisable as a permanent solution.

From a security point-of-view, this DroboApp exposes port 1194 to the local network, but runs itself as 'nobody' and chroots itself in var/empty. In any case, exposing it to the internet should be carefully considered before hardening the configuration.

Please visit the DroboSpace forums to leave your comments, suggestions and feedback.