Compiling a specific version of openvpn-openssl with scramble feature enabled

osiaso · February 2, 2024, 6:20pm

I do use offline image builder for creating and customising openwrt image files.
That said there is a huge issue with the image builder when the user want to
include his own custom modified app inside the firmware image.

If the IB realises that the custom image provided has lower version from its default bundled version it does not honor the custom package and include its own instead.

What I need is as follows, I have downloaded the SDK and checked out the openwrt git repo for the version 23.05.2.
That said I added the required pacth files for version openvpn 2.5.x into the /openwrt/feeds/packages/net/openvpn/patches/ folder.

After a couple of hours struggling with modifying the .config file I realised that the Makefile for the OpenWRT SDK does set the version to 2.5.8-3 (PKG=3) while the IB does use (PKG=4) or version 2.5.8-4 package instead.

Since using the SDK for generating image or custom package files is a very cumbersome and time consuming, I am wondering if I can only and only compile and tweak the SDK to only compile and generate the openvpn-openssl with the provided patches for scrambled feature while using the version 2.5.8-4 which is not default one.

I presume once I generate my custom package which its version matches with the IB one, the IB will not replace and use its own bundled package instead.

There is an incomplete and simple tutorial or wiki for compiling a single package nano using the SDK with ncurses library as a prerequisite which is a way simpler than compiling the openvpn package that I am struggling with.

Since openvpn-openssl the compilation requires prior patching and version modification from the SDK default 2.5.8-3 to 2.5.8-4 (IB one) that I could not find any sources on implementing that.
In addition, the openvpn-openssl package is based on following packages, which should work in harmony with the original package version 2.5.8-4.
I am not sure if during the compilation I will get errors or warning on the based package minimum version requirement too or not and there packages might broke functioning if they do not match with the other packages that are their dependencies too!

The base packages are as follows
libc, kmod-tun, liblzo2, libopenssl3
I do not know how to compile the base or dependency packages since I do not know which folder they reside as well.

I am wondering if one could provide any of the followings,

[-a-] A trimmed version of the .config file that I can merge or substitute with my messy big .config file and generate the minimum of the required packages in the shortest time.

[-b-] Someone base on the tutorial
[OpenWrt Wiki] Building a single package
shows me how I can have that wiki adapted for the openvpn-openssl compilation, what would be the commands and what are their folders, how to change the version and apply pacthes.

Thanks

egc · February 2, 2024, 9:21pm

I compile from source and use the scramble patches.

I can see if I can compile a compatible openvpn package with scramble option for you if you want

osiaso · February 3, 2024, 5:02am

Thanks a lot I would be more than happy if you provide me one with version 2.5.8-4 working for Xiaomi R4A Gigabit International edition.

Target machine is as follows,
Architecture MediaTek MT7621 ver:1 eco:3
Target Platform ramips/mt7621

Since this device is very low-end I am wondering the

kmod-ovpn-dco

Enhances the performance dramatically or not, since the openvpn configs that I have to use is set to have "proto tcp" as a protocol so fast-io directive will not work, I am wondering if the kmod-ovpn-dco does have any affect for my case or not.
Thanks

egc · February 3, 2024, 6:55am

I will see what I can do, but will be tomorrow.

DCO is only for OpenVPN 2.6.
I tried it briefly with mixed results also had some crashes with it but there have been updates in the mean time so maybe it is better.
But unfortunately the scramble options are not compatible with DCO so even if DCO is compiled in you have to disable DCO (in openVPN config add: disable-dco)

On another note you where mentioning 2.5.8 package 3.
If you have checked out 23.0.5.2 you are stuck on Package 3.

You should checkout 23.05 Snapshot:

git checkout openwrt-23.05
git pull
/scripts/feeds update -a && ./scripts/feeds install -a

Then you will get the latest package 4
Even OpenWRT 23.05, which is stable, receives updates.
The update for OpenVPN from package 3 to 4 is a bugfix which is cherry picked from Main build (I know because I am the author an another bugfix is in the works, so we might go to package 5).

For the Record Information and patches for the OpenVPN scramble options can be found HERE

egc · February 3, 2024, 10:16am

See: https://we.tl/t-R96TfXvVbj

Use the mipsel_24kc\packages\openvpn-openssl_2.5.8-5_mipsel_24kc.ipk for your image builder.

Do not flash the whole build as it is not tested and will probably brick your router!

osiaso · February 3, 2024, 1:08pm

Thanks a lot I will integrate it into my IB system