From owner-freebsd-embedded@freebsd.org Wed Aug 3 17:49:44 2016 Return-Path: Delivered-To: freebsd-embedded@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 91F0DBAD93D for ; Wed, 3 Aug 2016 17:49:44 +0000 (UTC) (envelope-from lmcadmin@server335.serverquality.com) Received: from server335.serverquality.com (server335.serverquality.com [158.85.233.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 6C7F11749 for ; Wed, 3 Aug 2016 17:49:44 +0000 (UTC) (envelope-from lmcadmin@server335.serverquality.com) Received: from lmcadmin by server335.serverquality.com with local (Exim 4.87) (envelope-from ) id 1bUzdv-003PQF-AC for freebsd-embedded@freebsd.org; Wed, 03 Aug 2016 12:07:43 -0500 To: freebsd-embedded@freebsd.org Subject: Courier was unable to deliver the parcel, ID00936007 X-PHP-Script: luthermemorialchicago.org/post.php for 85.25.196.201 Date: Wed, 3 Aug 2016 17:07:43 +0000 From: "FedEx 2Day" Reply-To: "FedEx 2Day" Message-ID: X-Priority: 3 MIME-Version: 1.0 X-ServerQuality-MailScanner-Information: Please contact the ISP for more information X-ServerQuality-MailScanner-ID: 1bUzdv-003PQF-AC X-ServerQuality-MailScanner: Not scanned: please contact your Internet E-Mail Service Provider for details X-ServerQuality-MailScanner-SpamCheck: X-ServerQuality-MailScanner-From: lmcadmin@server335.serverquality.com X-Spam-Status: No X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - server335.serverquality.com X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [1788 1797] / [47 12] X-AntiAbuse: Sender Address Domain - server335.serverquality.com X-Get-Message-Sender-Via: server335.serverquality.com: authenticated_id: lmcadmin/from_h X-Authenticated-Sender: server335.serverquality.com: michael.kaiser@luthermemorialchicago.org Content-Type: text/plain; charset=us-ascii X-Content-Filtered-By: Mailman/MimeDel 2.1.22 X-BeenThere: freebsd-embedded@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Dedicated and Embedded Systems List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Aug 2016 17:49:44 -0000 Dear Customer, Courier was unable to deliver the parcel to you. You can review complete details of your order in the find attached. Regards, Michael Kaiser, FedEx Support Agent. From owner-freebsd-embedded@freebsd.org Sat Aug 6 02:16:26 2016 Return-Path: Delivered-To: freebsd-embedded@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D573ABB0237; Sat, 6 Aug 2016 02:16:26 +0000 (UTC) (envelope-from adrian.chadd@gmail.com) Received: from mail-io0-x236.google.com (mail-io0-x236.google.com [IPv6:2607:f8b0:4001:c06::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id A18CA1FA5; Sat, 6 Aug 2016 02:16:26 +0000 (UTC) (envelope-from adrian.chadd@gmail.com) Received: by mail-io0-x236.google.com with SMTP id m101so314979357ioi.2; Fri, 05 Aug 2016 19:16:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:from:date:message-id:subject:to; bh=Feeqx6m6vsHqBK2PhNdzdrPH2ULZXmXTYtyaCYJlj+Q=; b=rIZ8JVmpWeqFT/W70mu4dbJyxvK/MzdyPq8bwDMweXMIOhz72T4XOO4+VmhVZrvZkK S0n7guDOr3peRk0i6QeSIBfS09446QLFI0rcnRqBn7fQnS0Mku4IHT7vuONOyY06YzSC FximvuhSkcWdKVm+LP7x5S8YVhJ6wA7weeF+IbabKDuD8+U7cKfOYVBTOuAj+qd8nLD4 eMN0O/beY2M5rkNcdDezT1sn2LQ53hOZRuNw1kSsmAX0j2zMmadT7LtW17JxVhmRcEFX owcNs4Q1+LfBB2mUBnpZDH8eq00kwH9XxCNJAAvqGFK98m3wb4rfPhVSQPhLQgLaGFMK Gt9Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:from:date:message-id:subject :to; bh=Feeqx6m6vsHqBK2PhNdzdrPH2ULZXmXTYtyaCYJlj+Q=; b=R+Oav1KGKd9Ar/wCvD2ZGX14sbPFerMMZSp0B8w6g9oYd5S1Is7WD4JfP8lITkBND7 Y/opAOY4thy+OA7T6edbSzCzyV1VuV5mySnbmj2NuxdiIL/DtVtM8RD8sKihFaKIqvw7 0WeBohqCv7KYoegmK7sf/wbwQHZoV8xuJW9V29jlnzk3I7kQCdmWDLsfKA0YTgbQyUpc yyVskRVgaCRM8H9jdplQMK+N2M1SbNH3IfgF0xQ5ysA35lhN7+gCtAVqmCXJzArjtaiJ tiScVSJsOAeI428HeujRF10jGGWn2R+M5H+MRAhk8YGRdYku/4jp1AuNuWY9mb4rOJuJ sLvQ== X-Gm-Message-State: AEkoouuIaYaGJ6EHSS8HxHiOZrC6r94pzIs3VcfqdJl1JS6b8G3D0koBjH96w8l4WbBSH+R7H+hqbbQvai2eXw== X-Received: by 10.107.15.229 with SMTP id 98mr38684282iop.123.1470449784894; Fri, 05 Aug 2016 19:16:24 -0700 (PDT) MIME-Version: 1.0 Sender: adrian.chadd@gmail.com Received: by 10.36.141.129 with HTTP; Fri, 5 Aug 2016 19:16:24 -0700 (PDT) From: Adrian Chadd Date: Fri, 5 Aug 2016 19:16:24 -0700 X-Google-Sender-Auth: 72uJbtRxQcnsaryhqZR6E5hdUz0 Message-ID: Subject: freebsd-wifi-build is now building some cross-ports, acting as a NAT gateway, and can be an openvpn client To: "freebsd-mips@freebsd.org" , "freebsd-embedded@freebsd.org" Content-Type: text/plain; charset=UTF-8 X-BeenThere: freebsd-embedded@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Dedicated and Embedded Systems List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 06 Aug 2016 02:16:26 -0000 hiya, I've been working on adding some very basic (shell-driven! yay!) cross building support to cross build the handful of things that I'd like to put on these routers. I now have dropbear, dnsmasq, lua, liblzo2 and openvpn cross compiling in my little environment, using the cross compiler packages and metadata that bapt setup a while ago. It's not using the port framework itself; just the pre-built compilers that bapt has put together to cross-build things like buildworld/buildkernel. My eventual eventual aim is to be able to use the external gcc toolchain to cross build both the kernel/world /and/ packages - which isn't much more work, I just haven't committed it yet. But, I digress. So, I now have a git branch with this enabled for two builds - the carambola2 and the tl-wdr3600/4300. Others are easy to do - just look at the config files and add in the ports targets and build steps. It'll then automagically get done for you as part of building. I've added in enough hooks to allow: * normal bridging mode; * simple NAT config (using in-kernel nat + ipfw2) for a LAN/WAN scenario; * being able to run an openvpn client (with a client config generated with in-line certificates); * being able to NAT the openvpn client session; * being able to /disable/ non-VPN traffic from going public (ie, LAN traffic doesn't make it out the WAN interface, so data doesn't leak); * runs ntpdate periodically to get the clocks in sync; * run an interface in STA mode so it can connect to an AP - open and wpa/wpa2 are currently supported. All of this work is in the increasingly incorrectly named branch 'ahc_20160611_add_pkgbuilding' in github.com/erikarn/freebsd-wifi-build . I'd like to merge this to the trunk branch soon so I'd appreciate some testing. https://github.com/erikarn/freebsd-wifi-build/tree/ahc_20160611_add_pkgbuilding is the direct link to the branch. So, I'd appreciate feedback and testing, even if it's just "it still works, and I get dropbear!". Since I really haven't updated the documentation yet, here's my example config file. You can see how to flip on/off things. === system_hostname="freebsd-tl-wdr4300" # Modules to load kernel_modules="bridgestp if_bridge random ipfw libalias ipfw_nat if_gre if_gif if_vlan if_tap if_tun" # Services to start services_list="dropbear dnsmasq openvpn" forwarding_enable="YES" firewall_nat_enable="YES" firewall_nat_alias_interface="wlan0" firewall_nat_public_interface="wlan0" firewall_nat_deny_in="YES" firewall_nat_log="YES" # Don't allow lan/wan traffic between bridge0 out via wlan0 # (ie, it has to go via a VPN) firewall_nat_block_lan_wan="bridge0" # Configure openvpn; have it do NAT for us openvpn_enable="YES" openvpn_config="/etc/cfg/openvpn-client.conf" openvpn_nat_enable="YES" openvpn_nat_rule_id="100" # Enable dnsmasq for DHCP/DNS dnsmasq_enable="YES" dnsmasq_dns_enable="YES" dnsmasq_listen_interface="bridge0" dnsmasq_dhcp_ipv4_range="192.168.13.65,192.168.13.127,24h" # dropbear configuration dropbear_enable="YES" dropbear_listen_address="192.168.13.1:22" # These interfaces are configured in-order network_interfaces="arge1 wlan0 wlan1 bridge0" # Create arge1, no interface address netif_arge1_enable="YES" netif_arge1_type="ether" netif_arge1_addrtype="none" netif_arge1_descr="default" netif_arge1_name="arge1" netif_arge0_enable="YES" netif_arge0_type="ether" netif_arge0_addrtype="none" netif_arge0_descr="default" netif_arge0_name="arge0" netif_wlan0_enable="YES" netif_wlan0_type="wifi" netif_wlan0_addrtype="dhcp" netif_wlan0_name="wlan0" # for wpa/wpa network #netif_wlan0_wifi_sta_ssid="SSID" #netif_wlan0_wifi_sta_passphrase="PSKTIME" # for open network - ssid, then key_mgmt=NONE netif_wlan0_wifi_sta_ssid="FLAMINGO" netif_wlan0_wifi_sta_key_mgmt="NONE" netif_wlan0_wifi_mode="sta" netif_wlan0_wifi_parent="ath0" # configure up a hostap instance netif_wlan1_enable="YES" netif_wlan1_type="wifi" netif_wlan1_wifi_mode="hostap" netif_wlan1_descr="default" netif_wlan1_addrtype="none" netif_wlan1_name="wlan1" netif_wlan1_wifi_parent="ath1" netif_wlan1_wifi_channel="40:ht/20" netif_wlan1_wifi_country="US" netif_wlan1_wifi_hostap_ssid="TPLINK-5GHZ" netif_wlan1_wifi_hostap_wpa_passphrase="HAHAHAHAHAHAHAH" netif_wlan1_wifi_hostap_wpa_mode=3 netif_wlan1_wifi_hostap_wpa_key_mgmt="WPA-PSK" netif_wlan1_wifi_hostap_wpa_pairwise="CCMP TKIP" # Create a bridge, flip on an IPv4 static address netif_bridge0_type="bridge" netif_bridge0_addrtype="static" netif_bridge0_descr="default" netif_bridge0_name="bridge0" # These are bridge members w/ STP enabled netif_bridge0_members_stp="arge0 arge1 wlan1" # These are bridge members w/ STP disabled netif_bridge0_members="" netif_bridge0_ipv4_address="192.168.13.1" netif_bridge0_ipv4_netmask="255.255.255.0" # Set LEDs sysctl_list="ath_1_softled ath_1_ledon ath_1_ledpin" sysctl_ath_1_softled="dev.ath.1.softled=1" sysctl_ath_1_ledpin="dev.ath.1.ledpin=1" sysctl_ath_1_ledon="dev.ath.1.ledon=1" === thanks! -a