OpenVPN

Openvpn, for those that are unfamiliar with it, is an excellent point-to-point VPN software package.

I tried it out in an environment where both ends were Fedora Core Linux systems and the installation went extremely well. In fact, it was almost simple. 🙂 The tough part was getting the configuration fine-tuned enough such that it would be both secure yet easy to use.

The real key was an article in SysAdmin that covered how someone installed OpenVPN on a Linux server, and built a customized OpenVPN install on a Windows desktop system using the NullSoft Install System.

It was not long before the environment was completely off of the Cisco VPN hardware (part of the PIX) and fully on OpenVPN. The trick, however, was battling the situation where the single Linux server was down for one reason or another (a failed mirrored drive). The only secondary system that was available was a Solaris 8 system which is the predominant system in our environment anyhow.

So, I set about getting OpenVPN up and running. Unfortunately, Solaris 8 does not have a built in tunnel device (aka: tun) that OpenVPN requires. The documentation within the OpenVPN readme was a little misleading:

* Solaris

For 64 bit, I used the tun-1.1.tar.gz source and compiled it.

Of course there is a but 🙂
In the tun-1-1\solaris\Makefile I changed a line so it compiles with 64 bit

CFLAGS = $(DEFS) -m64 -O2 -Wall -D_KERNEL -I.

I just added -m64 and it worked.

The tun driver works fine as said previously, however we noticed there is a minor problem when creating multiple tunnels on Solaris.
Mr Tycho Fruru changed the code in tun.c file where he locked the tun device number to -1. This way it is impossible to specify the name of the tun device but it is still possible to have multiple devices.
The modification will increment automatically meaning starting from tun0 —> tunX I know you are not responsible for the tun coding but if you think the modification can be useful for you feel free to use it.

http://openvpn.net/solaris/tun.c

Now, that tells me that you need to add the option to the CFLAGS to build it as a 64-bit binary and that, if you are creating multiple tunnels, you need to patch the tun.c file.

BZZT. Wrong. You need to do both if you want to do anything with the device, otherwise Solaris will not make any of the /dev/tun* devices, and, hence, OpenVPN will not work.

Of course, that minor difference in terminology resulted in about 4 business days of effort on-again/off-again effort to get OpenVPN working on Solaris 8.

Another individual contacted me regarding his troubles getting the “tun” driver to build and install properly under Solaris 8, and I helped walk him through it. Oddly, he couldn’t even get it to compile (through no failure of his own)! I sent him a tar file of my patched and compiled version and he was able to get things up! So, I thought I would make it available here (not sure why, but wordpress stripped out some of the periods.  The file should be named tun-1.1-patched.tar.gz). Perhaps I was lucky (seems that way) to get it to compile.

Leave a Reply