Archive for November, 2011

L4 versus the world and sheevaplug

November 25, 2011 Leave a comment

The Story

For my master thesis I work with the L4 microkernel and it should run on the Sheevaplug. Sheevaplug is a small plug computer with an ARMv5TE with 1.2Ghz, 512MByte Ram and 512MByte Flash for the operating system.
L4 is a small Microkernel developed at the Technical University of Dresden, which allows to run operating systems on top of it, in a virtualized environment.

Setup chroot with debootstrap

I’m working on a Laptop with Ubuntu 11.04 on it, and since I had some problems building the L4 stuff on it, I’m using a chroot environment which runs Debian Squeeze 32Bit. To setup this toolchain you have to follow these steps

  1. Open a shell and install debootstrap, sudo apt-get install debootstrap
  2. Call the following commands to create the new chroot
    sudo su
    cd /opt
    mkdir squeeze_chroot
    debootstrap --arch i386 squeeze squeeze_chroot

    It takes some time until the chroot is created. When it’s done call the following commands still as root to get procfs and sysfs in your chroot

    echo "proc /opt/squeeze_chroot/proc proc defaults 0 0" >> /etc/fstab
    mount proc /opt/squeeze_chroot/proc -t proc
    echo "sysfs /opt/squeeze_chroot/sys sysfs defaults 0 0" >> /etc/fstab
    mount sysfs /opt/squeeze_chroot/sys -t sysfs
    cp /etc/hosts /opt/squeeze_chroot/etc/hosts
  3. When everything is setup you can change into your newly created chroot by calling chroot /opt/squeeze_chroot /bin/bash
  4. !!!Everything that follows, is executed in the chroot, we do not use the main system anymore!!!
  5. Cross Compiling Toolchain

    Now that we are done setting up the chroot, it’s time to install our toolchain. The Sheevaplug is an ARM based device, thus we need a cross compiling toolchain. But don’t be scared the days are over where you have to compile your toolchain. With EmDebian, the Debian project provides a repository with a ready to use arm toolchain.

  6. Add the following line to your /etc/apt/sources.list file
    deb squeeze main
  7. Now you should be able to install all tools you need, by running apt-get install gcc-4.4-arm-linux-gnueabi g++-4.4-arm-linux-gnueabi binutils-arm-linux-gnueabi
  8. Now we have to set some softlinks so that our build scripts later can find the toolchain
    ln -s /usr/bin/arm-linux-gnueabi-ar /usr/bin/arm-linux-ar
    ln -s /usr/bin/arm-linux-gnueabi-as /usr/bin/arm-linux-as
    ln -s /usr/bin/arm-linux-gnueabi-cpp /usr/bin/arm-linux-cpp
    ln -s /usr/bin/arm-linux-gnueabi-g++ /usr/bin/arm-linux-g++
    ln -s /usr/bin/arm-linux-gnueabi-gcc /usr/bin/arm-linux-gcc
    ln -s /usr/bin/arm-linux-gnueabi-ld /usr/bin/arm-linux-ld
    ln -s /usr/bin/arm-linux-gnueabi-nm /usr/bin/arm-linux-nm
    ln -s /usr/bin/arm-linux-gnueabi-objcopy /usr/bin/arm-linux-objcopy
    ln -s /usr/bin/arm-linux-gnueabi-objdump /usr/bin/arm-linux-objdump
    ln -s /usr/bin/arm-linux-gnueabi-ranlib /usr/bin/arm-linux-ranlib
    ln -s /usr/bin/arm-linux-gnueabi-readelf /usr/bin/arm-linux-readelf
    ln -s /usr/bin/arm-linux-gnueabi-strip /usr/bin/arm-linux-strip
  9. That’s it the cross compiling toolchain is setup… easy right?!

Get L4re + Fiasco + L4Linux

Before we can build the L4 kernel we need some software

  1. Call apt-get install make gawk g++ binutils pkg-config subversion uboot-mkimage to get the software we need to build L4.
  2. Now that we have installed svn we can checkout the L4 repository, change to /opt and call svn cat | perl - init fiasco l4re to check out the L4re.
  3. Then change into the newly checked out ‘src’ directory and call
    svn co l4linux
  4. In addition to the L4RE, Fiasco and L4Linux we need some modules that are not in the default ‘checkout’. Change into the directory /opt/src/l4/pkg and call
    svn update drivers l4re_vfs libloader loader shmc drivers-frst l4sys libsigma0 log sigma0 acpica fb-drv l4util libstdc++-headers lua uclibc boehm_gc hello ldscripts libstdc++-v3 lxfuxlibc uclibc-headers bootstrap input ldso libstdc++-v3-minimal mag uclibc-minimal crtn io libc_backends libsupc++ mag-gfx x86emu cxx l4re libio-io libsupc++-minimal moe cxx_libc_io l4re_c libirq libvbus ned cxx_thread l4re_kernel libkproxy libvcpu rtc

    It is very important to have all these packets, otherwise the L4Linux will not build/run. When you want to check which additional packets are available you can browse the repository with your webbrowser. The url is
  5. One thing we still need is a ramdisk, get the latest one from the website of TU Dresden, by executing wget -O /tmp/ramdisk-arm.rd
  6. Now we have everything we need and can go to the next chapter…

Building L4Re, the runtime environment

First of all we build the L4Re which is necessary for all following steps.

cd /opt/src/l4
make B=/opt/arm/l4re
make O=/opt/arm/l4re config
# Set 'Target architecture' to 'ARM architecture'
# and 'CPU variant' to 'ARMv5TE type CPU'
make O=/opt/arm/l4re

Building Fiasco, the L4 microkernel

Now it’s time to build the L4 microkernel, just type the following commands

cd /opt/src/kernel/fiasco
make BUILDDIR=/opt/arm/fiasco'
cd /opt/arm/fiasco
make config
# Change 'Architecture' to 'ARM processor family'
# and 'Platform' to 'Marvell Kirkwood platform'

Building L4Linux, the Linux Kernel (3.0.0)

Finally we have to build the Linux kernel

cd /opt/src/l4linux
mkdir /opt/arm/l4linux
make L4ARCH=arm O=/opt/arm/l4linux arm_defconfig
make L4ARCH=arm O=/opt/arm/l4linux menuconfig
# Go to 'L4Linux configuration' and set 'L4 tree build directory'
# to '/opt/arm/l4re' !!!IMPORTANT!!!
export CROSS_COMPILE=arm-linux-
export ARCH=arm
export L4ARCH=arm
make O=/opt/arm/l4linux

Building a bootable Image

Now its time to create an image that can be booted via U-Boot on the Sheevaplug.

  1. Before we can create our image we have to edit the file /opt/src/l4/conf/modules.list, attach the following line to the entry L4Linux ARM. Without this entry we aren’t able to use the keyboard later when the L4Linux has booted
    entry L4Linux ARM
    kernel fiasco -serial_esc
    roottask moe rom/l4lx.cfg
    module l4re
    module ned
    module l4lx.cfg
    module io
    module vmlinuz.arm
    module ramdisk-arm.rd
  2. Now we are ready to build our image. Change into the directory /opt/arm/l4re and call the following command to create a U-Boot bootable image

    make image E="L4Linux ARM" BOOTSTRAP_DO_UIMAGE=y SUPPORT_CC_arm-kirkwood=y MODULE_SEARCH_PATH=/opt/arm/fiasco:/opt/src/l4/conf/examples:/opt/arm/l4linux:/tmp

    It’s important that the ramdisk we downloaded in a previous step is still in the folder /tmp

  3. The generated image can be found under /opt/arm/l4re/pkg/bootstrap/server/src/OBJ-arm_armv5te. The name of the image is bootstrap_L4Linux_ARM.uimage

Booting an image on the Sheevaplug

Now it’s time to leave our chroot, all following steps are made in the main host system!!!

  1. First install libftdi1 by calling sudo apt-get install libftdi-dev. We need this library to have access to the serial interface of the sheevaplug. Also install screen a useful terminal application (sudo apt-get install screen)
  2. Format an USB stick to Fat32. And copy the image we created in the previous chapter (bootstrap_l4linux_arm.uimage) to the root of the stick, cp /opt/squeeze_chroot/opt/arm/l4re/pkg/bootstrap/server/src/OBJ-arm_armv5te/bootstrap_L4Linux_ARM.uimage /media/usbstick.
  3. Then put the stick into the Sheevaplug.
  4. Connect the Sheevaplug with your computer via the MiniUSB USB cable.
  5. Open a terminal and create a softlink, ln -s /dev/ttyUSB0 /dev/ttyUSB1. This is necessary to get access to the JTAG interface of the Sheevaplug and not the simple serial console.
  6. Now oyu can start screen, with the following command screen /dev/ttyUSB1 115200
  7. Start the Sheevaplug device and hit any key to interrupt the normal bootup. Now execute the following commands one after another
    usb start
    fatls usb 0:1 /
    # Should give a list of files on the USB stick
    fatload usb 0:1 0x00800000 /bootstrap_l4linux_arm.uimage
    bootm 0x00800000
  8. Now the L4 Microkernel should boot, and afterwards the L4Linux should also boot.
  9. The Endi…

    Now you can play with a fully virtualized Linux on top of the L4 microkernel. When you want to debug something you can hit the ESC-key to go into the L4 debugger mode. When you want to leave it again hit the q-key and then Enter. To get additional information hit the h-key and then Enter.
    Heave fun!

Categories: tech foo Tags: , , ,

TP-Link WR1043ND + OpenWRT + OpenVPN

November 25, 2011 1 comment

The Story

Yesterday I went to my local computer store (k&m computer) to buy a four port switch to connect some of my devices at home. But after some time in the store I decided to buy a TP-Link WR1043ND, because it cost 48 euro instead of 20 euro for a 4-port switch. And while I was in the store I checked whether OpenWRT would run on this device. The first link I found on Google was how to install OpenWRT on the TL-1043ND. So the decision was made.

The Setup

I’m living in a WG and my flatmate handles everything related to our Internet connection because he is paying for it and I’m just allowed to use it via WLAN. I wanted my own home network behind our Internet router to have a secure encapsulated network for all my private devices. So my setup looks like in the graphic taken from the OpenWRT wiki.

But I didn’t want just an encapsulated network apart from the rest of the net, I also wanted some way to access this network from the outside. For SSH access to my iMac. Since OpenVPN was the first VPN service that came to my mind I decided to use this one.

Installing OpenWRT on WR1043ND


Installing OpenWRT on the Wr1043ND is pretty simple:

  1. Pull the latest version of OpenWRT from their FTP server
  2. Now connect your computer to the WR1043ND via the included network cable and disable all other connections on your computer like wifi, 3g, etc.
  3. Open up a web browser and type into the address bar, the web interface of the WR1043ND should appear. Default password and username are admin:admin
  4.  Now navigate to ‘System Tools’->’Firmware Upgrade’.
  5. Select the OpenWRT image you downloaded in the previous step and click ‘Upgrade’
  6. Now it takes some time, while the router flashes the new image, be patient!!
  7. Now its time to log into our newly installed OpenWRT. Call telnet to log into the device. A screen like the following should appear.
  8. Now the first thing is to set an appropriate password for the root user. This is done by calling passwd
  9. After setting up a password call reboot to restart your device.
  10. Now you are able login to the machine via ssh. By calling ssh root@
  11. We are done!

Routed client mode


When you freshly installed OpenWRT on your router the next command is not necessary but when you already played around and miss configured something you can call

rm -f /etc/config/wireless
wifi detect > /etc/config/wireless

to get a clean and fresh start. After cleaning everything up we are ready to start:

  1. Call the following commands one after another
    uci del wireless.@wifi-device[0].disabled
    uci del wireless.@wifi-iface[0].network
    uci set wireless.@wifi-iface[0].mode=sta
    uci commit wireless
  2. Now open up the file vi /etc/config/wireless and change the bolted lines according to your wifi connection
    config wifi-device radio0
        option type mac80211
        option channel xx
        option macaddr xx:xx:xx:xx:xx:xx
        option hwmode llng
        option htmode HT20
        option ht_capab SHORT-GI-40
        option ht_capab DSSS_CCK-40
    config wifi-iface
        option device radio0

        option 'network' 'wan'
        option 'mode 'sta'
        option 'ssid' 'my-ssid'
        option 'encryption' 'psk2'
        option 'key' 'my-secret-key'
  3. Now we have to remove an option from the WAN interface, open the file vi /etc/config/network
    and remove the line with the ifnameoption from the entry

    config 'interface' 'wan'
    option 'proto' 'dhcp'
  4. The last step is to call
    ifup wan

    to reconfigure the wireless network.

  5. Now be patient again it takes some time until the device is connected and the routes are setup. In the meantime you can test the OpenWRT web interface, go to tab ‘Network’->’Diagnostics’ to test the connection

OpenVPN Server + Client

Original: +

The following section describes how to set up an OpenVPN server on the TL-WR1043ND and, how to configure the client (in my case my N900).

Certificate magic

  1. First of all we have to login to our router ssh root@ and install a few packets opkg install openvpn openvpn-easy-rsa luci-app-openvpn
  2. We now give some information so that the certificate will be generated for the right entity
    cd /etc/easy-rsa
    vi vars

    Edit the following lines

    # Uncomment those lines, so that your certificates never expire
    export CA_EXPIRE=3650
    export KEY_EXPIRE=3650
    # Fill these fields with the right information
    export KEY_COUNTRY="DE"
    export KEY_PROVINCE="BE"
    export KEY_CITY="Berlin"
    export KEY_ORG="Kaos & Theory AG"
    export KEY_EMAIL=""
  3. Now we create the certificates, it is important to use the same password for the server and client certificate
    build-key-server server
    build-key client
  4. Then we copy all generated keys from /etc/easy-rsa/keys to /etc/openvpn cp ca.crt ca.key dh1024.pem server.crt server.key /etc/openvpn
  5. You can also already copy the client stuff to your host computer. Call the following commands from a shell of your host computer not, from your router
    scp root@ .
    scp root@ .
    scp root@ .
    scp root@ .

Server configuration

  1. First of all configure the dhcp server running on the TP-Link, vi /etc/config/dhcp. The section ‘lan’ should look like the following
    config 'dhcp' 'lan'
        option 'interface' 'lan'
        option 'ignore' '0'
        option 'start' '50'
        option 'limit' '150'

    Now you will only get IP addresses in the range of to

  2. Now that we have configured the dhcp we have to configure the firewall, so that it doesn’t drop packets for our OpenVPN server. Edit the file vi /etc/config/firewall to the following (In my case I have selected port 9001 for my server, the normal OpenVPN port is 1194)
    config 'rule'
        option 'target' 'ACCEPT'
        option 'name' 'VPN'
        option 'src' 'wan'
        option 'proto' 'udp'
        option 'dest_port' '9001'
  3. It’s time to generate the actual configuration file for our server open the file vi /etc/config/openvpn and remove everything in it and replace it with the following
    config 'openvpn' 'lan'
        option 'enable' '1'
        option 'port' '1194'
        option 'proto' 'udp'
        option 'dev' 'tap0'
        option 'ca' '/etc/openvpn/ca.crt'
        option 'cert' '/etc/openvpn/server.crt'
        option 'key' '/etc/openvpn/server.key'
        option 'dh' '/etc/openvpn/dh1024.pem'
        option 'ifconfig_pool_persist' '/tmp/ipp.txt'
        option 'keepalive' '10 120'
        option 'comp_lzo' '1'
        option 'persist_key' '1'
        option 'persist_tun' '1'
        option 'status' '/tmp/openvpn-status.log'
        option 'verb' '3'
        option 'server_bridge' ''
        list push "dhcp-option DNS lan-server-ip"
        list push "redirect-gateway def1"
  4. Last step is to restart your router and access the web-interface ones more. After the restart in the entry ‘Network’->’Interfaces’->’LAN’->’Physical Settings’ should be a new interface called tap0. Uncheck the entry ‘VLAN Interface: “eth0.1″‘ and then check the following three entries ‘Bridge Interfaces’, ‘Ethernet Switch: “eth0″‘ and ‘Ethernet Adapter: “tap0″‘, now click ‘Save & Apply’
  5. Finally we start the OpenVPN server on the router. This can also be done from the web interface. Browse to ‘System’->’Startup’ and make sure that the OpenVPN daemon is running and is also started at startup.
  6. We are done with the server side.

Client configuration

  1. The client configuration is very easy. Run a terminal on your N900 and type sudo gainroot to get root access.
  2. Call apt-get install openvpn to install the OpenVPN client software
  3. Attach the following lines to a configuration file and store it under /etc/openvpn/client.ovpn
    remote external-server-ip 9001
    proto udp
    dev tap
    ca ca.crt
    cert client1.crt
    key client1.key
    verb 3
    keepalive 10 120
    resolv-retry infinite
    mute 20
  4. In a previous step we already copied the necessary certificates from the router to a host, now copy these certificates to the N900 into the folder /etc/openvpn/
  5. Finally we start the client, with the following script
    cd /etc/openvpn
    openvpn client.ovpn

The Ending

Now you should be able to connect your devices to the four LAN ports of the WR1043ND and they are protected from the other network. If you are somewhere else, like Starbucks or some other place that offers free Wifi you should also be able to tunnel your N900 to your local network with the OpenVPN client.
If you want a static IP for your WR1043ND you can always use a service like DynDNS. OpenWRT has a packet called DDNS that handles that and the OpenWRT wiki also describes how to configure that service.

Categories: tech foo Tags: , , ,