一次OpenVPN交叉编译笔记

自渡
2018-06-11 / 0 评论 / 6,664 阅读

说明

为了让家宽打VPN隧道到IDC机房提高QOS级别,决定将OpenVPN移植到mips架构的OpenWrt出口路由器上,而路由器本身不带编译器,所以必须通过交叉编译的方式将OpenVPN源码编译成路由器(mips)平台可执行的二进制文件。

编译环境及说明

在编译OpenVPN之前必须先编译OpenSSL和LZO,全程应以root身份运行

编译程序的主机系统:CentOS6.9 X86_64(VMware)

执行程序的主机系统:OpenWrt,Barrier Breaker14.07,mips架构(QCA9533)

下载相关工具链及确定安装目录

mkdir -p /usr/local/openwrt/openssl
mkdir -p /usr/local/openwrt/lzo
mkdir -p /usr/local/openwrt/openvpn
cd /usr/local/openwrt && wget http://archive.openwrt.org/barrier_breaker/14.07/atheros/generic/OpenWrt-Toolchain-atheros-for-mips_mips32-gcc-4.8-linaro_uClibc-0.9.33.2.tar.bz2
tar -xvf OpenWrt-Toolchain-atheros-for-mips_mips32-gcc-4.8-linaro_uClibc-0.9.33.2.tar.bz2
mv OpenWrt-Toolchain-atheros-for-mips_mips32-gcc-4.8-linaro_uClibc-0.9.33.2/toolchain-mips_mips32_gcc-4.8-linaro_uClibc-0.9.33.2 ./toolchain
编译OpenSSL

cd /usr/local/openwrt && wget https://www.openssl.org/source/openssl-1.0.2o.tar.gz
tar -zxvf openssl-1.0.2o.tar.gz
cd openssl-1.0.2o && ./config --prefix=/usr/local/openwrt/openssl no-asm shared
确保Makefile文件中有以下行,并且删除所有-m64选项

CC=/usr/local/openwrt/toolchain/bin/mips-openwrt-linux-gcc
AR=/usr/local/openwrt/toolchain/bin/mips-openwrt-linux-ar
RANLIB=/usr/local/openwrt/toolchain/bin/mips-openwrt-linux-ranlib
sed命令快速更改:

sed -i 's/CC= gcc/CC=/usr/local/openwrt/toolchain/bin/mips-openwrt-linux-gcc/' Makefile
sed -i 's/AR= ar/AR=/usr/local/openwrt/toolchain/bin/mips-openwrt-linux-ar/' Makefile
sed -i 's/RANLIB=/usr/bin/ranlib/RANLIB= /usr/local/openwrt/toolchain/bin/mips-openwrt-linux-ranlib/' Makefile
sed -i 's/-m64//g' Makefile
make -j4 && make install
此时安装完毕,安装目录在/usr/local/openwrt/openssl目录下

编译LZO

cd /usr/local/openwrt && wget http://www.oberhumer.com/opensource/lzo/download/lzo-2.10.tar.gz
tar -zxvf lzo-2.10.tar.gz && cd lzo-2.10
./configure CC=/usr/local/openwrt/toolchain/bin/mips-openwrt-linux-gcc --host=mips-linux --prefix=/usr/local/openwrt/lzo
make && make install
编译OpenVPN

cd /usr/local/openwrt && wget http://swupdate.openvpn.org/community/releases/openvpn-2.3.1.tar.gz
tar -zxvf openvpn-2.3.1.tar.gz && cd openvpn-2.3.1
./configure \
CC=/usr/local/openwrt/toolchain/bin/mips-openwrt-linux-gcc \
--host=mips-linux \
--prefix=/usr/local/openwrt/openvpn/ \
LZO_CFLAGS="-I/usr/local/openwrt/lzo/include" \
LZO_LIBS="-L/usr/local/openwrt/lzo/lib -llzo2" \
OPENSSL_CRYPTO_CFLAGS="-I/usr/local/openwrt/openssl/include" \
OPENSSL_SSL_CFLAGS="-I/usr/local/openwrt/openssl/include" \
OPENSSL_SSL_LIBS="-L/usr/local/openwrt/openssl/lib -lssl" \
OPENSSL_CRYPTO_LIBS="-L/usr/local/openwrt/openssl/lib -lcrypto" \
--disable-plugin-auth-pam \
--with-ssl-lib=/usr/local/openwrt/openssl/lib \
export C_INCLUDE_PATH=/usr/local/openwrt/openssl/include
make -j4 && make install
将程序上传到OpenWrt路由器

此时编译已全部完成,目录分别为

/usr/local/openwrt/lzo

/usr/local/openwrt/openssl

/usr/local/openwrt/openvpn

通过SCP将/usr/local/openwrt/openvpn/sbin/openvpn和/usr/local/openwrt/openssl/lib/libcrypto.so.1.0.0上传到路由器的/sbin和/lib目录下并赋予/sbin/openvpn执行权限即可

chmod +x /sbin/openvpn

0

评论 (0)

取消