[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] Re: OpenVPN on embedded device


  • Subject: [Openvpn-users] Re: OpenVPN on embedded device
  • From: Charles Duffy <cduffy@xxxxxxxxxxx>
  • Date: Wed, 01 Dec 2004 12:34:23 -0600

On Wed, 01 Dec 2004 13:47:54 +0000, Jonathan Harrington wrote:

> Hi all,
> Just a quick question. Has anyone ever run OpenVPN on a device with very
> limited resources? What kind of obstacles would such an attempt face? I
> know something residing in kernel-land would probably be more suitable

Speaking as a former member of the engineering team at an embedded Linux
house -- OpenVPN should be entirely suitable. If you're going for
performance and don't have too many constraints on the architecture and
processor you use, you might want to look into VIA's PadLock extensions
(which some newer builds of OpenSSL support)

I take it from the question that you're looking at building a mass-market
device with its root FS loaded from read-only flash? (It's not really
"very limited resources" unless your cost-per-unit matters more than your
cost-to-develop, after all).

You'd want a minimal environment to be sure, but running a static build
against dietlibc or one of its kin isn't likely to be difficult (and since
OpenVPN is under the GPL, you can do that w/o buying a commercial dietlibc
license). If you're going for really tiny, you'll probably want to see if
you can get it to work w/ the route and ifconfig implementations included
in busybox (and build a busybox that includes nothing you don't need), or
you could do one better than that and put their functionality into OpenVPN
itself (or a statically linked library -- same difference, really). Again,
there's likely a little bit of engineering work there (busybox's tools
aren't close to the standard Linux/GNU fare, porting software to run
against a minimal libc sometimes has unexpected hiccups and librizing the
necessary bits of route and ifconfig is obviously some amount of work),
but nothing too bad.


Mmm. I miss embedded systems work. Send me personal email if you might be
interested in adding another member to your team.


____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users