[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] OpenVPN on embedded device

  • Subject: Re: [Openvpn-users] OpenVPN on embedded device
  • From: James Yonan <jim@xxxxxxxxx>
  • Date: Thu, 2 Dec 2004 00:59:54 -0700 (MST)

On Wed, 1 Dec 2004, Claas Hilbrecht wrote:

> --Am Mittwoch, 1. Dezember 2004 09:40 -0700 James Yonan <jim@xxxxxxxxx> 
> schrieb:
> > Besides --gremlin, what other features would you like to be able to strip
> > out?
> Without thinking any further I would say the following items could be a 
> candidate. But some items will surely produce only some bytes and this 
> isn't worth the effort.
> - all http proxy commands
> - all socks proxy commands
> - ipv6 support (disable ipv6 even if it is present)
> - mtu-test option
> - shaper code
> - the code behinid disable-occ
> - inetd code
> The problem is that v2.0 is getting "fat". I was able to produce a 270kb 
> binary of the "min" version with v1.6. Now the "min" version is 322kb large 
> with the same "options". This means I run ./configure --disable-plugin 
> --disable-management --disable-multi to "remove" the new code. So approx. 
> 50kb is due to using version 2.0 without any real new features.
> BTW: The new managment console is very useful to me. Maybe you could add 
> command to pause/resume a tunnel? The "pause" command should stop openvpn 
> to sent any packets to the remote even internal packets. This could be very 
> useful in some dial-up isdn sites.
> PS: I now that much of the code is included due to the openssl lib. But 
> maybe you could managed to get openvpn at nearly the same size as before.
> And keep up the good work. OpenVPN is a really useful piece of code.

I've been meaning to add some more configure options to give finer control 
over feature inclusion.  Try this:


./configure --help will show several more options for feature 

  --disable-socks         Disable Socks support
  --disable-http          Disable HTTP proxy support
  --disable-fragment      Disable internal fragmentation support (--fragment)
  --disable-debug         Disable debugging support (disable gremlin and verb 7+ messages)
  --enable-small          Enable smaller executable size (disable OCC, usage message,
                          and verb 4 parm list)

My initial benchmarks show that if all the new disinclusion flags are
turned on, you should do even better than 1.6.

I'm seeing a 64256 byte savings on a minimal binary with only pre-shared 
key support.


Openvpn-users mailing list