OpenVPN for Palm Pre
OpenVPN enables you to build a secure virtual private network (VPN) connection from your Palm device to another available OpenVPN server, over an encrypted TLS connection. For encryption, it uses the libraries of the OpenSSL program. On the transport layer, it can use TCP or UDP. The secure connection, or "tunnel", between client and server is created using virtual network devices, using the TUN/TAP kernel drivers. With optware, openvpn is easily installable on your palm devices via ipkg. An application scenario could be to connect your Palm device via 3G to your home network, accessing data and services hosted by a NAS, for example.
OpenVPN client installation
To setup a connection to an available OpenVPN endpoint, you need the appropriate kernel module (tun.ko) on your Palm device and build a client-configuration depending and what type of connection you want to create (bridged or routed). The optware OpenVPN ipkg is a clean installation as the clipboard below proves. The Palm Pre/Pixi Linux OS is compiled with the /dev/tun driver built in, so you can ignore the module dependency warning. There is a project to create a GUI for the pre .
note: oinstall is alias oinstall="sudo ipkg-opt install"
┌─(box@castle)-(09:28:44)-> └─(~)--> $ oinstall openvpn Installing openvpn (2.1_rc15-1) to root... Downloading http://ipkg.nslu2-linux.org/feeds/optware/cs08q1armel/cross/unstable/openvpn_2.1_rc15-1_arm.ipk openvpn: unsatisfied recommendation for kernel-module-tun Installing lzo (1.08-2) to root... Downloading http://ipkg.nslu2-linux.org/feeds/optware/cs08q1armel/cross/unstable/lzo_1.08-2_arm.ipk Configuring lzo Configuring openvpn Successfully terminated.
OpenVPN client configuration
OpenVPN is deployed quickly and easily. The OpenVPN.net website and source installations contain scripts that can make OpenVPN connect to your home or work when WiFi is activated. The following excerpt assumes that you already have available the following things:
- a certificate for yourself / your device (in the example, called palmpre.crt)
- the issuing certificate authority (ca.crt)
- a key-file (palmpre.key)
It is highly suggested that you make yourself familiar in creating your own keys (and certificates), in case you are not provided with from a trusted source.
┌─(root@castle)-(10:17:05)-> └─(/opt/etc/openvpn)--> # unzip palmpre.zip Archive: palmpre.zip creating: palmpre/ inflating: palmpre/ca.crt inflating: palmpre/palmpre.key inflating: palmpre/palmpre.crt inflating: palmpre/palmpre.conf inflating: palmpre/dh2048.pem inflating: palmpre/palmpre.ovpn ┌─(root@castle)-(10:19:33)-> └─(/opt/etc/openvpn)--> # openvpn --config /opt/etc/openvpn/palmpre/palmpre.ovpn >>/dev/null& (...While pinging google, dropped wifi and monitored via SSH over Bluetooth PAN) 64 bytes from 22.214.171.124: seq=5 ttl=52 time=46.505 ms 64 bytes from 126.96.36.199: seq=6 ttl=52 time=45.603 ms 64 bytes from 188.8.131.52: seq=7 ttl=52 time=49.132 ms 64 bytes from 184.108.40.206: seq=8 ttl=52 time=101.013 ms 64 bytes from 220.127.116.11: seq=9 ttl=52 time=1556.213 ms <-- cutover wifi to evdo 64 bytes from 18.104.22.168: seq=10 ttl=52 time=561.371 ms 64 bytes from 22.214.171.124: seq=11 ttl=52 time=54.932 ms 64 bytes from 126.96.36.199: seq=12 ttl=50 time=109.436 ms 64 bytes from 188.8.131.52: seq=13 ttl=50 time=105.896 ms 64 bytes from 184.108.40.206: seq=14 ttl=50 time=104.523 ms ┌─(root@castle)-(10:33:54)-> └─(/opt/etc/openvpn/palmpre)--> # ping 220.127.116.11 PING 18.104.22.168 (22.214.171.124): 56 data bytes 64 bytes from 126.96.36.199: seq=0 ttl=42 time=456.665 ms 64 bytes from 188.8.131.52: seq=1 ttl=42 time=260.773 ms 64 bytes from 184.108.40.206: seq=2 ttl=42 time=268.189 ms ┌─(root@castle)-(10:35:13)-> └─(/opt/etc/openvpn/palmpre)--> # ping 220.127.116.11 PING 18.104.22.168 (22.214.171.124): 56 data bytes 64 bytes from 126.96.36.199: seq=0 ttl=64 time=259.552 ms 64 bytes from 188.8.131.52: seq=1 ttl=64 time=114.898 ms 64 bytes from 184.108.40.206: seq=2 ttl=64 time=118.958 ms ┌─(root@castle)-(10:35:40)-> └─(/opt/etc/openvpn/palmpre)--> # ping 220.127.116.11 PING 18.104.22.168 (22.214.171.124): 56 data bytes 64 bytes from 126.96.36.199: seq=0 ttl=64 time=502.137 ms 64 bytes from 188.8.131.52: seq=1 ttl=64 time=182.556 ms 64 bytes from 184.108.40.206: seq=2 ttl=64 time=123.016 ms
OpenVPN IRC channel
The OpenVPN IRC channel ##OpenVPN exists on the same Freenode server #WebOS-Internals is located on. Please stop by either channel with questions after visiting