OpenVPN smartcard support witk PKCS11

geepsee · February 11, 2018, 3:47am

Hello support team!

Bought a couple of MT300N and I’m VERY satisfied with them!

Just a question: would you please add PKCS11 support when you compile and build OpenVPN-openssl .ipk?

Thank you from Rome, Italy.

geepsee · February 11, 2018, 7:25pm

…or maybe provide instructions to compile with --enable-pkcs11 build option in the SDK?

kyson-lok · February 12, 2018, 8:46am

It seems that no one need this feature. Maybe you can use LEDE official SDK

to build with --enable-pkcs11 option. We are on vacation now.

geepsee · February 12, 2018, 5:44pm

Thank you for the hint.

I cloned the OpenVPN git source in the “package” folder

How can I pass the --enable-pkcs11 option to the compiler?

Happy vacations!!!

F.

alzhao · February 13, 2018, 10:33am

You can do this: compile the package by yourself and install the ipk to replace the old one.

Be sure to use the correct toolchain.
V2.27 is using lede 17.01.04 and older versions are using openwrt cc1505

geepsee · February 16, 2018, 8:27am

Hello and thank you for your support and excellents products.
So I can download this

in the SDK?
But I’ll have to create a custom makefile!
Would you please help me with this?

Happy new year from Italy,
F.

alzhao · February 17, 2018, 1:19am

No, you don’t need to download original openvpn software to compile.

You only need to download Openwrt/LEDE 17.01 and compile openvpn with the option you needed.

geepsee · February 17, 2018, 9:48am

Hello!
The option It’s not present in “menuconfig”, I’ve manually modified
package/network/services/openvpn/Makefile
with --enable-pkcs11
The build fails with error:
configure: error: PKCS11 enabled but libpkcs11-helper is missing
I have installed dependencies on host system with no results…
Thank you!

geepsee · February 19, 2018, 8:00am

Dear support team,
I will work on this today but your help would be highly appreciated!

alzhao · February 19, 2018, 3:41pm

we are still in Chinese new year holiday and cannot do too much. What you can do is to modify the Makefile or the current openvpn package then update the version and configure. Then have a try.

geepsee · February 19, 2018, 8:55pm

I’ll give this a try, Thank you!
See you soon

geepsee · February 21, 2018, 8:20am

Still in trouble…
Managed to pass the pkcs11-helper…OK check made by configure script,
fixed some source code path issues,
but LD can’t find .so for the final build!

alzhao · February 21, 2018, 9:42am

If cannot find .so generally it is because openwrt make file lack of dependencies

geepsee · February 21, 2018, 10:09am

Would you please follow up this issue?
Do you mean dependencies in the host system, the one with the SDK installed?
I’ve installed the whole OpenSC suite, maybe package names or versions don’t match?

alzhao · February 21, 2018, 2:08pm

I am not available to compile firmware in the following two weeks. I will check if I have a chance.
I mean Makefile for openvpn openwrt packages.

geepsee · February 23, 2018, 7:40am

Hi @alzhao
Do you mean this file?
[SDK ROOT DIR]/package/network/services/openvpn/Makefile
Thank you

alzhao · February 23, 2018, 2:32pm

Yes exactly. You can find that there is some DEPS files.

Lacking the deps package is generally the reason of missing .so file.

geepsee · March 5, 2018, 12:07pm

@alzhao
Hello!
Still stuck with compiling OpenVPN with this option.
It’s a bit mission-critical so I’d really appreciate your help.
Cheers,
F.

geepsee · March 8, 2018, 3:00pm

@alzhao
Sorry, if you can’t help me can you please point me some other user or colleague who can solve this build issue?
Thank you very much,
Francesco

alzhao · March 9, 2018, 4:07am

You can search google or lede and seems other people is also discussing OpenVPN smart card support [PKCS11] - #5 by geepsee - For Developers - OpenWrt Forum

I tried and met the same problem.