03-24-2015 11:21 AM
Hi,
My problem is to establish a VPN tunnel between cRIO 9068 and a router. Is it possible?
To accomplish this task I was planning to install strongswan on cRIO (opkg install strongswan).
I have installed it on cRIO but when I tried to start strongswan, I receive errors;
modprobe: module af_key not found in modules.dep
no netkey IPsec stack detected
modprobe: module ipsec not found in modules.dep
no KLIPS IPsec stack detected
no known IPsec stack detected, ignoring!
I think all these msgs mean kernel (3.2.35-rt52-1.0.0f1) does not have IPsec stack, right?
So how can I activate IPsec for my kernel? I mean, do I have to recompile kernel or something different?
Thanks,
Ugur
03-24-2015 12:11 PM
What is the version of the kernel that is running on the controller? From an installed system, run the following command
uname -a
Post what that command returns. The answer depends on what version of the base OS you're using
03-25-2015 04:48 AM
cRIO-9068-191F2EC 3.2.35-rt52-1.0.0f1 #1 SMP PREEMPT RT Wed Jun 12 06:00:00 CDT 2013 armv7l GNU/Linux
03-25-2015 10:20 AM
Sorry, I missed that in your first post.
Unfortunately, things were not quite as nice for 2013 (or 2013 sp1), which is what you're using based on the kernel version. Are you using the FPGA or other NI hardware drivers? Also, how familiar are you with building a Linux kernel?
What it boils down to is that it may be easier to see if you can use the tested OpenVPN stack, depending on your needs.
03-26-2015 04:17 AM
Hello, Thank you for your reply!
I have a cRIO 9068 PMU and yes the FPGA is used to do some data processing
related to our smart grid application. I am not sure about what other NI
hardware drivers are in use though.
I cannot say I am an expert about kernel compiling but I have done before..
Also, my goal is to establish a IPsec tunnel between PMU and router so I cannot be sure about OpenVPN but I will check it, thanks.
03-27-2015 11:00 AM
I have checked OpenVPN but I unfortunately cannot use it.
Offical web page of strongswan provides a script to check the required:
#!/bin/sh
grep '\<CONFIG_XFRM_USER\>' /boot/config-`uname -r`
grep '\<CONFIG_NET_KEY\>' /boot/config-`uname -r`
grep '\<CONFIG_INET\>' /boot/config-`uname -r`
grep '\<CONFIG_IP_ADVANCED_ROUTER\>' /boot/config-`uname -r`
grep '\<CONFIG_IP_MULTIPLE_TABLES\>' /boot/config-`uname -r`
grep '\<CONFIG_INET_AH\>' /boot/config-`uname -r`
grep '\<CONFIG_INET_ESP\>' /boot/config-`uname -r`
grep '\<CONFIG_INET_IPCOMP\>' /boot/config-`uname -r`
grep '\<CONFIG_INET_XFRM_MODE_TRANSPORT\>' /boot/config-`uname -r`
grep '\<CONFIG_INET_XFRM_MODE_TUNNEL\>' /boot/config-`uname -r`
grep '\<CONFIG_INET_XFRM_MODE_BEET\>' /boot/config-`uname -r`
grep '\<CONFIG_IPV6\>' /boot/config-`uname -r`
grep '\<CONFIG_INET6_AH\>' /boot/config-`uname -r`
grep '\<CONFIG_INET6_ESP\>' /boot/config-`uname -r`
grep '\<CONFIG_INET6_IPCOMP\>' /boot/config-`uname -r`
grep '\<CONFIG_INET6_XFRM_MODE_TRANSPORT\>' /boot/config-`uname -r`
grep '\<CONFIG_INET6_XFRM_MODE_TUNNEL\>' /boot/config-`uname -r`
grep '\<CONFIG_INET6_XFRM_MODE_BEET\>' /boot/config-`uname -r`
grep '\<CONFIG_IPV6_MULTIPLE_TABLES\>' /boot/config-`uname -r`
grep '\<CONFIG_NETFILTER\>' /boot/config-`uname -r`
grep '\<CONFIG_NETFILTER_XTABLES\>' /boot/config-`uname -r`
grep '\<CONFIG_NETFILTER_XT_MATCH_POLICY\>' /boot/config-`uname -r`
but there is no file config....
So do you have any idea about these modules?
03-27-2015 01:11 PM
I'm not familliar with strongswan but it looks like that script is expecting the kernel config file under /boot. On NI Linux RT the file is available under /proc. You can create a copy under boot (with the name) strongswan expects by doing something like this on the target:
cp /proc/config.gz /boot/
gunzip /boot/config.gz
mv /boot/config /boot/config-`uname -r`
03-29-2015 06:38 PM
Right. You'll need to get the config info from the /proc/config.gz file and place it where the script is expecting it.
Unfortunately, with the base OS image for 2013 (which is what you're using from the details of the kernel version), there's no good way to get the FPGA drivers running on a custom kernel. I would recommend downloading RIO 14.x (the latest) which, when installing, should install the latest base OS image (which brings with is some changes to support loading NI drivers with a custom kernel).
Once you get to the point where you've installed the latest RIO, gotten the kernel source (follow the instructions here: https://github.com/ni/nilrt/blob/master/KERNEL_SOURCE.txt), come back and we'll work through getting a custom kernel booting on your controller
03-30-2015 03:32 AM
The output of the script says;
# CONFIG_XFRM_USER is not set
# CONFIG_NET_KEY is not set
# CONFIG_IPV6_MULTIPLE_TABLES is not set
In this case, how can I insert/install these modules to my cRIO 9068?
Do I have to recompile the kernel from scratch?
Also, how can I upgrade to RIO 14.x?
EDIT
I have switched a new cRIO 9068 which runs on 14.x:
3.2.35-rt52-2.0.0f0 #1 SMP PREEMPT RT Tue Jun 3 20:49:19 CDT 2014 armv7l GNU/Linux
Now I am trying to compile the kernel (according to instructions on https://github.com/ni/nilrt/blob/master/KERNEL_SOURCE.txt) but when I tried to apply the second patch, I receive this output.
03-30-2015 09:56 AM
Just a sanity check, but you *did* apply the first patch first?
In any case, here's a log of what I do running through those steps:
bmouring@linuxgetsreal ~/temp/linux_kernel $ wget http://download.ni.com/ni-linux-rt/src/linux-nizynq-2014.tar.gz
--2015-03-30 09:48:43-- http://download.ni.com/ni-linux-rt/src/linux-nizynq-2014.tar.gz
Resolving download.ni.com... 130.164.81.30
Connecting to download.ni.com|130.164.81.30|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 101566576 (97M) [application/x-tar]
Saving to: `linux-nizynq-2014.tar.gz'
100%[======================================>] 101,566,576 4.85M/s in 31s
2015-03-30 09:49:14 (3.14 MB/s) - `linux-nizynq-2014.tar.gz' saved [101566576/101566576]
bmouring@linuxgetsreal ~/temp/linux_kernel $ tar xzf linux-nizynq-2014.tar.gz
bmouring@linuxgetsreal ~/temp/linux_kernel $ cd linux-nizynq-2014/
bmouring@linuxgetsreal ~/temp/linux_kernel/linux-nizynq-2014 $ wget http://download.ni.com/ni-linux-rt/src/ni_image_creation_patches.tar.gz
--2015-03-30 09:50:07-- http://download.ni.com/ni-linux-rt/src/ni_image_creation_patches.tar.gz
Resolving download.ni.com... 130.164.81.30
Connecting to download.ni.com|130.164.81.30|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 6579 (6.4K) [application/x-tar]
Saving to: `ni_image_creation_patches.tar.gz'
100%[======================================>] 6,579 --.-K/s in 0.008s
2015-03-30 09:50:07 (786 KB/s) - `ni_image_creation_patches.tar.gz' saved [6579/6579]
bmouring@linuxgetsreal ~/temp/linux_kernel/linux-nizynq-2014 $ tar xzf ni_image_creation_patches.tar.gz
bmouring@linuxgetsreal ~/temp/linux_kernel/linux-nizynq-2014 $ patch -p1 < 0001-builditb-Generate-needed-files-for-NI-Zynq-boards.patch
patching file scripts/package/Makefile
patching file scripts/package/bootscript.txt
patching file scripts/package/builditb
patching file scripts/package/export-kernel-headers.sh
bmouring@linuxgetsreal ~/temp/linux_kernel/linux-nizynq-2014 $ patch -p1 < 0002-ni-dts-Add-device-codes-remove-proto-dts.patch
patching file arch/arm/boot/dts/ni-dosequis.dts
patching file arch/arm/boot/dts/ni-myrio.dts
patching file arch/arm/boot/dts/ni-roborio.dts
patching file arch/arm/boot/dts/ni-solbetter.dts
patching file arch/arm/boot/dts/ni-solenetexp.dts
patching file arch/arm/boot/dts/ni-solgood.dts
patching file arch/arm/boot/dts/ni-tecate.dts
patching file arch/arm/boot/dts/ni-zynq-proto.dts
bmouring@linuxgetsreal ~/temp/linux_kernel/linux-nizynq-2014 $ patch -p1 < 0003-buildnipkg-Rename-builditb-to-be-more-general.patch
patching file scripts/package/Makefile
patching file scripts/package/builditb
patching file scripts/package/buildnipkg