NI Linux Real-Time Discussions

cancel
Showing results for 
Search instead for 
Did you mean: 

VPN connection for cRIO 9068

Hi,

My problem is to establish a VPN tunnel between cRIO 9068 and a router. Is it possible?

To accomplish this task I was planning to install strongswan on cRIO (opkg install strongswan).

I have installed it on cRIO but when I tried to start strongswan, I receive errors;

modprobe: module af_key not found in modules.dep

no netkey IPsec stack detected

modprobe: module ipsec not found in modules.dep

no KLIPS IPsec stack detected

no known IPsec stack detected, ignoring!

I think all these msgs mean kernel (3.2.35-rt52-1.0.0f1) does not have IPsec stack, right?

So how can I activate IPsec for my kernel? I mean, do I have to recompile kernel or something different?

Thanks,

Ugur

0 Kudos
Message 1 of 14
(9,386 Views)

What is the version of the kernel that is running on the controller? From an installed system, run the following command

uname -a

Post what that command returns. The answer depends on what version of the base OS you're using

0 Kudos
Message 2 of 14
(5,714 Views)

cRIO-9068-191F2EC 3.2.35-rt52-1.0.0f1 #1 SMP PREEMPT RT Wed Jun 12 06:00:00 CDT 2013 armv7l GNU/Linux

0 Kudos
Message 3 of 14
(5,714 Views)

Sorry, I missed that in your first post.

Unfortunately, things were not quite as nice for 2013 (or 2013 sp1), which is what you're using based on the kernel version. Are you using the FPGA or other NI hardware drivers? Also, how familiar are you with building a Linux kernel?

What it boils down to is that it may be easier to see if you can use the tested OpenVPN stack, depending on your needs.

0 Kudos
Message 4 of 14
(5,714 Views)

Hello, Thank you for your reply!

I have a cRIO 9068 PMU and yes the FPGA is used to do some data processing

related to our smart grid application. I am not sure about what other NI

hardware drivers are in use though.

I cannot say I am an expert about kernel compiling but I have done before..

Also, my goal is to establish a IPsec tunnel between PMU and router so I cannot be sure about OpenVPN but I will check it, thanks.

0 Kudos
Message 5 of 14
(5,714 Views)

I have checked OpenVPN but I unfortunately cannot use it.

Offical web page of strongswan provides a script to check the required:

#!/bin/sh

grep '\<CONFIG_XFRM_USER\>' /boot/config-`uname -r`

grep '\<CONFIG_NET_KEY\>' /boot/config-`uname -r`

grep '\<CONFIG_INET\>' /boot/config-`uname -r`

grep '\<CONFIG_IP_ADVANCED_ROUTER\>' /boot/config-`uname -r`

grep '\<CONFIG_IP_MULTIPLE_TABLES\>' /boot/config-`uname -r`

grep '\<CONFIG_INET_AH\>' /boot/config-`uname -r`

grep '\<CONFIG_INET_ESP\>' /boot/config-`uname -r`

grep '\<CONFIG_INET_IPCOMP\>' /boot/config-`uname -r`

grep '\<CONFIG_INET_XFRM_MODE_TRANSPORT\>' /boot/config-`uname -r`

grep '\<CONFIG_INET_XFRM_MODE_TUNNEL\>' /boot/config-`uname -r`

grep '\<CONFIG_INET_XFRM_MODE_BEET\>' /boot/config-`uname -r`

grep '\<CONFIG_IPV6\>' /boot/config-`uname -r`

grep '\<CONFIG_INET6_AH\>' /boot/config-`uname -r`

grep '\<CONFIG_INET6_ESP\>' /boot/config-`uname -r`

grep '\<CONFIG_INET6_IPCOMP\>' /boot/config-`uname -r`

grep '\<CONFIG_INET6_XFRM_MODE_TRANSPORT\>' /boot/config-`uname -r`

grep '\<CONFIG_INET6_XFRM_MODE_TUNNEL\>' /boot/config-`uname -r`

grep '\<CONFIG_INET6_XFRM_MODE_BEET\>' /boot/config-`uname -r`

grep '\<CONFIG_IPV6_MULTIPLE_TABLES\>' /boot/config-`uname -r`

grep '\<CONFIG_NETFILTER\>' /boot/config-`uname -r`

grep '\<CONFIG_NETFILTER_XTABLES\>' /boot/config-`uname -r`

grep '\<CONFIG_NETFILTER_XT_MATCH_POLICY\>' /boot/config-`uname -r`

but there is no file config....

So do you have any idea about these modules?

0 Kudos
Message 6 of 14
(5,714 Views)

I'm not familliar with strongswan but it looks like that script is expecting the kernel config file under /boot. On NI Linux RT the file is available under /proc. You can create a copy under boot (with the name) strongswan expects by doing something like this on the target:

cp /proc/config.gz /boot/

gunzip /boot/config.gz

mv /boot/config /boot/config-`uname -r`

0 Kudos
Message 7 of 14
(5,714 Views)

Right. You'll need to get the config info from the /proc/config.gz file and place it where the script is expecting it.

Unfortunately, with the base OS image for 2013 (which is what you're using from the details of the kernel version), there's no good way to get the FPGA drivers running on a custom kernel. I would recommend downloading RIO 14.x (the latest) which, when installing, should install the latest base OS image (which brings with is some changes to support loading NI drivers with a custom kernel).

Once you get to the point where you've installed the latest RIO, gotten the kernel source (follow the instructions here: https://github.com/ni/nilrt/blob/master/KERNEL_SOURCE.txt), come back and we'll work through getting a custom kernel booting on your controller

0 Kudos
Message 8 of 14
(5,714 Views)

The output of the script says;

# CONFIG_XFRM_USER is not set

# CONFIG_NET_KEY is not set

# CONFIG_IPV6_MULTIPLE_TABLES is not set

In this case, how can I insert/install these modules to my cRIO 9068?

Do I have to recompile the kernel from scratch?

Also, how can I upgrade to RIO 14.x?

EDIT

I have switched a new cRIO 9068 which runs on 14.x:

3.2.35-rt52-2.0.0f0 #1 SMP PREEMPT RT Tue Jun 3 20:49:19 CDT 2014 armv7l GNU/Linux

Now I am trying to compile the kernel (according to instructions on https://github.com/ni/nilrt/blob/master/KERNEL_SOURCE.txt) but when I tried to apply the second patch, I receive this output.

Screen Shot 2015-03-30 at 4.09.23 PM.png

0 Kudos
Message 9 of 14
(5,714 Views)

Just a sanity check, but you *did* apply the first patch first?

In any case, here's a log of what I do running through those steps:

bmouring@linuxgetsreal ~/temp/linux_kernel $ wget http://download.ni.com/ni-linux-rt/src/linux-nizynq-2014.tar.gz

--2015-03-30 09:48:43--  http://download.ni.com/ni-linux-rt/src/linux-nizynq-2014.tar.gz

Resolving download.ni.com... 130.164.81.30

Connecting to download.ni.com|130.164.81.30|:80... connected.

HTTP request sent, awaiting response... 200 OK

Length: 101566576 (97M) [application/x-tar]

Saving to: `linux-nizynq-2014.tar.gz'

100%[======================================>] 101,566,576 4.85M/s   in 31s    

2015-03-30 09:49:14 (3.14 MB/s) - `linux-nizynq-2014.tar.gz' saved [101566576/101566576]

bmouring@linuxgetsreal ~/temp/linux_kernel $ tar xzf linux-nizynq-2014.tar.gz

bmouring@linuxgetsreal ~/temp/linux_kernel $ cd linux-nizynq-2014/

bmouring@linuxgetsreal ~/temp/linux_kernel/linux-nizynq-2014 $ wget http://download.ni.com/ni-linux-rt/src/ni_image_creation_patches.tar.gz

--2015-03-30 09:50:07--  http://download.ni.com/ni-linux-rt/src/ni_image_creation_patches.tar.gz

Resolving download.ni.com... 130.164.81.30

Connecting to download.ni.com|130.164.81.30|:80... connected.

HTTP request sent, awaiting response... 200 OK

Length: 6579 (6.4K) [application/x-tar]

Saving to: `ni_image_creation_patches.tar.gz'

100%[======================================>] 6,579       --.-K/s   in 0.008s 

2015-03-30 09:50:07 (786 KB/s) - `ni_image_creation_patches.tar.gz' saved [6579/6579]

bmouring@linuxgetsreal ~/temp/linux_kernel/linux-nizynq-2014 $ tar xzf ni_image_creation_patches.tar.gz

bmouring@linuxgetsreal ~/temp/linux_kernel/linux-nizynq-2014 $ patch -p1 < 0001-builditb-Generate-needed-files-for-NI-Zynq-boards.patch

patching file scripts/package/Makefile

patching file scripts/package/bootscript.txt

patching file scripts/package/builditb

patching file scripts/package/export-kernel-headers.sh

bmouring@linuxgetsreal ~/temp/linux_kernel/linux-nizynq-2014 $ patch -p1 < 0002-ni-dts-Add-device-codes-remove-proto-dts.patch

patching file arch/arm/boot/dts/ni-dosequis.dts

patching file arch/arm/boot/dts/ni-myrio.dts

patching file arch/arm/boot/dts/ni-roborio.dts

patching file arch/arm/boot/dts/ni-solbetter.dts

patching file arch/arm/boot/dts/ni-solenetexp.dts

patching file arch/arm/boot/dts/ni-solgood.dts

patching file arch/arm/boot/dts/ni-tecate.dts

patching file arch/arm/boot/dts/ni-zynq-proto.dts

bmouring@linuxgetsreal ~/temp/linux_kernel/linux-nizynq-2014 $ patch -p1 < 0003-buildnipkg-Rename-builditb-to-be-more-general.patch

patching file scripts/package/Makefile

patching file scripts/package/builditb

patching file scripts/package/buildnipkg

0 Kudos
Message 10 of 14
(5,714 Views)