Thanks Pau,
I am using downloads.libremesh. I'll give the manual compilation a try.
marvin
Are you using the generic images from downloads.libremesh.org or Chef? It looks like the OPKG repository where you are getting the OpenVPN files is compiled on a different way that the liblzo library compiled on the firmware. This sucks, it should be fixed but I don't think it will be the next days. So I would propose you to clone lime-build on your local computer and create your own firmware with all needed packets precompiled. On lime-build, you can make your own selection of packets executing the menu config: make T=ar71xx menuconfig Cheers. On 02/02/17 06:15, Marvin Arnold wrote:I switched to a wdr4300 with full lime but still having issues. This is the output on community chaos: root@LiMe-d00515:~# openvpn --config marvin.ovpn Thu Feb 2 05:10:24 2017 OpenVPN 2.3.6 mips-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Jan 31 2016 Thu Feb 2 05:10:24 2017 library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08 Thu Feb 2 05:10:24 2017 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Thu Feb 2 05:10:24 2017 Control Channel Authentication: tls-auth using INLINE static key file Thu Feb 2 05:10:24 2017 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication Thu Feb 2 05:10:24 2017 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication openvpn: can't resolve symbol '__clzsi2' And on develop: root@LiMe-d00515:~# openvpn --config marvin.ovpn Error relocating /usr/lib/liblzo2.so.2: __clzsi2: symbol not found Error relocating /usr/lib/liblzo2.so.2: __ctzsi2: symbol not found Error relocating /usr/sbin/openvpn: __clzsi2: symbol not found Any ideas? On 01/31/2017 05:03 PM, Pau wrote:The problem is that Tinc runs on userspace so all network data is copied from kernel to user and the way back. Even increasing the hardware I dont think more than 20Mbit/s is possible. Using GRE tunnels which run on kernel space would increase the performance. But for set it up you need a global/public IP configured on the router side (or maybe, just maybe, set up a bloody dirty NAT). On 31 de gener de 2017 10:42:13 GMT-03:00, Leonardo Taborda <leonardotaborda@networkbogota.org> wrote: Hello guys Depending on the router you are using, the ar71xx-mini does not have opkg included, but the 8mb image it does. I have tinc running on a wdr3600 for librenet6 service. As Nicolas points out, it has some pitfalls running in the same device mesh and vpn control. Of course i use tinc only to provide ipv6 connectivity. For Nicolas, would tinc have the same performance issues? Leonardo El 31/01/17 a las 06:26, nk@os.vu escribió:Hi Marvin I've done a lot of tests with VPNs for the standard setup of the mesh network we're building here in Milano, Italia, and I've found that usually routers are rather terrible at handling VPNs with reasonable speeds, openvpn being the slowest [10mbps up and down] and l2tp+ipsec being faster [15 to 20mbps], at the expense of being less secure. Also, I've gotten to the conclusion that doing the VPN routing in the same device as the one doing the meshing makes it rather difficult to diagnose issues over time and to pinpoint the bottleneck for slow overall speeds. I know this is not the answer you were looking for, but our definitive setup involves setting up getting a microtik hex router that you can buy for about 60 to 80€ and running l2tp+ipsec to a Streisand instance [a fully self installing VPN and anonymity server]. We've been getting stable 120/120mbps speeds. This setup also makes it very simple to understand what device is doing what, and how the routing is done on the large scale from the ISPs router, to the VPN router, to the meshing router, to the AP router, and so on [this is our setup]. I don't know how to solve your problem directly, but I thought I'd share my experience with you. Sorry for going slightly off topic. Hope you can get your setup working nicely however you decide to do it! Nicolas ________________________________ From: Marvin Arnold <marvin@unplugged.im> Sent: Jan 31, 2017 06:34 To: lime-users@lists.libremesh.org Subject: [lime-users] VPNI would like to finally make my internet at home available to my neighbors over lime. I called my ISP and they made it pretty clear they would take action against me if one of the users accessed illicit content. So I'm thinking about routing all web traffic through a VPN. Is this the most sensible thing to do? Assuming it is, I already setup the VPN server and now I'm trying to connect my lime router as a client. http://wiki.openwrt.org/inbox/vpn.howto https://www.robertkehoe.com/2015/08/setup-openvpn-using-openwrt/ But as far as I can tell, opkg is not installed on the router. What's the best way to install it or install the openvpn client without it? _______________________________________________ lime-users mailing list lime-users@lists.libremesh.org https://lists.libremesh.org/mailman/listinfo/lime-users _______________________________________________ lime-users mailing list lime-users@lists.libremesh.org https://lists.libremesh.org/mailman/listinfo/lime-users-- Cordialmente Leonardo Taborda Ángel leonardotaborda@networkbogota.org www.networkbogota.org "When there is a will, there is a way" -- Sent from my Android device with K-9 Mail. Please excuse my brevity. _______________________________________________ lime-users mailing list lime-users@lists.libremesh.org https://lists.libremesh.org/mailman/listinfo/lime-users_______________________________________________ lime-users mailing list lime-users@lists.libremesh.org https://lists.libremesh.org/mailman/listinfo/lime-users
_______________________________________________ lime-users mailing list lime-users@lists.libremesh.org https://lists.libremesh.org/mailman/listinfo/lime-users