openVPN, filemon - Embedded

This is a discussion on openVPN, filemon - Embedded ; Hi All, I'm new to embedded Linux, and wish to put an openVPN server in flash memory. The goal is to achieve an absolute minimum application footprint on the file system. In the Windows world that I'm familiar with I ...

+ Reply to Thread
Results 1 to 5 of 5

Thread: openVPN, filemon

  1. openVPN, filemon

    Hi All,

    I'm new to embedded Linux, and wish to put an openVPN server in flash
    memory. The goal is to achieve an absolute minimum application
    footprint on the file system.

    In the Windows world that I'm familiar with I could use a 'dependency
    walker' to see what libraries the application needed, or use
    Sysinternals 'filemon' program to see what files the program accessed.

    I would appreciate any tips or techniques on how to best accomplish
    this in a Linux environment (Kernel is 2.6, probably close to a Fedora
    type distribution).

    Thanks in Advance!

    Jim Shedden


  2. Re: openVPN, filemon

    On Wed, 23 Aug 2006 05:57:24 -0700, jrshedden wrote:

    > Hi All,
    >
    > I'm new to embedded Linux, and wish to put an openVPN server in flash
    > memory. The goal is to achieve an absolute minimum application
    > footprint on the file system.
    >
    > In the Windows world that I'm familiar with I could use a 'dependency
    > walker' to see what libraries the application needed, or use
    > Sysinternals 'filemon' program to see what files the program accessed.


    Both can be done in linux using lsof - Both the libs used by the process
    and its open files can be shown at runtime. The number of dependencies
    for a vpn server is likely to be small.

    >
    > I would appreciate any tips or techniques on how to best accomplish
    > this in a Linux environment (Kernel is 2.6, probably close to a Fedora
    > type distribution).


    Start by setting the vpn up on a full system - once your happy start
    again with a bare minimum and add back in only the needed components.
    Plenty of firewall/vpn images exist already, sure you not re-inventing
    what you could just download ?

    Jon


  3. Re: openVPN, filemon

    Hi Jon,

    Thanks for taking time to reply. I will investigate the utility that
    you mentioned.

    > Plenty of firewall/vpn images exist already, sure you not re-inventing
    > what you could just download ?


    I sure could be working harder than smarter!

    I have found great repositories of RPM's, but I'm not quite sure what
    you mean by an image and how to search for it. I'm installing RPM's on
    a Mac iBook (power pc based) running Fedora core 4 and moving files
    onto the NFS mount for the power pc based single board computer. It is
    running, but I'm sure I have bloat. I'm also sure that an experienced
    person may approach things more efficiently.

    I appreciate any insight.

    Best Regards,
    Jim Shedden


  4. Re: openVPN, filemon

    On Wed, 23 Aug 2006 07:50:34 -0700, jrshedden wrote:

    > Hi Jon,
    >
    > Thanks for taking time to reply. I will investigate the utility that
    > you mentioned.
    >
    >> Plenty of firewall/vpn images exist already, sure you not re-inventing
    >> what you could just download ?

    >
    > I sure could be working harder than smarter!
    >
    > I have found great repositories of RPM's, but I'm not quite sure what
    > you mean by an image and how to search for it. I'm installing RPM's on
    > a Mac iBook (power pc based) running Fedora core 4 and moving files
    > onto the NFS mount for the power pc based single board computer. It is
    > running, but I'm sure I have bloat. I'm also sure that an experienced
    > person may approach things more efficiently.


    Nahh, sounds like a good way to me. Its a nice idea to start with just
    kernel+bash and work out, but its by far the slowest way to build
    something as you tend to be missing tools needed for NFS, ssh,
    compiler,editor etc - adding them in one layer at a time sucks ! Its just
    as valid to start with an installed O/S and then remove unused bits, just
    not as 'pure'.

    With rpm you can rpm -q to get a list of packages then rpm -e them working
    out the correct order of removal to leave just a minimum working system,
    be careful to backup what you have first - i've had this process end badly
    ! . If it fits the media just stick with it unless its a product for
    production.

    Image refers to a filesystem in its raw form, so an ISO file is just one
    type of image, but any filesystem can be imaged. High level O/S tend to be
    installed, but most embedded products are just produced from an image
    (pattern) via some kind of hardware to write the media. Thats network
    install, or copy onto a card from a PC, maybe even writing a flash chip
    with a programmer ... That way you can bang out as many of your product as
    you need without worrying about installing each one.

    A raw image would be to 'dd' the card to a file, often a bad idea in
    reality. Card or CD images exist for intel PCs and arm based routers/vpns,
    but I suspect PPC images are rarer.

    Jon


  5. Re: openVPN, filemon

    jrshedden wrote:

    > I have found great repositories of RPM's, but I'm not quite sure what
    > you mean by an image and how to search for it. I'm installing RPM's on
    > a Mac iBook (power pc based) running Fedora core 4 and moving files
    > onto the NFS mount for the power pc based single board computer. It is
    > running, but I'm sure I have bloat. I'm also sure that an experienced
    > person may approach things more efficiently.
    >
    > I appreciate any insight.


    Well, the easy/hard way is to build a crosstool chain (even if you're on
    the same architecture), and copy only a minimum set of libs - glibc,
    ld.so, so on. Then build the kernel and busybox, install busybox to the
    target, and presto! Minimal functioning system.

    Now add your one app - openVPN - build it using the toolchain, and
    install to the target.

    Done.

+ Reply to Thread