卡普的開發手札

Download Clang: user@hostname$ cd ~/ user@hostname$ wget https://github.com/Neutron-Toolchains/clang-build-catalogue/releases/download/10032024/neutron-clang-10032024.tar.zst -O clang.tar.zst Extract clang.tar.zst user@hostname$ mkdir -p ~/clang user@hostname$ unzstd -d clang.tar.zst user@hostname$ tar -xf clang.tar -C ~/clang Setting ENV value user@hostname$ export PATH="$HOME/clang/bin:$PATH" user@hostname$ export ARCH=arm64 user@hostname$ export SUBARCH=ARM64 user@hostname$ export KBUILD_BUILD_USER="username" user@hostname$ export KBUILD_BUILD_HOST="userhost" user@hostname$ export KBUILD_BUILD_TIMESTAMP="$(date)" Clone Kernel Source code user@hostname$ git clone --depth=1 https://github.com/sunsky131221/kernel_sm8250 -b next-susfs kernel_sm8250 user@hostname$ cd kernel_sm8250 Setting Kernel config user@hostname$ make O=out vendor/apollo_defconfig user@hostname$ make O=out menuconfig Building user@hostname$ make O=out CC=clang -j$(nproc --all) ...

 紀錄一下人生第一次的github PR

OpenWRT veriosn: 23.05.2 HW: TOTOLINK X5000R Ref: https://vicfree.com/2022/11/openwrt-wpa3-802.11kvr-ap-setup/ Requirement: #install fully wpad package with openssl opkg update opkg install wpad-openssl #disabled firewall, dhcp server and dnsmasq for i in firewall dnsmasq odhcpd; do if /etc/init.d/"$i" enabled; then /etc/init.d/"$i" disable /etc/init.d/"$i" stop fi done Luci setting: /etc/config/wireless: config wifi-iface 'wifinet1' option device 'radio1' option mode 'ap' option ssid 'MY_SSID' option encryption 'sae' option key 'MY_PASSWORD' option ieee80211r '1' option reassociation_deadline '20000' option ft_over_ds '0' option ft_psk_generate_local '0' option ieee80211k '1' option time_zone 'CST-8' ...

Quote from : https://www.server-world.info/en/note?os=Debian_11&p=openvpn&f=1 [1] Install OpenVPN. root@dlp:~#  apt  -y install openvpn easy-rsa iptables [2] Create CA and Certificates. root@dlp:~#  cd  /usr/share/easy-rsa# initialize root@dlp:/usr/share/easy-rsa# ./easyrsa init-pki init-pki complete; you may now create a CA or requests. Your newly created PKI dir is: /usr/share/easy-rsa/pki # create CA root@dlp:/usr/share/easy-rsa# ./easyrsa build-ca Using SSL: openssl OpenSSL 1.1.1k 25 Mar 2021 # set any pass-phrase Enter New CA Key Passphrase: Re-Enter New CA Key Passphrase: Generating RSA private key, 2048 bit long modulus (2 primes) …….+++++ …………………..+++++ e is 65537 (0x010001) You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you ...

edit your client.ovpn: #vim client.ovpn Delete these line or comment it. ca ca.crt cert client.crt key client.key tls-auth ta.key 1 Add these content to client.ovpn <ca> —–BEGIN CERTIFICATE—– ca.crt contend —–END CERTIFICATE—– </ca> <cert> —–BEGIN CERTIFICATE—– client.crt contend —–END CERTIFICATE—– </cert> <key> —–BEGIN PRIVATE KEY—– client.key contend —–END PRIVATE KEY—– </key> key-direction 1 #must have this line <tls-auth> —–BEGIN OpenVPN Static key V1—– ta.key contend —–END OpenVPN Static key V1—– </tls-auth>

opkg install openfortivpn luci-proto-openfortivpn reboot in Luci add interface proto using openfortivpn fill username, password, ip address, port in advanced, fill “VPN Server’s certificate SHA1 hash” if your fortiSSL cert not trusted by your device. Save and apply restart the interface will connected and get a ip from vpn. Let openwrt’s client can access fortiSSL # iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o vpn-company -j MASQUERADE add static route then done