Linux.com has a nice article on some of the new features. You can expect to find a tabbed interface (:help tabe), spell checking (:help spell), and code completion (:help compl-omni-filetypes).

test.data

Hello, World


extra.h

extern const char _binary_test_data_start[];
extern const char _binary_test_data_end[];


extra.c

#include "extra.h"
/* this C file when compiled to an object will include the data found in test.data */


main.c

#include "extra.h"

Compilation Steps

# gcc extra.c -c
# ld -b binary -r -o extra.o test.data
# gcc extra.o main.c -o out


note: print_str prints character by character to a specified length
note2: _binary_test_data_size is exported, but I haven't been able to figure out how to use it yet.

LD creates a new ELF segment within the extra.o object file. readelf and objdump will give quite a bit of useful information regarding the segments that will eventually get linked into the executable

# objdump -t extra.o

extra.o:     file format elf32-i386

SYMBOL TABLE:
00000000 l    d  .data	00000000 
00000000 l    d  *ABS*	00000000 
00000000 l    d  *ABS*	00000000 
00000000 l    d  *ABS*	00000000 
0000000c g       .data	00000000 _binary_test_data_end
0000000c g       *ABS*	00000000 _binary_test_data_size
00000000 g       .data	00000000 _binary_test_data_start

The start of the test.data file will be located in the variable '_binary_test_data_start' and similary the end will be '_binary_test_data_end'.

This might be useful for embedding cryptographic signatures, or maybe game data files.

Key ID: 0x0AE9C4BF

Thanks to Bret Towe (Magnade) on Freenode for some help on the bridging and configuration.

The Gentoo Forums was my starting point; notably this post.

I decided on using OpenVPN's bridging capabilities instead of the Howto's route based solution. A bridge allows for multiple interfaces (eth, ppp, etc) to be combined into one network all sharing the same subnet. There are advantages and disadvantages while using any approach. Using a bridge the main ethernet devices are placed into promiscuous mode. The disadvantage is on a large network the CPU would likely burn more cycles trying to figure out if packets are being directed to the server. Since I have only two computers on my home network I don't see this becoming a problem. I find the setup with bridging a bit easier by not worrying about routes.

h4. Network Layout

My home network is on a typical 192.168.0.x subdomain. I kept this as is, because the networks I typically connect to will normally not be in the same subnet. The OpenVPN manual suggests changing your secured LAN subnet to something a bit more private (172.16.0.0 or 10.0.0.0).

h3. *Server Configuration*

h4. Kernel

I am using the 2.6.11-gentoo-r6 kernel. _make menuconfig_ and search the kernel config menus using the / key for _bridge_. Enable CONFIG_BRIDGE, CONFIG_TUN and CONFIG_BRIDGE_NETFILTER. If you configure these as modules make sure to modprobe them and autoload them at boot.

_emerge bridge-utils_ to get the bridge utilities on your system.

h4. Bridge Configuration the Gentoo Way

My main ethernet card is eth0 and is 192.168.0.4 on the network as a static IP. The gateway is 192.168.0.1. *Don't try this from a remote shell.* You must be present at the machine.

  # /etc/init.d/net.eth0 stop
  # rc-update del net.eth0 default
  # cd /etc/init.d/ ; cp net.eth0 net.br0 ; rc-update add net.br0 default

Edit /etc/conf.d/net:

iface_br0="192.168.0.4 broadcast 192.168.0.255 netmask 255.255.255.0"
gateway="br0/192.168.0.1"

Edit /etc/conf.d/bridge:

bridge="br0"
bridge_br0_devices="eth0 tap0"

The tap0 device will be created by OpenVPN.

Change the depend in /etc/init.d/bridge to depend on OpenVPN:

depend() {
    need openvpn
    use modules openvpn
}

Change the depend in /etc/init.d/net.br0 to depend on bridge:

depend() {
    use hotplug pcmcia bridge
}

Edit /etc/openvpn/home-server/local.conf:

port 1194 # or any other port you want to use
dev tap0
tls-server
ca ca.crt
cert gateway.crt
key gateway.key
dh dh1024.pem
tls-auth ta.key 0
mode server
server-bridge 192.168.0.4 255.255.255.0 192.168.0.128 192.168.0.254
comp-lzo
status openvpn-status.log
verb 5

Follow the instructions from the Howto to generate the TLS keys. The server-bridge line will assign IP addresses to the clients between .128 to .254, so disable this range from the DHCP server.

h3. Client Configuration

The client needs TLS keys to negotiate the session. Refer to the forum Howto on how to do this. TAP must be enabled on the clients for this to work.

Edit /etc/openvpn/home/local.conf:

port 1194
dev tap
remote the.remote.server.ip.or.hostname
tls-client
ca ca.crt
cert client1.crt
key client1.key
tls-auth ta.key 1
verb 3
comp-lzo
pull

The _pull_ directive will retrieve the IP and routing information from the server.

Bring up the interfaces (openvpn, bridge, net.br0) on the server. Check your log files! Then try your client. A port may need to be opened on your router/firewall - in this case - port 1194.

Everyone's network topology is different; use this guide as ... well... just a guide. Until next time...