1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

NVRAM 32k size error with OpenVPN? Use JFFS

Discussion in 'Tomato Firmware' started by wistlo, Feb 23, 2012.

  1. wistlo

    wistlo Addicted to LI Member

    I am using an ASUS-RTN16 with both a VPN Server and VPN Client defined, with different keys for each.

    My firmware image is Tomato Firmware RAF1.28.9006 MIPSR2_RAF K26 USB VPN-NOCAT. (Victek)

    When I configured this via the web GUI, the ASUS balked and reverted to default configuration, even after erasing NVRAM. It turns out that I was exceeding the hard 32K limit for NVRAM when I added the VPN certificates and keys.

    Solution: format and define the JFFS partition, put the necessary certificate and key files there, and point to these in the VPN Configuration > [Server | Client] > Advanced tab.

    For example, for the Server1 > Advanced tab, my Custom Configuration window now contains

    ca /jffs/server1/ca.crt
    cert /jffs/server1/server.crt
    key /jffs/server1/server.key
    dh /jffs/server1/dh1024.pem

    The ca, cert, key, and dh are native OpenVPN commands that are executed when the OpenVPN service starts.

    I created directories for server1 and client1 on JFFS to keep the various files organized.
    To transfer the files from PC to JFFS, I first copied them to CIFS1 and then to JFFS.

    Works beautifully, and i have about 40% free now on NVRAM. I posted because while a number of posts hint at this solution indirectly, none directly addressed this problem.
     
  2. kthaddock

    kthaddock Network Guru Member

    I put mine one my USB-memory. It's easyier to change usb-memory rather then jffs. There is limited read/write cycles.
     
  3. wistlo

    wistlo Addicted to LI Member

    Is there a limit to NVRAM read cycles? I thought the concern is primarily for write/erase cycles. I won't be updating these keys often, possibly not until the certificates expire in 10 years.

    I do plan to migrate the settings to a USB drive when a spare comes available.
     
  4. Monk E. Boy

    Monk E. Boy Network Guru Member

    I picked up one of these for each of my RT-N16s. Unless someone takes a close look, or knows where the USB ports are, they won't even know it's there:
    http://www.newegg.com/Product/Product.aspx?Item=N82E16820154027

    Of course if you're not putting your router(s) in public then you could use just about anything.
     
  5. psyubl

    psyubl Networkin' Nut Member

    Is storing certificate and key files in a USB memory "race-condition-free"?

    I think when a router boots up, it could either

    1. Mount the USB memory first, and then start the OpenVPN server
    2. or start the OpenVPN server first, and then mount the USB memory
    If the second case could happen, we should be more careful to do that. I hope someone could clarify this issue.
     
  6. wistlo

    wistlo Addicted to LI Member

    This router won't be out in public, but definitely in territory of a cat who roves the bookshelf and likes to slump over any warm electronics. Helps with his naps, apparently.

    That's a great little USB device. Me, I'm going for maximum economy. I just upgraded my HTC Aria to a $6 Class 4 8GB memory card. That freed up the OEM 2GB MicroSD. Amazon has a MicroSD-to-USB adapter for $1.50 (that's a dollar-fifty) with free shipping. I'm going to try that, first.

    http://www.amazon.com/gp/product/B002BFLALA/ref=oh_o00_s00_i00_details
     
  7. wistlo

    wistlo Addicted to LI Member


    Depends on when the WAN starts, as that's when OpenVPN gets invoked. I'm going to guess that's after all the volumes get mounted. If there's a problem, it is also possible to create a startup script with sleep statement, and delay the OpenVPN service start.
     
  8. psyubl

    psyubl Networkin' Nut Member

    Oh I have a funny idea.
    If you have same cert and key files used by the web server, the files can be shared.

    Code:
    cert /etc/cert.pem
    key /etc/key.pem
    My router is working well with this configuration.
     
  9. Mate Rigo

    Mate Rigo Serious Server Member

    Dude, you rock! Just what I wanted.

    I'd like to add to the topic, that when I created the required files using the vi editor, and copy pasting the various parameters to it over ssh, it did not work. Had to copy them from my cifs1 drive (NAS). Probably some chmod stuff that wasn't proper.

    Edit:
    Vi makes files with permissions: 644, which does work for openvpn is 755.
    So just chmod them.
     
    Last edited: Oct 11, 2013
  10. AlterEgo

    AlterEgo Networkin' Nut Member

    Thanks for the idea. I was having the same trouble with recently acquired NetGear WNR3500L v2 (which supposedly has 128MB Flash/RAM but a tiny 32KB NVRAM) . I am running AdvancedTomato v123 shibby AIO on it.

    Using your idea I transferred the OpenVPN cert and key files to connected USB flash drive, and was able to save some NVRAM, which otherwise was giving me strange and weird behavious after being full and when I was trying to save some parameters.

    I wonder are there any other NVRAM parameters which can be transferred or saved at the USB and can be configured from there.

    Reason being that NVRAM is almost full and if I add more port forwarding rules and/or static DHCP entries , then it might overflow again.

    Any further ideas would be appreciated.

    Thanks.
     
    Joat_Mon and Alexsahka like this.
  11. Joat_Mon

    Joat_Mon New Member Member

    [QUOTE="Using your idea I transferred the OpenVPN cert and key files to connected USB flash drive, and was able to save some NVRAM, which otherwise was giving me strange and weird behavious after being full and when I was trying to save some parameters.

    I wonder are there any other NVRAM parameters which can be transferred or saved at the USB and can be configured from there."[/QUOTE]


    I am in the same boat. Did you get any answers about other NVRAM parameters??
     

Share This Page