Many decisions had to be made as to which direction to go. The following subsections detail some of the paths I took to get to a working prototype. Please modify to suit your environment. Where appropriate I will make clarifying comments.
I looked at several live CD distributions and concluded that DSL would work best for the purposes at hand. I considered the following:
- Ubuntu. This live CD expects a relatively high-end machine and has way more applications than would be useful to this project. Instead of trying to remove tons of applications and whittle it down I opted not to use this one. It could be a good choice though if you are trying to give people a full desktop PLUS access to an internal network.
- PuppyLinux. This live CD looked really good, however I had trouble figuring out the SFS file system it uses for its root, and was able to get to instructions and tools on how to deal with the Knoppix compressed file system much more easily.
- Knoppix. This live CD, like Ubuntu, was too top heavy for the specific purposes of this project.
- Damn Small Linux. This live CD has a 50 MB footprint, will work on almost anything hardware-wise, and is what I chose to implement.
The choice of DSL means that we are relying on DSL's built in ability to automatically find, configure and attach to a network via DHCP. DSL's wireless support is very minimal and thus we do not support wireless at this time. The end user will need a machine that normally attachs to the Internet through DHCP from their provider and uses a normal wired network card to do so.
- Fresh install of Ubuntu (http://www.ubuntu.com), EdUbuntu (http://www.edubuntu.org), xUbuntu (http://www.xubuntu.org), or kUbuntu (http://www.kubuntu.org)
- Use Synaptic to add repositories (all available)
- Install qemu, open-vpn and cloop-utils
- Get an ISO (I recommend the dsl-3.0 ISO); hopefully I'll soon have one of my prototype CD images (sans VPN keys) available on the Internet for your downloading pleasure. Refer the Examples section - this ISO might be a good place for you to start.
- Mount the ISO somewhere.
mount -t iso9660 -o loop dsl-3.0.iso /tmp/working.iso
- Unpack the compressed file system of the ISO
extract_compressed_fs /tmp/workingiso/KNOPPIX/KNOPPIX > /var/tmp/KNOPPIX-cloop
- Mount it somewhere
mount -o loop /var/tmp/KNOPPIX-cloop /tmp/workingiso.cloop
- Now that you have access to the inner workings of the CD, copy that to a place where you can work with it.
- Make a directory to work in (i.e. /home/jeff/Desktop/vpn-tree)
tar -C /tmp/workingiso.cloop -cf - . | tar -C /home/jeff/Desktop/vpn-tree -xvpf -
- Also copy the outer part of the CD, where you can work with it.
- Make a directory to work in (e.g. /home/jeff/Desktop/vpn-cd-tree)
tar -C /tmp/workingiso -cf - . | tar -C /home/jeff/Desktop/vpn-cd-tree -xvpf -
- Make a CD image with what you have now to confirm you've made it this far without error.
mkisofs -pad -l -r -J -V "YOURVPN v0.1" -no-emul-boot -boot-load-size 4 -boot-info-table -b boot/isolinux/isolinux.bin -c boot/isolinux/boot.cat -hide-rr-moved -o yourvpn.iso /home/jeff/Desktop/vpn-cd-tree/
- Assuming the above worked you can now test it with
qemu -boot d -cdrom yourvpn.iso
- Now you can start making changes.
- Mount your proc using
mount -t proc none /home/jeff/Desktop/vpn-tree/proc
- Make any changes you would like to the file system.
- After messing around, it's time to write out your new compressed file image and make a CD.
- Exit from chroot
- Unmount the image's proc (don't forget this step or you will not have a working image when you build it later)
- Make the compressed file image
mkisofs -L -R -l -V "YOURVPN ISO9660" -v -allow-multidot /home/jeff/Desktop/vpn-tree/ | create_compressed_fs - 65536 > /home/jeff/Desktop/vpn-cd-tree/KNOPPIX/KNOPPIX
- Make the cd image
mkisofs -pad -l -r -J -V "YOURVPN v0.2" -no-emul-boot -boot-load-size 4 -boot-info-table -b boot/isolinux/isolinux.bin -c boot/isolinux/boot.cat -hide-rr-moved -o yourvpn.iso /home/jeff/Desktop/vpn-cd-tree/
- Test it in an emulator (I tend to enjoy qemu...use whatever you like: vmware, xen, ?)
qemu -boot d -cdrom yourvpn.iso
- Repeat as necessary to get the desired ISO image.
- Burn image and enjoy.
- Unpack openvpn*.deb to the root file system after chroot.
- Make sure all the proper libraries were copied to the proper place.
- ldd /usr/sbin/openvpn
- Go to the other root terminal on the main system and copy any libraries from the main system to the vpn-tree
- Make the tun node:
mknod /dev/net/tun c 10 200
- Remove the loading of the DSL business card graphic by editing the vpn-cd-tree/boot/isolinux/boot.msg file and removing "^Xlogo.16"
- Cause it not to wait for boot options by editing vpn-cd-tree/boot/isolinux/isolinux.cfg and changing the line that says "PROMPT 1" to "PROMPT 0"
- Edit the file vpn-tree/etc/skel/.xinitrc to reflect what we wish to happen on the desktop. Remove code to load icons onto desktop; remove code to make the windows see through; add code to establish VPN connection; add code to load rdesktop and make connection to correct machine.
- Edit the display screen for boot.
- copy vpn-cd-tree/boot/isolinux/minirt24.gz to /tmp
- gunzip minirt24.gz
- mount -o loop minirt24 /mnt
- edit /etc/linuxrc to display text indicating Institution's name (you would put whatever is appropriate for your institution here) instead of "DSL"
- umount /mnt
- gzip minirt24
- copy minirt24.gz over to vpn-cd-tree/boot/isolinux/minirt24.gz
- Follow instructions on making cert and keys for the server.
- You will need to enter several pieces of information that are covered in the openVPN HOWTO.
- Remember to create a password-protected key for the client.
- Set all the configuration as desired.
- For each client you will need to
- make a password-protected key using the certificate
- place the certificate, and client key (only) in the vpn-tree/etc/openvpn/keys directory
- adjust the vpn-tree/etc/openvpn/openvpn.cfg file to have the proper key files indicated (see the server configuration file in the Samples section)
- adjust the added routes in the vpn-tree/opt/bootlocal.sh
- adjust the vpn-tree/etc/skel/.xinitrc to point to the correct rdesktop IP.
- Rebuild the CD.
- Test in the emulator.
- Once it works correctly, either burn the ISO or make a qemu Windows emulator version by placing the .ISO in the win-qemu-yourvpn-cd directory and building that .ISO (don't forget to burn it afterwards).