HOWTO: Install extra kernel modules on Shibby TomatoUSB

howto-tomato-install-extras.markdown

Introduction

This howto describes installing the extra kernel modules for the Tomato open-source router firmware. We will install them in the /opt/extras area.

Requirements

• Router running Shibby's fork of TomatoUSB
• entware installed to a USB stick mounted at /opt

This Howto Was Tested With

• Shibby's fork of TomatoUSB version 1.28 build 121
• ASUS RT-N66U

Install the extra kernel modules

Get the URL to the extras file from Shibby's website

You must download the extras file that matches the build you installed. Shibby's download site is here: http://tomato.groov.pl/download. Start there, pick the architecture that matches your router and go into the directory corresponding with the build that you installed. You should see a file called extras-*.tar.gz. Copy the URL to the extras file to your clipboard. For instance, for my K26RT-N router using build 121, the URL is http://tomato.groov.pl/download/K26RT-N/build5x-121-EN/extras-mips2.tar.gz.

Download and extract the extras file

ssh to the router and enter:

cd /opt
mkdir extras
cd extras
wget <URL_to_extras_file.tar.gz>
tar xzvf extras*.tar.gz
rm extras*.tar.gz

Setup entware to load the modules at init

With your favorite text editor, create a file called /opt/etc/init.d/S01extras:

#!/bin/sh

# Load the ipsec modules
modprobe /opt/extras/ipsec/aes
modprobe /opt/extras/ipsec/af_key
modprobe /opt/extras/ipsec/xfrm_user

The above is just an example. Just put the path to each module that you want to load on startup.

Verify that modules are loaded at boot

Reboot the router with the "Reboot..." menu in the GUI. Once it has restarted, ssh to the router and run "lsmod". You should see all the modules that you put in the S01extras file.

I followed the guide and I get:

modprobe /opt/extras/ipsec/af_key

modprobe: module /opt/extras/ipsec/af_key not found in modules.dep

I have this build of shibby: http://tomato.groov.pl/download/K26ARM7/138-MultiWAN/tomato-R8000-ARM--138-AIO-64K.zip and the extras here: http://tomato.groov.pl/download/K26ARM7/138-MultiWAN/arm-extras.tar.gz

I also followed your guide to install entware.

It seems that the required modules are no longer included, in particular AES, so it's now looking less hopeful of getting L2TP working. None of the guides I've seen such as this one are valid for the latest build, as the modules used don't seem to be compiled with the kernel any longer.

It would be great if someone with a bit more knowledge than us could guide us through how we could operate strongswan with the latest build (138 as I type this).

#!/bin/sh

# Load the ipsec modules
insmod /opt/extras/ipsec/aes.ko
insmod /opt/extras/ipsec/af_key.ko
insmod /opt/extras/ipsec/xfrm_user.ko

Worked for me on latest build

markc1984, you'r completely right, aes.ko is missing.
If you use Strongswans userland ipsec-implementation libipsec it will work (I have it working right now). The downside is that it's not as fast as kernel-mode. Strongswan will then create a TUN-interface called ipsec0, where all tunnel traffic will egress/ingress.

niki-timofe, if you watch the output of the first insmod you'll see it doesnt work.

Okey, I would like to make some corrections to my previous post.
aes.ko is de facto missing from the archive, however, it seems that it works nonetheless (cbc.ko seems to be the key here).
I have loaded all modules (which I haven't before, I gave up halway through when I noticed that aes.ko was missing...) and now StrongSwan starts without errors, eastablishes tunnels and everything works as it should.

@dulemis are you using IKEv2 strongSwan?

@TheOverwatcher yes I am