1.7. Building the software packages

This section deals with properly compiling all the third-party software packages that are used in some way in m0n0wall. Where useful, the FreeBSD ports system is used (especially if a package requires FreeBSD-relevant patches). For some packages, the standard "./configure && make && make install" procedure can be used; others need a few extra configure options to produce a small binary, while still others need patches to work properly on m0n0wall.

1.7.1. PHP

Install autoconf213 from the FreeBSD ports collection and create some links so that PHP's buildconf scripts find autoconf:

cd /usr/ports/devel/autoconf213
make install clean
ln -s /usr/local/bin/autoconf213 /usr/local/bin/autoconf
ln -s /usr/local/bin/autoheader213 /usr/local/bin/autoheader

Download the latest version of PHP 4.4 from http://www.php.net and decompress as usual. Download the RADIUS PECL extension from http://m0n0.ch/wall/downloads/freebsd-4.11/radius-1.2.5.tgz. Unpack it in php-4.4.x/ext and rename the resulting directory (whose name includes the version number) to 'radius'. Go back into the php-4.4.x directory and build/install as follows:

rm configure
./buildconf --force
./configure --without-mysql --with-pear --with-openssl --enable-discard-path --enable-radius --enable-sockets --enable-bcmath
make
install -s sapi/cgi/php $MWROOT/usr/local/bin

Put the following in $MWROOT/usr/local/lib/php.ini:

magic_quotes_gpc = Off
magic_quotes_runtime = Off
max_execution_time = 0
max_input_time = 180
register_argc_argv = Off
file_uploads = On
upload_tmp_dir = /ftmp
upload_max_filesize = 8M
post_max_size = 10M
html_errors = Off
include_path = ".:/etc/inc:/usr/local/www:/usr/local/captiveportal"

1.7.2. mini_httpd

Download mini_httpd 1.19 from http://www.acme.com/software/mini_httpd/mini_httpd-1.19.tar.gz and extract. A custom patch needs to be applied that:

  • adds a limit to the number of concurrent connections to prevent DoS attacks (since mini_httpd is a forking web server), and since m0n0wall 1.21: an optional per-client-IP-address limit

  • adds captive portal mode support (including httpd support for the file manager since m0n0wall 1.21)

  • sets SCRIPT_FILENAME (for php)

  • fixes a bug where mini_httpd would exit if a TCP connection was closed before mini_httpd had a chance to handle it (ECONNABORTED)

  • adds "index.php" to the list of index file names

  • makes the error pages much more plain

  • doesn't add a Server: header

  • patches the Makefile to build mini_httpd with SSL support

Apply the patch, compile and install as follows:

patch < $MWPATCHDIR/packages/mini_httpd.patch
make
install -s mini_httpd $MWROOT/usr/local/sbin

1.7.3. ISC DHCP server and relay

The FreeBSD ports system will be used to compile these.

1.7.3.1. DHCP server

cd /usr/ports/net/isc-dhcp3-server
make

Don't choose any options in the dialog box (i.e. deselect them all). When it's compiled, install as follows:

install -s work/dhcp-*/work.freebsd/server/dhcpd $MWROOT/usr/local/sbin

1.7.3.2. DHCP relay

cd /usr/ports/net/isc-dhcp3-relay
make
install -s work/dhcp-*/work.freebsd/relay/dhcrelay $MWROOT/usr/local/sbin

1.7.4. Dnsmasq

This requires GNU getopt, so it's easier to use the port:

cd /usr/ports/dns/dnsmasq
make
install -s work/dnsmasq-*/src/dnsmasq $MWROOT/usr/local/sbin

1.7.5. MSNTP

cd /usr/ports/net/msntp
make
install -s work/msntp-*/msntp $MWROOT/usr/local/bin

1.7.6. wol

Get the latest version of wol from http://sourceforge.net/project/showfiles.php?group_id=8895. Extract, then compile and install as follows:

./configure --disable-nls
make
install -s src/wol $MWROOT/usr/local/bin

1.7.7. ez-ipupdate

Get ez-ipupdate 3.0.11b8 from http://dyn.pl/client/UNIX/ez-ipupdate/ez-ipupdate-3.0.11b8.tar.gz. A patch needs to be applied that:

  • fixes interface IP address determination under FreeBSD

  • writes out the cache file before running the post-update command (instead of after) so that the command can use the information from the cache file

  • fixes a security issue (syslog() call)

patch < $MWPATCHDIR/packages/ez-ipupdate.c.patch
./configure
make
install -s ez-ipupdate $MWROOT/usr/local/bin

1.7.8. bpalogin

Get the latest source code version of bpalogin from http://bpalogin.sourceforge.net/index.php?page=download#source. Extract, then compile and install as follows:

./configure
make
install -s bpalogin $MWROOT/usr/local/sbin

1.7.9. MPD

Install MPD 3.x using the ports system:

cd /usr/ports/net/mpd
make
install -s work/mpd-*/src/mpd $MWROOT/usr/local/sbin

1.7.10. OpenVPN

Get the latest release version of OpenVPN from http://openvpn.net/download.html. Extract, then compile and install as follows:

setenv CFLAGS "-DLOG_OPENVPN=LOG_LOCAL6 -O2"
./configure --disable-lzo --disable-plugins --disable-management --disable-socks --disable-http --disable-debug
make
install -s openvpn $MWROOT/usr/local/sbin

1.7.11. racoon

As of version 1.21, m0n0wall uses the ipsec-tools version of racoon, as the KAME racoon version isn't being developed anymore and has been removed from the FreeBSD ports tree.

Install racoon from ipsec-tools using the ports system:

cd /usr/ports/security/ipsec-tools

Edit CONFIGURE_ARGS in the Makefile:

  • remove the --enable-debug and --enable-ipv6 options (saves space)

  • add the --without-readline option (removes the dependency on libreadline)

make
install -s work/ipsec-tools-*/src/racoon/.libs/racoon $MWROOT/usr/local/sbin
install -s work/ipsec-tools-*/src/libipsec/.libs/libipsec.so.0 $MWROOT/usr/local/lib

1.7.12. ucd-snmp

Get ucd-snmp 4.2.x (not net-snmp as it's much bigger) from http://sourceforge.net/project/showfiles.php?group_id=12694. Extract, then compile and install as follows:

./configure  --without-openssl --disable-debugging --enable-static \
--enable-mini-agent --disable-privacy --disable-testing-code \
--disable-shared-version --disable-shared --disable-ipv6 \
'--with-out-transports=TCP Unix' \
'--with-mib-modules=mibII/interfaces mibII/var_route ucd-snmp/vmstat_freebsd2'

Just press enter at all questions.

make
install -s agent/snmpd $MWROOT/usr/local/sbin