VPN-Server in Box integrieren

Hallo zusammen,

ich wäre auch sehr dankbar wenn mal jemand die Vorgehensweise erklären würde. Also vom Download der oben gelinkten Datei bis zum laden auf der Fritz!Box. Die Konfig sollte ich dann wohl hinbekommen. Wär ja nicht mein erster OpenVPN Server.

Danke schon mal.

Gruß
Aleks
 
HI, hier ist die Vorgehensweise:

1. Den TFTP Server von http://www.topshareware.com/TFTP-Server-download-924.htm runterladen und installieren.

2. Ein Verzeichnis erstellen, wohin wir dann die Daten für den Transfer kopieren z.B. c:\TFTP-Verzeichnis

3. TFTP Server starten. Unter File, Configure das in Punkt 2 angelegte Verzeichnis auswählen.
Beim "Security"-Tab "Transmit and Receive files" einstellen. Mit OK die Konfiguration speichern.

4. openvpn2.zip runterladen und in das in Punkt 2 erstellte Verzeichnis entpacken.

5. per Telnet auf die FritzBox. Dort dann "cd /var/tmp" eintippen. Dann "tftp -g -l openvpn 192.168.178.21", wobei 192.168.178.21 die IP des Computers ist, auf dem der TFTP-Server läuft. Mittels "chmod u+x openvpn" die Datei openvpn ausführbar machen. "./openvpn" startet dann openvpn.

6. Konfigurationen erstellen. mittels "./openvpn --config configdatei.cfg" die Konfiguration testen.

7. Sich darum kümmern, dass es noch nach einem Reboot da ist und automatisch gestartet wird. Routing Regeln einstellen.

Gruß,
Robert
 
Hi, bloodaxe. grübel
Was meinst du mit fertig compiliertes VPN programm?
Hast du es mal mit dem Download aus meinem letzen Post probiert?
Sind halt nur keine Konfig's drin.
Howto gibt es hier: http://openvpn.net/static.html

MfG Oliver
oh danke muss ich irgendwie übersehn haben .. des wars was ich haben wollte, danke :)

@robot_rap
ne andere möglichkeit wäre per wget das ganze zu machen, in anlehnung an den thread hier: http://www.ip-phone-forum.de/forum/viewtopic.php?t=21635
und dann einfach auch ins gleiche script mit hinein und gut ist die sache.

ich werd dann noch testen müssen ob man die config nicht auch ins gleiche verzeichniss packen kann wie die debug.cfg ... aber zur not eben direkt in die debug.cfg und dann mit echo bei jedem start irgendwo reinschreiben .. oder als uue formal da rein oder oder .. da gibts genug möglichkeiten denk ich.
 
Hi,

habt ihr euch mal UPX angeschaut? Damit kannste binaries packen und die werden zur laufzeit wieder entpackt, also das bin entpackt sich selbst. das spart bissl platz auf der box.

http://upx.sourceforge.net/

damit hab ich mal ein "ein floppy linux" gebastelt.

gruss,
jens.





olistudent schrieb:
Hi.
futuremax2k schrieb:
Nur wie und mit was hast du die binary kompiliert? Weil ich denk mal so groß wie die ist werden alle libs drin sein. Meine war ja nur "300Kb" groß.
Mit Enrik's buildroot.
Ich hab die libgcc_s, libssl, liblzo und libcrypto statisch ins Binary gelinkt.

MfG Oliver
 
Hi.
Leider nicht für mips...
Code:
universal: UPX can pack a number of executable formats: 
- atari/tos 
- djgpp2/coff 
- dos/com 
- dos/exe 
- dos/sys 
- linux/386 
- rtm32/pe 
- tmt/adam 
- watcom/le (supporting DOS4G, PMODE/W, DOS32a and CauseWay) 
- win32/pe
MfG Oliver
 
es bringt ja auch nur dann etwas, wenn die komprimierung besser wäre als die, die squashfs schon macht. -> also vermutlich nicht allzuviel.

Gruß,
Pfeffer.
 
ah, das wusst ich nicht, jo dann kann mans wohl vergessen
 
Hallo,

erstmal muss ich zugeben, daß ich Linux-Laie bin und mich nicht besonders gut auskenne. Trotzdem reicht es um ein bisschen rumfummeln zu können.

Ich habe jetzt meine FBF soweit, daß sie sich nach dem booten mit wget die Dateien "openvpn" und "static.key" von meinem webscape holt und openvpn startet.

Auf meinen Windows-Rechner habe ich openvpn-2.0-install.exe installiert und den static.key eingefügt und einen neuen TAP-Win32 Virtual Adapter erstellt (LAN-Verbindung 2).

Aber jetzt weis ich nicht wie es weiter gehen soll. Wo konfiguriere ich Benutzernamen und Passwort und wie kann ich connecten. Weiterhin muss ich doch irgendwo das Routing einstellen und der FritzBox mitteilen, welche Netze ich verbinden will.

Hat denn nichtmal einer ein Beispiel .conf. Ein Dev tun habe ich nicht gefunden. Ich kann mit den ganzen Anleitungen im Netz nichts anfangen, weil da .pem files, etc. benötigt werden und die habe ich nicht, bzw. weis nicht wie ich die anlege.

Kann mir jemand helfen?

Gruß
Han-Solo
 
Hallo,

Ich habe es geschafft openvpn auf die FBF zu beamen und die hilfe (./openvpn --help) zu laden, aber ich musste die datei mit "chmod +x openvpn" ausführbar machen...

Ich begreife aber immer noch nicht wie man das ganze konfiguriert :(

hier noch die hilfe mit PuTTY geloggt:
Code:
 OpenVPN 2.0 mipsel-linux [SSL] [LZO] built on Jul 11 2005

General Options:
--config file   : Read configuration options from file.
--help          : Show options.
--version       : Show copyright and version information.

Tunnel Options:
--local host    : Local host name or ip address.
--remote host [port] : Remote host name or ip address.
--remote-random : If multiple --remote options specified, choose one randomly.
--mode m        : Major mode, m = 'p2p' (default, point-to-point) or 'server'.
--proto p       : Use protocol p for communicating with peer.
                  p = udp (default), tcp-server, or tcp-client
--connect-retry n : For --proto tcp-client, number of seconds to wait
                  between connection retries (default=5).
--http-proxy s p [up] [auth] : Connect to remote host through an HTTP proxy at
                  address s and port p.  If proxy authentication is required,
                  up is a file containing username/password on 2 lines, or
                  'stdin' to prompt from console.  Add auth='ntlm' if
                  the proxy requires NTLM authentication.
--http-proxy-retry     : Retry indefinitely on HTTP proxy errors.
--http-proxy-timeout n : Proxy timeout in seconds, default=5.
--http-proxy-option type [parm] : Set extended HTTP proxy options.
                                  Repeat to set multiple options.
                  VERSION version (default=1.0)
                  AGENT user-agent
--socks-proxy s [p]: Connect to remote host through a Socks5 proxy at address
                  s and port p (default port = 1080).
--socks-proxy-retry : Retry indefinitely on Socks proxy errors.
--resolv-retry n: If hostname resolve fails for --remote, retry
                  resolve for n seconds before failing (disabled by default).
                  Set n="infinite" to retry indefinitely.
--float         : Allow remote to change its IP address/port, such as through
                  DHCP (this is the default if --remote is not used).
--ipchange cmd  : Execute shell command cmd on remote ip address initial
                  setting or change -- execute as: cmd ip-address port#
--port port     : TCP/UDP port # for both local and remote.
--lport port    : TCP/UDP port # for local (default=1194).
--rport port    : TCP/UDP port # for remote (default=1194).
--nobind        : Do not bind to local address and port.
--dev tunX|tapX : tun/tap device (X can be omitted for dynamic device.
--dev-type dt   : Which device type are we using? (dt = tun or tap) Use
                  this option only if the tun/tap device used with --dev
                  does not begin with "tun" or "tap".
--dev-node node : Explicitly set the device node rather than using
                  /dev/net/tun, /dev/tun, /dev/tap, etc.
--tun-ipv6      : Build tun link capable of forwarding IPv6 traffic.
--ifconfig l rn : TUN: configure device to use IP address l as a local
                  endpoint and rn as a remote endpoint.  l & rn should be
                  swapped on the other peer.  l & rn must be private
                  addresses outside of the subnets used by either peer.
                  TAP: configure device to use IP address l as a local
                  endpoint and rn as a subnet mask.
--ifconfig-noexec : Don't actually execute ifconfig/netsh command, instead
                    pass --ifconfig parms by environment to scripts.
--ifconfig-nowarn : Don't warn if the --ifconfig option on this side of the
                    connection doesn't match the remote side.
--route network [netmask] [gateway] [metric] :
                  Add route to routing table after connection
                  is established.  Multiple routes can be specified.
                  netmask default: 255.255.255.255
                  gateway default: taken from --route-gateway or --ifconfig
                  Specify default by leaving blank or setting to "nil".
--route-gateway gw : Specify a default gateway for use with --route.
--route-delay n [w] : Delay n seconds after connection initiation before
                  adding routes (may be 0).  If not specified, routes will
                  be added immediately after tun/tap open.  On Windows, wait
                  up to w seconds for TUN/TAP adapter to come up.
--route-up cmd  : Execute shell cmd after routes are added.
--route-noexec  : Don't add routes automatically.  Instead pass routes to
                  --route-up script using environmental variables.
--redirect-gateway [flags]: (Experimental) Automatically execute routing
                  commands to redirect all outgoing IP traffic through the
                  VPN.  Add 'local' flag if both OpenVPN servers are directly
                  connected via a common subnet, such as with WiFi.
                  Add 'def1' flag to set default route using using 0.0.0.0/1
                  and 128.0.0.0/1 rather than 0.0.0.0/0.
--setenv name value : Set a custom environmental variable to pass to script.
--shaper n      : Restrict output to peer to n bytes per second.
--keepalive n m : Helper option for setting timeouts in server mode.  Send
                  ping once every n seconds, restart if ping not received
                  for m seconds.
--inactive n    : Exit after n seconds of inactivity on tun/tap device.
--ping-exit n   : Exit if n seconds pass without reception of remote ping.
--ping-restart n: Restart if n seconds pass without reception of remote ping.
--ping-timer-rem: Run the --ping-exit/--ping-restart timer only if we have a
                  remote address.
--ping n        : Ping remote once every n seconds over TCP/UDP port.
--fast-io       : (experimental) Optimize TUN/TAP/UDP writes.
--explicit-exit-notify n : (experimental) on exit, send exit signal to remote.
--remap-usr1 s  : On SIGUSR1 signals, remap signal (s='SIGHUP' or 'SIGTERM').
--persist-tun   : Keep tun/tap device open across SIGUSR1 or --ping-restart.
--persist-remote-ip : Keep remote IP address across SIGUSR1 or --ping-restart.
--persist-local-ip  : Keep local IP address across SIGUSR1 or --ping-restart.
--persist-key   : Don't re-read key files across SIGUSR1 or --ping-restart.
--passtos       : TOS passthrough (applies to IPv4 only).
--tun-mtu n     : Take the tun/tap device MTU to be n and derive the
                  TCP/UDP MTU from it (default=1500).
--tun-mtu-extra n : Assume that tun/tap device might return as many
                  as n bytes more than the tun-mtu size on read
                  (default TUN=0 TAP=32).
--link-mtu n    : Take the TCP/UDP device MTU to be n and derive the tun MTU
                  from it.
--mtu-disc type : Should we do Path MTU discovery on TCP/UDP channel?
                  'no'    -- Never send DF (Don't Fragment) frames
                  'maybe' -- Use per-route hints
                  'yes'   -- Always DF (Don't Fragment)
--mtu-test      : Empirically measure and report MTU.
--fragment max  : Enable internal datagram fragmentation so that no UDP
                  datagrams are sent which are larger than max bytes.
                  Adds 4 bytes of overhead per datagram.
--mssfix [n]    : Set upper bound on TCP MSS, default = tun-mtu size
                  or --fragment max value, whichever is lower.
--sndbuf size   : Set the TCP/UDP send buffer size.
--rcvbuf size   : Set the TCP/UDP receive buffer size.
--txqueuelen n  : Set the tun/tap TX queue length to n (Linux only).
--mlock         : Disable Paging -- ensures key material and tunnel
                  data will never be written to disk.
--up cmd        : Shell cmd to execute after successful tun device open.
                  Execute as: cmd tun/tap-dev tun-mtu link-mtu \
                              ifconfig-local-ip ifconfig-remote-ip
                  (pre --user or --group UID/GID change)
--up-delay      : Delay tun/tap open and possible --up script execution
                  until after TCP/UDP connection establishment with peer.
--down cmd      : Shell cmd to run after tun device close.
                  (post --user/--group UID/GID change and/or --chroot)
                  (script parameters are same as --up option)
--down-pre      : Call --down cmd/script before TUN/TAP close.
--up-restart    : Run up/down scripts for all restarts including those
                  caused by --ping-restart or SIGUSR1
--user user     : Set UID to user after initialization.
--group group   : Set GID to group after initialization.
--chroot dir    : Chroot to this directory after initialization.
--cd dir        : Change to this directory before initialization.
--daemon [name] : Become a daemon after initialization.
                  The optional 'name' parameter will be passed
                  as the program name to the system logger.
--inetd [name] ['wait'|'nowait'] : Run as an inetd or xinetd server.
                  See --daemon above for a description of the 'name' parm.
--log file      : Output log to file which is created/truncated on open.
--log-append file : Append log to file, or create file if nonexistent.
--suppress-timestamps : Don't log timestamps to stdout/stderr.
--writepid file : Write main process ID to file.
--nice n        : Change process priority (>0 = lower, <0 = higher).
--echo [parms ...] : Echo parameters to log output.
--verb n        : Set output verbosity to n (default=1):
                  (Level 3 is recommended if you want a good summary
                  of what's happening without being swamped by output).
                : 0 -- no output except fatal errors
                : 1 -- startup info + connection initiated messages +
                       non-fatal encryption & net errors
                : 2,3 -- show TLS negotiations & route info
                : 4 -- show parameters
                : 5 -- show 'RrWw' chars on console for each packet sent
                       and received from TCP/UDP (caps) or tun/tap (lc)
                : 6 to 11 -- debug messages of increasing verbosity
--mute n        : Log at most n consecutive messages in the same category.
--status file n : Write operational status to file every n seconds.
--status-version [n] : Choose the status file format version number.
                  Currently, n can be 1 or 2 (default=1).
--disable-occ   : Disable options consistency check between peers.
--gremlin mask  : Special stress testing mode (for debugging only).
--comp-lzo      : Use fast LZO compression -- may add up to 1 byte per
                  packet for uncompressible data.
--comp-noadapt  : Don't use adaptive compression when --comp-lzo
                  is specified.
--management ip port [pass] : Enable a TCP server on ip:port to handle
                  management functions.  pass is a password file
                  or 'stdin' to prompt from console.
--management-query-passwords : Query management channel for private key
                  and auth-user-pass passwords.
--management-hold : Start OpenVPN in a hibernating state, until a client
                    of the management interface explicitly starts it.
--management-log-cache n : Cache n lines of log file history for usage
                  by the management channel.
--plugin m [str]: Load plug-in module m passing str as an argument
                  to its initialization function.

Multi-Client Server options (when --mode server is used):
--server network netmask : Helper option to easily configure server mode.
--server-bridge IP netmask pool-start-IP pool-end-IP : Helper option to
                    easily configure ethernet bridging server mode.
--push "option" : Push a config file option back to the peer for remote
                  execution.  Peer must specify --pull in its config file.
--push-reset    : Don't inherit global push list for specific
                  client instance.
--ifconfig-pool start-IP end-IP [netmask] : Set aside a pool of subnets
                  to be dynamically allocated to connecting clients.
--ifconfig-pool-linear : Use individual addresses rather than /30 subnets
                  in tun mode.  Not compatible with Windows clients.
--ifconfig-pool-persist file [seconds] : Persist/unpersist ifconfig-pool
                  data to file, at seconds intervals (default=600).
                  If seconds=0, file will be treated as read-only.
--ifconfig-push local remote-netmask : Push an ifconfig option to remote,
                  overrides --ifconfig-pool dynamic allocation.
                  Only valid in a client-specific config file.
--iroute network [netmask] : Route subnet to client.
                  Sets up internal routes only.
                  Only valid in a client-specific config file.
--disable       : Client is disabled.
                  Only valid in a client-specific config file.
--client-cert-not-required : Don't require client certificate, client
                  will authenticate using username/password.
--username-as-common-name  : For auth-user-pass authentication, use
                  the authenticated username as the common name,
                  rather than the common name from the client cert.
--auth-user-pass-verify cmd method: Query client for username/password and
                  run script cmd to verify.  If method='via-env', pass
                  user/pass via environment, if method='via-file', pass
                  user/pass via temporary file.
--client-to-client : Internally route client-to-client traffic.
--duplicate-cn  : Allow multiple clients with the same common name to
                  concurrently connect.
--client-connect cmd : Run script cmd on client connection.
--client-disconnect cmd : Run script cmd on client disconnection.
--client-config-dir dir : Directory for custom client config files.
--ccd-exclusive : Refuse connection unless custom client config is found.
--tmp-dir dir   : Temporary directory, used for --client-connect return file.
--hash-size r v : Set the size of the real address hash table to r and the
                  virtual address table to v.
--bcast-buffers n : Allocate n broadcast buffers.
--tcp-queue-limit n : Maximum number of queued TCP output packets.
--learn-address cmd : Run script cmd to validate client virtual addresses.
--connect-freq n s : Allow a maximum of n new connections per s seconds.
--max-clients n : Allow a maximum of n simultaneously connected clients.

Client options (when connecting to a multi-client server):
--client         : Helper option to easily configure client mode.
--auth-user-pass [up] : Authenticate with server using username/password.
                  up is a file containing username/password on 2 lines,
                  or omit to prompt from console.
--pull           : Accept certain config file options from the peer as if they
                  were part of the local config file.  Must be specified
                  when connecting to a '--mode server' remote host.

Data Channel Encryption Options (must be compatible between peers):
(These options are meaningful for both Static Key & TLS-mode)
--secret f [d]  : Enable Static Key encryption mode (non-TLS).
                  Use shared secret file f, generate with --genkey.
                  The optional d parameter controls key directionality.
                  If d is specified, use separate keys for each
                  direction, set d=0 on one side of the connection,
                  and d=1 on the other side.
--auth alg      : Authenticate packets with HMAC using message
                  digest algorithm alg (default=SHA1).
                  (usually adds 16 or 20 bytes per packet)
                  Set alg=none to disable authentication.
--cipher alg    : Encrypt packets with cipher algorithm alg
                  (default=BF-CBC).
                  Set alg=none to disable encryption.
--keysize n     : Size of cipher key in bits (optional).
                  If unspecified, defaults to cipher-specific default.
--engine [name] : Enable OpenSSL hardware crypto engine functionality.
--no-replay     : Disable replay protection.
--mute-replay-warnings : Silence the output of replay warnings to log file.
--replay-window n [t]  : Use a replay protection sliding window of size n
                         and a time window of t seconds.
                         Default n=64 t=15
--no-iv         : Disable cipher IV -- only allowed with CBC mode ciphers.
--replay-persist file : Persist replay-protection state across sessions
                  using file.
--test-crypto   : Run a self-test of crypto features enabled.
                  For debugging only.

TLS Key Negotiation Options:
(These options are meaningful only for TLS-mode)
--tls-server    : Enable TLS and assume server role during TLS handshake.
--tls-client    : Enable TLS and assume client role during TLS handshake.
--key-method m  : Data channel key exchange method.  m should be a method
                  number, such as 1 (default), 2, etc.
--ca file       : Certificate authority file in .pem format containing
                  root certificate.
--dh file       : File containing Diffie Hellman parameters
                  in .pem format (for --tls-server only).
                  Use "openssl dhparam -out dh1024.pem 1024" to generate.
--cert file     : Local certificate in .pem format -- must be signed
                  by a Certificate Authority in --ca file.
--key file      : Local private key in .pem format.
--pkcs12 file   : PKCS#12 file containing local private key, local certificate
                  and root CA certificate.
--tls-cipher l  : A list l of allowable TLS ciphers separated by : (optional).
                : Use --show-tls to see a list of supported TLS ciphers.
--tls-timeout n : Packet retransmit timeout on TLS control channel
                  if no ACK from remote within n seconds (default=2).
--reneg-bytes n : Renegotiate data chan. key after n bytes sent and recvd.
--reneg-pkts n  : Renegotiate data chan. key after n packets sent and recvd.
--reneg-sec n   : Renegotiate data chan. key after n seconds (default=3600).
--hand-window n : Data channel key exchange must finalize within n seconds
                  of handshake initiation by any peer (default=60).
--tran-window n : Transition window -- old key can live this many seconds
                  after new key renegotiation begins (default=3600).
--single-session: Allow only one session (reset state on restart).
--tls-exit      : Exit on TLS negotiation failure.
--tls-auth f [d]: Add an additional layer of authentication on top of the TLS
                  control channel to protect against DoS attacks.
                  f (required) is a shared-secret passphrase file.
                  The optional d parameter controls key directionality,
                  see --secret option for more info.
--askpass [file]: Get PEM password from controlling tty before we daemonize.
--auth-nocache  : Don't cache --askpass or --auth-user-pass passwords.
--crl-verify crl: Check peer certificate against a CRL.
--tls-verify cmd: Execute shell command cmd to verify the X509 name of a
                  pending TLS connection that has otherwise passed all other
                  tests of certification.  cmd should return 0 to allow
                  TLS handshake to proceed, or 1 to fail.  (cmd is
                  executed as 'cmd certificate_depth X509_NAME_oneline')
--tls-remote x509name: Accept connections only from a host with X509 name
                  x509name. The remote host must also pass all other tests
                  of verification.
--ns-cert-type t: Require that peer certificate was signed with an explicit
                  nsCertType designation t = 'client' | 'server'.

SSL Library information:
--show-ciphers  : Show cipher algorithms to use with --cipher option.
--show-digests  : Show message digest algorithms to use with --auth option.
--show-engines  : Show hardware crypto accelerator engines (if available).
--show-tls      : Show all TLS ciphers (TLS used only as a control channel).

Generate a random key (only for non-TLS static key encryption mode):
--genkey        : Generate a random key to be used as a shared secret,
                  for use with the --secret option.
--secret file   : Write key to file.

Tun/tap config mode (available with linux 2.4+):
--mktun         : Create a persistent tunnel.
--rmtun         : Remove a persistent tunnel.
--dev tunX|tapX : tun/tap device
--dev-type dt   : Device type.  See tunnel options above for details.

Gruss HB3YLF
 
HI,
vielleicht hilft dir dieses Howto:
http://openvpn.net/static.html

oder wenn es dir auf deutsch lieber ist:
http://www.lugah.de.bart.blserver.de/Data/OpenVPN-Howto/OpenVPN_Mini_HowTo.html

Du kannst auch noch bei google die Stichwörter "openvpn" und "howto" eintippen, da findest du sehr viele Seiten die du dir durchlesen kannst.

Es ist wirklich nicht schwer. Falls es doch noch Probleme gibt, kannst du mir ja ne PN schicken, dann wird dieser Beitrag nicht so unübersichtlich. Lies aber zuerst ein paar HowTos, sonst antworte ich nicht auf deine Fragen. Ein bischen musst du dich schon selbst drum kümmern.

Gruß,
Robert
 
Kommt man mit OpenVPN jetzt auf den Cisco VPN Server? Ich hab den passenden vpnc-Client seit einigen Monaten auf der Fritzbox laufen; die CPU reicht für so 80kB Durchsatz. Wenn ansonsten noch jemand Interesse an vpnc hat, könnte man da nochmal eine neue Version probieren... Siehe auch http://www.ip-phone-forum.de/forum/viewtopic.php?t=8266
 
saltlake schrieb:
Kommt man mit OpenVPN jetzt auf den Cisco VPN Server?
Nein, das funktioniert nicht. OpenVPN verwendet ein anderes Protokoll.
 
Hallo,

für diejenigen, die das mit OpenVPN noch nicht hinbekommen haben hier nochmal eine kleine Anleitung.

Man erstellt sich auf seinem Webserver ein Unterverzeichis (z.B. fritzbox) und stellt dort die von olistudent kompilierte openvpn zum Download bereit. (Danke nochmal!)

Anschließend verwendet man nachfolgenden für sich selbst angepassten Code und fügt diesen in /var/flash/debug.cfg ein....

serverurl= URL des eigenen Webservers
serverdir= Verzeichnis in dem openvpn liegt

.... und führt ein reboot aus.

Code:
# Variablen ferstlegen
serverurl="mydomain.de"
serverdir="/fritzbox"

# OpenVPN holen und ausführbar machen
wget http://$serverurl$serverdir/openvpn
chmod +x /var/tmp/openvpn


# OpenVPN - static.key erzeugen
# wird in die Datei /var/tmp/static.key geschrieben

echo # 2048 bit OpenVPN static key > /var/tmp/static.key
echo # >> /var/tmp/static.key
echo -----BEGIN OpenVPN Static key V1----- >> /var/tmp/static.key
echo 4a8e26301cd7377898f2e08399eeb14d >> /var/tmp/static.key
echo bc1xxxxxxxxxxxxxxxxxxxxxb348b8c >> /var/tmp/static.key
echo 2b4xxxxxxxxxxxxxxxxxxxxxx1b096e >> /var/tmp/static.key
echo 57c3xxxxxxxxxxxxxxxxxxxxxd8a9f0b >> /var/tmp/static.key
echo 039xxxxxxxxxxxxxxxxxxxxxxb42eb >> /var/tmp/static.key
echo c89xxxxxxxxxxxxxxxxxxxxxx799cc7 >> /var/tmp/static.key
echo 0e2xxxxxxxxxxxxxxxxxxxxxx1327ddb >> /var/tmp/static.key
echo a72xxxxxxxxxxxxxxxxxxxxxx91770 >> /var/tmp/static.key
echo 7bf4xxxxxxxxxxxxxxxxxxxxeccd60 >> /var/tmp/static.key
echo 67e8xxxxxxxxxxxxxxxxxxxxxfbed822 >> /var/tmp/static.key
echo 32axxxxxxxxxxxxxxxxxxxxxx78a40 >> /var/tmp/static.key
echo e71xxxxxxxxxxxxxxxxxxxxxxxf7c00 >> /var/tmp/static.key
echo b23xxxxxxxxxxxxxxxxxxxxx8a95234 >> /var/tmp/static.key
echo 8d3xxxxxxxxxxxxxxxxxxxxxx646cb3 >> /var/tmp/static.key
echo eb31xxxxxxxxxxxxxxxxxxxx3167500 >> /var/tmp/static.key
echo 0e3cc6b7ca9c01594f3e5f2d7f0d451c >> /var/tmp/static.key
echo -----END OpenVPN Static key V1----- >> /var/tmp/static.key
chmod 0600 /var/tmp/static.key

# openvpn.conf schreiben
echo dev tun0 > /var/tmp/openvpn.conf
echo  remote xxxxxx.dyndns.org>> /var/tmp/openvpn.conf
echo  ifconfig 10.0.0.1 10.0.0.2 >> /var/tmp/openvpn.conf
echo secret /var/tmp/static.key >> /var/tmp/openvpn.conf
echo tun-mtu 1500 >> /var/tmp/openvpn.conf
echo fragment 1500 >> /var/tmp/openvpn.conf
echo mssfix >> /var/tmp/openvpn.conf
chmod 0600 /var/tmp/openvpn.conf


# OpenVPN starten
/var/tmp/openvpn --cd /var/tmp --daemon --config openvpn.conf --dev-node /dev/misc/net/tun

Jetzt steht natürlich erstmal unbrauchbarer Müll in der static.key.
Den richtigen key erzeugt mal mit:

Code:
./openvpn --genkey --secret static.key

... und ersetzt diesen wiederum in der /var/flash/debug.cfg.
(Zeile für Zeile zwischen "echo" und ">> /var/tmp/static.key")

Dann noch die dyndns oder IP-Adresse der anderen Tunnel-Seite und fertig ist das OpenVPN.
Natürlich muss man auf der Gegenseite alles genauso einrichten (ACHTUNG: gleichen static.key verwenden) und die IP Adressen für den Tunnel tauschen. Für dieses Beispiel: ifconfig 10.0.0.2 10.0.0.1

Viel Spaß beim Testen und den static.key unbedingt geheim halten.

Gruß

Han-Solo
 

Anhänge

  • openvpn2_101.zip
    539.6 KB · Aufrufe: 808
Zuletzt bearbeitet:
hallo,

ich bekomme keine verbindung zwischen der fritzbox und dem windows pc zusammen. ping über den tunnel (10.0.0.x) geht von beiden seiten nicht, ping auf lokale tunneladresse geht..

konfig auf der fritzbox:
Code:
dev tun0
ifconfig 10.0.0.1 10.0.0.2
secret /etc/openvpn/openvpn.key
tun-mtu 1500
fragment 1500
mssfix

konfig auf dem windows pc:
Code:
remote xxxxxx.dyndns.org
dev tun
ifconfig 10.0.0.2 10.0.0.1
secret fritzbox.key
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
route-gateway 10.0.0.1
redirect-gateway
verb 6

ausgabe im log-fenster von openvpn gui:
Code:
Sat Aug 13 17:11:20 2005 us=228915 Current Parameter Settings:
Sat Aug 13 17:11:20 2005 us=228964   config = 'fritzbox.ovpn'
Sat Aug 13 17:11:20 2005 us=228973   mode = 0
Sat Aug 13 17:11:20 2005 us=228982   show_ciphers = DISABLED
Sat Aug 13 17:11:20 2005 us=228991   show_digests = DISABLED
Sat Aug 13 17:11:20 2005 us=229000   show_engines = DISABLED
Sat Aug 13 17:11:20 2005 us=229009   genkey = DISABLED
Sat Aug 13 17:11:20 2005 us=229018   key_pass_file = '[UNDEF]'
Sat Aug 13 17:11:20 2005 us=229027   show_tls_ciphers = DISABLED
Sat Aug 13 17:11:20 2005 us=229036   proto = 0
Sat Aug 13 17:11:20 2005 us=229045   local = '[UNDEF]'
Sat Aug 13 17:11:20 2005 us=229055   remote_list[0] = {'xxxxxx.dyndns.org', 1194}
Sat Aug 13 17:11:20 2005 us=229066   remote_random = DISABLED
Sat Aug 13 17:11:20 2005 us=229076   local_port = 1194
Sat Aug 13 17:11:20 2005 us=229084   remote_port = 1194
Sat Aug 13 17:11:20 2005 us=229093   remote_float = DISABLED
Sat Aug 13 17:11:20 2005 us=229102   ipchange = '[UNDEF]'
Sat Aug 13 17:11:20 2005 us=229111   bind_local = ENABLED
Sat Aug 13 17:11:20 2005 us=229119   dev = 'tun'
Sat Aug 13 17:11:20 2005 us=229128   dev_type = '[UNDEF]'
Sat Aug 13 17:11:20 2005 us=229136   dev_node = '[UNDEF]'
Sat Aug 13 17:11:20 2005 us=229145   tun_ipv6 = DISABLED
Sat Aug 13 17:11:20 2005 us=229153   ifconfig_local = '10.0.0.2'
Sat Aug 13 17:11:20 2005 us=229163   ifconfig_remote_netmask = '10.0.0.1'
Sat Aug 13 17:11:20 2005 us=229172   ifconfig_noexec = DISABLED
Sat Aug 13 17:11:20 2005 us=229181   ifconfig_nowarn = DISABLED
Sat Aug 13 17:11:20 2005 us=229190   shaper = 0
Sat Aug 13 17:11:20 2005 us=229198   tun_mtu = 1500
Sat Aug 13 17:11:20 2005 us=229207   tun_mtu_defined = ENABLED
Sat Aug 13 17:11:20 2005 us=229216   link_mtu = 1500
Sat Aug 13 17:11:20 2005 us=229224   link_mtu_defined = DISABLED
Sat Aug 13 17:11:20 2005 us=229233   tun_mtu_extra = 0
Sat Aug 13 17:11:20 2005 us=229242   tun_mtu_extra_defined = DISABLED
Sat Aug 13 17:11:20 2005 us=229251   fragment = 0
Sat Aug 13 17:11:20 2005 us=229260   mtu_discover_type = -1
Sat Aug 13 17:11:20 2005 us=229269   mtu_test = 0
Sat Aug 13 17:11:20 2005 us=229277   mlock = DISABLED
Sat Aug 13 17:11:20 2005 us=229286   keepalive_ping = 10
Sat Aug 13 17:11:20 2005 us=229295   keepalive_timeout = 60
Sat Aug 13 17:11:20 2005 us=229304   inactivity_timeout = 0
Sat Aug 13 17:11:20 2005 us=229313   ping_send_timeout = 10
Sat Aug 13 17:11:20 2005 us=229323   ping_rec_timeout = 60
Sat Aug 13 17:11:20 2005 us=229331   ping_rec_timeout_action = 2
Sat Aug 13 17:11:20 2005 us=229341   ping_timer_remote = ENABLED
Sat Aug 13 17:11:20 2005 us=229349   remap_sigusr1 = 0
Sat Aug 13 17:11:20 2005 us=229358   explicit_exit_notification = 0
Sat Aug 13 17:11:20 2005 us=229367   persist_tun = ENABLED
Sat Aug 13 17:11:20 2005 us=229376   persist_local_ip = DISABLED
Sat Aug 13 17:11:20 2005 us=229386   persist_remote_ip = DISABLED
Sat Aug 13 17:11:20 2005 us=229395   persist_key = ENABLED
Sat Aug 13 17:11:20 2005 us=229403   mssfix = 1450
Sat Aug 13 17:11:20 2005 us=229413   resolve_retry_seconds = 1000000000
Sat Aug 13 17:11:20 2005 us=229422   connect_retry_seconds = 5
Sat Aug 13 17:11:20 2005 us=229431   username = '[UNDEF]'
Sat Aug 13 17:11:20 2005 us=229440   groupname = '[UNDEF]'
Sat Aug 13 17:11:20 2005 us=229448   chroot_dir = '[UNDEF]'
Sat Aug 13 17:11:20 2005 us=229457   cd_dir = '[UNDEF]'
Sat Aug 13 17:11:20 2005 us=229466   writepid = '[UNDEF]'
Sat Aug 13 17:11:20 2005 us=229475   up_script = '[UNDEF]'
Sat Aug 13 17:11:20 2005 us=229484   down_script = '[UNDEF]'
Sat Aug 13 17:11:20 2005 us=229493   down_pre = DISABLED
Sat Aug 13 17:11:20 2005 us=229502   up_restart = DISABLED
Sat Aug 13 17:11:20 2005 us=229510   up_delay = DISABLED
Sat Aug 13 17:11:20 2005 us=229519   daemon = DISABLED
Sat Aug 13 17:11:20 2005 us=229528   inetd = 0
Sat Aug 13 17:11:20 2005 us=229536   log = DISABLED
Sat Aug 13 17:11:20 2005 us=229545   suppress_timestamps = DISABLED
Sat Aug 13 17:11:20 2005 us=229554   nice = 0
Sat Aug 13 17:11:20 2005 us=229563   verbosity = 6
Sat Aug 13 17:11:20 2005 us=305415   mute = 0
Sat Aug 13 17:11:20 2005 us=305432   gremlin = 0
Sat Aug 13 17:11:20 2005 us=305442   status_file = '[UNDEF]'
Sat Aug 13 17:11:20 2005 us=305450   status_file_version = 1
Sat Aug 13 17:11:20 2005 us=305459   status_file_update_freq = 60
Sat Aug 13 17:11:20 2005 us=305467   occ = ENABLED
Sat Aug 13 17:11:20 2005 us=305475   rcvbuf = 0
Sat Aug 13 17:11:20 2005 us=305483   sndbuf = 0
Sat Aug 13 17:11:20 2005 us=305492   socks_proxy_server = '[UNDEF]'
Sat Aug 13 17:11:20 2005 us=305501   socks_proxy_port = 0
Sat Aug 13 17:11:20 2005 us=305510   socks_proxy_retry = DISABLED
Sat Aug 13 17:11:20 2005 us=305518   fast_io = DISABLED
Sat Aug 13 17:11:20 2005 us=305527   comp_lzo = DISABLED
Sat Aug 13 17:11:20 2005 us=305535   comp_lzo_adaptive = ENABLED
Sat Aug 13 17:11:20 2005 us=305543   route_script = '[UNDEF]'
Sat Aug 13 17:11:20 2005 us=305552   route_default_gateway = '10.0.0.1'
Sat Aug 13 17:11:20 2005 us=305561   route_noexec = DISABLED
Sat Aug 13 17:11:20 2005 us=310442   route_delay = 0
Sat Aug 13 17:11:20 2005 us=310454   route_delay_window = 30
Sat Aug 13 17:11:20 2005 us=310463   route_delay_defined = ENABLED
Sat Aug 13 17:11:20 2005 us=310477   [redirect_default_gateway local=0]
Sat Aug 13 17:11:20 2005 us=310487   management_addr = '[UNDEF]'
Sat Aug 13 17:11:20 2005 us=310501   management_port = 0
Sat Aug 13 17:11:20 2005 us=310510   management_user_pass = '[UNDEF]'
Sat Aug 13 17:11:20 2005 us=310520   management_log_history_cache = 250
Sat Aug 13 17:11:20 2005 us=310530   management_echo_buffer_size = 100
Sat Aug 13 17:11:20 2005 us=310540   management_query_passwords = DISABLED
Sat Aug 13 17:11:20 2005 us=310549   management_hold = DISABLED
Sat Aug 13 17:11:20 2005 us=310558   shared_secret_file = 'fritzbox.key'
Sat Aug 13 17:11:20 2005 us=310567   key_direction = 0
Sat Aug 13 17:11:20 2005 us=310576   ciphername_defined = ENABLED
Sat Aug 13 17:11:20 2005 us=310584   ciphername = 'BF-CBC'
Sat Aug 13 17:11:20 2005 us=315821   authname_defined = ENABLED
Sat Aug 13 17:11:20 2005 us=315833   authname = 'SHA1'
Sat Aug 13 17:11:20 2005 us=315841   keysize = 0
Sat Aug 13 17:11:20 2005 us=315850   engine = DISABLED
Sat Aug 13 17:11:20 2005 us=315858   replay = ENABLED
Sat Aug 13 17:11:20 2005 us=315867   mute_replay_warnings = DISABLED
Sat Aug 13 17:11:20 2005 us=315876   replay_window = 64
Sat Aug 13 17:11:20 2005 us=315885   replay_time = 15
Sat Aug 13 17:11:20 2005 us=315893   packet_id_file = '[UNDEF]'
Sat Aug 13 17:11:20 2005 us=315902   use_iv = ENABLED
Sat Aug 13 17:11:20 2005 us=315910   test_crypto = DISABLED
Sat Aug 13 17:11:20 2005 us=315919   tls_server = DISABLED
Sat Aug 13 17:11:20 2005 us=315928   tls_client = DISABLED
Sat Aug 13 17:11:20 2005 us=315936   key_method = 2
Sat Aug 13 17:11:20 2005 us=315945   ca_file = '[UNDEF]'
Sat Aug 13 17:11:20 2005 us=315953   dh_file = '[UNDEF]'
Sat Aug 13 17:11:20 2005 us=321198   cert_file = '[UNDEF]'
Sat Aug 13 17:11:20 2005 us=321208   priv_key_file = '[UNDEF]'
Sat Aug 13 17:11:20 2005 us=321217   pkcs12_file = '[UNDEF]'
Sat Aug 13 17:11:20 2005 us=321226   cryptoapi_cert = '[UNDEF]'
Sat Aug 13 17:11:20 2005 us=321234   cipher_list = '[UNDEF]'
Sat Aug 13 17:11:20 2005 us=321243   tls_verify = '[UNDEF]'
Sat Aug 13 17:11:20 2005 us=321251   tls_remote = '[UNDEF]'
Sat Aug 13 17:11:20 2005 us=321259   crl_file = '[UNDEF]'
Sat Aug 13 17:11:20 2005 us=321268   ns_cert_type = 0
Sat Aug 13 17:11:20 2005 us=321276   tls_timeout = 2
Sat Aug 13 17:11:20 2005 us=321284   renegotiate_bytes = 0
Sat Aug 13 17:11:20 2005 us=321293   renegotiate_packets = 0
Sat Aug 13 17:11:20 2005 us=321302   renegotiate_seconds = 3600
Sat Aug 13 17:11:20 2005 us=321310   handshake_window = 60
Sat Aug 13 17:11:20 2005 us=321319   transition_window = 3600
Sat Aug 13 17:11:20 2005 us=321327   single_session = DISABLED
Sat Aug 13 17:11:20 2005 us=326488   tls_exit = DISABLED
Sat Aug 13 17:11:20 2005 us=326500   tls_auth_file = '[UNDEF]'
Sat Aug 13 17:11:20 2005 us=326519   server_network = 0.0.0.0
Sat Aug 13 17:11:20 2005 us=326529   server_netmask = 0.0.0.0
Sat Aug 13 17:11:20 2005 us=326538   server_bridge_ip = 0.0.0.0
Sat Aug 13 17:11:20 2005 us=326548   server_bridge_netmask = 0.0.0.0
Sat Aug 13 17:11:20 2005 us=326557   server_bridge_pool_start = 0.0.0.0
Sat Aug 13 17:11:20 2005 us=326567   server_bridge_pool_end = 0.0.0.0
Sat Aug 13 17:11:20 2005 us=326576   ifconfig_pool_defined = DISABLED
Sat Aug 13 17:11:20 2005 us=326586   ifconfig_pool_start = 0.0.0.0
Sat Aug 13 17:11:20 2005 us=326595   ifconfig_pool_end = 0.0.0.0
Sat Aug 13 17:11:20 2005 us=326606   ifconfig_pool_netmask = 0.0.0.0
Sat Aug 13 17:11:20 2005 us=326615   ifconfig_pool_persist_filename = '[UNDEF]'
Sat Aug 13 17:11:20 2005 us=326625   ifconfig_pool_persist_refresh_freq = 600
Sat Aug 13 17:11:20 2005 us=326635   ifconfig_pool_linear = DISABLED
Sat Aug 13 17:11:20 2005 us=345765   n_bcast_buf = 256
Sat Aug 13 17:11:20 2005 us=345780   tcp_queue_limit = 64
Sat Aug 13 17:11:20 2005 us=345789   real_hash_size = 256
Sat Aug 13 17:11:20 2005 us=345798   virtual_hash_size = 256
Sat Aug 13 17:11:20 2005 us=345807   client_connect_script = '[UNDEF]'
Sat Aug 13 17:11:20 2005 us=345816   learn_address_script = '[UNDEF]'
Sat Aug 13 17:11:20 2005 us=345825   client_disconnect_script = '[UNDEF]'
Sat Aug 13 17:11:20 2005 us=345834   client_config_dir = '[UNDEF]'
Sat Aug 13 17:11:20 2005 us=345843   ccd_exclusive = DISABLED
Sat Aug 13 17:11:20 2005 us=345851   tmp_dir = '[UNDEF]'
Sat Aug 13 17:11:20 2005 us=345860   push_ifconfig_defined = DISABLED
Sat Aug 13 17:11:20 2005 us=345872   push_ifconfig_local = 0.0.0.0
Sat Aug 13 17:11:20 2005 us=345882   push_ifconfig_remote_netmask = 0.0.0.0
Sat Aug 13 17:11:20 2005 us=345891   enable_c2c = DISABLED
Sat Aug 13 17:11:20 2005 us=350963   duplicate_cn = DISABLED
Sat Aug 13 17:11:20 2005 us=350975   cf_max = 0
Sat Aug 13 17:11:20 2005 us=350983   cf_per = 0
Sat Aug 13 17:11:20 2005 us=350992   max_clients = 1024
Sat Aug 13 17:11:20 2005 us=351001   client_cert_not_required = DISABLED
Sat Aug 13 17:11:20 2005 us=351010   username_as_common_name = DISABLED
Sat Aug 13 17:11:20 2005 us=351020   auth_user_pass_verify_script = '[UNDEF]'
Sat Aug 13 17:11:20 2005 us=351030   auth_user_pass_verify_script_via_file = DISABLED
Sat Aug 13 17:11:20 2005 us=351038   client = DISABLED
Sat Aug 13 17:11:20 2005 us=351046   pull = DISABLED
Sat Aug 13 17:11:20 2005 us=351054   auth_user_pass_file = '[UNDEF]'
Sat Aug 13 17:11:20 2005 us=351066   show_net_up = DISABLED
Sat Aug 13 17:11:20 2005 us=351075   route_method = 0
Sat Aug 13 17:11:20 2005 us=351084   ip_win32_defined = DISABLED
Sat Aug 13 17:11:20 2005 us=351092   ip_win32_type = 3
Sat Aug 13 17:11:20 2005 us=351101   dhcp_masq_offset = 0
Sat Aug 13 17:11:20 2005 us=356281   dhcp_lease_time = 31536000
Sat Aug 13 17:11:20 2005 us=356292   tap_sleep = 0
Sat Aug 13 17:11:20 2005 us=356301   dhcp_options = DISABLED
Sat Aug 13 17:11:20 2005 us=356309   dhcp_renew = DISABLED
Sat Aug 13 17:11:20 2005 us=356317   dhcp_pre_release = DISABLED
Sat Aug 13 17:11:20 2005 us=356326   dhcp_release = DISABLED
Sat Aug 13 17:11:20 2005 us=356334   domain = '[UNDEF]'
Sat Aug 13 17:11:20 2005 us=356342   netbios_scope = '[UNDEF]'
Sat Aug 13 17:11:20 2005 us=356351   netbios_node_type = 0
Sat Aug 13 17:11:20 2005 us=356359   disable_nbt = DISABLED
Sat Aug 13 17:11:20 2005 us=356369 OpenVPN 2.0 Win32-MinGW [SSL] [LZO] built on Apr 17 2005
Sat Aug 13 17:11:20 2005 us=356467 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Sat Aug 13 17:11:20 2005 us=404836 Static Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Aug 13 17:11:20 2005 us=404879 Static Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Aug 13 17:11:20 2005 us=404959 Static Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Aug 13 17:11:20 2005 us=404974 Static Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Aug 13 17:11:20 2005 us=724467 TAP-WIN32 device [LAN-Verbindung 2] opened: \\.\Global\{6488BCC4-3267-4BE6-88D2-2567A6020FCA}.tap
Sat Aug 13 17:11:20 2005 us=725117 TAP-Win32 Driver Version 8.1 
Sat Aug 13 17:11:20 2005 us=725463 TAP-Win32 MTU=1500
Sat Aug 13 17:11:20 2005 us=725810 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.0.0.2/255.255.255.252 on interface {6488BCC4-3267-4BE6-88D2-2567A6020FCA} [DHCP-serv: 10.0.0.1, lease-time: 31536000]
Sat Aug 13 17:11:20 2005 us=729001 Successful ARP Flush on interface [131075] {6488BCC4-3267-4BE6-88D2-2567A6020FCA}
Sat Aug 13 17:11:20 2005 us=739872 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:4 ET:0 EL:0 ]
Sat Aug 13 17:11:20 2005 us=739928 Local Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto UDPv4,ifconfig 10.0.0.1 10.0.0.2,cipher BF-CBC,auth SHA1,keysize 128,secret'
Sat Aug 13 17:11:20 2005 us=739941 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto UDPv4,ifconfig 10.0.0.2 10.0.0.1,cipher BF-CBC,auth SHA1,keysize 128,secret'
Sat Aug 13 17:11:20 2005 us=739967 Local Options hash (VER=V4): '5c3fe1ab'
Sat Aug 13 17:11:20 2005 us=739984 Expected Remote Options hash (VER=V4): '522471df'
Sat Aug 13 17:11:20 2005 us=740023 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sat Aug 13 17:11:20 2005 us=742308 UDPv4 link local (bound): [undef]:1194
Sat Aug 13 17:11:20 2005 us=742323 UDPv4 link remote: 84.56.159.118:1194
Sat Aug 13 17:11:20 2005 us=743119 UDPv4 WRITE [60] to 84.56.159.118:1194:  DATA len=60
Sat Aug 13 17:11:30 2005 us=953342 UDPv4 WRITE [60] to 84.56.159.118:1194:  DATA len=60
Sat Aug 13 17:11:30 2005 us=954761 UDPv4 WRITE [60] to 84.56.159.118:1194:  DATA len=60


hat einer eine ahnung woran das liegt?. firewall aus windows pc ist aus, port 1194 ist auf der fritzbox offen.

edit: es muss an einer portfreigabe oder weiterleitung auf der box liegen, eine verbindung windows pc - windows pc geht.

micha
 
jetzt gehts. auf dem windows client muß tun-mtu, fragment und mssfix gleich definiert sein wie auf dem server.

wie muß das routing eingestellt werde, dass mein externer rechner vollen zugriff auf das netz zuhause (192.168.178.0/24) und aufs internet über die fritzbox hat ?

micha
 
Hallo!

Ich habe versucht mit wget eine Datei nachzuladen. Die Box meldet mir "applet not found". Allerdings nutze ich noch eine ältere, modifizierte Firmware. Liegt es daran oder warum will wget meine Datei nicht aus dem Netz laden. Internetverbindung ist vorhanden!

Gruß,

Marco
 
Hi.
Dann fehlt in deiner busybox evtl. wget?
Ruf mal busybox auf und guck ob wget dabei steht,
sonst hast du Pech gehabt... ;-)

MfG Oliver
 
hallo,

wie habt ihr den Port aus dem internet ankommend freigegeben?

muß doch normalerweise dann "permit udp any any eq 1194" heißen, oder?

aber in welchen Bereich muß das in der ar7.cfg rein?

Gruß
Peter
 
forwardrules = "tcp 0.0.0.0:0 0.0.0.0:0 1 out",
"udp 0.0.0.0:0 0.0.0.0:0 1 out",
"tcp 0.0.0.0:22 0.0.0.0:22", <= dropbear
"udp 0.0.0.0:1194 0.0.0.0:1194", <= openvpn
"udp 0.0.0.0:5060 0.0.0.0:5060",
"udp 0.0.0.0:7078 0.0.0.0:7078",
"udp 0.0.0.0:7079 0.0.0.0:7079",
"udp 0.0.0.0:7080 0.0.0.0:7080",
"udp 0.0.0.0:7081 0.0.0.0:7081",
"udp 0.0.0.0:7082 0.0.0.0:7082",
"udp 0.0.0.0:7083 0.0.0.0:7083",
"udp 0.0.0.0:7084 0.0.0.0:7084",
"udp 0.0.0.0:7085 0.0.0.0:7085",
"tcp 0.0.0.0:4662 192.168.178.101:4662 0
"udp 0.0.0.0:4672 192.168.178.101:4672 0
shaper = "globalshaper";

micha
 

Statistik des Forums

Themen
246,195
Beiträge
2,247,813
Mitglieder
373,748
Neuestes Mitglied
fanti88
Holen Sie sich 3CX - völlig kostenlos!
Verbinden Sie Ihr Team und Ihre Kunden Telefonie Livechat Videokonferenzen

Gehostet oder selbst-verwaltet. Für bis zu 10 Nutzer dauerhaft kostenlos. Keine Kreditkartendetails erforderlich. Ohne Risiko testen.

3CX
Für diese E-Mail-Adresse besteht bereits ein 3CX-Konto. Sie werden zum Kundenportal weitergeleitet, wo Sie sich anmelden oder Ihr Passwort zurücksetzen können, falls Sie dieses vergessen haben.