Patches: Pakete: Module: Libraries:
automount
> ext2
> ext3
> linuxswap
freetzmount
signed
vcc
avm_firewall
bridge_utils
haserl
inetd
iptables
> is_selectable
> kernel_modules
> save_restore
> shared_libs
> standard_modules
> xml
mod
> etcservices
modcgi
nhipt
openvpn
> enable_small
> with_lzo
vtun
> with_lzo
> with_shaper
> with_ssl
> with_zlib
ext2
ip_tables
ipt_LOG
ipt_REJECT
iptable_filter
mbcache
x_tables
xt_MARK
xt_iprange
xt_length
xt_limit
xt_mac
xt_mark
xt_multiport
xt_physdev
xt_pkttype
xt_tcpudp
ld_uClibc
libcrypt
libcrypto
libdl
libfreetz
libgcc_s
libip6t_icmp6
libipt_DNAT
libipt_LOG
libipt_MASQUERADE
libipt_REDIRECT
libipt_REJECT
libipt_SNAT
libipt_ULOG
libipt_addrtype
libipt_icmp
liblzo2
libm
libnsl
libpthread
librt
libssl
libuClibc
libxt_CLASSIFY
libxt_CONNMARK
libxt_MARK
libxt_TCPMSS
libxt_connbytes
libxt_connmark
libxt_iprange
libxt_length
libxt_limit
libxt_mac
libxt_mark
libxt_multiport
libxt_physdev
libxt_pkttype
libxt_standard
libxt_state
libxt_tcp
libxt_udp
libz
Entfernt: CGI-Pakete:
branding_1und1
dtrace
syslogd
Sun Oct 23 19:33:37 2011 OpenVPN 2.2.1 mipsel-linux [SSL] [LZO2] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Oct 22 2011
Sun Oct 23 19:33:37 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sun Oct 23 19:33:37 2011 WARNING: file '/tmp/flash/openvpn/Astrill_box.key' is group or others accessible
Sun Oct 23 19:33:37 2011 LZO compression initialized
Sun Oct 23 19:33:37 2011 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sun Oct 23 19:33:37 2011 Socket Buffers: R=[178176->131072] S=[178176->131072]
Sun Oct 23 19:33:37 2011 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Sun Oct 23 19:33:37 2011 NOTE: chroot will be delayed because of --client, --pull, or --up-delay
Sun Oct 23 19:33:37 2011 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Sun Oct 23 19:33:37 2011 UDPv4 link local: [undef]
Sun Oct 23 19:33:37 2011 UDPv4 link remote: [AF_INET]207.126.94.3:8292
Sun Oct 23 19:33:38 2011 TLS: Initial packet from [AF_INET]207.126.94.3:8292, sid=4a8f1e5e aac8f21c
Sun Oct 23 19:33:39 2011 VERIFY OK: depth=1, /C=../ST=../L=../O=../OU=../CN=ASCA/emailAddress=..
Sun Oct 23 19:33:39 2011 VERIFY OK: nsCertType=SERVER
Sun Oct 23 19:33:39 2011 VERIFY OK: depth=0, /C=../ST=../L=../O=../OU=../CN=server-207.126.94.3/emailAddress=..
Sun Oct 23 19:33:42 2011 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Oct 23 19:33:42 2011 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Oct 23 19:33:42 2011 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Oct 23 19:33:42 2011 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Oct 23 19:33:42 2011 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sun Oct 23 19:33:42 2011 [server-207.126.94.3] Peer Connection Initiated with [AF_INET]207.126.94.3:8292
Sun Oct 23 19:33:45 2011 SENT CONTROL [server-207.126.94.3]: 'PUSH_REQUEST' (status=1)
Sun Oct 23 19:33:45 2011 PUSH: Received control message: 'PUSH_REPLY,sndbuf 262144,rcvbuf 262144,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 5.5.0.1,ping 10,ping-restart 90,comp-lzo no,route-gateway 5.5.0.1,topology subnet,ifconfig 5.5.1.24 255.255.240.0'
Sun Oct 23 19:33:45 2011 OPTIONS IMPORT: timers and/or timeouts modified
Sun Oct 23 19:33:45 2011 OPTIONS IMPORT: LZO parms modified
Sun Oct 23 19:33:45 2011 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Sun Oct 23 19:33:45 2011 Socket Buffers: R=[131072->356352] S=[131072->356352]
Sun Oct 23 19:33:45 2011 OPTIONS IMPORT: --ifconfig/up options modified
Sun Oct 23 19:33:45 2011 OPTIONS IMPORT: route options modified
Sun Oct 23 19:33:45 2011 OPTIONS IMPORT: route-related options modified
Sun Oct 23 19:33:45 2011 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sun Oct 23 19:33:45 2011 TUN/TAP device tun0 opened
Sun Oct 23 19:33:45 2011 TUN/TAP TX queue length set to 100
Sun Oct 23 19:33:45 2011 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sun Oct 23 19:33:45 2011 /sbin/ifconfig tun0 5.5.1.24 netmask 255.255.240.0 mtu 1500 broadcast 5.5.15.255
Sun Oct 23 19:33:45 2011 NOTE: unable to redirect default gateway -- Cannot read current default gateway from system
Sun Oct 23 19:33:45 2011 chroot to '/tmp/openvpn' and cd to '/' succeeded
Sun Oct 23 19:33:45 2011 GID set to openvpn
Sun Oct 23 19:33:45 2011 UID set to openvpn
Sun Oct 23 19:33:45 2011 Initialization Sequence Completed
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.180.1 0.0.0.0 255.255.255.255 UH 2 0 0 dsl
192.168.180.2 0.0.0.0 255.255.255.255 UH 2 0 0 dsl
192.168.179.0 0.0.0.0 255.255.255.0 U 0 0 0 guest
192.168.20.0 0.0.0.0 255.255.255.0 U 0 0 0 lan
87.201.195.0 0.0.0.0 255.255.255.0 U 2 0 0 dsl
5.5.0.0 0.0.0.0 255.255.240.0 U 0 0 0 tun0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 lan
0.0.0.0 0.0.0.0 0.0.0.0 U 2 0 0 dsl
Parameter file not found in RAM-disk, loading boot settings
cat: can't open 'nhipt.par': No such file or directory
Stopping deamon iptlogger.sh
kill: you need to specify whom to kill
kill: you need to specify whom to kill
rm: can't remove '/var/tmp/debug.cfg': No such file or directory
STAGE0 - bootstrap reconfigured
cat: can't open 'nhipt.cfg': No such file or directory
modprobe: module ip_tables not found in modules.dep
iptables v1.4.11.1: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
modprobe: module ip_tables not found in modules.dep
iptables v1.4.11.1: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
modprobe: module ip_tables not found in modules.dep
iptables v1.4.11.1: can't initialize iptables table `mangle': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
modprobe: module ip_tables not found in modules.dep
iptables v1.4.11.1: can't initialize iptables table `raw': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
modprobe: module ip6_tables not found in modules.dep
ip6tables v1.4.11.1: can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?)
Perhaps ip6tables or your kernel needs to be upgraded.
modprobe: module ip6_tables not found in modules.dep
ip6tables v1.4.11.1: can't initialize ip6tables table `mangle': Table does not exist (do you need to insmod?)
Perhaps ip6tables or your kernel needs to be upgraded.
modprobe: module ip6_tables not found in modules.dep
ip6tables v1.4.11.1: can't initialize ip6tables table `raw': Table does not exist (do you need to insmod?)
Perhaps ip6tables or your kernel needs to be upgraded.
STAGE1 - complete bootfile written
STAGE4 - settings saved
rm: can't remove '/nhipt.*': No such file or directory
STAGE5 - housekeeping after transfer
###NHIPT-START###
Found Footer
cat: can't open '/var/tmp/debug.cfg': No such file or directory
STAGE0 - bootstrap reconfigured
cat: can't open 'nhipt.cfg': No such file or directory
modprobe: module ip_tables not found in modules.dep
iptables v1.4.11.1: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
modprobe: module ip_tables not found in modules.dep
iptables v1.4.11.1: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
modprobe: module ip_tables not found in modules.dep
iptables v1.4.11.1: can't initialize iptables table `mangle': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
modprobe: module ip_tables not found in modules.dep
iptables v1.4.11.1: can't initialize iptables table `raw': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
modprobe: module ip6_tables not found in modules.dep
ip6tables v1.4.11.1: can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?)
Perhaps ip6tables or your kernel needs to be upgraded.
modprobe: module ip6_tables not found in modules.dep
ip6tables v1.4.11.1: can't initialize ip6tables table `mangle': Table does not exist (do you need to insmod?)
Perhaps ip6tables or your kernel needs to be upgraded.
modprobe: module ip6_tables not found in modules.dep
ip6tables v1.4.11.1: can't initialize ip6tables table `raw': Table does not exist (do you need to insmod?)
Perhaps ip6tables or your kernel needs to be upgraded.
STAGE1 - complete bootfile written
STAGE4 - settings saved
rm: can't remove '/nhipt.*': No such file or directory
STAGE5 - housekeeping after transfer
Exit Code 0 - Saving Settings to /tmp/flash/...
Writing 9000 bytes to /var/flash/freetz ... done.
cd /usr/sbin/
ls
80211stats
athstats
athstatsclr
blkid
chroot
crond
diag
dsl_monitor
e2fsck
fsck
fsck.ext2
fsck.ext3
fsck.ext4
fsck.ext4dev
httpd
inetd
ip6tables
ip6tables-restore
ip6tables-save
iptables
iptables-restore
iptables-save
iptables-xml
openvpn
rdate
setlogcons
telnetd
xtables-multi
cd /var/mod/pkg/
ls
avm
avm-firewall
bridge-utils
haserl
inetd
iptables
mod
modcgi
nhipt
openvpn
syslogd
vtun
cd /lib/modules/2.6.32.21/
ls
kernel
modules.dep
cd /lib/modules/2.6.32.41/
ls
kernel
modules.alias
modules.alias.bin
modules.ccwmap
modules.dep
modules.dep.bin
modules.devname
modules.ieee1394map
modules.inputmap
modules.isapnpmap
modules.ofmap
modules.order
modules.pcimap
modules.seriomap
modules.softdep
modules.symbols
modules.symbols.bin
modules.usbmap
# NAT (da bin ich ziemlich sicher, dass es so geht
iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
# "Erzwungene Nutzung" des tun0-Interfaces für 192.168.20.111
# benötigt iptables "mangle" Modul
# (nur "zusammengeschrieben", nicht getestet, )
iptables -t mangle -A PREROUTING -s 192.168.20.111 -j ROUTE --oif tun0
cat > /var/tmp/debug_openvpn_Astrill.out << 'RUDI_EOF'
Sat Oct 29 18:12:44 2011 OpenVPN 2.2.1 mipsel-linux [SSL] [LZO2] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Oct 28 2011
Sat Oct 29 18:12:44 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sat Oct 29 18:12:44 2011 WARNING: file '/tmp/flash/openvpn/Astrill_box.key' is group or others accessible
Sat Oct 29 18:12:44 2011 LZO compression initialized
Sat Oct 29 18:12:44 2011 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sat Oct 29 18:12:44 2011 Socket Buffers: R=[108544->131072] S=[108544->131072]
Sat Oct 29 18:12:44 2011 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Sat Oct 29 18:12:44 2011 NOTE: chroot will be delayed because of --client, --pull, or --up-delay
Sat Oct 29 18:12:44 2011 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Sat Oct 29 18:12:44 2011 UDPv4 link local: [undef]
Sat Oct 29 18:12:44 2011 UDPv4 link remote: [AF_INET]207.126.94.3:8292
Sat Oct 29 18:12:44 2011 TLS: Initial packet from [AF_INET]207.126.94.3:8292, sid=0debe14d 0ee914d6
Sat Oct 29 18:12:45 2011 VERIFY OK: depth=1, /C=../ST=../L=../O=../OU=../CN=ASCA/emailAddress=..
Sat Oct 29 18:12:45 2011 VERIFY OK: nsCertType=SERVER
Sat Oct 29 18:12:45 2011 VERIFY OK: depth=0, /C=../ST=../L=../O=../OU=../CN=server-207.126.94.3/emailAddress=..
Sat Oct 29 18:12:48 2011 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Oct 29 18:12:48 2011 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Oct 29 18:12:48 2011 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Oct 29 18:12:48 2011 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Oct 29 18:12:48 2011 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sat Oct 29 18:12:48 2011 [server-207.126.94.3] Peer Connection Initiated with [AF_INET]207.126.94.3:8292
Sat Oct 29 18:12:51 2011 SENT CONTROL [server-207.126.94.3]: 'PUSH_REQUEST' (status=1)
Sat Oct 29 18:12:51 2011 PUSH: Received control message: 'PUSH_REPLY,sndbuf 262144,rcvbuf 262144,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 5.5.0.1,ping 10,ping-restart 90,comp-lzo no,route-gateway 5.5.0.1,topology subnet,ifconfig 5.5.1.24 255.255.240.0'
Sat Oct 29 18:12:51 2011 OPTIONS IMPORT: timers and/or timeouts modified
Sat Oct 29 18:12:51 2011 OPTIONS IMPORT: LZO parms modified
Sat Oct 29 18:12:51 2011 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Sat Oct 29 18:12:51 2011 Socket Buffers: R=[131072->217088] S=[131072->217088]
Sat Oct 29 18:12:51 2011 OPTIONS IMPORT: --ifconfig/up options modified
Sat Oct 29 18:12:51 2011 OPTIONS IMPORT: route options modified
Sat Oct 29 18:12:51 2011 OPTIONS IMPORT: route-related options modified
Sat Oct 29 18:12:51 2011 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sat Oct 29 18:12:51 2011 TUN/TAP device tun0 opened
Sat Oct 29 18:12:51 2011 TUN/TAP TX queue length set to 100
Sat Oct 29 18:12:51 2011 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sat Oct 29 18:12:51 2011 /sbin/ifconfig tun0 5.5.1.24 netmask 255.255.240.0 mtu 1500 broadcast 5.5.15.255
Sat Oct 29 18:12:51 2011 NOTE: unable to redirect default gateway -- Cannot read current default gateway from system
Sat Oct 29 18:12:51 2011 chroot to '/tmp/openvpn' and cd to '/' succeeded
Sat Oct 29 18:12:51 2011 GID set to openvpn
Sat Oct 29 18:12:51 2011 UID set to openvpn
Sat Oct 29 18:12:51 2011 Initialization Sequence Completed
cat > /var/log/openvpn_Astrill.log << 'RUDI_EOF'
OpenVPN STATISTICS
Updated,Sat Oct 29 18:14:44 2011
TUN/TAP read bytes,312
TUN/TAP write bytes,0
TCP/UDP read bytes,5603
TCP/UDP write bytes,4905
Auth read bytes,160
pre-compress bytes,0
post-compress bytes,0
pre-decompress bytes,0
post-decompress bytes,0
END
Funktioniert: iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
Funktioniert Nicht: iptables -t mangle -A PREROUTING -s 192.168.20.111 -j ROUTE --oif tun0
Fehlermeldung: iptables v1.4.1.1: Unknown arg `--oif' (ich baue es noch mal neu und checke, dass magle drin ist, bin nicht sicher ob es bei mir aktiviert ist, oder hat --oif damit nix zu tuen?)
root@fritz:/var/mod/root# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.180.1 0.0.0.0 255.255.255.255 UH 2 0 0 dsl
192.168.180.2 0.0.0.0 255.255.255.255 UH 2 0 0 dsl
192.168.179.0 0.0.0.0 255.255.255.0 U 0 0 0 guest
192.168.20.0 0.0.0.0 255.255.255.0 U 0 0 0 lan
87.201.195.0 0.0.0.0 255.255.255.0 U 2 0 0 dsl
5.5.0.0 0.0.0.0 255.255.240.0 U 0 0 0 tun0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 lan
0.0.0.0 0.0.0.0 0.0.0.0 U 2 0 0 dsl
# Set route to VPN server over device dsl
route add VPN-SERVER dev dsl
# Set route to tun0 device
route add -net 0.0.0.0/1 dev tun0
route add -net 128.0.0.0/1 dev tun0
root@Speedport:/var/mod/root# /tmp/ip rule list
root@Speedport:/var/mod/root# /tmp/ip rule add table 12
RTNETLINK answers: Invalid argument
root@Speedport:/var/mod/root# /tmp/ip help
Usage: ip [ OPTIONS ] OBJECT { COMMAND | help }
ip [ -force ] [-batch filename
where OBJECT := { link | addr | addrlabel | route | rule | neigh | ntable |
tunnel | maddr | mroute | monitor | xfrm }
OPTIONS := { -V[ersion] | -s[tatistics] | -d[etails] | -r[esolve] |
-f[amily] { inet | inet6 | ipx | dnet | link } |
-o[neline] | -t[imestamp] }
root@Speedport:/var/mod/root#