Gesamten Fritz!Box LAN-Traffic über OpenVPN Tunnel ins Internet routen

[MaxMuster]

Ja, jetzt laufen zwei Dinge parallel und durcheinander.
Aber was genau meinst du mit "bricht alles zusammen"? Eigentlich sollte in deinem Ablauf dieser Eintrag "nix bewirken", weil du das vorhandene Defaultgateway tun0 (das hier schon "für alle" gilt) nur noch um ein "zusätzliches" Defaultgateway tun0 für Pakete aus dem LAN ergänzt. Da beides über tun0 geht, sollte(!) das keinen Unterschied machen.

Du möchtest ja, so habe ich es verstanden, eben gerade nicht, dass alles durch das VPN geht (also auch alles, was "von der Box selbst" kommt), sondern nur "alles aus dem LAN" soll durch das VPN.

Das bedeutet, dass "Umbiegen des Defaultgateways" vom OpenVPN soll jetzt nicht (mehr) erfolgen, sondern es soll alles so bleiben wie es ist (Default-Gateway = DSL).
Das Umlenken des LAN-Verkehrs passiert dann (später) mit "ip".

Also:
- Kein "Umbau des DG" vor dem Starten,
- Ignoriere alle Routen vom Server mittels "route-nopull" in der Config,
- Die Routen für das LAN ins VPN würde ich mittels zusätzlichenm "up" und "down" Skripten/Befehlen im OpenVPN erledigen, damit sie nur während aktivem VPN greifen.

Ist aber alles nur Theorie im Moment, ich teste das mal "im Selbstversuch" auf einer Box bei mir...

EDIT:
War noch ein (Denk-)Fehler drin, fehlte zumindest eine "lokale" Route:

ip route add  192.168.178.0/24 dev lan table 2

Bei mir gings dann im Prinzip so:

OpenVPN-Config

...
script-security 2
up /var/tmp/upscript.sh
down /var/tmp/downscript.sh

Vorher schon die Routingtabelle "table 2" für "lokale Netze" vorbelegt

ip route add  192.168.178.0/24 dev lan table 2

Und dann die Skripte

root@Speedport:/var/tmp# cat upscript.sh 
#!/bin/sh
ip route add default dev tun0 table 2
ip rule add from 192.168.178.0/24 table 2
root@Speedport:/var/tmp# 
root@Speedport:/var/tmp# 
root@Speedport:/var/tmp# cat downscript.sh 
#! /bin/sh
ip rule del from 192.168.178.0/24 table 2
root@Speedport:/var/tmp#

EDIT 2:
So, habe das nochmal etwas "verbessert".
So sollte es m.E. korrekt sein und laufen, denke ich (keine "Vorbereitung" nötig, danach alles wieder "löschen"):


OpenVPN-Config

...
script-security 2
up /var/tmp/upscript.sh
down /var/tmp/downscript.sh

Und dann das Up-Skript:

#!/bin/sh

# alles lokale weiter zur "normalen" Routingtabelle
ip rule add from 192.168.178.0/24 to 192.168.178.0/24 prio 30000 table main

# alles nicht-lokale weiter zur "table 2"
ip rule add from 192.168.178.0/24 prio 31000 table 2

# In "table 2" das Default-GW auf tun0 setzen, 
# oder das eventuell vorhandene dadurch ersetzen
ip route replace default dev tun0 table 2

... und das passende Down-Skript dazu:

#! /bin/sh

# Sonderbehandlung für das LAN wieder entfernen
ip rule del from 192.168.178.0/24 prio 31000 table 2
ip rule del from 192.168.178.0/24 to 192.168.178.0/24 prio 30000 table main

# und "table 2" wieder löschen
ip route del default dev tun0 table 2

 

[F.Horst]

Ich bin noch etwas unerfahren in Sachen openvpn und freetz, deshalb verzeiht mir meine Frage.
Konkret möchte ich wissen, ist es möglich nur den Traffic von einzelnen Ports "die von der Box kommen" durch den Tunnel zu leiten?
Der Tunnel von einer FB7390 zu einem Vserver steht schonmal.

Hintergrund der Frage ist der, das mich mein Cableinternetanbieter damit überrascht hat jetzt komplett auf NAT zu setzen und ich keine eigene öffentliche IP mehr habe.

 

[MaxMuster]

Das könnte/sollte (theoretisch) ähnlich gehen mit "iptables" und "ip2":

Mittels iptables kannst du die Pakete markieren, und dann per "ip rules" auf eine Routingtabelle schicken, ähnlich wie oben.
Du brauchst dazu auf der Box neben "ip", einem Kernel mit "advanced routing" und "rules" auch iptables mit "mangle" und "mark" Unterstützung.

iptables -A PREROUTING ! -i lan -t mangle -p tcp  ! -d 192.168.178.0/24 -m multiport --dports 22,433  -j MARK --set-mark 1
# oder
iptables -A PREROUTING ! -i lan -t mangle -p tcp  ! -d 192.168.178.0/24 --dport 22  -j MARK --set-mark 1
iptables -A PREROUTING ! -i lan -t mangle -p tcp  ! -d 192.168.178.0/24 --dport 433  -j MARK --set-mark 1

Neue Routingtable einzig mit tun0 als Default-Gateway

ip route replace default dev tun0 table 2

Und die Regel, um Pakete mit der Markierung "über diese Routingtabelle zu schicken"

ip rule add fwmark 1 table 2

Auch hier gilt: Nicht getestet, ob es so funktioniert.

 

[radislav]

Hallo MaxMuster

ich habe es so wie Du geschrieben hast auprobiert:

.....
OpenVPN-Config

...
script-security 2
up /var/tmp/upscript.sh
down /var/tmp/downscript.sh

Und dann das Up-Skript:

#!/bin/sh

# alles lokale weiter zur "normalen" Routingtabelle
ip rule add from 192.168.178.0/24 to 192.168.178.0/24 prio 30000 table main

# alles nicht-lokale weiter zur "table 2"
ip rule add from 192.168.178.0/24 prio 31000 table 2

# In "table 2" das Default-GW auf tun0 setzen, 
# oder das eventuell vorhandene dadurch ersetzen
ip route replace default dev tun0 table 2

....

Nach dem Setzen des Default-GW auf tun0 in "table 2"(letzte Zeile im upscript), bekomme ich keine Verbindung mehr ins Internet, weder von der Fritzbox, noch von angeschloßenen Rechnern.

Routingtabelle sieht bei mir dann so aus:

root@fritz:/var/mod/root# ip route show
192.168.180.1 dev dsl  metric 2 
10.119.78.121 dev tun0  src 10.119.78.122 
192.168.180.2 dev dsl  metric 2 
192.168.178.0/24 dev lan  src 192.168.178.1 
192.168.179.0/24 dev guest  src 192.168.179.1 
188.195.72.0/22 dev dsl  metric 2 
169.254.0.0/16 dev lan  src 169.254.1.1 
default dev dsl

verdächtig sind auch 2 Fehler, die openvpn meldet:

Sat Feb 16 17:09:57 2013 OpenVPN 2.2.1 mipsel-linux [SSL] [LZO2] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Feb 10 2013
Sat Feb 16 17:09:57 2013 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
root@fritz:/var/media/ftp/uStor07/noBackup/noworrybox# Sat Feb 16 17:09:57 2013 LZO compression initialized
Sat Feb 16 17:09:57 2013 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sat Feb 16 17:09:57 2013 Socket Buffers: R=[108544->131072] S=[108544->131072]
Sat Feb 16 17:09:57 2013 RESOLVE: NOTE: XXXXXXXXXXXX resolves to 4 addresses
Sat Feb 16 17:09:57 2013 Data Channel MTU parms [ L:1542 D:1300 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Sat Feb 16 17:09:57 2013 UDPv4 link local: [undef]
Sat Feb 16 17:09:57 2013 UDPv4 link remote: [AF_INET]XXX.XXX.XXX.XXX:1194
Sat Feb 16 17:09:57 2013 TLS: Initial packet from [AF_INET]XXX.XXX.XXX.XXX:1194, sid=b77cc80d d4a257d0
Sat Feb 16 17:09:57 2013 VERIFY OK: depth=1, xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Sat Feb 16 17:09:57 2013 VERIFY OK: nsCertType=SERVER
Sat Feb 16 17:09:57 2013 VERIFY OK: depth=0, xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Sat Feb 16 17:09:58 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Feb 16 17:09:58 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Feb 16 17:09:58 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Feb 16 17:09:58 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Feb 16 17:09:58 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sat Feb 16 17:09:58 2013 [vpn] Peer Connection Initiated with [AF_INET]XXX.XXX.XXX.XXX:1194
Sat Feb 16 17:10:00 2013 SENT CONTROL [vpn]: 'PUSH_REQUEST' (status=1)
Sat Feb 16 17:10:00 2013 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.118.0.1,route 10.119.72.1,topology net30,ping 10,ping-restart 60,ifconfig 10.119.72.50 10.119.72.49'
[b]Sat Feb 16 17:10:00 2013 Options error: option 'redirect-gateway' cannot be used in this context
Sat Feb 16 17:10:00 2013 Options error: option 'route' cannot be used in this context[/b]
Sat Feb 16 17:10:00 2013 OPTIONS IMPORT: timers and/or timeouts modified
Sat Feb 16 17:10:00 2013 OPTIONS IMPORT: --ifconfig/up options modified
Sat Feb 16 17:10:00 2013 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sat Feb 16 17:10:00 2013 TUN/TAP device tun0 opened
Sat Feb 16 17:10:00 2013 TUN/TAP TX queue length set to 100
Sat Feb 16 17:10:00 2013 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sat Feb 16 17:10:00 2013 /sbin/ifconfig tun0 10.119.72.50 pointopoint 10.119.72.49 mtu 1500
Sat Feb 16 17:10:00 2013 /var/tmp/upScript.sh tun0 1500 1542 10.119.72.50 10.119.72.49 init
Sat Feb 16 17:10:00 2013 Initialization Sequence Completed

 

[MaxMuster]

Die IP-Tables Regel ist aber noch da? Die brauchst du weiterhin, um aus dem LAN durch den Tunnel zu gehen.

Die "Fehler" sind o.k., du hast ja das Ausführen des Routings "verboten" ;-)

Mach mal bitte einen Trace von der Box selbst ins Internet (z.B. "traceroute -n 8.8.8.8")

Und dann noch bitte die "andere" Tabelle und die rules:

ip rule show
ip route show table 2

 

[radislav]

Ip-Tables habe ich natürlich weggelassen und das wars! Wenn man diese noch da lässt funktioniert alles wie gewollt: Fritzbox behält original Internetverbindung und alle Clients gehen über Openvpn ins Netz. Somit gehen auch alle eingehenden Anfragen, wie z.B. ssh und auch die Telefonie ohne extra Ip-Tables-Regel.

Vielen Vielen Dank, MaxMuster!!!
:groesste:

[EDIT]
Eine Frage hätte ich noch: Wenn schon freetz drauf machen muss, habe ich gleich iptables drauf gemacht. Iptables bringt mir aber diese Fehler:

root@fritz:/var/mod/root# modprobe x_tables.ko
root@fritz:/var/mod/root# modprobe ip_tables.ko
root@fritz:/var/mod/root# modprobe iptable_filter.ko
root@fritz:/var/mod/root# modprobe iptable_mangle.ko
root@fritz:/var/mod/root# modprobe xt_tcpudp.ko
root@fritz:/var/mod/root# modprobe ip_conntrack.ko
root@fritz:/var/mod/root# modprobe ip_nat.ko
root@fritz:/var/mod/root# modprobe iptable_nat.ko
root@fritz:/var/mod/root# modprobe ipt_MASQUERADE.ko
root@fritz:/var/mod/root# iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
iptables v1.4.1.1: Couldn't load target `MASQUERADE':File not found

Try `iptables -h' or 'iptables --help' for more information.
root@fritz:/var/mod/root# iptables -t mangle -A PREROUTING -s 192.168.178.0/24 -i tun0
iptables v1.4.1.1: Couldn't load target `standard':File not found

Try `iptables -h' or 'iptables --help' for more information.
root@fritz:/var/mod/root#

Mit statisch kompilierten Ip-Tables gehts aber.
Meine .config aus freetz 1.2 (wegen dem alten Kern):

#
# Automatically generated make config: don't edit
#
FREETZ_HAVE_DOT_CONFIG=y

#
# General --------------------------------
#
FREETZ_AVM_VERSION_7270_04_86=y
# FREETZ_TYPE_300IP_AS_FON is not set
# FREETZ_TYPE_2170 is not set
# FREETZ_TYPE_FON is not set
# FREETZ_TYPE_FON_5010 is not set
# FREETZ_TYPE_FON_5050 is not set
# FREETZ_TYPE_FON_5124 is not set
# FREETZ_TYPE_FON_5140 is not set
# FREETZ_TYPE_FON_WLAN is not set
# FREETZ_TYPE_FON_WLAN_7050 is not set
# FREETZ_TYPE_FON_WLAN_7112 is not set
# FREETZ_TYPE_FON_WLAN_7113 is not set
# FREETZ_TYPE_FON_WLAN_7140 is not set
# FREETZ_TYPE_FON_WLAN_7141 is not set
# FREETZ_TYPE_FON_7150 is not set
# FREETZ_TYPE_FON_WLAN_7170 is not set
# FREETZ_TYPE_FON_WLAN_7240 is not set
# FREETZ_TYPE_FON_WLAN_7270_V1 is not set
FREETZ_TYPE_FON_WLAN_7270_V2=y
# FREETZ_TYPE_FON_WLAN_7270_V3 is not set
# FREETZ_TYPE_FON_WLAN_7320 is not set
# FREETZ_TYPE_FON_WLAN_7340 is not set
# FREETZ_TYPE_FON_WLAN_7390 is not set
# FREETZ_TYPE_FON_WLAN_7570 is not set
# FREETZ_TYPE_WLAN_3020 is not set
# FREETZ_TYPE_WLAN_3030 is not set
# FREETZ_TYPE_WLAN_3130 is not set
# FREETZ_TYPE_WLAN_3131 is not set
# FREETZ_TYPE_WLAN_3170 is not set
# FREETZ_TYPE_WLAN_3270 is not set
# FREETZ_TYPE_WLAN_3270_V3 is not set
# FREETZ_TYPE_SPEEDPORT_W501V is not set
# FREETZ_TYPE_CUSTOM is not set
FREETZ_TYPE_FON_WLAN_7270=y
FREETZ_TYPE_LANG_DE=y
# FREETZ_TYPE_LANG_A_CH is not set
# FREETZ_TYPE_LANG_EN is not set
FREETZ_TYPE_LANGUAGE="de"
# FREETZ_TYPE_LABOR is not set
# FREETZ_TYPE_ALIEN_HARDWARE is not set
FREETZ_AVM_VERSION_STRING="7270_04.86"
FREETZ_TYPE_PREFIX="7270_v2"
FREETZ_INSTALL_BASE=y
FREETZ_REPLACE_BUSYBOX=y
FREETZ_SHOW_ADVANCED=y
FREETZ_REPLACE_KERNEL_AVAILABLE=y
FREETZ_REPLACE_KERNEL=y
FREETZ_TARGET_IPV6_SUPPORT=y
FREETZ_TARGET_REF_16MB=y
FREETZ_TARGET_REF="16mb"
FREETZ_KERNEL_REF_16MB=y
FREETZ_KERNEL_REF="16mb"
FREETZ_KERNEL_MTD_SIZE=246
FREETZ_HAS_AVM_NTFS=y
FREETZ_HAS_AVM_IPV6=y
FREETZ_HAS_AVM_INETD=y
FREETZ_HAS_CHRONYD=y
FREETZ_HAS_DECT=y
FREETZ_HAS_LIBSSL=y
# FREETZ_HAS_LSOF is not set
FREETZ_HAS_NAS=y
FREETZ_HAS_PHONE=y
# FREETZ_HAS_STRACE is not set
FREETZ_HAS_TAM=y
# FREETZ_HAS_UDEV is not set
# FREETZ_HAS_USB_CLIENT is not set
FREETZ_HAS_USB_HOST=y
# FREETZ_HAS_USB_HOST_AVM is not set
# FREETZ_HAS_UTIL_LINUX is not set
FREETZ_HAS_WLAN=y

#
# Mod ------------------------------------
#
FREETZ_LANG_DE=y
# FREETZ_LANG_EN is not set
FREETZ_LANG_STRING="de"

#
# Patches
#

#
# Web menu patches ------------------------
#
# FREETZ_PATCH_VCC is not set
# FREETZ_PATCH_DSL_EXPERT is not set
# FREETZ_ADD_REGEXT_GUI is not set
# FREETZ_PATCH_ALARMCLOCK is not set
# FREETZ_PATCH_SIGNED is not set

#
# USB mounting ----------------------------
#
FREETZ_PATCH_FREETZMOUNT=y
FREETZ_USBSTORAGE_AUTOMOUNT=y
# FREETZ_AUTOMOUNT_EXT2 is not set
# FREETZ_AUTOMOUNT_EXT3 is not set
# FREETZ_AUTOMOUNT_FAT is not set
# FREETZ_AUTOMOUNT_HFS is not set
# FREETZ_AUTOMOUNT_HFS_PLUS is not set
# FREETZ_AUTOMOUNT_LUKS is not set
# FREETZ_AUTOMOUNT_NTFS is not set
# FREETZ_AUTOMOUNT_REISER_FS is not set
# FREETZ_AUTOMOUNT_LINUXSWAP is not set
# FREETZ_PATCH_FREETZMOUNT_FINDFS is not set
# FREETZ_PATCH_MAXDEVCOUNT is not set
# FREETZ_PATCH_MULTIPLE_PRINTERS is not set

#
# Removings -------------------------------
#
# FREETZ_REMOVE_ANNEX_A_FIRMWARE is not set
# FREETZ_REMOVE_ANNEX_B_FIRMWARE is not set
# FREETZ_REMOVE_ASSISTANT is not set
# FREETZ_REMOVE_AURA_USB is not set
# FREETZ_REMOVE_NAS is not set
# FREETZ_REMOVE_AVM_VPN is not set

#
# Remove brandings
#
FREETZ_REMOVE_BRANDING_1und1=y
# FREETZ_REMOVE_BRANDING_avm is not set
# FREETZ_REMOVE_CAPIOVERTCP is not set
# FREETZ_REMOVE_CHRONYD is not set
# FREETZ_REMOVE_DECT is not set
# FREETZ_REMOVE_DSLD is not set
FREETZ_REMOVE_DTRACE=y
# FREETZ_REMOVE_FTPD is not set
# FREETZ_REMOVE_HELP is not set
# FREETZ_REMOVE_MEDIASRV is not set
# FREETZ_REMOVE_MINID is not set
# FREETZ_REMOVE_NTFS is not set
# FREETZ_REMOVE_PRINTSERV is not set
# FREETZ_REMOVE_RUNCLOCK is not set
# FREETZ_REMOVE_SMBD is not set
# FREETZ_REMOVE_SUPPORT is not set
# FREETZ_REMOVE_TR069 is not set
# FREETZ_REMOVE_UMTSD is not set
# FREETZ_REMOVE_UPNP is not set
# FREETZ_REMOVE_USERMAN is not set
# FREETZ_REMOVE_VOIPD is not set
# FREETZ_REMOVE_VOIP_ISDN is not set
# FREETZ_REMOVE_WEBDAV is not set
# FREETZ_REMOVE_WLAN is not set

#
# Replacement patches --------------------
#
# FREETZ_REPLACE_DTRACE is not set
# FREETZ_REPLACE_ONLINECHANGED is not set

#
# Additional patches ---------------------
#
# FREETZ_ENFORCE_URLADER_SETTINGS is not set

#
# Other stuff -----------------------------
#
# FREETZ_DISABLE_SERIAL_CONSOLE is not set
# FREETZ_PATCH_GETCONS is not set

#
# Package selection
#

#
# Debug helpers
#
# FREETZ_PACKAGE_GDB is not set
# FREETZ_PACKAGE_INOTIFY_TOOLS is not set
# FREETZ_PACKAGE_LDD is not set
# FREETZ_PACKAGE_LSOF is not set
# FREETZ_PACKAGE_LTRACE is not set
# FREETZ_PACKAGE_NANO_SHELL is not set
# FREETZ_PACKAGE_PCIUTILS is not set
# FREETZ_PACKAGE_STRACE is not set
# FREETZ_PACKAGE_USBUTILS is not set

#
# Standard packages
#
# FREETZ_PACKAGE_AICCU is not set
# FREETZ_PACKAGE_BFTPD is not set
# FREETZ_PACKAGE_BIRD is not set
FREETZ_PACKAGE_BRIDGE_UTILS=y
# FREETZ_PACKAGE_CALLMONITOR is not set
# FREETZ_PACKAGE_CHECKMAILD is not set
# FREETZ_PACKAGE_CIFSMOUNT is not set
# FREETZ_PACKAGE_CPMACCFG is not set
# FREETZ_PACKAGE_CURL is not set
# FREETZ_PACKAGE_DECO is not set
# FREETZ_PACKAGE_DNS2TCP is not set
# FREETZ_PACKAGE_DNSMASQ is not set
FREETZ_PACKAGE_DROPBEAR=y
FREETZ_PACKAGE_DROPBEAR_SERVER_ONLY=y
# FREETZ_PACKAGE_DROPBEAR_WITH_ZLIB is not set
FREETZ_PACKAGE_DROPBEAR_DISABLE_HOST_LOOKUP=y
# FREETZ_PACKAGE_DROPBEAR_STATIC is not set
# FREETZ_PACKAGE_ESPEAK is not set
# FREETZ_PACKAGE_FORTUNE is not set
# FREETZ_PACKAGE_FUSE is not set
FREETZ_PACKAGE_HASERL=y
# FREETZ_PACKAGE_HASERL_WITH_LUA is not set
FREETZ_PACKAGE_INETD=y
# FREETZ_PACKAGE_KNOCK is not set
# FREETZ_PACKAGE_MC is not set
# FREETZ_PACKAGE_MINI_FO is not set
# FREETZ_PACKAGE_MTR is not set
# FREETZ_PACKAGE_NANO is not set
# FREETZ_PACKAGE_NETCAT is not set
# FREETZ_PACKAGE_NC6 is not set
# FREETZ_PACKAGE_NETSNMP is not set
# FREETZ_PACKAGE_NFS_UTILS is not set
# FREETZ_PACKAGE_NTFS is not set
# FREETZ_PACKAGE_OPENNTPD is not set
FREETZ_PACKAGE_OPENVPN=y
# FREETZ_PACKAGE_OPENVPN_STATIC is not set
FREETZ_PACKAGE_OPENVPN_WITH_LZO=y
FREETZ_PACKAGE_OPENVPN_WITH_MGMNT=y
FREETZ_PACKAGE_OPENVPN_ENABLE_SMALL=y
# FREETZ_PACKAGE_PHP is not set
# FREETZ_PACKAGE_PINGTUNNEL is not set
# FREETZ_PACKAGE_PORTMAP is not set
# FREETZ_PACKAGE_PPPD_CHAT is not set
# FREETZ_PACKAGE_PPTP is not set
# FREETZ_PACKAGE_PPTPD is not set
# FREETZ_PACKAGE_PRIVOXY is not set
# FREETZ_PACKAGE_RADVD is not set
# FREETZ_PACKAGE_RCAPID is not set
# FREETZ_PACKAGE_SAMBA is not set
# FREETZ_PACKAGE_SCREEN is not set
# FREETZ_PACKAGE_STUNNEL is not set
# FREETZ_PACKAGE_TCPDUMP is not set
# FREETZ_PACKAGE_TINYPROXY is not set
# FREETZ_PACKAGE_TOR is not set
# FREETZ_PACKAGE_TRANSMISSION is not set
# FREETZ_PACKAGE_VNSTAT is not set
# FREETZ_PACKAGE_VPNC is not set
# FREETZ_PACKAGE_VSFTPD is not set
# FREETZ_PACKAGE_XMAIL is not set

#
# Testing
#
# FREETZ_PACKAGE_APACHE is not set
# FREETZ_PACKAGE_AUTOFS is not set
# FREETZ_PACKAGE_BASH is not set
# FREETZ_PACKAGE_BFUSB is not set
# FREETZ_PACKAGE_BIND is not set
# FREETZ_PACKAGE_BIP is not set
# FREETZ_PACKAGE_BITTWIST is not set
# FREETZ_PACKAGE_BLUEZ_UTILS is not set
# FREETZ_PACKAGE_BR2684CTL is not set
# FREETZ_PACKAGE_CLASSPATH is not set
# FREETZ_PACKAGE_CRYPTSETUP is not set
# FREETZ_PACKAGE_CTORRENT is not set
# FREETZ_PACKAGE_DAVFS2 is not set
# FREETZ_PACKAGE_DEBOOTSTRAP is not set
# FREETZ_PACKAGE_DIGITEMP is not set
# FREETZ_PACKAGE_DOSFSTOOLS is not set
# FREETZ_PACKAGE_DTACH is not set
# FREETZ_PACKAGE_E2FSPROGS is not set
# FREETZ_PACKAGE_EMPTY is not set
# FREETZ_PACKAGE_FFMPEG is not set
# FREETZ_PACKAGE_FSTYP is not set
# FREETZ_PACKAGE_GIT is not set
# FREETZ_PACKAGE_GNU_MAKE is not set
# FREETZ_PACKAGE_GNUTLS is not set
# FREETZ_PACKAGE_GOCR is not set
# FREETZ_PACKAGE_HD_IDLE is not set
# FREETZ_PACKAGE_HOL is not set
# FREETZ_PACKAGE_HTOP is not set
# FREETZ_PACKAGE_HTPDATE is not set
# FREETZ_PACKAGE_HTTPRY is not set
# FREETZ_PACKAGE_HTTPTUNNEL is not set
# FREETZ_PACKAGE_IFSTAT is not set
# FREETZ_PACKAGE_IFTOP is not set
# FREETZ_PACKAGE_IGMPPROXY is not set
# FREETZ_PACKAGE_INADYN_MT is not set
# FREETZ_PACKAGE_IODINE is not set
# FREETZ_PACKAGE_IPTRAF is not set
# FREETZ_PACKAGE_IPUTILS is not set
# FREETZ_PACKAGE_IRSSI is not set
# FREETZ_PACKAGE_JAMVM is not set
# FREETZ_PACKAGE_LFTP is not set
# FREETZ_PACKAGE_LIGHTTPD is not set
# FREETZ_PACKAGE_LYNX is not set
# FREETZ_PACKAGE_LUA is not set
# FREETZ_PACKAGE_MADPLAY is not set
# FREETZ_PACKAGE_MATRIXTUNNEL is not set
# FREETZ_PACKAGE_MCABBER is not set
# FREETZ_PACKAGE_MEDIATOMB is not set
# FREETZ_PACKAGE_MICROPERL is not set
# FREETZ_PACKAGE_MINI_SNMPD is not set
# FREETZ_PACKAGE_MINICOM is not set
# FREETZ_PACKAGE_MINIDLNA is not set
# FREETZ_PACKAGE_MODULE_INIT_TOOLS is not set
# FREETZ_PACKAGE_NAGIOS is not set
# FREETZ_PACKAGE_NCFTP is not set
# FREETZ_PACKAGE_NETPBM is not set
# FREETZ_PACKAGE_NOIP is not set
# FREETZ_PACKAGE_NDAS is not set
# FREETZ_PACKAGE_NFSROOT is not set
# FREETZ_PACKAGE_NGIRCD is not set
# FREETZ_PACKAGE_NMAP is not set
# FREETZ_PACKAGE_OBEXFTP is not set
# FREETZ_PACKAGE_OIDENTD is not set
# FREETZ_PACKAGE_OPENCONNECT is not set
# FREETZ_PACKAGE_OPENDD is not set

#
# OpenSSH
#
# FREETZ_PACKAGE_OPENSSH_SSHD is not set
# FREETZ_PACKAGE_OPENSSH_CLIENT is not set
# FREETZ_PACKAGE_OPENSSH_SCP is not set
# FREETZ_PACKAGE_OPENSSH_CLIENTUTILS is not set
# FREETZ_PACKAGE_OPENSSH_KEYUTILS is not set
# FREETZ_PACKAGE_OPENSSH_SFTPCLIENT is not set
# FREETZ_PACKAGE_OPENSSH_SFTP is not set
# FREETZ_PACKAGE_OWFS is not set
# FREETZ_PACKAGE_POLIPO is not set
# FREETZ_PACKAGE_QUAGGA is not set
# FREETZ_PACKAGE_RIPMIME is not set
# FREETZ_PACKAGE_RRDTOOL is not set
# FREETZ_PACKAGE_RSYNC is not set
# FREETZ_PACKAGE_RUBY is not set
# FREETZ_PACKAGE_SABLEVM_SDK is not set
# FREETZ_PACKAGE_SER2NET is not set
# FREETZ_PACKAGE_SIPROXD is not set
# FREETZ_PACKAGE_SISPMCTL is not set
# FREETZ_PACKAGE_SLANG is not set
# FREETZ_PACKAGE_SLURM is not set
# FREETZ_PACKAGE_SOCAT is not set
# FREETZ_PACKAGE_SPAWN_FCGI is not set
# FREETZ_PACKAGE_SQLITE is not set
# FREETZ_PACKAGE_SQUID is not set
# FREETZ_PACKAGE_SSHFS_FUSE is not set
# FREETZ_PACKAGE_STREAMRIPPER is not set
# FREETZ_PACKAGE_SUBVERSION is not set
# FREETZ_PACKAGE_SYNCE_DCCM is not set
# FREETZ_PACKAGE_SYNCE_SERIAL is not set
# FREETZ_PACKAGE_TCP_WRAPPERS is not set
# FREETZ_PACKAGE_TCPPROXY is not set
# FREETZ_PACKAGE_TREE is not set
# FREETZ_PACKAGE_TRICKLE is not set
# FREETZ_PACKAGE_TMUX is not set
# FREETZ_PACKAGE_UDPXY is not set
# FREETZ_PACKAGE_UMURMUR is not set
# FREETZ_PACKAGE_UNRAR is not set
# FREETZ_PACKAGE_USBIP is not set
# FREETZ_PACKAGE_USBROOT is not set
# FREETZ_PACKAGE_UTIL_LINUX_NG is not set
# FREETZ_PACKAGE_VIM is not set
# FREETZ_PACKAGE_VTUN is not set
# FREETZ_PACKAGE_WGET is not set
# FREETZ_PACKAGE_WOL is not set
# FREETZ_PACKAGE_WPUT is not set
# FREETZ_PACKAGE_XPDF is not set
# FREETZ_PACKAGE_XRELAYD is not set
# FREETZ_PACKAGE_XSLTPROC is not set

#
# Web interfaces
#
FREETZ_PACKAGE_AUTHORIZED_KEYS=y
# FREETZ_PACKAGE_AVM_FIREWALL is not set
# FREETZ_PACKAGE_CPMACCFG_CGI is not set
# FREETZ_PACKAGE_DNSD_CGI is not set
# FREETZ_PACKAGE_DOWNLOADER is not set
# FREETZ_PACKAGE_NFSD_CGI is not set
# FREETZ_PACKAGE_ONLINECHANGED_CGI is not set
# FREETZ_PACKAGE_PHPXMAIL is not set
# FREETZ_PACKAGE_PPP_CGI is not set
# FREETZ_PACKAGE_RRDSTATS is not set
# FREETZ_PACKAGE_SPINDOWN_CGI is not set
# FREETZ_PACKAGE_SYSLOGD_CGI is not set
# FREETZ_PACKAGE_TRANSMISSION_CGI is not set
# FREETZ_PACKAGE_VIRTUALIP_CGI is not set
# FREETZ_PACKAGE_VNSTAT_CGI is not set
# FREETZ_PACKAGE_WOL_CGI is not set
FREETZ_SHOW_UNSTABLE_PACKAGES=y

#
# Unstable packages
#
# FREETZ_PACKAGE_COLLECTD is not set
# FREETZ_PACKAGE_DTMFBOX is not set
# FREETZ_PACKAGE_HP_UTILS is not set
# FREETZ_PACKAGE_HPLIP is not set
FREETZ_PACKAGE_IPTABLES=y
# FREETZ_PACKAGE_IPTABLES_SAVE_RESTORE is not set
# FREETZ_PACKAGE_IPTABLES_CGI is not set
# FREETZ_PACKAGE_NHIPT is not set
# FREETZ_PACKAGE_IPTABLES_STANDARD_MODULES is not set
FREETZ_PACKAGE_IPTABLES_KERNEL_MODULES=y

#
# Select kernel modules (IPv4)
#
FREETZ_MODULE_ip_conntrack=y
# FREETZ_MODULE_ip_conntrack_ftp is not set
# FREETZ_MODULE_ip_conntrack_h323 is not set
# FREETZ_MODULE_ip_conntrack_irc is not set
# FREETZ_MODULE_ip_conntrack_pptp is not set
# FREETZ_MODULE_ip_conntrack_rtsp is not set
# FREETZ_MODULE_ip_conntrack_tftp is not set
FREETZ_MODULE_ip_nat=y
# FREETZ_MODULE_ip_nat_ftp is not set
# FREETZ_MODULE_ip_nat_h323 is not set
# FREETZ_MODULE_ip_nat_irc is not set
# FREETZ_MODULE_ip_nat_pptp is not set
# FREETZ_MODULE_ip_nat_rtsp is not set
# FREETZ_MODULE_ip_nat_tftp is not set
FREETZ_MODULE_iptable_filter=y
FREETZ_MODULE_iptable_mangle=y
FREETZ_MODULE_iptable_nat=y
# FREETZ_MODULE_iptable_raw is not set
FREETZ_MODULE_ip_tables=y
# FREETZ_MODULE_ipt_iprange is not set
# FREETZ_MODULE_ipt_layer7 is not set
# FREETZ_MODULE_ipt_ipp2p is not set
# FREETZ_MODULE_ipt_LOG is not set
# FREETZ_MODULE_ipt_comment is not set
FREETZ_MODULE_ipt_MASQUERADE=y
# FREETZ_MODULE_ipt_owner is not set
# FREETZ_MODULE_ipt_REDIRECT is not set
# FREETZ_MODULE_ipt_REJECT is not set
# FREETZ_MODULE_ipt_TCPMSS is not set
# FREETZ_MODULE_ipt_tos is not set
# FREETZ_MODULE_ipt_TOS is not set
# FREETZ_MODULE_ipt_ttl is not set

#
# x_tables (both IPv4 and IPv6)
#
FREETZ_MODULE_x_tables=y
# FREETZ_MODULE_xt_helper is not set
# FREETZ_MODULE_xt_CLASSIFY is not set
# FREETZ_MODULE_xt_comment is not set
# FREETZ_MODULE_xt_conntrack is not set
# FREETZ_MODULE_xt_esp is not set
# FREETZ_MODULE_xt_length is not set
# FREETZ_MODULE_xt_limit is not set
# FREETZ_MODULE_xt_mac is not set
# FREETZ_MODULE_xt_multiport is not set
# FREETZ_MODULE_xt_mark is not set
# FREETZ_MODULE_xt_MARK is not set
# FREETZ_MODULE_xt_NFQUEUE is not set
# FREETZ_MODULE_xt_NOTRACK is not set
# FREETZ_MODULE_xt_iprange is not set
# FREETZ_MODULE_xt_pkttype is not set
# FREETZ_MODULE_xt_physdev is not set
# FREETZ_MODULE_xt_quota is not set
# FREETZ_MODULE_xt_realm is not set
# FREETZ_MODULE_xt_state is not set
# FREETZ_MODULE_xt_statistic is not set
# FREETZ_MODULE_xt_string is not set
FREETZ_MODULE_xt_tcpudp=y
# FREETZ_MODULE_xt_tcpmss is not set

#
# Select kernel modules (IPv6)
#
# FREETZ_MODULE_ip6_queue is not set
# FREETZ_MODULE_ip6_tables is not set
# FREETZ_PACKAGE_IPTABLES_SHARED_LIBS is not set
# FREETZ_PACKAGE_MDEV is not set
# FREETZ_PACKAGE_NETATALK is not set

#
# SANE
#
# FREETZ_PACKAGE_SANE_BACKENDS is not set
# FREETZ_PACKAGE_TINC is not set
# FREETZ_PACKAGE_GW6 is not set
FREETZ_PACKAGE_MOD=y
FREETZ_PACKAGE_MOD_ETCSERVICES=y
FREETZ_PACKAGE_MODCGI=y

#
# Advanced options
#
# FREETZ_DL_OVERRIDE is not set
FREETZ_DL_KERNEL_SITE="@AVM/fritz.box/fritzbox.fon_wlan_7270_v1/x_misc/opensrc"
FREETZ_DL_KERNEL_SOURCE="fritzbox7270-source-files-04.86.tar.gz"
FREETZ_DL_KERNEL_SOURCE_MD5="55a11af7dcfd617c39e75877045ab468"
FREETZ_DL_SITE="@AVM/Downgrade/FRITZ!Box%20Fon%20WLAN%207270%20v2/deutsch"
FREETZ_DL_SOURCE="FRITZ.Box_Fon_WLAN_7270_v2.54.04.88.image"
FREETZ_DL_SOURCE_MD5="1655a40df6916452b6317213e188e688"

#
# Build system options
#
FREETZ_VERBOSITY_LEVEL=0
FREETZ_JLEVEL=2
FREETZ_CHECK_CHANGED=y
# FREETZ_BACKUP_CONFIG_CACHE is not set
FREETZ_DL_SITE_USER=""

#
# Freetz customisation
#
FREETZ_OPTIONS_ETCSERVICES=y
FREETZ_SECURITY_LEVEL=1
FREETZ_STYLE_COLORED=y
# FREETZ_STYLE_GREY is not set
FREETZ_STYLE="colored"
FREETZ_FAVICON_NONE=y
# FREETZ_FAVICON_ATOMPHIL is not set
# FREETZ_FAVICON_CUMA is not set
# FREETZ_FAVICON_DSL123 is not set
# FREETZ_FAVICON_HANSOLO is not set
FREETZ_FAVICON_STRING="none"
FREETZ_TAGGING_NONE=y
# FREETZ_TAGGING_CUMA is not set
FREETZ_TAGGING_STRING="none"

#
# Additional image/box information
#
FREETZ_SUBVERSION_STRING=y
# FREETZ_DEVELOPER_VERSION_STRING is not set
FREETZ_USER_DEFINED_COMMENT=""
# FREETZ_CUSTOM_IMAGE_NAME is not set
# FREETZ_REMOVE_BOX_INFO is not set
# FREETZ_REMOVE_FREETZ_INFO is not set
# FREETZ_REMOVE_DOT_CONFIG is not set
FREETZ_CREATE_SEPARATE_OPTIONS_CFG=y
# FREETZ_SQUASHFS_BLOCKSIZE_ORIG is not set
FREETZ_SQUASHFS_BLOCKSIZE_65536=y
# FREETZ_SQUASHFS_BLOCKSIZE_131072 is not set
# FREETZ_SQUASHFS_BLOCKSIZE_262144 is not set
# FREETZ_SQUASHFS_BLOCKSIZE_524288 is not set
# FREETZ_SQUASHFS_BLOCKSIZE_1048576 is not set

#
# Kernel modules
#
# FREETZ_MODULES_ALL is not set

#
# block
#
# FREETZ_MODULE_block2mtd is not set
# FREETZ_MODULE_ramzswap is not set
# FREETZ_MODULE_xvmalloc is not set

#
# ndas
#
# FREETZ_MODULE_ndas_block is not set
# FREETZ_MODULE_ndas_core is not set
# FREETZ_MODULE_ndas_sal is not set

#
# crypto
#
# FREETZ_MODULE_crypto_algapi is not set
# FREETZ_MODULE_arc4 is not set
# FREETZ_MODULE_blkcipher is not set
# FREETZ_MODULE_cbc is not set
# FREETZ_MODULE_cryptomgr is not set
# FREETZ_MODULE_sha1 is not set
# FREETZ_MODULE_sha256 is not set

#
# drivers
#
# FREETZ_MODULE_loop is not set
# FREETZ_MODULE_nbd is not set
# FREETZ_MODULE_cdrom is not set
# FREETZ_MODULE_capiconn is not set
# FREETZ_MODULE_nand is not set
# FREETZ_MODULE_ohio_nand is not set
# FREETZ_MODULE_dummy is not set
# FREETZ_MODULE_ppp_async is not set
# FREETZ_MODULE_ppp_deflate is not set
# FREETZ_MODULE_ppp_generic is not set
# FREETZ_MODULE_pppoe is not set
# FREETZ_MODULE_pppox is not set
# FREETZ_MODULE_ppp_mppe_mppc is not set
# FREETZ_MODULE_scsi_mod is not set
# FREETZ_MODULE_sd_mod is not set
# FREETZ_MODULE_sg is not set
# FREETZ_MODULE_sr_mod is not set
# FREETZ_MODULE_slhc is not set
FREETZ_MODULE_musb_hdrc=y
# FREETZ_MODULE_usblp is not set
# FREETZ_MODULE_usb_storage is not set
# FREETZ_MODULE_usbmon is not set
FREETZ_MODULE_usbcore=y
# FREETZ_MODULE_usbip is not set
# FREETZ_MODULE_usbip_common_mod is not set
# FREETZ_MODULE_usbserial is not set
# FREETZ_MODULE_ipaq is not set
# FREETZ_MODULE_cp2101 is not set
# FREETZ_MODULE_pl2303 is not set
# FREETZ_MODULE_ftdi_sio is not set
# FREETZ_MODULE_hci_usb is not set
# FREETZ_MODULE_bfusb is not set
# FREETZ_MODULE_firmware_class is not set
# FREETZ_MODULE_dm_mod is not set
# FREETZ_MODULE_dm_crypt is not set
# FREETZ_MODULE_option is not set

#
# fs
#
# FREETZ_MODULE_autofs4 is not set
# FREETZ_MODULE_cifs is not set
# FREETZ_MODULE_coda is not set
# FREETZ_MODULE_ext2 is not set
# FREETZ_MODULE_ext3 is not set
# FREETZ_MODULE_fat is not set
# FREETZ_MODULE_hfs is not set
# FREETZ_MODULE_hfsplus is not set
FREETZ_MODULE_fuse=y
# FREETZ_MODULE_iso9660 is not set
# FREETZ_MODULE_jbd is not set
# FREETZ_MODULE_mini_fo is not set
# FREETZ_MODULE_minix is not set
# FREETZ_MODULE_nls_cp437 is not set
# FREETZ_MODULE_nls_cp852 is not set
# FREETZ_MODULE_nls_iso8859_15 is not set
# FREETZ_MODULE_nls_iso8859_1 is not set
# FREETZ_MODULE_nls_utf8 is not set
# FREETZ_MODULE_ntfs is not set
# FREETZ_MODULE_reiserfs is not set
# FREETZ_MODULE_smbfs is not set
# FREETZ_MODULE_udf is not set
# FREETZ_MODULE_unionfs is not set
# FREETZ_MODULE_vfat is not set
# FREETZ_MODULE_msdos is not set
# FREETZ_MODULE_jffs2 is not set
# FREETZ_MODULE_mbcache is not set

#
# lib
#
# FREETZ_MODULE_crc_ccitt is not set
# FREETZ_MODULE_lzo_compress is not set
# FREETZ_MODULE_lzo_decompress is not set

#
# net
#
# FREETZ_MODULE_bluetooth is not set
# FREETZ_MODULE_bnep is not set
# FREETZ_MODULE_cls_u32 is not set
FREETZ_MODULE_ipv6=y
# FREETZ_MODULE_l2cap is not set

#
# network scheduler
#
# FREETZ_MODULE_sch_cbq is not set
# FREETZ_MODULE_sch_htb is not set
# FREETZ_MODULE_sch_llq is not set
# FREETZ_MODULE_sch_sfq is not set
# FREETZ_MODULE_sch_tbf is not set
# FREETZ_MODULE_rfcomm is not set

#
# BusyBox options
#
FREETZ_BUSYBOX_AR=y
FREETZ_BUSYBOX_BLKID=y
FREETZ_BUSYBOX_BLKID_TYPE=y
FREETZ_BUSYBOX_BZIP2=y
FREETZ_BUSYBOX_CHGRP=y
FREETZ_BUSYBOX_FEATURE_DD_IBS_OBS=y
FREETZ_BUSYBOX_FINDFS=y
FREETZ_BUSYBOX_DNSD=y
FREETZ_BUSYBOX_DIFF=y
FREETZ_BUSYBOX_DOS2UNIX=y
FREETZ_BUSYBOX_ETHER_WAKE=y
FREETZ_BUSYBOX_FAKEIDENTD=y
FREETZ_BUSYBOX_FANCY_KEYS=y
FREETZ_BUSYBOX_FUSER=y
FREETZ_BUSYBOX_INETD=y
FREETZ_BUSYBOX_IP=y
FREETZ_BUSYBOX_FEATURE_IP_ADDRESS=y
FREETZ_BUSYBOX_FEATURE_IP_LINK=y
FREETZ_BUSYBOX_FEATURE_IP_RULE=y
FREETZ_BUSYBOX_FEATURE_IP_ROUTE=y
FREETZ_BUSYBOX_FEATURE_IP_TUNNEL=y
FREETZ_BUSYBOX_LAST=y
FREETZ_BUSYBOX_LESS=y
FREETZ_BUSYBOX_LONG_OPTS=y
FREETZ_BUSYBOX_LS_COLOR=y
FREETZ_BUSYBOX_MD5SUM=y
FREETZ_BUSYBOX_MDEV=y
FREETZ_BUSYBOX_MDEV_CONF=y
FREETZ_BUSYBOX_MDEV_RENAME=y
FREETZ_BUSYBOX_MDEV_RENAME_REGEXP=y
FREETZ_BUSYBOX_MDEV_EXEC=y
FREETZ_BUSYBOX_MODINFO=y
FREETZ_BUSYBOX_MOUNT_HELPERS=y
FREETZ_BUSYBOX_MOUNT_LABEL=y
FREETZ_BUSYBOX_NICE=y
FREETZ_BUSYBOX_PATCH=y
FREETZ_BUSYBOX_PSCAN=y
FREETZ_BUSYBOX_REALPATH=y
FREETZ_BUSYBOX_RENICE=y
FREETZ_BUSYBOX_SEQ=y
FREETZ_BUSYBOX_SHA1SUM=y
FREETZ_BUSYBOX_SPLIT=y
FREETZ_BUSYBOX_START_STOP_DAEMON=y
FREETZ_BUSYBOX_STUN_IP=y
FREETZ_BUSYBOX_TAC=y
FREETZ_BUSYBOX_TAR_OLDGNU_COMPATIBILITY=y
FREETZ_BUSYBOX_UDHCPC=y
FREETZ_BUSYBOX_SLACK_FOR_BUGGY_SERVERS=80
FREETZ_BUSYBOX_UDHCPD=y
FREETZ_BUSYBOX_UDHCPD_LEASES_FILE="/var/tmp/udhcpd.leases"
FREETZ_BUSYBOX_UNIX2DOS=y
FREETZ_BUSYBOX_UNZIP=y
FREETZ_BUSYBOX_FEATURE_USERNAME_COMPLETION=y
FREETZ_BUSYBOX_VOLUMEID=y
FREETZ_BUSYBOX_VOLUMEID_EXT=y
FREETZ_BUSYBOX_VOLUMEID_FAT=y
FREETZ_BUSYBOX_VOLUMEID_HFS=y
FREETZ_BUSYBOX_VOLUMEID_LINUXRAID=y
FREETZ_BUSYBOX_VOLUMEID_LINUXSWAP=y
FREETZ_BUSYBOX_VOLUMEID_LUKS=y
FREETZ_BUSYBOX_VOLUMEID_NTFS=y
FREETZ_BUSYBOX_VOLUMEID_REISERFS=y
FREETZ_BUSYBOX_WGET=y
FREETZ_BUSYBOX_WHO=y
FREETZ_BUSYBOX_WHOAMI=y

#
# IPv6 Options
#
FREETZ_BUSYBOX_FEATURE_PREFER_IPV4_ADDRESS=y
FREETZ_BUSYBOX_PING6=y
FREETZ_BUSYBOX_TRACEROUTE6=y

#
# Shared libraries
#
# FREETZ_STRIP_LIBRARIES is not set
# FREETZ_REPLACE_SSL_LIBS is not set

#
# Libraries -------------------------------
#

#
# C++
#
# FREETZ_LIB_STDCXXLIB is not set
# FREETZ_LIB_STDCXXLIB_WITH_WCHAR is not set
# FREETZ_LIB_libstdc__ is not set
# FREETZ_LIB_libuClibc__ is not set

#
# Crypto & SSL
#

#
# Math -----------------------------------
#
# FREETZ_LIB_libgmp is not set
# FREETZ_LIB_libmpfr is not set
# FREETZ_LIB_libmpc is not set

#
# GnuPG ----------------------------------
#
# FREETZ_LIB_libgpg_error is not set
# FREETZ_LIB_libgcrypt is not set

#
# SSL ------------------------------------
#
# FREETZ_LIB_libcyassl is not set
# FREETZ_LIB_libmatrixssl is not set
# FREETZ_LIB_libpolarssl is not set
FREETZ_LIB_libcrypto=y
FREETZ_LIB_libssl=y

#
# GnuTLS ---------------------------------
#
# FREETZ_LIB_libgnutls is not set
# FREETZ_LIB_libtasn1 is not set

#
# Data compression
#
FREETZ_LIB_liblzo2=y
# FREETZ_LIB_libz is not set

#
# e2fsprogs libraries
#
# FREETZ_LIB_libblkid is not set
# FREETZ_LIB_libcom_err is not set
# FREETZ_LIB_libe2p is not set
# FREETZ_LIB_libext2fs is not set
# FREETZ_LIB_libss is not set
# FREETZ_LIB_libuuid is not set

#
# GLib
#
# FREETZ_LIB_libglib_1 is not set
# FREETZ_LIB_libglib_2 is not set
# FREETZ_LIB_libgio_2 is not set
# FREETZ_LIB_libgobject_2 is not set
# FREETZ_LIB_libgmodule_2 is not set
# FREETZ_LIB_libgthread_2 is not set

#
# Graphics & fonts
#
# FREETZ_LIB_libfreetype is not set
# FREETZ_LIB_libart_lgpl_2 is not set
# FREETZ_LIB_libexif is not set
# FREETZ_LIB_libjpeg is not set
# FREETZ_LIB_libpng12 is not set
# FREETZ_LIB_libgd is not set
# FREETZ_LIB_libopenjpeg is not set
# FREETZ_LIB_libnetpbm is not set

#
# Multimedia
#

#
# FFmpeg libraries
#
# FREETZ_LIB_libavcodec is not set
# FREETZ_LIB_libavdevice is not set
# FREETZ_LIB_libavformat is not set
# FREETZ_LIB_libavutil is not set
# FREETZ_LIB_libpostproc is not set

#
# Ogg/Vorbis
#
# FREETZ_LIB_libogg is not set
# FREETZ_LIB_libvorbis is not set
# FREETZ_LIB_libvorbisenc is not set
# FREETZ_LIB_libvorbisfile is not set
# FREETZ_LIB_libFLAC is not set
# FREETZ_LIB_libid3tag is not set
# FREETZ_LIB_libmad is not set
# FREETZ_LIB_libtag is not set

#
# ncurses
#
# FREETZ_LIB_libncurses is not set

#
# terminfo database
#

#
# Select terminfo database entries to install (see help of 'Show all items')
#
# FREETZ_SHARE_terminfo is not set
# FREETZ_LIB_libform is not set
# FREETZ_LIB_libmenu is not set
# FREETZ_LIB_libpanel is not set

#
# Readline
#
# FREETZ_LIB_libreadline is not set
# FREETZ_LIB_libhistory is not set

#
# uClibc
#
FREETZ_LIB_ld_uClibc=y
FREETZ_LIB_libcrypt=y
FREETZ_LIB_libdl=y
FREETZ_LIB_libm=y
FREETZ_LIB_libnsl=y
FREETZ_LIB_libpthread=y
# FREETZ_LIB_libresolv is not set
FREETZ_LIB_librt=y
# FREETZ_LIB_libthread_db is not set
FREETZ_LIB_libuClibc=y
FREETZ_LIB_libutil=y

#
# XML/XSLT
#
# FREETZ_LIB_libexpat is not set
# FREETZ_LIB_libxml2 is not set
# FREETZ_LIB_libxslt is not set
# FREETZ_LIB_libexslt is not set
# FREETZ_LIB_libapr is not set
# FREETZ_LIB_libaprutil is not set
# FREETZ_LIB_libdb is not set
# FREETZ_LIB_libbluetooth is not set
# FREETZ_LIB_libcapi20 is not set
FREETZ_LIB_libgcc_s=y
# FREETZ_LIB_libconfig is not set
# FREETZ_LIB_libcurl is not set
# FREETZ_LIB_libdaemon is not set
# FREETZ_LIB_libdevmapper is not set
# FREETZ_LIB_libdnet is not set
# FREETZ_LIB_libelf is not set
# FREETZ_LIB_libevent is not set
# FREETZ_LIB_libffi is not set
# FREETZ_LIB_libftdi is not set
FREETZ_LIB_libfreetz=y
# FREETZ_LIB_libfuse is not set
# FREETZ_LIB_libiconv is not set
# FREETZ_LIB_libintl is not set
# FREETZ_LIB_libjs is not set
# FREETZ_LIB_libltdl is not set
# FREETZ_LIB_liblua is not set
# FREETZ_LIB_libneon is not set
# FREETZ_LIB_libnet is not set
# FREETZ_LIB_libntfs is not set
# FREETZ_LIB_libopenobex is not set
# FREETZ_LIB_liboping is not set
# FREETZ_LIB_libosip2 is not set
# FREETZ_LIB_libosipparser2 is not set
# FREETZ_LIB_libpcap is not set
# FREETZ_LIB_libpcre is not set
# FREETZ_LIB_libpcreposix is not set
# FREETZ_LIB_libpopt is not set
# FREETZ_LIB_librrd is not set
# FREETZ_LIB_librrd_th is not set
# FREETZ_LIB_libslang is not set
# FREETZ_LIB_libsqlite3 is not set
# FREETZ_LIB_libsynce is not set
# FREETZ_LIB_libsysfs is not set
# FREETZ_LIB_libusb is not set
# FREETZ_LIB_libusb_1 is not set
# FREETZ_LIB_libatm is not set
# FREETZ_LIB_libwx_baseu is not set

#
# External
#
# EXTERNAL_ENABLED is not set
FREETZ_TARGET_ARCH_LE=y
FREETZ_TARGET_ARCH="mipsel"
FREETZ_TARGET_CROSS="mipsel-linux-uclibc-"
FREETZ_TARGET_MAKE_PATH="toolchain/target/bin"
FREETZ_KERNEL_CROSS="mipsel-unknown-linux-gnu-"
FREETZ_KERNEL_MAKE_PATH="toolchain/kernel/bin"

#
# Toolchain options
#
FREETZ_DOWNLOAD_TOOLCHAIN=y
# FREETZ_BUILD_TOOLCHAIN is not set
# FREETZ_KERNEL_VERSION_2_6_13_1 is not set
FREETZ_KERNEL_VERSION_2_6_19_2=y
# FREETZ_KERNEL_VERSION_2_6_28 is not set
# FREETZ_KERNEL_VERSION_2_6_32 is not set
FREETZ_KERNEL_VERSION="2.6.19.2"
FREETZ_KERNEL_LAYOUT_UR8=y
FREETZ_KERNEL_LAYOUT="ur8"
# FREETZ_UCLIBC_0_9_28_BASED_BOX is not set
FREETZ_UCLIBC_0_9_29_BASED_BOX=y
# FREETZ_UCLIBC_0_9_30_BASED_BOX is not set
# FREETZ_UCLIBC_0_9_31_BASED_BOX is not set

#
# Kernel toolchain options ----------------------------------
#
FREETZ_KERNEL_COMPILER_GCC_3_4_6=y
# FREETZ_KERNEL_COMPILER_GCC_4_4_6 is not set
FREETZ_KERNEL_GCC_VERSION="3.4.6"
FREETZ_KERNEL_BINUTILS_VERSION="2.18"

#
# Target toolchain options ----------------------------------
#
# FREETZ_TARGET_UCLIBC_VERSION_0_9_28 is not set
FREETZ_TARGET_UCLIBC_VERSION_0_9_29=y
# FREETZ_TARGET_UCLIBC_VERSION_0_9_30 is not set
# FREETZ_TARGET_UCLIBC_VERSION_0_9_31 is not set
# FREETZ_TARGET_UCLIBC_VERSION_0_9_32 is not set
FREETZ_TARGET_COMPILER_GCC_4_4_6=y
# FREETZ_TARGET_COMPILER_GCC_4_5_3 is not set
# FREETZ_TARGET_COMPILER_GCC_4_6_1 is not set
FREETZ_STDCXXLIB_USE_UCLIBCXX=y
# FREETZ_STDCXXLIB_USE_GNULIBSTDCXX is not set
FREETZ_TARGET_UCLIBC_VERSION="0.9.29"
FREETZ_TARGET_GCC_VERSION="4.4.6"
FREETZ_GNULIBSTDCXX_VERSION="6.0.13"
FREETZ_STDCXXLIB="uclibcxx"
FREETZ_TARGET_BINUTILS_VERSION="2.21.52.0.2"
FREETZ_TARGET_UCLIBC_REF="mod"
FREETZ_TARGET_CFLAGS="-Os -pipe -Wa,--trap"
# FREETZ_TARGET_UCLIBC_REDUCED_LOCALE_SET is not set
# FREETZ_TARGET_NLS is not set
FREETZ_TARGET_LFS=y
# FREETZ_TARGET_TOOLCHAIN is not set

#
# Both kernel and target toolchain related options ----------
#
# FREETZ_STATIC_TOOLCHAIN is not set
FREETZ_TOOLCHAIN_MINIMIZE_REQUIRED_GLIBC_VERSION=y
# FREETZ_BUILD_32BIT_TOOLCHAIN is not set
# FREETZ_TARGET_CCACHE is not set

Muss ich da irgendwas noch einschalten oder so?

 

[MaxMuster]

Du musst für alle "Module" sowohl die Kernel-Module als auch die iptables-Libraries im Freetz wählen (sieht man aber bei der "statisches Binary"-Config nicht, ob/was du da gewählt hattest).

 

[radislav]

Ok, werde ich mal ausprobieren.

Außerdem habe ich mich etwas zu früh gefreut, denn ich kann momentan nur einen bestimmten Rechner ins Openvpn routen (was auch schon nicht schlecht ist):

# im upscript:
# alles lokale weiter zur "normalen" Routingtabelle
ip rule add from 192.168.178.40 to 192.168.178.40 prio 30000 table main

# alles nicht-lokale weiter zur "table 2"
ip rule add from 192.168.178.40 prio 31000 table 2

sobald ich anstatt "192.168.178.40" "192.168.178.0/24" angebe, ist nur dir Fritzbox im Netz, die Clients aber nicht mehr. Was stört denn da beim ausmaskieren?

 

[MaxMuster]

Wie sieht deine "Rules"/Routing Tabellen dann aus?!?

 

[radislav]

Hallo,

mit "192.168.178.0/24" sieht es so aus:

root@fritz:/# ip rule show
0:      from all lookup local 
30000:  from 192.168.178.0/24 to 192.168.178.0/24 lookup main 
31000:  from 192.168.178.0/24 lookup 2 
32766:  from all lookup main 
32767:  from all lookup default 

root@fritz:/# ip route show
192.168.180.1 dev dsl  metric 2 
10.119.78.189 dev tun0  src 10.119.78.190 
192.168.180.2 dev dsl  metric 2 
10.119.72.1 via 10.119.78.189 dev tun0 
192.168.178.0/24 dev lan  src 192.168.178.1 
192.168.179.0/24 dev guest  src 192.168.179.1 
188.195.56.0/21 dev dsl  metric 2 
169.254.0.0/16 dev lan  src 169.254.1.1 
default dev dsl  metric 2 

root@fritz:/# ip route show table 2
default dev tun0 

root@fritz:/# iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
MASQUERADE  all  --  anywhere             anywhere            

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination 

root@fritz:/# iptables -L -t mangle
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         
           all  --  192.168.178.0/24     anywhere            [8 bytes of unknown target data] 

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination

sowohl Fritzbox als auch Clients haben dann keine Verbindung ins Internet mehr

 

[MaxMuster]

Kann es sein, dass das DSL-Interface eine 192.168.178.x Adresse hat? Mach doch bitte mal ein "ifconfig dsl".

Und die "mangle" Dinge sollten jetzt aus den iptables-Regeln raus, hier wird nur noch die Nat benötigt (MASQUERADE).

 

[radislav]

genau so ist es:

dsl       Link encap:Point-to-Point Protocol  
          inet addr:192.168.178.1  P-t-P:192.168.178.1  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP ALLMULTI MULTICAST  MTU:1500  Metric:1
          RX packets:3597718 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1926855 errors:0 dropped:5296 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:3886643953 (3.6 GiB)  TX bytes:224554704 (214.1 MiB)

guest     Link encap:Ethernet  HWaddr 00:24:FE:12:77:D0  
          inet addr:192.168.179.1  Bcast:192.168.179.255  Mask:255.255.255.0
          UP BROADCAST RUNNING ALLMULTI MULTICAST  MTU:2290  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:12 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 B)  TX bytes:652 (652.0 B)

den Gastzugang möchte ich auch noch über openvpn laufen lassen

 

[MaxMuster]

O.k., dann versuche es doch mal so:

#!/bin/sh

# IP des DSL-IF, koennte aus dem LAN-Bereich sein! 
DSLIP=$(ifconfig dsl | sed -n '/inet addr/ s/.*inet addr:\([0-9\.]*\) .*/\1/')

# Guest-Netz 
GUESTNET=$(ip route | sed -n '/guest/ s/ dev.*//p')

# alles lokale weiter zur "normalen" Routingtabelle
ip rule add from 192.168.178.0/24 to 192.168.178.0/24 prio 30000 table main
# alles vom DSL weiter zur "normalen" Routingtabelle
ip rule add from $DSLIP prio 30001 table main

# alles nicht-lokale aus dem LAN weiter zur "table 2"
ip rule add from 192.168.178.0/24 prio 31000 table 2
# alles nicht-lokale aus "Guest" weiter zur "table 2"
ip rule add from $GUESTNET prio 31001 table 2

# In "table 2" das Default-GW auf tun0 setzen, 
# oder das eventuell vorhandene dadurch ersetzen
ip route replace default dev tun0 table 2

 

[radislav]

wau, schon fast perfekt. Alles im Lan-Bereich 192.168.178.xxx funktioniert. Gast-Bereich-Clients 192.168.179.xxx haben leider noch keine Internetverbindung...

# ip rule show
0:      from all lookup local 
30000:  from 192.168.178.0/24 to 192.168.178.0/24 lookup main 
30001:  from 192.168.178.1 lookup main 
31000:  from 192.168.178.0/24 lookup 2 
31001:  from 192.168.179.0/24 lookup 2 
32766:  from all lookup main 
32767:  from all lookup default

# ip route show
192.168.180.1 dev dsl  metric 2 
192.168.180.2 dev dsl  metric 2 
10.119.73.221 dev tun0  src 10.119.73.222 
10.119.72.1 via 10.119.73.221 dev tun0 
192.168.178.0/24 dev lan  src 192.168.178.1 
192.168.179.0/24 dev guest  src 192.168.179.1 
188.194.146.0/23 dev dsl  metric 2 
169.254.0.0/16 dev lan  src 169.254.1.1 
default dev dsl  metric 2 

# ip route show table 2
default dev tun0 

# iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
MASQUERADE  all  --  anywhere             anywhere            

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

 

[MaxMuster]

Könnte durchaus sein, dass das überhaupt nicht geht, weil AVM das Netz ja extra "abgeschottet" hat und ich weiß nicht genau, wie/wo das passiert...

Edit: Also, meinst du jetzt: Das Gastnetz geht überhaupt nicht mehr (auch ohne den Eintrag für das Netz), oder es geht nur nicht durch das VPN?!?
Wenn es "nur" mit dem OpenVPN nicht geht vermute ich, dass es schon über das VPN "raus" geht, dann aber "nicht zurück" darf, weil Pakete "zurück" in das Gastnetz nicht von einem anderen Interface als vom DSL kommen dürfen...

 

[radislav]

nein nein, ohne "ip rule add from $GUESTNET prio 31001 table 2" bzw. beim entfernen dieser Regel funktioniert dann der Gast-Zugang schon wieder...

 

[MaxMuster]

Dann vermute ich, dass es mit dem Gast-Netz nicht funktionieren wird...

 

[radislav]

ok, damit kann ich leben.

Vielen vielen Dank für Deine Hilfe
:groesste:

 

[gesko]

Hallo Gemeinde,

ich muss meinen alten, wohl noch immer recht aktuellen thread mal wieder nach oben holen.

In Beitrag #6 hatte mir MaxMuster freundlicherweise iptables inklusive der Module und openvpn für die firmware FB7390_84_04_91 statisch kompiliert. Mit folgendem Skript lief die ungefreetzte Box als VPN client super.

#!/bin/sh
#
# Project: Connect fritz!box 7390 to VyprVPN via OpenVPN

#
# Start up script to connect the 7390 to giganews.com/VyprVPN via openVPN.


case "$1" in
        online )
                #####################################################
				# LOAD CONFIG FILE config.cfg. 
				#####################################################

				# Load config file
				. /var/media/ftp/openVPN/config.cfg
				
				
				#####################################################
				# CREATE LOGFILE
				#####################################################
				! test -f $INSTDIR/online.txt && touch $INSTDIR/online.txt
                echo "$(date) #### NEW ONLINECASE STARTED ######" >> $INSTDIR/online.txt
                
                
				#####################################################
				# CHANGE TO INSTALL DIR
				#####################################################
				cd $INSTDIR

				#####################################################
				# BYPASS CONFIGURATION in bypass.cfg 
				#####################################################
				# Last line must be a blank line.


				#####################################################
				#####################################################
				# MAIN SCRIPT 
				#####################################################
				#####################################################

				#####################################################
				# Check for internet connection.
				#####################################################
				while !(ping -c 1 www.google.de) >/dev/null 2>&1; do
					echo "$(date) Connection to internet not established retry in 5 seconds:" >> $INSTDIR/online.txt
					sleep 5
				done
				
				echo "$(date) Connection to internet established" >> $INSTDIR/online.txt
				

				#####################################################
				# Loading modules
				#####################################################
				for x in $(ls net/ipv4/netfilter/); do
					y=${x%.*} # strip file extension
						if ! lsmod | grep $y >/dev/null 2>&1; then # Test if module is NOT installed
							insmod net/ipv4/netfilter/$x;	# then install module.
							echo "$(date) module $x installed" >> $INSTDIR/online.txt
						else
							echo "$(date) module $x already installed: skip" >> $INSTDIR/online.txt
					
						fi
				done

				for x in $(ls net/netfilter/); do
					y=${x%.*}
						if ! lsmod | grep $y >/dev/null 2>&1; then # Test if module is NOT installed
							insmod net/netfilter/$x; # then install module.
							echo "$(date) module $x installed" >> $INSTDIR/online.txt
						else
							echo "$(date) module $x already installed: skip" >> $INSTDIR/online.txt
						fi
				done

				#####################################################
				# Create iptables rules for tun0
				#####################################################
				# First flush iptables to prevent duplicates.
				$INSTDIR/bin/iptables -t nat -F && echo "$(date) iptables flushed" >> $INSTDIR/online.txt
				# MASQUERADE tun0
				$INSTDIR/bin/iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE && echo "$(date) iptables: masquerading set" >> $INSTDIR/online.txt
				# block connetions from the outside
				$INSTDIR/bin/iptables -A INPUT -i tun0 -m state --state NEW,INVALID -j DROP
				$INSTDIR/bin/iptables -A FORWARD -i tun0 -m state --state NEW,INVALID -j DROP

				#####################################################
				# Check if tun device NOT exists; then create it
				#####################################################
				[ ! -c /var/tmp/tun ] && mknod /var/tmp/tun c 10 200 && echo "$(date) tun device created"

				#####################################################
				# Correct default gateway.
				#####################################################
				# Delete default gateway and add a corrected one.
				# Necessary because of AVMs strange 0.0.0.0 gateway not recognized by openVPN.
				# Will break AVMs VPN !!!!! Alternative: use openVPn with --up and --down scripts
				# to do the routing.
				DEFAULTROUTEIF="`route -n | sed -n '/^0.0.0.0[[:space:]]\+0.0.0.0/ s/^.*[[:space:]]\([^[:space:]]\+\)$/\1/p'`"
						if [ "$DEFAULTROUTEIF" = "dsl" ]; then
							ifconfig $DEFAULTROUTEIF:dsld 169.254.2.1 dstaddr 169.254.2.1
							route del default 2> /dev/null && echo "$(date) default route deleted" >> $INSTDIR/online.txt
							route add default gw 169.254.2.1 dev $DEFAULTROUTEIF && echo "$(date) new default route added" >> $INSTDIR/online.txt
						else
							echo "$(date) Default route already corected" >> $INSTDIR/online.txt
						fi
	
				#####################################################
				# Set bypass routing. 
				#####################################################
				# Get entries from file bypass.cfg. Resolve name and set route to dsl.
				
				rm -f $INSTDIR/ipbprm.txt && echo "$(date) del ipbprm.txt" >> $INSTDIR/online.txt
				touch $INSTDIR/ipbprm.txt && echo "$(date) create ipbprm.txt" >> $INSTDIR/online.txt
				
				BYPCFG=$INSTDIR/bypass.cfg
						cat $BYPCFG | while read a; do
							NEWSS=$(ping -c1 $a | sed -n '/PING/ s/^[^(]*(\([0-9\.]*\).*/\1/p')
	
							echo $NEWSS >> $INSTDIR/ipbprm.txt
							echo "$(date) found bypass routig: $a name resolved: $NEWSS" >> $INSTDIR/online.txt
	
							if ! route -n | grep $NEWSS >/dev/null 2>&1; then 
								route add $NEWSS dev dsl
								echo "$(date) Route added: $NEWSS" >> $INSTDIR/online.txt
							else
								echo "$(date) Route already set: $NEWSS" >> $INSTDIR/online.txt
			
							fi
			
						done
				
				
				#####################################################
				# Check if there is a password.txt file. If the file exists delete it.
				#####################################################
				rm -f $INSTDIR/password.txt && echo "$(date) del password.txt" >> $INSTDIR/online.txt

				#####################################################
				# Create a new password file and write usernemae and password.txt
				#####################################################
				touch $INSTDIR/password.txt && echo "$(date) create password.txt" >> $INSTDIR/online.txt
				echo $USERNAME >> $INSTDIR/password.txt
				echo $PASSWORD >> $INSTDIR/password.txt

				#####################################################
				# Check if there is NOT a logfile; then create it
				#####################################################
				! test -f $INSTDIR/log.txt && touch $INSTDIR/log.txt && echo "$(date) create log.txt" >> $INSTDIR/online.txt

				#####################################################
				# Start OpenVPN. Write output to log.txt. 
				#####################################################
				# Write output to log.txt 
				if ps | grep -v grep | grep "openvpn --config" >/dev/null 2>&1; then
						echo "$(date) openVPN Prozess allredy running" >> $INSTDIR/online.txt
					else
						$INSTDIR/bin/openvpn --config $INSTDIR/$SERVERLOC.vpn.giganews.com.conf --auth-user-pass $INSTDIR/password.txt --dev-node /var/tmp/tun --script-security 2 1>$INSTDIR/log.txt 2>&1 &
						echo "$(date) openVPN started" >> $INSTDIR/online.txt
					fi
				
				echo "$(date) #### ONLINECASE END ######" >> $INSTDIR/online.txt
				
				$INSTDIR/pscheck.sh &
        ;;
        offline )
        
                
                #####################################################
				# get the config file
				#####################################################
				. /var/media/ftp/openVPN/config.cfg
				
				! test -f $INSTDIR/offline.txt && touch $INSTDIR/offline.txt
               	echo "$(date) #### NEW OFFLINE CASE STARTED ######" >> $INSTDIR/offline.txt
				
				#####################################################
				# Kill openVPN
				#####################################################
				if ps | grep -v grep | grep "openvpn --config" >/dev/null 2>&1; then
						killall openvpn && echo "$(date) killed openvpn" >> $INSTDIR/offline.txt
					else
						echo "$(date) Kill: openVPN was not running" >> $INSTDIR/offline.txt
					fi

				#####################################################
				# Del bypass routing. 
				#####################################################
				# Get entries from file ipbprm.txt and del route. Del file.
				BYPRM=$INSTDIR/ipbprm.txt
				if test -f $BYPRM; then
         			cat $BYPRM | while read a; do
							route del $a dev dsl && echo "$(date) BP route $a deleted" >> $INSTDIR/offline.txt	
					done
      			else
        			 echo "$(date) file $BYPRM does not exist. No route to del" >> $INSTDIR/offline.txt
     		 	fi
						
				rm $INSTDIR/ipbprm.txt >/dev/null 2>&1 && echo "$(date) ipbprm.txt deleted" >> $INSTDIR/offline.txt
        ;;
esac

Mittlerweile habe ich die 7390 auf firmware 84.05.50 aktualisiert. Bei dem Firmwaresprung hat sich natürlich so einiges am System geändert und so lassen sich z.B. die netfilter Module nicht mehr verwenden.

insmod: can't insert 'net/ipv4/netfilter/arp_tables.ko': invalid module format
insmod: can't insert 'net/ipv4/netfilter/ip_conntrack.ko': invalid module format
insmod: can't insert 'net/ipv4/netfilter/ip_conntrack_ftp.ko': invalid module format
insmod: can't insert 'net/ipv4/netfilter/ip_conntrack_h323.ko': invalid module format
insmod: can't insert 'net/ipv4/netfilter/ip_conntrack_irc.ko': invalid module format
insmod: can't insert 'net/ipv4/netfilter/ip_conntrack_pptp.ko': invalid module format

Außerdem sind die openvpn und die iptables binaries natürlich nicht mehr aktuell.

Ich möchte gerne die ungefreetzte Box wie eingänglich beschrieben gerne wieder als client betreiben.

Kann mir hier einer der Pros erklären wie ich mir die statischen binaries und die Module bauen kann? Gibt es sonst noch was bei der neuen firmware zu beachten?


Greets

Gesko

 

[MaxMuster]

Kurz: geht nicht. Mit der FW funktioniert keine NAT mehr mit iptables, selbst mit freetz nicht.