IP: 192.168.24.xxx
Netmask: 255.255.255.0
Gateway: 192.168.24.254 (die FritzBox)
DNS: 192.168.24.150
Wins: 192.168.24.150
/*
* C:\Users\xatru.MIDKEMIA\AppData\Roaming\AVM\FRITZ!Fernzugang\xatru_dyndns_org\fritzbox_xatru_dyndns_org.cfg
* Wed Jul 06 00:13:32 2011
*/
vpncfg {
connections {
enabled = yes;
conn_type = conntype_user;
name = "[email protected]";
always_renew = no;
reject_not_encrypted = no;
dont_filter_netbios = yes;
localip = 0.0.0.0;
local_virtualip = 0.0.0.0;
remoteip = 0.0.0.0;
remote_virtualip = 192.168.24.140;
remoteid {
user_fqdn = "[email protected]";
}
mode = phase1_mode_aggressive;
phase1ss = "all/all/all";
keytype = connkeytype_pre_shared;
key = "<xxxxxx>";
cert_do_server_auth = no;
use_nat_t = yes;
use_xauth = no;
use_cfgmode = no;
phase2localid {
ipnet {
ipaddr = 192.168.24.0;
mask = 255.255.255.0;
}
}
phase2remoteid {
ipaddr = 192.168.24.140;
}
phase2ss = "esp-all-all/ah-none/comp-all/pfs";
accesslist = "?";
}
ike_forward_rules = "udp 0.0.0.0:500 0.0.0.0:500",
"udp 0.0.0.0:4500 0.0.0.0:4500";
}
// EOF
accesslist = "permit ip any 192.168.24.140 255.255.255.255";
xatru@netbook:~$ nslookup
> server 192.168.24.150
Default server: 192.168.24.150
Address: 192.168.24.150#53
> google.de
...
xatru@netbook:~$ route -n
Kernel-IP-Routentabelle
Ziel Router Genmask Flags Metric Ref Use Iface
192.168.24.0 192.168.24.140 255.255.255.0 UG 0 0 0 tap0
192.168.24.0 0.0.0.0 255.255.255.0 U 0 0 0 tap0
10.10.0.0 0.0.0.0 255.255.128.0 U 2 0 0 eth1
169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 eth1
0.0.0.0 10.10.0.1 0.0.0.0 UG 0 0 0 eth1
/*
* C:\Pfad\zur\Config
* Thu Jul 14 17:18:00 2011
*/
vpncfg {
connections {
enabled = yes;
conn_type = conntype_user;
name = "[email protected]";
always_renew = no;
reject_not_encrypted = no;
dont_filter_netbios = yes;
localip = 0.0.0.0;
local_virtualip = 0.0.0.0;
remoteip = 0.0.0.0;
remote_virtualip = 192.168.100.201;
remoteid {
user_fqdn = "[email protected]";
}
mode = phase1_mode_aggressive;
phase1ss = "all/all/all";
keytype = connkeytype_pre_shared;
key = "key";
cert_do_server_auth = no;
use_nat_t = yes;
use_xauth = no;
use_cfgmode = no;
phase2localid {
ipnet {
ipaddr = 192.168.100.0;
mask = 255.255.255.0;
}
}
phase2remoteid {
ipaddr = 192.168.100.201;
}
phase2ss = "esp-all-all/ah-none/comp-all/pfs";
accesslist = "deny ip any 192.168.0.0 255.255.255.0", "reject udp any any eq 53", "reject udp any any eq 500", "reject udp any any eq 4500", "permit ip any any";
}
ike_forward_rules = "udp 0.0.0.0:500 0.0.0.0:500",
"udp 0.0.0.0:4500 0.0.0.0:4500";
}
// EOF
- CFG-Datei des FRITZ!Fernzugang anpassen (neue, einfachere Version dank User "DerLanWan")
Bestehende Zeile durch folgende austauschen:
Code:accesslist = "reject udp any any eq 53", "reject udp any any eq 500", "reject udp any any eq 4500", "permit ip any any";
Wenn der PC in einem LAN hängt, muss man folgende Zeile verwenden:
Erläuterung: 192.168.0.0 255.255.255.0 ist das Subnet des LAN, an das der PC angeschlossen ist.Code:accesslist = "deny ip any [COLOR="Red"]192.168.0.0 255.255.255.0[/COLOR]", "reject udp any any eq 53", "reject udp any any eq 500", "reject udp any any eq 4500", "permit ip any any";
Im FRITZ!Fernzugang die alte VPN-Konfiguration löschen und die angepasste Version importieren.
vpncfg {
connections {
enabled = yes;
conn_type = conntype_lan;
name = "7140.hopto.org";
always_renew = no;
reject_not_encrypted = no;
dont_filter_netbios = yes;
localip = 0.0.0.0;
local_virtualip = 0.0.0.0;
remoteip = 0.0.0.0;
remote_virtualip = 0.0.0.0;
remotehostname = "7140.hopto.org";
localid {
fqdn = "7270.hopto.org";
}
remoteid {
fqdn = "7140.hopto.org";
}
mode = phase1_mode_aggressive;
phase1ss = "all/all/all";
keytype = connkeytype_pre_shared;
key = "*";
cert_do_server_auth = no;
use_nat_t = yes;
use_xauth = no;
use_cfgmode = no;
phase2localid {
ipnet {
ipaddr = 192.168.100.0;
mask = 255.255.255.0;
}
}
phase2remoteid {
ipnet {
ipaddr = 192.168.120.0;
mask = 255.255.255.0;
}
}
phase2ss = "esp-all-all/ah-none/comp-all/pfs";
accesslist = "permit ip any 192.168.120.0 255.255.255.0";
}
ike_forward_rules = "udp 0.0.0.0:500 0.0.0.0:500",
"udp 0.0.0.0:4500 0.0.0.0:4500";
}
// EOF
vpncfg {
connections {
enabled = yes;
conn_type = conntype_lan;
name = "7270.hopto.org";
always_renew = no;
reject_not_encrypted = no;
dont_filter_netbios = yes;
localip = 0.0.0.0;
local_virtualip = 0.0.0.0;
remoteip = 0.0.0.0;
remote_virtualip = 0.0.0.0;
remotehostname = "7270.hopto.org";
localid {
fqdn = "7140.hopto.org";
}
remoteid {
fqdn = "7270.hopto.org";
}
mode = phase1_mode_aggressive;
phase1ss = "all/all/all";
keytype = connkeytype_pre_shared;
key = "ee";
cert_do_server_auth = no;
use_nat_t = yes;
use_xauth = no;
use_cfgmode = no;
phase2localid {
ipnet {
ipaddr = 192.168.120.0;
mask = 255.255.255.0;
}
}
phase2remoteid {
ipnet {
ipaddr = 192.168.100.0;
mask = 255.255.255.0;
}
}
phase2ss = "esp-all-all/ah-none/comp-all/pfs";
accesslist = "reject udp any any eq 53", "reject udp any any eq 500", "reject udp any any eq 4500", "permit ip any any";
}
ike_forward_rules = "udp 0.0.0.0:500 0.0.0.0:500",
"udp 0.0.0.0:4500 0.0.0.0:4500";
}
// EOF
accesslist = "reject udp any any eq 53", "reject udp any any eq 500", "reject udp any any eq 4500", "permit ip 192.168.120.20 255.255.255.255 any";
accesslist = "reject udp any any eq 53", "reject udp any any eq 500", "reject udp any any eq 4500", "permit ip 192.168.120.20 255.255.255.255 any", "permit ip 192.168.120.0 255.255.255.0 192.168.100.0 255.255.255.0";