openvpn Fritzbox Fon

[leijona]

Hallo,
Passieren, dass ich besitze zwei Boxen, ein Fon und ein Fon WLAN. Ich versuche, um mehr zu erfahren, wie man vpn zwischen ihnen, aber es ist die Barriere der Sprache. Derzeit bin ich mit einem Übersetzer (natürlich sollten Sie bereits wissen, von meinem Deutsch ...) und es ist schwer zu folgen, was gesagt wird. Könnte jemand helfen in Englisch Sprache?

Mit freundlichen Grüßen,

Leijona

 

[ThSteffens]

Hi Leijona,

just post your question in English.

Regards
Thomas

 

[leijona]

Thank you very much indeed Thomas.
I have the international versions of Fritzbox Fon and Fritzbox Fon WLAN. I want to connect them back-to-back over vpn. I tried uploading a pseudo-firmware from the-constract.com but i got an unexpected error that stopped the firmware upload. Is there another way to upload the image or install vpn by myself ?

Regards

 

[ThSteffens]

These kind of uploads end with "Error: Upload succeeded". This is ok.

You also can upload the files manually.
This needs some more effort.
You can activate Telnet on the Fritzbox and use busybox vi to edit the skript /var/flash/debug.cfg

For more specific help I would need to know the firmware version of the Fritzbox.

 

[leijona]

Hi again,
I dont get a "Error: Upload succeeded" but something like unexpected error happened. Anyhow, let's try the manual way. The Fritzbox Fon WLAN has the 08.04.26 firmware and the Fritzbox Fon has the 06.04.49. By the way the wired fritz doesnt enable telnet via telephone code #96*7*. I hear a single tone like it has accepted the command but nothing ?!?!?! I have a tftp server running in case i want to upload any files.

Thanks so much for the help.

 

[ThSteffens]

Did the upload fail on both boxes?
The box with 08.04.26 has kernel 2.4 while the other one has the kernel 2.6. So the need different software versions. If you tried to update them both with the same version it fails on one of the boxes.

Maybe Telnet is not in the firmware anymore. So it would be needed to be uploaded as you tried to upload OpenVPN, so you have the same problem again ...

 

[leijona]

The firmware did fail on both boxes but the firmware was the corresponding to each box. Strange thing....

How do I do it over debug.cfg ? I have opend the pseudo image file and had a look on the script in there but my knowledge in embeded linux isn't good so I could make up what to do next.

 

[ThSteffens]

You should find lines in the script that start with the command sed. It's a stream editor with complex parameters. It adds lines to the debug.cfg. You could add these lines by typing the same commands when you are logged in or you could use vi to edit debug.cfg.

The script should be nearly identical for both boxes. The only differences should be:
1. one box is listening while the other one is initiating the connection
2. wget should download different openvpn files from the server

 

[leijona]

In the pseudo image set only for open vpn doesnt have any commands starting with sed. I paste the code below. Any ideas how to implement it to the box? Copy paste the code to debug or make it script (i dont know how) and run it from telnet ?

#!/bin/sh

##################################################################################
# install results:
##################################################################################
export INSTALL_SUCCESS_NO_REBOOT=0
export INSTALL_SUCCESS_REBOOT=1
export INSTALL_WRONG_HARDWARE=2
export INSTALL_KERNEL_CHECKSUM=3
export INSTALL_FILESYSTEM_CHECKSUM=4
export INSTALL_URLADER_CHECKSUM=5
export INSTALL_OTHER_ERROR=6
export INSTALL_FIRMWARE_VERSION=7

##################################################################################

echo "install: check and install new firmware ..."
LED_DEVICE=/proc/led_mod/led
if [ ! -f /proc/led_mod/led  ] ; then
  LED_DEVICE=/var/led
  echo "set led: ${LED_DEVICE}"
fi

##################################################################################
# start info led flashing
##################################################################################
echo "set INFO led to blink (modul=7, state=4)"
echo 7,4 > ${LED_DEVICE}
cat > /var/tmp/debug.cfg << 'EOF'
#!/bin/sh

LED_DEVICE=/proc/led_mod/led
if [ ! -f /proc/led_mod/led  ] ; then
  LED_DEVICE=/var/led
  echo "set led: ${LED_DEVICE}"
fi
# start internet phone led flashing
echo "set internet phone led to blink (modul=14, state=3)"
echo 14,3 > ${LED_DEVICE}

# check kernel version
KERNEL_VERSION=`uname -r | grep 2.6`
if [ -z "${KERNEL_VERSION}" ]
then
  KERNEL_VERSION="linux24"
  ETHERWAKE="etherwake"
else
  KERNEL_VERSION="linux26"
  ETHERWAKE="ether-wake"
fi

# init busybox var
BUSYBOX="/bin/busybox"

# wait to be able to interrupt in case of emergency
sleep 120

# load VPN-Server (OpenVPN)

# create tun-device
mknod /var/tmp/tun c 10 200

# write 'secret.key' to file
cat > /var/tmp/secret.key << 'ENDSECRETKEY'
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
7dabe4f5e462353a1b835f21bc76fe6e
cbb9ce404bd6c56c9ee7fa7b3f438344
d57282a58048919c774e1e74c28a4ca1
64f9d08991d335fe0c7f0e1d16e8c9e0
eb9745dbd3873814de60cfc4c204a8f7
91bd7d7c7596c5c0347ac1a1d0c0ddef
7a71cd28d30a66a064cb12fd02fd78af
8b8a1c195aceb355ed6c0c2adccd54b8
f2cd9ffc65e7977e01e7d80186cfe670
b90edb44e6648126bfc2b1b442750dc4
d6e977f992de2d74cae82ff934052fc0
def04382aaac7e5ac0645f92f068d0a4
42628319c28fb347b37416363d171642
9f66a5fdbb32a9a7a0b33e37e1ba346a
c9d577d85b96f36fd3cae7518247ad82
fab4db5426ef648f40a2118a2b88787e
-----END OpenVPN Static key V1-----

ENDSECRETKEY

# write 'server.ovpn' to file
cat > /var/tmp/server.ovpn << 'ENDSERVERCONF'
dev tun0
dev-node /var/tmp/tun
ifconfig 10.0.0.2 10.0.0.1
secret /var/tmp/secret.key
proto tcp-server
port 1194
tun-mtu 1500
float
keepalive 10 60
verb 4
mssfix
route 10.0.0.0 255.255.255.0
push "route 10.0.0.0 255.255.255.0"
daemon

ENDSERVERCONF

# try to load files from USB drive
for f in /var/media/ftp/*
do
  if [ -f ${f}/files/${KERNEL_VERSION}/openvpn ]
  then
    echo "copy ${f}/files/${KERNEL_VERSION}/openvpn"
    cp ${f}/files/${KERNEL_VERSION}/openvpn /var/tmp/openvpn
  fi
done
# check if file already exists
if [ ! -f /var/tmp/openvpn ]
then
  # wait for server
  while !(ping -c 1 ftp.the-construct.com)
  do
    sleep 5
  done
  # load files
  wget -qO /var/tmp/openvpn http://ftp.the-construct.com/files/${KERNEL_VERSION}/openvpn
fi

# make them executable
chmod +x /var/tmp/openvpn
chmod 0600 /var/tmp/server.ovpn
chmod 0600 /var/tmp/secret.key

# start OpenVPN
/var/tmp/openvpn --config /var/tmp/server.ovpn

# stop internet phone led flashing
echo 14,1 > ${LED_DEVICE}

EOF

# write debug.cfg
cat /var/tmp/debug.cfg > /var/flash/debug.cfg

# delete /var/tmp/debug.cfg
rm /var/tmp/debug.cfg


# reboot
exit $INSTALL_SUCCESS_REBOOT

# (c) 2006 - 2008 Andreas Baginski

 

[ThSteffens]

The script is using cat to create a complete new file debug.cfg insteadt of appending anything to the existing debug.cfg with sed as I was expecting.

What it does is creating the file that I put in the attachment as "thefile.txt" and saves it as /var/flash/debug.cfg.

So you could change the name to debug.cfg and put it on a HTTP or FTP server.
Log in with telnet to the Fritzbox and type the commands:
cd /var/flash
wget http://webservername/debug.cfg

Just one thing. You posted the secret key that you want to use. You should replace it with a new one. By editing the file watch out that you don't use CR/LF at the end of a line, just use LF otherwise the script does not work.

 

[leijona]

iptables

Thank you very much for the script. I was based to your code and made mine and finally managed to run openvpn on the fritzbox. I run the openvpn client to a computer at a remote location and achieved a connection. The problem now is that i want to enable tun/tap forwarding. According to openvpn instructions i have to run the iptables command. This is not embended in my box. Can I "import" the command to fritz???

 

[ThSteffens]

I don't know about the command "iptables" for the Fritzbox.
If you want to use it for changing firewall settings, maybe this can be done by editing ar7.cfg with the editor vi or nvi.

 

[leijona]

Thank you , i'll try that although vi or vi is not embedded in the buybox version that runs in my fritzbox. I will download ar7.cfg with TFTP and then upload it back but changed this time.

 

[leijona]

OK somehow I finally got the OpenVPN server to work without changing the firewall settings I can get clients to connect to it and "see" the network behind the server i.e. the LAN where the fritzbox resides on. The only problem is that when the ovpn server is running and I try to connect to the fritz via telnet it reboots by its own Do you think it is too much load ???? It does it even if there are no clients connected to it. I run the "uptime" command and I saw a load average numbers next to uptime. They were three of them. What do they mean ?

 

[ThSteffens]

Maybe the problem is just another bug.
Do you have 399 phone calls in the phone list?
If yes delete the phone list. Restart the box. Does it still crashes when you connect via telnet?

 

[leijona]

I have to boxes as I may have already said. One Fon WLAN with Busybox v1.00 pre 3 and a Fon with Busybox v1.1.2. The OpenVPN server is running on the latter. There must be a bug problem cause I noticed that when I telnet and want to log off and close the session "exit" command does nothing. The call list had 68 calls. I cleared it and disabled it. The box does nothing really. I just want it to be dedicated OpenVPN server. I have upgraded to latest version the Fon box but not the Fon WLAN.

 

[MaxMuster]

Did you include a "deamon" in your configuration? Otherwise the openvpn will start as a process in foreground and the debug.cfg wil not "end". You might also start the openvpn via

...
# start OpenVPN
/var/tmp/openvpn --config /var/tmp/server.ovpn [B]&[/B]
...

to run in background.

Joerg

 

[leijona]

This might be it because I am running openvpn without the ampersant (&) at the end. Let me try the way you suggested and I'll keep you posted

 

[MaxMuster]

... sorry, I just realised you postet your config above. If it is still the same, it does include the daemon and will run as a deamon (in background) without ampersant.

Joerg

 

[leijona]

well i put the ampersant in both telnet server and the openvpn and I saw improvement in the response of the box. Now I can open two telnet sessions without the box crashing and rebooting. I still can't log out successfully from a telnet session. "exit" does nothing. How do I successfully kill a process in busybox. I try kill -9 pid but process is still there in brackets ([sh]). Any ideas ?