Need Help with changing code to install OpenVPN on a AVM router (Fritzbox) WITHOUT custom firmware

[Annonnymous 8]

Hey guys I ran across this article: http://www.sephi.de/wp/2013/11/04/fritzbox-7390-mit-fritzos-6-0-und-openvpn-ohne-custom-firmware/

 

as I was looking for a way to make my life easier by convincing my Fritzbox to accept OpenVPN connections. Now we do have an excellent tutorial already if freetz (the custom firmware for avm devices) is an option for your box. However that is not an option for my very new 3390 since the only supported firmware so far is pretty buggy and damaged. I didn't want to make a trade off between security risks or beeing lazy which is why I searched for another way and I believe I found it. Also some ISP check the status of their boxes/routers which is why it is impossible for some people to use freetz.

 

Now I am not a genius with linux which is why I do not know how to change the login procedure but I think that someone with a little more knowledge could change that code in to something we all will be able to benefit from. As far as I understood it the only nescessary change would be to change the login procedure as airvpn doesn't use certificates rather than username and password.

 

I am well aware that German is not as wide spread language :-D which is why I translated the German (Red Colour) in to English. (It is not perfect but for the purpose of this work it'll do. Once the script works I will create a real How to with proper instructions)

 

Vorab sei noch gesagt, dass der exakte Pfad des USB-Sticks ggf. je nach USB-Stick den man verwendet variieren kann. Passt dazu einfach alle Pfade an.

Before we get started it is important to mention that the exact path of the USB Stick may vary and therefore all paths may have to be changed accordingly.

Hier gibts die OpenVPN-Binary: Download: openvpn_2.3.2-mips-openssl-static.gz 568.6 KB

There is the OpenVPN Binary

Man entpackt diese auf den USB-Stick in einen Unterordner 'openvpn' und benennt sie in 'openvpn' um.

Just extract this binary on to an USB stick in a subfolder "openvpn" and call it "openvpn"

Dazu kommt folgendes Startscript als 'runme.sh':

Add the following starter script as "runme.sh"

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

#!/bin/sh

# Skript startet den VPN Dienst.

 

# wir warten und pruefen, bis Internetverbindung steht:

echo warten auf bestehende Internetverbindung

# hier wird jeweils so lange versucht,

# einen Ping erfolgreich an 8.8.8.8 (Google DNS Server)

# zu schicken und bei Misserfolg gewartet - kann natürlich gerne

# gegen den eigenen VPN-Server ausgetauscht werden

while !(ping -c 1 8.8.8.8); do

sleep 5

done

 

# tun-Device anlegen, falls noch nicht vorhanden

echo das TUN Device wird erzeugt

mknod /var/tmp/tun c 10 200

 

# wir geben eine Info raus, dass der VPN Dienst gestartet wird:

echo OpenVPN wird gestartet

# Wir gehen in das Verzeichnis auf dem USB Device:

cd /var/media/ftp/Generic-FlashDisk-01/openvpn

# Aufruf des OpenVPN Binary mit dem Konfigurationsnamen, wird als daemon gestartet

/var/media/ftp/Generic-FlashDisk-01/openvpn/openvpn --client --config openvpn.conf --daemon

Dazu als 'openvpn.conf' die vorbereitete OpenVPN-Konfiguration und die Zertifikatsdateien - hier ein Beispiel:

Additionally the prepared OpenVPN-config and the certificate data - as exampled: 

(I believe this is the point where we will have to change something since airvpn does work with passwort and username bit I do not know enough of coding language to do it myself)

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

client

dev tun

dev-node /var/tmp/tun

proto tcp

remote <server> 1194

resolv-retry infinite

nobind

persist-key

ca ca.crt

key fritzbox-client.key

cert fritzbox-client.crt

cipher AES-128-CBC

verb 1

mute 20

comp-lzo

Jetzt müssen wir die angelegte 'runme.sh' nur noch in den Autostart eintragen - das machen wir ganz einfach über einen Eintrag in der 'debug.cfg' im Verzeichnis /var/flash/ direkt auf der Fritz!Box - falls nötig legen wir die Datei einfach mit folgendem Inhalt an:

Now we only have to create an autostart entry for "runme.sh" This can be accomplished through an entry in "debug.cfg" in the path /var/flash on the Fritzbox. If nescessary just create the file with the content.

1

/var/media/ftp/Generic-FlashDisk-01/openvpn/runme.sh

Zum Test kann der eingetragene Befehl auch manuell auf der Telnet-Konsole ausgeführt werden. Verbinden kann man mit der Fritz!Box einfach per Telnet auf Port 23 mit dem Administrator-Kennwort der Box. Hierfür geht nahezu jeder beliebige Client - zum Beispiel PuTTy (auf Telnet umstellen nicht vergessen!).

To test it the command may also be executed manually through Telnet-console. Connecting to the FritzBox can be achieved through Telnet on port 23 and the administrator password. In order to do so every Client such as PuTTy can be used for that.

 

 

Allright guys. Once we figured it out how to change it, I am going to write a real how to so that every one can use it. If you have an idea how to approach it, but do not have an AVM router, I will provide mine as guinea pig.

 

Allright happy coding :-)

 

[OpenSourcerer 1379]

You may have set up OpenVPN but you need to set up iptables, too, otherwise there won't be any traffic from and to the internet. Applies to my 7141.

 

Regarding the config file: Just replace it with the one from the config generator. Maybe you have to add dev-node /var/tmp/tun to it manually. I personally didn't need that.

[Annonnymous 8]

Allright I am going to est that, thank you :-)