Search the Community
Showing results for tags 'Fritz!Box'.
Found 3 results
[[introduction || Preparations]] After several months of waiting I finally present you How to connect to AirVPN with your Fritz!Box router (v2) Back in the time when AirVPN offered just one connection at a time many people were forced to use their routers to connect to AirVPN if they wanted all of their devices to use the benefits of a VPN connection. I wanted to use it as a central point for AirVPN access - all devices should use it. The only drawback: It doesn't have OpenVPN installed. There is a way to enable it with Freetz, a replacement firmware for nearly every Fritz!Box router available which enables you to install additional software (or remove AVM's official ones). As a result, I wrote a guide. Contrary to the first, this one won't make you read things you don't (want to) understand. Each step will be described in detail and you will be hinted at potential issues or other things worth to be mentioned. It will be more newbie-friendly - less giga-nerdy. This guide is for Fritz!Box routers with Fritz!OS 4 and older!Newer versions of Fritz!OS have got a feature called Packet Accelerator which collides with the conntrack iptables module. Forcing it to be included in newer kernels will cause your router to lose network connectivity or even reboot all the time (boot loop). A guide will be written shortly, but don't point the finger at me for messing up your device. You are choosing to make these changes! [software and tools you will need - preparations] VirtualBox. Freetz can be built with any Linux OS (I will think about whether to include a guide for this here) but if you want to avoid installing hundreds of more packages and configure them to work in the right way, use VirtualBox with the preconfigured... Freetz-Linux image. Do you know what router model you have? If not, login to your Fritz!Box configuration interface (for your convenience ) and look it up. Things like Fon and WLAN in the name are important here! There are models having the same number but are different versions. As soon as you know it navigate to AVM's FTP site and download a recovery image for your Fritz!Box model. If you don't want to do that or if you can't reach it, download ruKernelTool (click on the second link first for the credentials, then click on the first and enter the credentials), a toolbox for Fritz!Box routers with a large feature set. It's much more complicated so I recommend you to download the image instead. I also recommend you to use a SSH client for much easier access to the console. On Windows, use PuTTY for example.You've got everything? Good, let's begin! By the way, I strongly recommend you to use a LAN connection to do these steps. WiFi is just too unpredictable. Also, AVM's recovery tool won't allow any other interfaces to use for recovery. [[introduction || Preparations]]
DEPRECATED. USE V2: https://airvpn.org/topic/14233-how-to-openvpn-on-fritzbox-routers/ -- In the following I will describe the steps necessary to connect to and route all traffic through AirVPN using modified firmwares for Fritz!Box routers by AVM. AVM is a manufacturer of quite popular (and expensive) routers in German-speaking countries. Unfortunately it has it's restrictions - especially on older models there is absolutely no VPN software preinstalled. So how do we solve this problem? The solution is called Freetz. Basically it's just a firmware modification kit with which you apply mods and packages to the original firmware. One of those packages is openvpn and this guide shows how to configure it to use with AirVPN. Be aware that VoIP won't work properly with AirVPN since you'd need to forward more than 32 ports to make it work without issues. 1. Read the FAQ. 2. Read Freetz for beginners. 3. Read this how-to for an overview of what expects you. All right? Let's go! -- BUILDING THE FILESYSTEM -- 1. Startup linux on VirtualBox. Checkout the recent freetz-trunk using svn checkout http://svn.freetz.org/trunk freetz-develThis is really important, because recent trunks contain OpenVPN v2.3 which fixes serious routing problems on the Fritz!Box. cd to freetz-devel after completion. 2. Build your minimal firmware and flash it. 3. If everything went fine make yourself familiar with the web interface. Then proceed. I) In Packages/Packages select OpenVPN with version (2.3.3), SSL library (OpenSSL), Enable Management Console, Optimize for size. II) In Packages/Unstable select Iptables 18.104.22.168 (binary only, unstable) and Iptables-CGI 1.1. The general Iptables kernel modules and Iptables shared libraries are automatically selected. For full fun consider selecting everything in Select kernel modules (IPv4), Select shared libraries (IPv4) and Select shared libraries (both IPv4 and IPv6). III) Now build your firmware and flash it. If everything worked fine proceed to the AirVPN config. -- OPENVPN CONFIGURATION -- Go to the config generator to generate your configuration files. Choose Router or other, then your preferred server. Check Advanced, your preferred connection mode and then Separate keys/certs from .ovpn file (not necessary, but this one will make it easier to setup the keys/certificates). Open every generated file with an editor like Notepad++. The config is only necessary to grab information you need, you are not going to upload it. Look into the .ovpn file and set up everything like this: Now you have to add the certificates. You can find the menu items I mention in the sidebar. Copy the whole content from 1) user.crt into the box at Box Cert. 2) ca.crt into the box at CA Cert. 3) user.key into the box at Private Key. 4) ta.key into the box at Static Key. Now start OpenVPN over the web interface. Your internet connection will drop but you will be able to connect to the Fritz!Box. -- 301: INTERNET MOVED PERMANENTLY -- Don't worry. iptables will help you to get the internet connection back. You just need to create one simple rule to nat all traffic to tun0. Now the Iptables-CGI comes into play. 1. Click on Iptables in the sidebar, check Automatic at "start type" and then press the start button. 2. Go to Editor in the sidebar. Check Add and pick from the drop-down menus: Chain: POSTROUTING Input-Interface: tun0 NAT: Normal Click on Submit. Go back to Iptables and press the restart button. Now check at Rules whether iptables-save has saved your rule. It should have been done so. This might look different for you: # Generated by iptables-save v22.214.171.124 on Tue Apr 15 23:43:28 2014 *nat :PREROUTING ACCEPT [75:4106] :POSTROUTING ACCEPT [27:4097] -t nat -o tun0 -j MASQUERADE :OUTPUT ACCEPT [10:3229] COMMIT # Completed on Tue Apr 15 23:43:28 2014 # Generated by iptables-save v126.96.36.199 on Tue Apr 15 23:43:28 2014 *filter :INPUT ACCEPT [461:31565] :FORWARD ACCEPT [45:2332] :OUTPUT ACCEPT [457:137328] COMMIT # Completed on Tue Apr 15 23:43:28 2014 You're done. The internet connection of all the devices in your network is routed through the tunnel. Tested on AVM Fritz!Box Fon WLAN 7141 with firmware 41.04.77, Freetz version: freetz-devel-11941
To everyone using a Fritz!Box: Perform an immediate update of your firmware! It closes a shortly discovered vulnerability used to execute code with root privileges when viewing a specially crafted website with any connected device. How to update More info #1 More info #2