EanderAlx.org

Linux, Virtualization and whatever I find interesting ...

User Tools


Site Tools



IPSec VPN with Fritzbox

I doesn't realy like Fritzbox's nor IPSec and myself I'm using a Netgear Router with Tomato and OpenVPN but I had to connect to this IPSec VPN from this Fritzbox 7170. I find Shrew IKE to do this and if you also want to connect to Fritzbox IPSec hear you can find out how did you get it to work. I used Arch Linux as IPSec Client.

Configure VPN Gateway

First you have to configure you Fritzbox for a Client-to-Site VPN … and unfortunately this is only possible with the Windows Software to create the config. Hear the Link to the German AVM Site.

Configure VPN client

You find the shrew Client in the AUR (Arch User Repository). I only get to work the shrew-vpn-client-alpha 2.2.0-9 with an actual System.

  • You will need some packages to make the shrew Client
 pacman -S fakeroot gcc flex bison cmake make; makepkg; pacman -U *.tar.xz
  • All configs for VPN Connections have to be located in
~/.ike/sites

Create config to connect to Fritzbox

There are several way to create your config. The easiest is to install shrew on the Windows maschine you used to create you Fritzbox config and export it. AVM also have a Doku how to configure the Shrew client.
AVM Doku. There is also a perl script to convert a windows - to a linux config but it doesn't work for me, name is “vpnseter.pl”.

hear is my config (most of it ;)):

Click to display ⇲

Click to hide ⇱

n:version:2
s:network-host:fritzbox.dyndns.org
n:network-ike-port:500
s:client-auto-mode:pull
n:network-mtu-size:1380
s:client-iface:virtual
n:client-addr-auto:1
s:network-natt-mode:enable
n:network-natt-port:4500
n:network-natt-rate:15
s:network-frag-mode:enable
n:network-frag-size:540
n:network-dpd-enable:1
n:client-banner-enable:1
n:network-notify-enable:1
n:client-wins-used:0
n:client-wins-auto:1
n:client-dns-used:0
n:client-dns-auto:0
n:client-splitdns-used:0
n:client-splitdns-auto:0
s:auth-method:mutual-psk
s:ident-client-type:ufqdn
s:ident-server-type:address
s:ident-client-data:user@example.org
b:auth-mutual-psk:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
s:phase1-exchange:aggressive
n:phase1-dhgroup:2
s:phase1-cipher:aes
n:phase1-keylen:256
s:phase1-hash:sha1
n:phase1-life-secs:3600
n:phase1-life-kbytes:0
n:vendor-chkpt-enable:0
s:phase2-transform:esp-aes
n:phase2-keylen:256
s:phase2-hmac:sha1
s:ipcomp-transform:deflate
n:phase2-pfsgroup:2
n:phase2-life-secs:3600
n:phase2-life-kbytes:0
s:policy-level:auto
n:policy-nailed:0
n:policy-list-auto:0
s:policy-list-include:192.168.187.0 / 255.255.255.0
  • When you have your config on the right place you can connect

ikec -a -r host.dyndns.org

 
* This is the ike commandline with "c" you can connect

Problems

  • With ubuntu I doesn't get it work. There was the problem that the tunnel was established, packages got to the fritzbox-net but on there way back they lost. Here is the german doku for Ubuntu.
  • Perhaps you have to set some sysctl values, see Ubuntu Doku

Comments

wh0cd1492370 <a href=http://viagra03.us.org>generic viagra - mastercard</a> <a href=http://viagra03.us.org>viagra</a> http://viagra03.us.org <a href=http://atenolol02.us.org>atenolol</a> <a href=http://atenolol02.us.org>Atenolol</a> http://atenolol02.us.org

1 |
AlfredAdjus
| 09.11.2017 00:21 | reply
linux/ipsec_fritzbox.txt · Last modified: 23.03.2013 18:36 by eanderalx