*Inhalt gelöscht*
Zuletzt bearbeitet von einem Moderator:
Follow along with the video below to see how to install our site as a web app on your home screen.
Anmerkung: this_feature_currently_requires_accessing_site_using_safari
Würde ich einem Einsteiger nicht empfehlen, wenn aber DNS im Gast-Netz funktioniert, dann hast Du es wohl hingekriegt. 😉
Offensichtliche Probleme kann ich zumindest nicht erkennen.
Das hängt davon ab, was du mit der Regel erreichen willst. "!RFC1918" bedeutet einfach nur "alles außer RFC1918". Aber ja, in deinem Fall passt das so.
Solange die Geräte nicht leise, still und heimlich DNS over HTTPS verwenden.
Alles, was nicht explizit erlaubt ist, ist automatisch verboten. Ich persönlich würde solche prinzipiell überflüssigen Regeln nur anlegen, wenn ein triftiger Grund dafür besteht.
Hm, ganz verstehe ich es noch nicht.Das ist normal und kein Problem. Das per NAT zu machen hat einen anderen Grund, nämlich die Verwendung von anderen DNS-Servern als der Sense zu unterbinden.
[Sammelthread] - pfSense & OPNsense (Firewall- und Routing-Appliance)
*Inhalt gelöscht*www.hardwareluxx.de
"Inteface-Gruppe" - wieder was Neues - muss ich mir ansehen.@hs_warez Ist halt deine Entscheidung, was Du möchtest. Eine NAT-Regel für alles muss dann aber über eine Interface-Gruppe realisiert werden.
Zufrieden damit?Die Dinger gibt auch mit J4125 und 2,5GBit Ports und damit recht akuell.
Hätte da noch eine Frage:
Zufall, oder nicht - keine Ahnung.
Hab jetzt seit einiger Zeit OPNSense laufen und in der Zwischenzeit nie Netflix am Apple TV4 benutzt.
Vor ein paar Tagen habe ich die Netflix App gestartet und bekam dann die Meldung "... error rsa public key not found ...".
Auf den anderen Endgeräten (iPad, iPhone, Win.-PC's) funktionierts aber - über das gleiche Netzwerk.
Kann das jetzt an OPNSense liegen?
Wie grenze ich das jetzt am besten ein?
Danke!
LG
appboot.netflix.com
Zufrieden damit? J4125 und 2,5GBit Ports
Läuft bei mir auch noch bisher auf dem Proxmox-Cluster.Ich hab keine
Liebäugel nur damit. Wobei die 1Gbit Variante wohl ausreicht derzeit 50Mbit VDSL (max möglich ~200).
OPNSense läuft derzeit als VM unter Proxmox mit 2 Kernen eines J3455. Abgesehen von hohen Interruptload bei Traffic performt das für mich ausreichen.
**** FRITZ!Box 7590 CONFIGURATION EXPORT
Password=$$$$UQH2N5GZVZAGL354XBGS5ZZTKZXBL4QKF4OJ4SKWMB4DCJJCSUQTKGSRBPOXQ5JQVDLIRTM3X5RSMKH4I2WTWVY2UDZ2IIA15O4C44DX
FirmwareVersion=154.07.29
CONFIG_INSTALL_TYPE=mips34_512MB_grx5_dect446_5geth_2ab_isdn_nt_te_pots_2usb_host3_2wlan11n_hw226_29616
OEM=avm
Country=049
Language=de
**** CFGFILE:ar7.cfg
/*
* /var/tmp.cfg
* Mon May 16 18:58:13 2022
*/
meta { encoding = "utf-8"; }
ar7cfg {
mode = dsldmode_router;
active_provider = "other";
active_name = "test";
igddenabled = yes;
wan_bridge_with_dhcpc = yes;
wan_bridge_gateway = 0.0.0.0;
dhcpc_use_static_dns = no;
dhcp_dslforumorg = no;
ethmode = ethmode_bridge;
tcom_targetarch = no;
vdsl_resalearch = no;
aontv_arch = no;
bng_arch = yes;
hsi_use_wan_vlan = yes;
hsi_vlancfg {
vlanencap = vlanencap_none;
tagtype = vlantagtype_customer;
vlanid = 0;
vlanprio = 0;
tos = 0;
}
mtu_cutback_mode = mtumode_auto;
mtu_cutback = 1500;
StatisticStartOfMonth = 1;
enable_mac_override = yes;
macdsl_override = 00:00:00:00:00:00;
ipv6mode = ipv6_native;
ipv4mode = ipv4_ds_lite;
serialcfg {
mode = serialmode_off;
mbim = mbimmode_off;
number = "*99#";
provider = "internet.t-mobile";
username = "D5MEQG4TT2IFATARDKASGQRY5CRJG5GC52F1MHUMKQKVP42UNDWE5SWCUFXEJS5XMFK14YX";
passwd = "1OX4O1NNFUAS1QJ61TEBNVDLOQ1PEMDPYN4BJF6XQJPKEHGZE3TL4VCF43YQD34WY";
connect_chatscript = "ABORT BUSY ABORT 'NO CARRIER'",
"ABORT VOICE ABORT 'NO DAILTONE'",
"ABORT 'NO ANSWER' ABORT DELAYED",
"ABORT ERROR", "TIMEOUT 20",
"'' 'AT+cgdcont=1,\\"IP\\",\\"${provider}\\"'",
"OK 'ATDT${number}'", "CONNECT",
"WAIT 2";
stay_always_online = no;
inactivity_timeout = 1m;
backup {
enabled = no;
quickstart = serialquickstart_off;
downtime = 3m;
reverttime = 30m;
}
}
ethinterfaces {
name = "eth0";
dhcp = no;
ipaddr = xxx.xxx.xxx.xxx;
netmask = 255.255.255.0;
dstipaddr = 0.0.0.0;
dhcpenabled = yes;
dhcpstart = 192.168.10.30;
dhcpend = 192.168.10.150;
is_guest = no;
is_hotspot = no;
multicast_snooping = yes;
is_public = no;
} {
name = "eth0:0";
dhcp = no;
ipaddr = 169.254.1.1;
netmask = 255.255.0.0;
dstipaddr = 0.0.0.0;
dhcpenabled = yes;
dhcpstart = 0.0.0.0;
dhcpend = 0.0.0.0;
is_guest = no;
is_hotspot = no;
multicast_snooping = yes;
is_public = no;
} {
name = "wlan";
dhcp = no;
ipaddr = xxx.xxx.xxx.xxx;
netmask = 255.255.255.0;
dstipaddr = 0.0.0.0;
interfaces = "ath0", "ath1", "wdsup?";
dhcpenabled = yes;
dhcpstart = 0.0.0.0;
dhcpend = 0.0.0.0;
is_guest = no;
is_hotspot = no;
multicast_snooping = yes;
is_public = no;
}
brinterfaces {
name = "lan";
dhcp = no;
ipaddr = xxx.xxx.xxx.xxx;
netmask = 255.255.255.0;
dstipaddr = 0.0.0.0;
interfaces = "wan", "eth0", "eth1", "eth2", "eth3", "ath?*",
"wdsup?*";
dhcpenabled = yes;
dhcpstart = 192.168.10.30;
dhcpend = 192.168.10.150;
is_guest = no;
is_hotspot = no;
multicast_snooping = yes;
is_public = no;
} {
name = "lan:0";
dhcp = no;
ipaddr = 169.254.1.1;
netmask = 255.255.0.0;
dstipaddr = 0.0.0.0;
dhcpenabled = yes;
dhcpstart = 0.0.0.0;
dhcpend = 0.0.0.0;
is_guest = no;
is_hotspot = no;
multicast_snooping = yes;
is_public = no;
} {
name = "guest";
dhcp = no;
ipaddr = 192.168.189.1;
netmask = 255.255.255.0;
dstipaddr = 0.0.0.0;
interfaces = "guest?*", "guest_ct*", "guest_st*";
dhcpenabled = yes;
dhcpstart = 0.0.0.0;
dhcpend = 0.0.0.0;
is_guest = yes;
is_hotspot = no;
multicast_snooping = yes;
is_public = no;
}
dslinterface {
name = "dsl";
dhcp = no;
ipaddr = 0.0.0.0;
netmask = 255.255.255.255;
dstipaddr = 0.0.0.0;
dhcpenabled = yes;
dhcpstart = 0.0.0.0;
dhcpend = 0.0.0.0;
is_guest = no;
is_hotspot = no;
multicast_snooping = yes;
is_public = no;
}
dslinterface_metric = 2;
routes {
enabled = no;
ipaddr = 192.168.8.0;
mask = 255.255.255.0;
gateway = 192.168.5.1;
metric = 0;
dev = "";
}
ipbridge {
enabled = no;
}
pppoefw {
interfaces = "lan", "eth0", "eth1", "eth2", "eth3", "wlan";
nofirewall = yes;
dnsfilter_for_active_directory = yes;
hostuniq_filter = "";
dpconfig {
security = dpsec_host;
filter_teredo = yes;
filter_netbios = yes;
filter_sip = no;
filter_smtp = no;
sip_alg = no;
lowinput {
policy = "reject";
accesslist =
"permit ip any any connection outgoing-related",
"permit ip any any connection incoming-related",
"permit icmp any any";
}
lowoutput {
policy = "permit";
}
highinput {
policy = "permit";
}
highoutput {
policy = "permit";
accesslist =
"reject ip any 242.0.0.0 255.0.0.0",
"deny ip any host 255.255.255.255",
"reject ip any 169.254.0.0 255.255.0.0";
}
}
inherit_vlan_from_internet = yes;
}
budget {
Enabled = no;
Period = 2;
VolumeLow = 0;
VolumeHigh = 0;
ConnectionTime = 0;
WarnOnly = yes;
}
sync_groups {
name = "sync_dsl";
enabled = no;
media_type = media_type_dsl;
connect_delay_when_synced = 3s;
pppoeiface_link_mode = link_mode_unknown;
pppoeiface = "ptm0";
speed_in_netto = 1024;
speed_out_netto = 512;
manual_speed = no;
} {
name = "sync_ata";
enabled = yes;
media_type = media_type_ata;
connect_delay_when_synced = 3s;
pppoeiface_link_mode = link_mode_unknown;
pppoeiface = "wan";
speed_in_netto = 1024;
speed_out_netto = 512;
manual_speed = no;
} {
name = "sync_wlan_ata";
enabled = no;
media_type = media_type_wlan_ata;
connect_delay_when_synced = 3s;
pppoeiface_link_mode = link_mode_unknown;
speed_in_netto = 1024;
speed_out_netto = 512;
manual_speed = no;
} {
name = "sync_serial";
enabled = no;
media_type = media_type_serial;
connect_delay_when_synced = 3s;
pppoeiface_link_mode = link_mode_unknown;
speed_in_netto = 1024;
speed_out_netto = 512;
manual_speed = no;
} {
name = "sync_usb";
enabled = no;
media_type = media_type_ata;
connect_delay_when_synced = 3s;
pppoeiface_link_mode = link_mode_unknown;
pppoeiface = "usb0";
speed_in_netto = 1024;
speed_out_netto = 512;
manual_speed = no;
} {
name = "sync_ipclient";
enabled = no;
media_type = media_type_ipclient;
connect_delay_when_synced = 3s;
pppoeiface_link_mode = link_mode_unknown;
pppoeiface = "lan";
speed_in_netto = 1024;
speed_out_netto = 512;
manual_speed = no;
}
vccs {
VPI = 1;
VCI = 32;
traffic_class = atm_traffic_class_UBR;
pcr = 0;
scr = 0;
priority = 0;
dsl_encap = dslencap_pppoe;
ipbridgeing = no;
ipbridgeing_igmp = no;
pppoeforwarding = no;
connections = "internet", "voip";
}
mcupstream = "internet";
voip_forwardrules = "udp 0.0.0.0:5060 0.0.0.0:5060",
"tcp 0.0.0.0:5060 0.0.0.0:5060",
"udp 0.0.0.0:7078+20 0.0.0.0:7078";
voip_ip6_forwardrules = "udp 5060 # SIP", "tcp 5060 # SIP",
"udp 7078-7097 # RTP";
tr069_forwardrules = "tcp 0.0.0.0:8089 0.0.0.0:8089";
tr069_ip6_forwardrules = "tcp 8089";
internet_in_nat_rules_enabled = yes;
internet_out_nat_rules_enabled = yes;
dslifaces {
enabled = yes;
name = "internet";
weight = 50;
dsl_encap = dslencap_inherit;
dslinterfacename = "dsl";
no_masquerading = no;
use_fixed_masqaddr_if_no_masquerading = no;
no_firewall = no;
stackmode = stackmode_ipv4only;
pppoevlanauto = no;
pppoevlanauto_startwithvlan = no;
ppptarget = "internet";
rfc4638_enabled = no;
fixed_masqaddr = 0.0.0.0;
mtu = 0;
gre_server_cfg {
server_dnsprefer = protoprefer_ipv4;
dpd {
inactivity = 20s;
replywait = 1s;
npings = 4;
period = 30s;
}
allow_netbios = no;
}
etherencapcfg {
use_dhcp = yes;
use_dhcp_if_not_encap_ether = no;
ipaddr = 0.0.0.0;
netmask = 0.0.0.0;
gateway = 0.0.0.0;
dns1 = 0.0.0.0;
dns2 = 0.0.0.0;
}
is_mcupstream = yes;
stay_always_online = yes;
disable_ondemand = no;
reconnect_delay_after_conn_abort = 30s;
only_route_when_connected = no;
redial_delay_after_auth_failure = 1m;
redial_limit = 3;
redial_after_limit_reached = 10m;
redial_after_limit_reached_variance = 5m;
redial_after_limit_randomize = no;
redial_delay_after_low_error = 10s;
redial_delay_after_ppp_timeout = 10s;
redial_delay_after_ppp_error = 1m;
routes_only_for_local = no;
dproutes_only_for_local = no;
hide_interface_address = no;
disable_staticroutes_on_dhcproutes = no;
ripv2receiver_enabled = no;
ripv2_update_timer = 30s;
ripv2authmode = ripv2_auth_none;
ripv2md5_keyid = 0;
ripv2passwd = "";
set_replicate_dhcpoptions_in_parameter_request_list = no;
unset_ignored_dhcpoptions_in_parameter_request_list = yes;
dsldpconfig {
security = dpsec_firewall;
filter_teredo = yes;
filter_netbios = yes;
filter_sip = no;
filter_smtp = no;
sip_alg = no;
lowinput {
policy = "permit";
accesslist =
"deny ip any 242.0.0.0 255.0.0.0",
"deny ip any host 255.255.255.255";
}
lowoutput {
policy = "permit";
}
highinput {
policy = "permit";
}
highoutput {
policy = "permit";
accesslist =
"reject ip any 242.0.0.0 255.0.0.0",
"deny ip any host 255.255.255.255",
"reject ip any 169.254.0.0 255.255.0.0";
}
}
dhcp_auth_mode = auth_none;
dhcp_requests_with_client_id = yes;
dhcp_ignore_options_in_renewing = no;
is_erouter = no;
fakepacm = no;
dhcp_tr069_add_device_vendor_options = no;
use_random_macaddr = no;
arp_reply_for_any_net_enabled = yes;
} {
enabled = yes;
name = "voip";
weight = 50;
dsl_encap = dslencap_inherit;
dslinterfacename = "dsl";
no_masquerading = no;
use_fixed_masqaddr_if_no_masquerading = no;
no_firewall = no;
stackmode = stackmode_ipv4only;
pppoevlanauto = no;
pppoevlanauto_startwithvlan = no;
ppptarget = "voip";
rfc4638_enabled = no;
fixed_masqaddr = 0.0.0.0;
mtu = 0;
gre_server_cfg {
server_dnsprefer = protoprefer_ipv4;
dpd {
inactivity = 20s;
replywait = 1s;
npings = 4;
period = 30s;
}
allow_netbios = no;
}
etherencapcfg {
use_dhcp = yes;
use_dhcp_if_not_encap_ether = no;
ipaddr = 0.0.0.0;
netmask = 0.0.0.0;
gateway = 0.0.0.0;
dns1 = 0.0.0.0;
dns2 = 0.0.0.0;
}
is_mcupstream = no;
stay_always_online = yes;
disable_ondemand = no;
reconnect_delay_after_conn_abort = 30s;
only_route_when_connected = no;
redial_delay_after_auth_failure = 1m;
redial_limit = 3;
redial_after_limit_reached = 10m;
redial_after_limit_reached_variance = 5m;
redial_after_limit_randomize = no;
redial_delay_after_low_error = 10s;
redial_delay_after_ppp_timeout = 10s;
redial_delay_after_ppp_error = 1m;
routes_only_for_local = no;
dproutes_only_for_local = no;
hide_interface_address = no;
disable_staticroutes_on_dhcproutes = no;
ripv2receiver_enabled = no;
ripv2_update_timer = 30s;
ripv2authmode = ripv2_auth_none;
ripv2md5_keyid = 0;
ripv2passwd = "";
set_replicate_dhcpoptions_in_parameter_request_list = no;
unset_ignored_dhcpoptions_in_parameter_request_list = yes;
dsldpconfig {
security = dpsec_firewall;
filter_teredo = yes;
filter_netbios = yes;
filter_sip = no;
filter_smtp = no;
sip_alg = no;
lowinput {
policy = "permit";
}
lowoutput {
policy = "permit";
}
highinput {
policy = "permit";
}
highoutput {
policy = "permit";
}
}
dhcp_auth_mode = auth_none;
dhcp_requests_with_client_id = yes;
dhcp_ignore_options_in_renewing = no;
is_erouter = no;
fakepacm = no;
dhcp_tr069_add_device_vendor_options = no;
use_random_macaddr = no;
arp_reply_for_any_net_enabled = yes;
}
targets {
type = pppcfg_target_internet;
name = "internet";
only_crypt_auth = no;
local {
}
remoteauth = pppcfg_authtype_chap;
remoteauth_only_on_incoming = yes;
remote {
}
inactivity_timeout = 5m;
bUseChargeInterval = no;
nChargeInterval = 1m;
lcpecho_disconnect_mode = lcpecho_auto;
logicaldisconnect_with_physical = yes;
disconnect_timeout = 0w;
finaldisconnectcall = no;
ipnetbiosspoofing = no;
dnsfilter_for_active_directory = no;
no_outgoing_calls = no;
coso = pppcfg_coso_caller;
callback_delay = 1s;
icbmode = pppcfg_icbmode_none;
ocbmode = pppcfg_ocbmode_none;
mscbprefered = no;
multilink {
extra_static_channels = 0;
max_channels = 1;
automatic = no;
automatic_param {
window = 20s;
add_percent = 85;
drop_percent = 70;
sportlich = no;
}
}
header_compression = yes;
data_compression = pppcfg_datacomp_auto;
stac_reset_with_history_number = no;
encryption = pppcfg_crypt_none;
inactivity_prevention_interval = 0w;
new_ipaddr_on_connect = no;
my_ipaddr = 0.0.0.0;
his_ipaddr = 0.0.0.0;
overwrite_dns1 = 0.0.0.0;
overwrite_dns2 = 0.0.0.0;
bVolumeRoundUp = no;
VolumeRoundUpBytes = 0;
bProviderDisconnectPrevention = yes;
ProviderDisconnectPreventionInterval = 1d;
ProviderDisconnectPreventionHour = 4;
bProviderDisconnectPreventionHourSet = yes;
passiv_on_outgoing = no;
mode6 = mode6_off;
mode4 = mode4_normal;
} {
type = pppcfg_target_internet;
name = "voip";
only_crypt_auth = no;
local {
username = "";
passwd = "";
}
remoteauth = pppcfg_authtype_chap;
remoteauth_only_on_incoming = yes;
remote {
}
inactivity_timeout = 0w;
bUseChargeInterval = no;
nChargeInterval = 1m;
lcpecho_disconnect_mode = lcpecho_auto;
logicaldisconnect_with_physical = yes;
disconnect_timeout = 0w;
finaldisconnectcall = no;
ipnetbiosspoofing = no;
dnsfilter_for_active_directory = no;
no_outgoing_calls = no;
coso = pppcfg_coso_caller;
callback_delay = 1s;
icbmode = pppcfg_icbmode_none;
ocbmode = pppcfg_ocbmode_none;
mscbprefered = no;
multilink {
extra_static_channels = 0;
max_channels = 1;
automatic = no;
automatic_param {
window = 20s;
add_percent = 85;
drop_percent = 70;
sportlich = no;
}
}
header_compression = yes;
data_compression = pppcfg_datacomp_auto;
stac_reset_with_history_number = no;
encryption = pppcfg_crypt_none;
inactivity_prevention_interval = 0w;
new_ipaddr_on_connect = no;
my_ipaddr = 0.0.0.0;
his_ipaddr = 0.0.0.0;
overwrite_dns1 = 0.0.0.0;
overwrite_dns2 = 0.0.0.0;
bVolumeRoundUp = no;
VolumeRoundUpBytes = 0;
bProviderDisconnectPrevention = yes;
ProviderDisconnectPreventionInterval = 1d;
ProviderDisconnectPreventionHour = 4;
bProviderDisconnectPreventionHourSet = yes;
passiv_on_outgoing = no;
mode6 = mode6_off;
mode4 = mode4_normal;
}
dslglobalconfig {
autodetect = yes;
autodetectparams {
nround = 2;
timeout = 3s;
npacket = 1;
autodetect_overwrite_vlancfg {
vlanencap = vlanencap_none;
tagtype = vlantagtype_customer;
vlanid = 0;
vlanprio = 0;
tos = 0;
}
}
pppoeiface_link_mode = link_mode_unknown;
pppoeiface = "eth0";
speed_in_netto = 400000;
speed_out_netto = 100000;
manual_speed = yes;
tr069_speed = no;
connect_delay_when_synced = 3s;
sync_lost_delay = 0w;
default_tcom_vlan = 7;
use_ppp_provided_speed = yes;
pppoe_send_last_sids = no;
templates {
VPI = 1;
VCI = 32;
retries = 7;
encap = dslencap_pppoe;
} {
VPI = 8;
VCI = 35;
retries = 0;
encap = dslencap_ether;
} {
VPI = 8;
VCI = 35;
retries = 0;
encap = dslencap_pppoe;
} {
VPI = 8;
VCI = 48;
retries = 0;
encap = dslencap_pppoa;
} {
VPI = 8;
VCI = 48;
retries = 0;
encap = dslencap_pppoe;
} {
VPI = 8;
VCI = 48;
retries = 0;
encap = dslencap_pppoa_llc;
} {
VPI = 8;
VCI = 67;
retries = 0;
encap = dslencap_pppoa;
} {
VPI = 8;
VCI = 67;
retries = 0;
encap = dslencap_pppoa_llc;
} {
VPI = 8;
VCI = 64;
retries = 0;
encap = dslencap_pppoa;
} {
VPI = 8;
VCI = 36;
retries = 0;
encap = dslencap_pppoe;
} {
VPI = 0;
VCI = 35;
retries = 0;
encap = dslencap_pppoa;
} {
VPI = 0;
VCI = 35;
retries = 0;
encap = dslencap_pppoa_llc;
} {
VPI = 0;
VCI = 35;
retries = 0;
encap = dslencap_pppoe;
} {
VPI = 9;
VCI = 35;
retries = 0;
encap = dslencap_pppoe;
} {
VPI = 1;
VCI = 32;
retries = 0;
encap = dslencap_pppoa;
} {
VPI = 1;
VCI = 32;
retries = 0;
encap = dslencap_pppoa_llc;
} {
VPI = 0;
VCI = 32;
retries = 0;
encap = dslencap_pppoe;
} {
VPI = 0;
VCI = 32;
retries = 0;
encap = dslencap_pppoa;
} {
VPI = 0;
VCI = 32;
retries = 0;
encap = dslencap_pppoa_llc;
} {
VPI = 0;
VCI = 34;
retries = 0;
encap = dslencap_pppoe;
} {
VPI = 0;
VCI = 34;
retries = 0;
encap = dslencap_pppoa;
} {
VPI = 0;
VCI = 34;
retries = 0;
encap = dslencap_pppoa_llc;
} {
VPI = 0;
VCI = 33;
retries = 0;
encap = dslencap_pppoe;
} {
VPI = 8;
VCI = 32;
retries = 0;
encap = dslencap_pppoe;
} {
VPI = 8;
VCI = 32;
retries = 0;
encap = dslencap_pppoa;
} {
VPI = 8;
VCI = 32;
retries = 0;
encap = dslencap_pppoa_llc;
} {
VPI = 0;
VCI = 38;
retries = 0;
encap = dslencap_pppoa;
} {
VPI = 0;
VCI = 38;
retries = 0;
encap = dslencap_pppoa_llc;
} {
VPI = 8;
VCI = 35;
retries = 0;
encap = dslencap_pppoa;
} {
VPI = 8;
VCI = 35;
retries = 0;
encap = dslencap_pppoa_llc;
} {
VPI = 0;
VCI = 81;
retries = 0;
encap = dslencap_pppoe;
} {
VPI = 0;
VCI = 81;
retries = 0;
encap = dslencap_pppoa;
} {
VPI = 0;
VCI = 81;
retries = 0;
encap = dslencap_pppoa_llc;
} {
VPI = 8;
VCI = 81;
retries = 0;
encap = dslencap_pppoe;
} {
VPI = 8;
VCI = 81;
retries = 0;
encap = dslencap_pppoa;
} {
VPI = 8;
VCI = 81;
retries = 0;
encap = dslencap_pppoa_llc;
} {
VPI = 0;
VCI = 100;
retries = 0;
encap = dslencap_pppoe;
} {
VPI = 0;
VCI = 100;
retries = 0;
encap = dslencap_pppoa;
} {
VPI = 0;
VCI = 100;
retries = 0;
encap = dslencap_pppoa_llc;
} {
VPI = 1;
VCI = 50;
retries = 0;
encap = dslencap_pppoa;
} {
VPI = 1;
VCI = 50;
retries = 0;
encap = dslencap_pppoe;
} {
VPI = 0;
VCI = 100;
retries = 0;
encap = dslencap_ether;
} {
VPI = 0;
VCI = 33;
retries = 0;
encap = dslencap_ether;
} {
VPI = 0;
VCI = 32;
retries = 0;
encap = dslencap_ether;
} {
VPI = 14;
VCI = 24;
retries = 0;
encap = dslencap_ether;
}
MaxDownstreamRate = 0;
MaxUpstreamRate = 0;
RFI = 0;
DownstreamBlackoutBandStart = 0;
DownstreamBlackoutBandEnd = 0;
ControlBitfield = 0;
DownstreamMarginOffset = 0;
DownstreamPcbOffset = 0;
UpstreamPcbOffset = 0;
UsNoiseBits = 0;
RFI_mode = 0;
DsINP = 0;
DiagnosticEnabled = no;
DSLMode = 0;
IsDSLModeSet = no;
VinaxConfigBitField = 3;
DisablePTMCRCCheck = no;
sPLZ = "";
sMailAddr = "";
sDPVersion = "";
bAutomaticFeedbackMail = no;
nDays = 7;
nG997_1_XTSE_1_2_3_4 = 0;
nG997_1_XTSE_5_6_7_8 = 0;
nG997_1_VDSL2_PROFILES_1_2_3_4 = 0;
DisableUs1WhenDs1LatnIsAboveDb = 0;
DisableUs2WhenDs1LatnIsAboveDb = 0;
pwsGPONPLOAMPassword = "";
pwsGPONSerial = "";
pwsGPONRegId = "";
}
saved_non_ata_ip_config {
ipaddr = xxx.xxx.xxx.xxx;
netmask = 255.255.255.0;
dns1 = 192.168.180.1;
dns2 = 192.168.180.2;
overwrite_dns1 = 0.0.0.0;
overwrite_dns2 = 0.0.0.0;
}
accesslist_version = 4;
ar7cfg_version = 18;
ifaceconfig_version = 18;
cfg_tainted = 1;
forwardrules_version = 5;
tr069discover_active = yes;
tr069discover_mode = only_dhcp;
tr069discover_unrestrictly = no;
tr069discover_without_dhcpoption = no;
tr069discover_vlan_takeover = no;
tr069discover_vlancfg {
vlanencap = vlanencap_none;
tagtype = vlantagtype_customer;
vlanid = 0;
vlanprio = 0;
tos = 0;
}
use_fixed_wlan_guest_ip = no;
upnp_cors_allow_origins = "http*://scope.avm.de";
upnp_cors_allow_headers = "SOAPACTION", "Content-Type", "Origin";
upnp_cors_allow_methods = "GET", "POST", "OPTIONS";
upnp_cors_max_age = 1d;
allow_background_comm_with_manufacturer = yes;
allow_cross_domain_comm = no;
allow_security_report_with_manufacturer = no;
config_externally_changed = no;
limit_tcp_ds_rate = yes;
use_gaming_opt = no;
gaming_max_ds_rate = 0;
tack_enabled = no;
tack_count = 4;
tack_period = 1;
iproute_use_first_matching_route = first_matching_auto;
guests_untrusted = no;
captive_portal_redirect_enabled = no;
captive_portal_show_law_text = no;
max_ssdp_items = -1;
provider_defaults_merged = no;
pdn1_mtu = 0;
pdn2_mtu = 0;
}
servercfg {
hostname = "(none)";
dhcpc_hostname = "fritz.box";
dns1 = 192.168.180.1;
dns2 = 192.168.180.2;
use_user_dns_for_ipv4 = yes;
user_dns1_for_ipv4 = 8.8.8.8;
user_dns2_for_ipv4 = 1.0.0.1;
use_user_dns_for_ipv6 = yes;
user_dns1_for_ipv6 = 2001:4860:4860::6464;
user_dns2_for_ipv6 = ::;
wpad_protection = yes;
dns_over_tls_enabled = no;
dns_over_tls_strict = yes;
dns_over_tls_udp_fallback = yes;
}
websrv {
port = "80";
wanaccess = 0;
read_timeout = 15m;
request_timeout = 30s;
keepalive_timeout = 5m;
nokeepalive = "*";
errordir = "/usr/www/html/errors";
webdir = "/usr/www";
cgidir = "cgi-bin";
indexfn = "index.var", "index.htm", "index.html";
users_only_for_https = no;
cors_allow_origins = "http*://scope.avm.de";
cors_allow_headers = "SOAPACTION", "Content-Type", "Origin";
cors_allow_methods = "GET", "POST", "OPTIONS";
cors_max_age = 1d;
}
ipv6 {
ulamode = ulamode_dynamic;
use_default_ula = yes;
ula = fd00::;
use_fixed_mtu = no;
fixed_mtu = 1280;
dhcpv6lanmode = dhcpv6lanmode_off;
dpcpv6_default_pdlen = 62;
dhcpv6_preference = 0;
dhcpv6c_use_wanted_prefixlen = no;
dhcpv6c_wanted_prefixlen = 62;
dhcpv6c_use_rapid_commit = yes;
radv {
Enabled = yes;
MinRtrAdvInterval = 450;
MaxRtrAdvInterval = 600;
AdvDefaultLifetime = 1800;
DefaultRtrPreference = 0;
PreferedLifeTime = 3600;
ValidLifeTime = 7200;
AdvDNS = no;
OtherPrefixesAllowed = no;
AdvRouteInfo = yes;
}
ip6_6to4static_cfg {
popaddr = 0.0.0.0;
local = ::;
remote = ::;
prefix = ::;
prefixlen = 0;
}
ip6_6rd_cfg {
popaddr = 192.88.99.1;
prefix = 2002::;
prefixlen = 16;
ipv4masklen = 0;
}
ip6_static_cfg {
prefix = ::;
prefixlen = 56;
wan_use_firstprefix = yes;
wan_prefix = ::;
wan_ifid_automatic = yes;
wan_ifid = ::;
wan_dns1 = ::;
wan_dns2 = ::;
}
he {
update_server = "ipv4.tunnelbroker.net";
tunnel {
popaddr = 0.0.0.0;
local = ::;
remote = ::;
prefix = ::;
prefixlen = 0;
}
}
aftr = ::;
manual_aftrfqdn = "";
use_gw_as_pcpserver = no;
lan_dns6_server = 2a00:1098:2c::1;
}
hybridcfg {
version = 2;
enabled = no;
primary_sync_group = "sync_ata";
secondary_sync_group = "sync_lte";
use_secondary_only_as_fallback = no;
fallback_mode = no_fallback;
autoprio {
waittime = 1m;
highkbytes = 0;
highpercent = 80;
high0 = 50;
high1 = 50;
low0 = 100;
low1 = 0;
}
autoprio_enabled = no;
fallback_session_flush_enabled = yes;
fallback_session_flush_timeout = 5m;
}
lispcfg {
enabled = no;
passwd = "";
use_rfc6834 = no;
proxy_map_reply = no;
always_use_petr = no;
per_packet = no;
vpn_over_lisp = yes;
autoprio {
enabled = no;
upstream {
waittime = 1m;
highkbytes = 0;
highpercent = 80;
high0 = 50;
high1 = 50;
low0 = 100;
low1 = 0;
}
downstream {
waittime = 1m;
highkbytes = 0;
highpercent = 80;
high0 = 50;
high1 = 50;
low0 = 100;
low1 = 0;
}
}
}
dhcpserver {
saveinterval = 1h;
generic {
default_lease_time = 10d;
max_lease_time = 13d;
default_guest_lease_time = 6h;
max_guest_lease_time = 6h;
}
lan_dns4_server = 0.0.0.0;
}
dhcpclient {
metric = 9;
}
dnsserver {
cache_maxKB = 256;
max_negative_ttl = 1h;
latency_probe_interval = 8h;
default_empty_ttl = 5m;
}
}
types {
type = "dyndns";
url = "/nic/update?system=dyndns&hostname=<domain>&myip=<ipaddr>&wildcard=NOCHG";
} {
type = "noip";
url = "/ducupdate.php?update=<b64>username=<username>&pass=<pass>&h[]=<domain>&ip=<ipaddr></b64>";
} {
type = "dns4biz_premium";
url = "/nic/update?system=dyndns&hostname=<domain>&myip=<ipaddr>&wildcard=&mx=&backmx=&offline=NO";
} {
type = "dns4biz_business";
url = "/nic/update?system=dyndns&hostname=<domain>&myip=<ipaddr>&wildcard=&mx=&backmx=&offline=NO";
} {
type = "selfhost";
url = "/nic/update?myip=<ipaddr>&host=<domain>&textmodi=1&http_status=1";
} {
type = "strato";
url = "/nic/update?hostname=<domain>";
} {
type = "anydns";
url = "/update.php?user=<username>&password=<pass>&host=<domain>&ip=<ipaddr>&ip6=<ip6addr>";
} {
type = "dyndnsfree";
url = "/dyn.php?username=<username>&password=<pass>&hostname=<domain>&dual=<dualstack>";
} {
type = "userdefined";
url = "http://dynv6.com/api/update?hostname=<domain>&token=<username>&ipv4=<ipaddr> http://dynv6.com/api/update?hostname=<domain>&token=<username>&ipv6=<ip6addr>&ipv6prefix=<ip6lanprefix>";
}
provider {
name = "AnyDNS";
type = "anydns";
livedelay = 0w;
touchtime = 0w;
server = "anydns.info";
ip6server = "";
infourl = "http://www.anydns.info";
ddnsmode = ddns_both_together;
} {
name = "dyndns.org";
type = "dyndns";
livedelay = 0w;
touchtime = 30d;
server = "members.dyndns.org";
ip6server = "";
infourl = "http://www.dyndns.org/";
ddnsmode = ddns_both;
} {
name = "No-IP.com";
type = "noip";
livedelay = 4m;
touchtime = 30d;
server = "dynupdate.no-ip.com:8245";
ip6server = "";
infourl = "http://www.no-ip.com/";
ddnsmode = ddns_v4;
} {
name = "DNS4BIZ.DE Premium";
type = "dns4biz_premium";
livedelay = 0w;
touchtime = 0w;
server = "au-eu.dns4biz.de";
ip6server = "";
infourl = "http://www.dns4biz.com/services_avm.php3";
ddnsmode = ddns_v4;
} {
name = "DNS4BIZ.DE Business";
type = "dns4biz_business";
livedelay = 0w;
touchtime = 0w;
server = "au-eu.dns4biz.biz";
ip6server = "";
infourl = "http://www.dns4biz.com/services_avm.php3";
ddnsmode = ddns_v4;
} {
name = "selfhost.de";
type = "selfhost";
livedelay = 0w;
touchtime = 0w;
server = "carol.selfhost.de";
ip6server = "";
infourl = "http://www.selfhost.de";
ddnsmode = ddns_v4;
} {
name = "STRATO AG";
type = "strato";
livedelay = 4m;
touchtime = 0w;
server = "dyndns.strato.com";
ip6server = "";
infourl = "http://www.strato.de/webhosting/index.html";
ddnsmode = ddns_v4;
} {
name = "Dyndnsfree.de";
type = "dyndnsfree";
livedelay = 1m;
touchtime = 30d;
server = "dynup.de:443";
ip6server = "ipv6.dynup.de:443";
infourl = "http://www.dyndnsfree.de";
ddnsmode = ddns_both;
} {
name = "<userdefined>";
type = "userdefined";
livedelay = 4m;
touchtime = 0w;
server = "";
ip6server = "";
infourl = "http://";
ddnsmode = ddns_v4;
}
}
webui {
username = "";
password = "";
expertmode = yes;
wizard_completed = no;
event_filter = 2;
read_access_without_login = no;
cookie = "TLV\\004\\b47216388\\034\\003161\\n\\0012\\022\\00246\\023\\001y\\017\\0011\\013\\b01540729";
app_enabled = no;
ipv6_hidden = no;
ipv4_hidden = no;
ipv6_fw_hidden = yes;
ipv6_native_hidden = no;
ds_lite_hidden = no;
ata_hidden = no;
lanbridges_gui_hidden = yes;
voip_2ndPVC_hidden = no;
country_gui_hidden = no;
dns6_hidden = no;
providerlist_persistent = "medium=extern";
skip_enternewpassword = no;
version = "92051\\n";
data_privacy_version = "1";
}
capiovertcp {
enabled = no;
maxctrl = 1;
port = 5031;
}
emailnotify {
enabled = no;
infoenabled = 0;
interval = daily;
From = "";
To = "";
SMTPServer = "";
accountname = "";
passwd = "";
show_eventlist = yes;
show_voipstat = yes;
show_kidsstat = yes;
show_onlinecntstat = yes;
show_fonstat = yes;
show_network_list = yes;
starttls = yes;
enable_incident_supportdata = no;
enable_startup_supportdata = no;
crashreport_mode = disabled_by_user;
crashreport_name = "";
dsl_detail = no;
enable_connect_mail = no;
connect_mail_To = "";
reset_pwd_enabled = yes;
FWUpdatehint {
enabled = yes;
To = "";
}
Config {
enabled = no;
To = "";
arg0 = "";
}
WlanGuestStatus {
enabled = no;
To = "";
}
SecurityMail {
enabled = yes;
To = "";
Login = no;
}
supportdata_enhanced = yes;
mesh_auto_update = no;
meshmaster_hostname = "(none)";
meshmaster_productname = "
}
backendsupport {
timestamp = "1970-01-01 00:00:00";
url = "";
id = "";
mode = eBsModeUnknown;
status = eBsStatusUnknown;
sync = eBsSyncNo;
}
night_time_control {
enabled = no;
time_on = "";
time_off = "";
ring_blocked = no;
}
ntpclient {
server_list = "2.europe.pool.ntp.org";
fallback_server = "";
chrony_enabled = yes;
}
led {
infoled_reason = 0;
control = led_on;
button_events_disable = no;
led_dim_enabled = yes;
led_dim_mode = 0;
led_dim_brightness = 50;
}
timezone_manual {
enabled = no;
offset = 0;
dst_enabled = no;
TZ_string = "";
}
mrouter {
igmp_version_for_upstream = 3;
igmp_version_for_other = 3;
igmp_prio = 48;
ssm_enabled = yes;
}
rip {
}
cpu_schedule {
dsl_token = 5000;
lan_token = 20000;
}
TR_064 {
enabled = yes;
username = "dslf-config";
persistent_data = "";
only_https = no;
doupdate_require_auth = no;
}
}
}
multiwan {
multiwan_enabled = no;
with_voip_pdn = no;
with_vlan_pdn = no;
ipv6_lte {
enabled = no;
ipv6mode = ipv6_off;
ipv4mode = ipv4_normal;
use_fixed_mtu = no;
fixed_mtu = 1280;
dhcpv6c_use_wanted_prefixlen = no;
dhcpv6c_wanted_prefixlen = 62;
dhcpv6c_use_rapid_commit = yes;
ip6_6to4static_cfg {
popaddr = 0.0.0.0;
local = ::;
remote = ::;
prefix = ::;
prefixlen = 0;
}
ip6_6rd_cfg {
popaddr = 192.88.99.1;
prefix = 2002::;
prefixlen = 16;
ipv4masklen = 0;
}
ip6_static_cfg {
prefix = ::;
prefixlen = 56;
wan_use_firstprefix = yes;
wan_prefix = ::;
wan_ifid_automatic = yes;
wan_ifid = ::;
wan_dns1 = ::;
wan_dns2 = ::;
}
hurricane_electric {
update_server = "ipv4.tunnelbroker.net";
tunnel {
popaddr = 0.0.0.0;
local = ::;
remote = ::;
prefix = ::;
prefixlen = 0;
}
}
aftr = ::;
manual_aftrfqdn = "";
use_gw_as_pcpserver = no;
}
}
prios {
profiles {
name = "profile_http";
profile_id = "1";
rules = "TCP 80 0 0 0";
filter = "reject tcp any eq 80 any";
} {
name = "profile_ftp";
profile_id = "2";
rules = "TCP 20 21 0 0";
filter = "reject tcp any range 20 21 any";
} {
name = "profile_emule";
profile_id = "3";
rules = "TCP 0 0 4662 0", "UDP 0 0 4672 0";
filter = "reject tcp any any eq 4662",
"reject udp any any eq 4672";
} {
name = "profile_torrent";
profile_id = "4";
rules = "TCP 0 0 6881 6999";
filter = "reject tcp any any range 6881 6999";
} {
name = "profile_rdp";
profile_id = "5";
rules = "TCP 3389 0 0 0";
filter = "reject tcp any eq 3389 any";
} {
name = "profile_ssh";
profile_id = "6";
rules = "TCP 0 0 22 0";
filter = "reject tcp any any eq 22";
} {
name = "profile_telnet";
profile_id = "7";
rules = "TCP 0 0 23 0";
filter = "reject tcp any any eq 23";
} {
name = "profile_not_surf";
profile_id = "8";
rules = "TCP 0 0 1 24", "TCP 0 0 26 79", "TCP 0 0 81 109",
"TCP 0 0 111 142", "TCP 0 0 144 442",
"TCP 0 0 444 464", "TCP 0 0 466 586",
"TCP 0 0 588 992", "TCP 0 0 994 994",
"TCP 0 0 996 8079", "TCP 0 0 8081 65535",
"UDP 0 0 0 0";
filter = "reject tcp any any range 1 24",
"reject tcp any any range 26 79",
"reject tcp any any range 81 109",
"reject tcp any any range 111 142",
"reject tcp any any range 144 442",
"reject tcp any any range 444 464",
"reject tcp any any range 466 586",
"reject tcp any any range 588 992",
"reject tcp any any range 994 994",
"reject tcp any any range 996 8079",
"reject tcp any any range 8081 65535",
"reject udp any any";
}
}
nqos {
version = 15;
macaddr_whitelist_enabled = no;
bridge_with_switch_separation = yes;
bridge_lp_mode = -1;
patch1TR114 = no;
defaultresult {
tos = -1;
vlan_prio = -1;
queueref = "default";
}
appls {
enabled = yes;
name = "sip-appl";
protocol = qos_classifier_appl_sip;
result {
tos = -1;
vlan_prio = -1;
queueref = "hrealtime";
}
}
classifiers {
enabled = yes;
name = "clfy_voip";
type = qos_cfg_internal;
iface = qos_local;
rule = "localmark sip";
result {
tos = -1;
vlan_prio = -1;
queueref = "hrealtime";
}
} {
enabled = yes;
name = "clfy_voip";
type = qos_cfg_internal;
iface = qos_local;
rule = "localmark rtp";
result {
tos = -1;
vlan_prio = -1;
queueref = "hrealtime";
}
} {
enabled = yes;
name = "clfy_voip";
type = qos_cfg_internal;
iface = qos_local;
rule = "localmark sip_internet";
result {
tos = -1;
vlan_prio = -1;
queueref = "hrealtime";
}
} {
enabled = yes;
name = "clfy_voip";
type = qos_cfg_internal;
iface = qos_local;
rule = "localmark rtp_internet";
result {
tos = -1;
vlan_prio = -1;
queueref = "hrealtime";
}
} {
enabled = yes;
name = "tr069";
type = qos_cfg_hidden;
iface = qos_local;
rule = "localmark sipdns,ntpdns,tr069dns,tr069";
result {
tos = -1;
vlan_prio = -1;
queueref = "hprio";
}
} {
enabled = yes;
name = "igmp";
type = qos_cfg_hidden;
iface = qos_local;
rule = "localmark igmp";
result {
tos = -1;
vlan_prio = -1;
queueref = "ifacectl";
}
} {
enabled = yes;
name = "webdav";
type = qos_cfg_hidden;
iface = qos_local;
rule = "localmark webdav";
result {
tos = -1;
vlan_prio = -1;
queueref = "low";
}
} {
enabled = yes;
name = "dns";
type = qos_cfg_hidden;
iface = qos_local;
rule = "localmark dns";
result {
tos = -1;
vlan_prio = -1;
queueref = "hprio";
}
} {
enabled = yes;
name = "mstv";
type = qos_cfg_hidden;
iface = qos_lan;
rule = "udp.dport 43962,47806";
result {
tos = -1;
vlan_prio = -1;
queueref = "hprio";
}
} {
enabled = yes;
name = "icmp-v6";
type = qos_cfg_hidden;
iface = qos_lan;
rule = "ip.proto IPv6-ICMP";
result {
tos = -1;
vlan_prio = -1;
queueref = "hprio";
}
} {
enabled = yes;
name = "icmp";
type = qos_cfg_hidden;
iface = qos_lan;
rule = "ip.proto icmp";
result {
tos = -1;
vlan_prio = -1;
queueref = "hprio";
}
} {
enabled = yes;
name = "dns";
type = qos_cfg_hidden;
iface = qos_lan;
rule = "udp.dport 53";
result {
tos = -1;
vlan_prio = -1;
queueref = "hprio";
}
} {
enabled = yes;
name = "clfy_voip";
type = qos_cfg_internal;
iface = qos_lan;
rule = "udp.dport 5060";
result {
tos = -1;
vlan_prio = -1;
queueref = "hrealtime";
applref = "sip-appl";
}
} {
enabled = no;
name = "clfy_www";
type = qos_cfg_system;
iface = qos_lan;
rule = "tcp.dest 80,3128,8080 ip.len <= 800";
result {
tos = -1;
vlan_prio = -1;
queueref = "none";
}
} {
enabled = yes;
name = "clfy_voip";
type = qos_cfg_internal;
iface = qos_lan;
rule = "tcp.dport 5060";
result {
tos = -1;
vlan_prio = -1;
queueref = "hrealtime";
applref = "sip-appl";
}
} {
enabled = yes;
name = "lcp";
type = qos_cfg_hidden;
iface = qos_local;
rule = "localmark lcp";
result {
tos = -1;
vlan_prio = -1;
queueref = "ifacectl";
}
}
queues {
enabled = yes;
with_sfq = no;
type = qos_cfg_system;
name = "ifacectl";
iface = qos_wan;
queue_type = queue_llq;
precedence = 0;
weight = 0;
shapingrate = 0;
shapingburst = 0;
allow_more = yes;
ceilrate = 0;
} {
enabled = yes;
with_sfq = no;
type = qos_cfg_system;
name = "hprio";
iface = qos_wan;
queue_type = queue_llq;
precedence = 10;
weight = 0;
shapingrate = 0;
shapingburst = 0;
allow_more = yes;
ceilrate = 0;
} {
enabled = yes;
with_sfq = no;
type = qos_cfg_system;
name = "hrealtime";
iface = qos_wan;
queue_type = queue_llq;
precedence = 20;
weight = 0;
shapingrate = 0;
shapingburst = 0;
allow_more = yes;
ceilrate = 0;
} {
enabled = yes;
with_sfq = yes;
type = qos_cfg_system;
name = "realtime";
iface = qos_wan;
queue_type = queue_llq;
precedence = 30;
weight = 0;
shapingrate = 0;
shapingburst = 0;
allow_more = yes;
ceilrate = 0;
} {
enabled = yes;
with_sfq = yes;
type = qos_cfg_system;
name = "important";
iface = qos_wan;
queue_type = queue_llq;
precedence = 100;
weight = 0;
shapingrate = 0;
shapingburst = 0;
allow_more = yes;
ceilrate = 0;
} {
enabled = yes;
with_sfq = yes;
type = qos_cfg_system;
name = "default";
iface = qos_wan;
queue_type = queue_llq;
precedence = 150;
weight = 0;
shapingrate = 0;
shapingburst = 0;
allow_more = yes;
ceilrate = 0;
} {
enabled = yes;
with_sfq = yes;
type = qos_cfg_system;
name = "low";
iface = qos_wan;
queue_type = queue_llq;
precedence = 200;
weight = 0;
shapingrate = 0;
shapingburst = 0;
allow_more = yes;
ceilrate = 0;
}
ratelimits {
enabled = yes;
name = "dhcpv6";
type = qos_cfg_system;
iface = qos_lan;
rule = "ip.version 6 udp.dport 547";
packets = 10;
interval = 1s;
early = 0;
} {
enabled = yes;
name = "rs";
type = qos_cfg_system;
iface = qos_lan;
rule = "ip.version 6 icmp.type 133";
packets = 10;
interval = 1s;
early = 0;
} {
enabled = yes;
name = "ns";
type = qos_cfg_system;
iface = qos_lan;
rule = "ip.version 6 icmp.type 135";
packets = 10;
interval = 1s;
early = 0;
} {
enabled = yes;
name = "na";
type = qos_cfg_system;
iface = qos_lan;
rule = "ip.version 6 icmp.type 136";
packets = 500;
interval = 1s;
early = 0;
} {
enabled = yes;
name = "icmpUnreachable";
type = qos_cfg_system;
iface = qos_lan;
rule = "ip.version 6 icmp.type 1";
packets = 10;
interval = 1s;
early = 0;
} {
enabled = yes;
name = "icmpTooBig";
type = qos_cfg_system;
iface = qos_lan;
rule = "ip.version 6 icmp.type 2";
packets = 10;
interval = 1s;
early = 0;
} {
enabled = yes;
name = "icmpTimeExceeded";
type = qos_cfg_system;
iface = qos_lan;
rule = "ip.version 6 icmp.type 3";
packets = 10;
interval = 1s;
early = 0;
} {
enabled = yes;
name = "icmpEchoRequest";
type = qos_cfg_system;
iface = qos_lan;
rule = "ip.version 6 icmp.type 128";
packets = 10;
interval = 1s;
early = 0;
} {
enabled = yes;
name = "icmpEchoReply";
type = qos_cfg_system;
iface = qos_lan;
rule = "ip.version 6 icmp.type 129";
packets = 10;
interval = 1s;
early = 0;
} {
enabled = yes;
name = "dhcpv4";
type = qos_cfg_system;
iface = qos_lan;
rule = "ip.version 4 udp.dport 67";
packets = 20;
interval = 1s;
early = 0;
} {
enabled = yes;
name = "ra";
type = qos_cfg_system;
iface = qos_lan;
rule = "ip.version 6 icmp.type 134";
packets = 10;
interval = 1s;
early = 1;
}
dyn_queues {
enabled = yes;
queueref = "default";
tack_queueref = "important";
tget_queueref = "realtime";
}
regulation {
enabled = no;
type = moderate;
queues {
enabled = yes;
queueref = "important";
ds_weight_min = 10;
ds_weight_max = 0;
} {
enabled = no;
queueref = "default";
ds_weight_min = 10;
ds_weight_max = 0;
} {
enabled = yes;
queueref = "low";
ds_weight_min = 10;
ds_weight_max = 0;
}
}
}
eth_port_config {
version = 11;
port {
portnumber = 1;
maxspeed = 4294967295;
config_mode = mode_normal;
dev = "eth0";
label = "LAN:1";
} {
portnumber = 2;
maxspeed = 4294967295;
config_mode = mode_normal;
dev = "eth1";
label = "LAN:2";
} {
portnumber = 3;
maxspeed = 4294967295;
config_mode = mode_normal;
dev = "eth2";
label = "LAN:3";
} {
portnumber = 4;
maxspeed = 4294967295;
config_mode = mode_normal;
dev = "eth3";
label = "LAN:4";
} {
portnumber = 5;
maxspeed = 4294967295;
config_mode = mode_normal;
dev = "wan";
label = "WAN:1";
}
default_guest_ethernet_port = "LAN:4";
}
ethernet_eco {
}
unattended_update {
update_found = no;
running_version = "";
no_update_found_time = "2022-05-16 18:06:14";
update_found_time = "1970-01-01 00:00:00";
priority = 0;
check_intervall = 48;
enabled = yes;
auto_update_enable = no;
auto_update_all_enabled = no;
info_url = "";
cfg_version = 2;
auto_update_last_check_time = "2022-05-16 18:06:14";
update_found_version = "";
fwupdatehintmail_time = "1970-01-01 00:00:00";
predownload_url = "";
maintenance_window_enabled = no;
maintenance_window_start = 1d;
}
avmlogd {
enabled = no;
redzonecheck = no;
}
provider_default {
}
jasonii {
enabled = no;
user_email = "";
box_id = "";
box_id_passphrase = "";
dyn_dns_name = "";
upstream_sync_pending = yes;
https_username_sync = no;
box_register_tries = 0;
}
remote_access_id = 0;
version = 2;
two_factor_auth_enabled = no;
googleauth_enabled = no;
tfa_cfg_version = 1;
myfritz_boxuser_id = 0;
}
powerline {
enabled = yes;
allow_standby = yes;
en = yes;
power_save_ex = 2;
auto_update_all_enabled = yes;
version = 0;
}
hotspotcfg {
}
l2tpcfg {
master_disabled = no;
fixed_server = 0.0.0.0;
}
apps {
next_keepalive = "1970-01-01 00:00:00";
}
update_state {
update_time = "2022-02-05 14:36:03";
last_version = "154.07.28";
info_url = "http://download.avm.de/fritzbox/fritzbox-7590/deutschland/fritz.os/info_de.txt";
}
pcp {
}
// EOF
**** END OF FILE ****
**** CFGFILE:wlan.cfg
/*
* /var/tmp.cfg
* Mon May 16 18:58:13 2022
*/
// EOF
**** END OF FILE ****
**** CFGFILE:broadband.cfg
/*
* /var/tmp.cfg
* Mon May 16 18:58:13 2022
*/
meta { encoding = "utf-8"; }
bbcfg {
bbcfg_version = 2;
bbcfg_status = 1;
dsl {
xdslmode = 0;
bonding = no;
large_mtu = no;
}
fiber {
pwsGPONPLOAMPassword = "";
pwsGPONSerial = "";
pwsGPONRegId = "";
veip = no;
bridge = no;
veip_toggle = no;
gpon_iop_bits = 0;
}
sfp {
}
}
// EOF
**** END OF FILE ****
**** CFGFILE:voip.cfg
/*
* /var/tmp.cfg
* Mon May 16 18:58:13 2022
*/
meta { encoding = "utf-8"; }
voipcfg {
dnsport = 7077;
rtpport_start = 7078;
sip_srcport = 5060;
ua1 {
enabled = no;
username = "";
authname_needed = no;
passwd = "";
registrar = "";
ttl = 30m;
sipping_enabled = yes;
sipping_interval = 280s;
name = "";
voip_providerlist_id = "other";
ims_client = no;
with_displayname = no;
read_from_displayname = yes;
dtmfcfg = dtmfcfg_automatic;
rtpevent_keep_packetrate = no;
register_failwait = 0w;
register_failwaitmax = 30m;
register_failover_fallback_process = no;
stunserverport = 3478;
use_internat_calling_numb = no;
is_nat_aware = no;
localip = 0.0.0.0;
protocolprefer = protocolprefer_ipv4only;
ignore_received_header = no;
always_clir = no;
clirtype = clir_displayname;
reject_anonymous_call_with_433 = no;
colptype = colp_none;
clipnstype = clipns_off;
vad_enabled = no;
only_one_dialog = no;
presence_supported = no;
mwi_supported = yes;
mwi_inmemoria = no;
ccbs_supported = no;
reg_support = regsupport_auto;
packetization = packetization_fixed;
tx_packetsize_in_ms = 20;
xrtp_periodic = 0;
reject_refer = yes;
sip_instance = no;
no_register_fetch = no;
do_not_register = no;
only_call_from_registrar = no;
mobile_capability = voip_over_mobile_all;
invite_without_register_allowed = no;
outboundproxy_without_route_header = no;
no_hold_speech = no;
dditype = ddi_none;
ddimynumber_with_plusprefix = no;
cfxsignaling = cfx_standard;
backup_wanted = no;
use_session_timer = no;
use_rport = yes;
add_rtpmap_for_all_codecs = no;
answer_only_one_codec = no;
without_annexb_no = no;
transport_type = transport_unspec;
srtp_supported = no;
crypto_avp_mode = crypto_mode_avp_only;
use_488_for_no_t38 = no;
g726_via_rfc3551 = no;
no_g726_32_offer_with_pt2 = no;
g726_fixed_ptime30 = no;
dtmf_inband_on_g711g722 = no;
enable_3xx = yes;
t38_reinvite_from_remote = no;
use_t38version0 = no;
rtcp_xr_media_attribute = no;
ptime_a_attribute = yes;
tones_and_announcements_for_service = no;
read_p_asserted_identity_header = no;
route_always_over_internet = no;
sipiface = sipiface_automatic;
altc_attribute_rfc6947 = no;
send_extended_sip_client_info = no;
gui_readonly = no;
convertstate = 0;
snmp_instance = 0;
call_deflection = no;
}
ua2 {
enabled = no;
username = "";
authname_needed = no;
passwd = "";
registrar = "";
ttl = 30m;
sipping_enabled = yes;
sipping_interval = 280s;
name = "";
voip_providerlist_id = "other";
ims_client = no;
with_displayname = no;
read_from_displayname = yes;
dtmfcfg = dtmfcfg_automatic;
rtpevent_keep_packetrate = no;
register_failwait = 0w;
register_failwaitmax = 30m;
register_failover_fallback_process = no;
stunserverport = 3478;
use_internat_calling_numb = no;
is_nat_aware = no;
localip = 0.0.0.0;
protocolprefer = protocolprefer_ipv4only;
ignore_received_header = no;
always_clir = no;
clirtype = clir_displayname;
reject_anonymous_call_with_433 = no;
colptype = colp_none;
clipnstype = clipns_off;
vad_enabled = no;
only_one_dialog = no;
presence_supported = no;
mwi_supported = yes;
mwi_inmemoria = no;
ccbs_supported = no;
reg_support = regsupport_auto;
packetization = packetization_fixed;
tx_packetsize_in_ms = 20;
xrtp_periodic = 0;
reject_refer = yes;
sip_instance = no;
no_register_fetch = no;
do_not_register = no;
only_call_from_registrar = no;
mobile_capability = voip_over_mobile_all;
invite_without_register_allowed = no;
outboundproxy_without_route_header = no;
no_hold_speech = no;
dditype = ddi_none;
ddimynumber_with_plusprefix = no;
cfxsignaling = cfx_standard;
backup_wanted = no;
use_session_timer = no;
use_rport = yes;
add_rtpmap_for_all_codecs = no;
answer_only_one_codec = no;
without_annexb_no = no;
transport_type = transport_unspec;
srtp_supported = no;
crypto_avp_mode = crypto_mode_avp_only;
use_488_for_no_t38 = no;
g726_via_rfc3551 = no;
no_g726_32_offer_with_pt2 = no;
g726_fixed_ptime30 = no;
dtmf_inband_on_g711g722 = no;
enable_3xx = yes;
t38_reinvite_from_remote = no;
use_t38version0 = no;
rtcp_xr_media_attribute = no;
ptime_a_attribute = yes;
tones_and_announcements_for_service = no;
read_p_asserted_identity_header = no;
route_always_over_internet = no;
sipiface = sipiface_automatic;
altc_attribute_rfc6947 = no;
send_extended_sip_client_info = no;
gui_readonly = no;
convertstate = 0;
snmp_instance = 0;
call_deflection = no;
}
register_sequence_timer = 0;
use_krtp = yes;
use_audiocodecs = no;
audiocodecs = "PCMA", "PCMU", "G726-32", "G726-40", "G726-24";
verbose = no;
capi_blocksize_in_ms = 30;
sip_prio = 0;
rtp_prio = 0;
rtcp_prio = 0;
dyn_codecs = yes;
prio_low_codec = no;
send_ringtone = no;
t38_support_enabled = yes;
t38_ignore_provider_profil = no;
reduce_data_rate = yes;
enum_support_enabled = no;
bandwidth_to_leave_KBits = 0;
dialoglimit = 0;
enumdomains = "e164.arpa", "e164.org", "openenum.eu";
rtpstream {
voice_activity_detection {
vad_enabled = vadenabled_no;
vad_threshold = 10000;
}
plc {
in_the_stack = yes;
}
jitter {
auto_on = yes;
in_ms = 50;
in_packets = 0;
}
rtcp_enabled = yes;
silence_detection = no;
}
voip_assi_enabled = yes;
mobile_capability = voip_over_mobile_no;
gui_readonly = no;
voipcfg_version = 29;
extension_version = 1;
}
// EOF
**** END OF FILE ****
**** CFGFILE:usb.cfg
/*
* /var/tmp.cfg
* Mon May 16 18:58:13 2022
*/
meta { encoding = "utf-8"; }
usbhost {
readonly = no;
password = "";
autoprov_enabled = no;
ftp_internet_enabled = no;
aura_enabled = no;
aura_config = 0;
ftp_server_enabled = no;
samba_server_enabled = no;
samba_server_workgroup = "WORKGROUP";
samba_server_server_string = "FRITZ!Box";
users_enabled = yes;
acl_directories {
path = "/";
access {
UserID = 70;
local_read = yes;
local_write = yes;
internet_read = no;
internet_write = no;
}
}
spindown_enabled = yes;
spindown_time = 600;
usbhost_version = 4;
internet_secured_only = no;
fritznas_share = "FRITZ.NAS";
usb3port_config = 0;
volume_labels = yes;
ftp_internet_port = 0;
nas_enabled = yes;
samba_server_smbv1_enabled = no;
fritznas_always_index = yes;
}
webdavclient {
enabled = no;
host_url = "";
username = "";
password = "";
mountpoint = "Online-Speicher";
cache_files = 100;
}
media {
media_server_enabled = yes;
homedir = "";
media_server_name = "AVM FRITZ!Mediaserver";
}
t_media {
enabled = no;
oauthstate = eauth_state_service_unused;
refreshtoken = "";
accesstoken = "";
atok_expire = "1970-01-01 00:00:00";
refresh_done = no;
tcom_hidrive_rtok = "";
tcom_hidrive_atok = "";
tcom_hidrive_atok_expire = "1970-01-01 00:00:00";
strato_hidrive_atok = "";
strato_hidrive_atok_expire = "1970-01-01 00:00:00";
}
internalflash {
enabled = no;
mountpoint = "Interner Speicher";
converted = no;
}
nasdb {
nasdb_autostart = no;
nasdb_autoindex = no;
}
Ich meine nicht. Ich prüfe das heute abend gegen und berichte!Hast du in der Fritz Box die Prefix delegation aktiviert? https://avm.de/service/wissensdaten...70/1239_IPv6-Subnetz-in-FRITZ-Box-einrichten/
Das kann halt sehr gut sein. Da kann man sich aber auch totrecherchieren im NEtz. Gibt viele Einträge und Hinweise, teilweise widersprechen die sich aber.@Speeddeamon Ich hatte mal irgendwo gelesen, dass pfSense tatsächlich kein DS-Lite unterstützen würde, das könnte also hier der Fall sein. Dann könnte man ggf. die Sense als Exposed Host in der Fritte eintragen und den /56er Prefix nutzen. In der Sense würde ich dann erst mal einen /60er anfordern.
Für OPNSense gibt/gab es einen User-Patch, weil bei DS-Lite der AFTR aus einer DHCP-Offer Nachricht dynamisch gezogen werden muss, das kann pfSense nicht von Haus aus.Das kann halt sehr gut sein. Da kann man sich aber auch totrecherchieren im NEtz. Gibt viele Einträge und Hinweise, teilweise widersprechen die sich aber.
Ich hab ja die option für einen Schmalen Taler auf Full DS zu gehen. Wollte es aber vorerst zumindest versucht haben.
Hab auch noch eine idee, und werde mal den Provider nerven.
Eventuell kann ich mir da noch ein paar Infos rausziehen ^^
Das klingt spannend. Magst du bitte erläutern was du mit "händisch einen IPIP6 dahin aufbauen" meinst?Für OPNSense gibt/gab es einen User-Patch, weil bei DS-Lite der AFTR aus einer DHCP-Offer Nachricht dynamisch gezogen werden muss, das kann pfSense nicht von Haus aus.
Man kann sich natürlich die Nachricht via tcpdump anschauen und so selbst auf die Adresse des AFTR kommen und dann händisch einen IPIP6 dahin aufbauen.
Netgate nennt es GIF: https://docs.netgate.com/pfsense/en/latest/interfaces/gif.htmlDas klingt spannend. Magst du bitte erläutern was du mit "händisch einen IPIP6 dahin aufbauen" meinst?
Die AFTr Adresse als IP6 hätte ich sogar, wie oben im ersten Screenshot der FritzBox zu sehen. Steht dort als AFTR Gateway.
Ich hab auch den DNS namen davon.
Ok sowas hatte ich auch schon gesehen, aber noch nicht probiert.Netgate nennt es GIF: https://docs.netgate.com/pfsense/en/latest/interfaces/gif.html
Im iproute2 Package von Linux nennt man es halt IPIP6, Wiki nennt es 4in6, und der RFC heißt einfach nur schnöde "Generic Packet Tunneling in IPv6".
Technisch alles dasselbe, man schnallt eine IPV4 Paket als Payload auf ein IPv6 Paket.RFC 2473: Generic Packet Tunneling in IPv6 Specification
This document defines the model and generic mechanisms for IPv6 encapsulation of Internet packets, such as IPv6 and IPv4. [STANDARDS-TRACK]datatracker.ietf.org
Die IPv4 MTU ist dann halt geringer, hat aber immer noch weniger Overhead als GRE.
Entgegen der Netgate Doku lassen sich 4in6 bzw. GRE sehr wohl verschlüsseln, man jagt die dann halt durch IPSec oder WG, spielt jetzt für deinen Anwendungsfall aber keine Rolle, da dort dann auch die Providerseite mitspielen muss.
In meiner Firewall steckt ein Intel Celeron (Kaby Lake R, Dual Core, 1.8 GHz) und der packt locker 250 Mbit/s via WireGuard.-100Mbit Internet (Platz nach oben, wenn wir doch mal mehr bekommen)