xDSL.at

Hello all!

I am terribly sorry for having to type in English but my German is not yet good enough and I couldn't find an English forum that dealt with this modem. However I am able to understand if you reply in German.

I have a Pirelli av4202N VPN modem router from AON in Austria. I have updated to the latest firmware and almost everything is working 100%.

I am having a problem with the SSL-VPN configuration. When I enable it and try to configure (add user, change a port for radmin, etc) on the router, the router will restart and the changes will be gone. It also seems to clear my DNS entries on my router.

Does anyone have any ideas why this is happening? Also if anyone has a helpful guide on how to set up SSL VPN on this router, I would be very grateful.

Thank you!

I am not sure and I do not use the Pirelli-router but it looks if this feature is not supportet by the AON-branded Firmware. There are some other german threads in this forum with similar problems but no real solution.

deto, check out http://tpirelli.blogspot.com - those guys unscrew that device to it´s bare bones... if you get help somewhere, then there...

the aon/A1TA Firmware is locked down, most features don´t work. most of them because of the user-rights. users you create are not correlated to most of the services like FTP, Webserver etc, -> you have to tune this via telnet/ssh on the CLI with root permissions.

actually, I don´t know of anybody who runs SSL-VPN on the Pirelli sucessfully...

Hi,

i have tested VPN SSL with FW 2530
not working because of outdated links for the java based client access runtime
no chance to change it (hard coded)

i not changed to other FW versions ... they all have problems with broken connections (firewall/steam problem)
only for the 2530 there is a valid workaround (see pirelli blogspot)
another reason for me is aonTV

for myself i use now a Linksys WRT54GL with DD-WRT (OpenVPN) behind the Pirelli

Thank you very much for all your comments! That explains quite a bit. I think I will get myself a Linksys instead

On another matter, It seems that since I've posted this topic there have been multiple attempts to try and access my router via SSH from an external source...

Whoever, if anyone here, is trying this: please stop. You won't get in and I've reported the offending IP already.

interesting, because SSH on WAN should be disabled per default, except for A1TA - Remote Service IP Adresses.

wicked_one hat geschrieben:interesting, because SSH on WAN should be disabled per default, except for A1TA - Remote Service IP Adresses.

It was disabled. I enabled it so that I could SSH into my router from work. I then added a rule to only allow connections from my work IP.

If i would report every Connect to my Linux Server, i would write 10 abuse-Mails per day

wicked_one hat geschrieben:If i would report every Connect to my Linux Server, i would write 10 abuse-Mails per day

I should probably clear something up before I hate any hate posts

I am not accusing of any of the users here of being the culprit. For all I know it can be someone completely unrelated to this forum. I just made the post because it started when I posted.

Also these attacks are not causing me any problems, but in the off chance that the offender's ISP does check on my abuse email and maybe thwarts some malicious user then that's a win in my books.

you can simple check the location of the ip to see from where the attempts are coming
i not think this are austrian locations
every router will log many attemps every day on some ports like 80,21,22,23 (if logging is activated)
this is normal nowadays and has really nothing to do with your posts here
your ip is not visible here for normal users (only forum or web admins have access to this information)
if you are afraid about that you never should access any website (your ip is readable in this moment) or post to any place which means you better not use the internet

rwhome hat geschrieben:you can simple check the location of the ip to see from where the attempts are coming
i not think this are austrian locations
every router will log many attemps every day on some ports like 80,21,22,23 (if logging is activated)
this is normal nowadays and has really nothing to do with your posts here
your ip is not visible here for normal users (only forum or web admins have access to this information)
if you are afraid about that you never should access any website (your ip is readable in this moment) or post to any place which means you better not use the internet

You are right on all counts Again I apologise if I offended any of the users here. It was not my intention.

The IP was originating from Iceland on the Vodafone network and it looks like they were trying multiple ports. My logs had lines like these:

Connection attempt from IP x.x.x.x using port 45675.
User root
Password not recognized

Connection attempt from IP x.x.x.x using port 45676.
User root
Password not recognized

etc etc

I've since shut down SSH and now I have multiple IGMP entries in my log. It looks like my router is dropping them, but I would like to know what is going on...

as wicked_one mentioned above, these "connects" or "attacks" are very common. most of them are produced by some malware on infected pcs or servers, as no real hacker would ever choose a dynamic ip as target. if you run a linux-machine with a public ip and look at the logfiles, you can see hundreds or thousands of them (unless you use something like fail2ban, which bans the ip after 2 or 3 failed connection attempts). after some time you just stop reading the logfiles.