To the knowledge base
Dokument informacyjny #342

IP communication over VPN connection between two FRITZ!Box networks not possible

Although the VPN connection between two FRITZ!Boxes is established, computers and other devices in the network of one of the FRITZ!Boxes cannot access shared files and printers or other services in the network of the other FRITZ!Box. Devices in the remote network do not respond to pings.

Simply proceed as described below. After each measure, check whether the problem is solved.

Note:All instructions on configuration and settings given in this guide refer to the latest FRITZ!OS for the FRITZ!Box.

1 Deleting static IP routes

If static IP routes are set up in the FRITZ!Boxes that point to the IP network of the other FRITZ!Box, reliable VPN communication is not possible.

Delete such static IP routes in both of the FRITZ!Boxes:

  1. Click "Home Network" in the FRITZ!Box user interface.
  2. Click "Network" or "Home Network Overview" in the "Home Network" menu.
  3. Click on the "Network Settings" tab.
  4. Click the "IPv4 Routes" button. If the button is not displayed, enable the Advanced View first.
  5. In the table, disable or delete all entries where the IP network of the remote FRITZ!Box is entered in the "Network" column.

    Example:
    The remote FRITZ!Box uses the IP address 192.168.10.1 with the subnet mask 255.255.255.0. This means that no static route may be active for the IP network 192.168.10.0.

  6. Click "OK" to save the settings.

2 Restarting the FRITZ!Box

You may be temporarily unable to correctly establish the VPN connection due to an error in the FRITZ!Box or its internet connection. Therefore, restart the FRITZ!Box so that it reinitializes the firewall and re-establishes the internet connection:

  1. Click "System" in the FRITZ!Box user interface.
  2. Click "Backup" in the "System" menu.
  3. Click on the "Restart" tab.
  4. Click the "Restart" button.

3 Configuring the device to automatically obtain IP settings

To ensure that the device always uses the correct IP settings, make sure that it automatically obtains its IP settings from the FRITZ!Box (this is the default setting for most devices):

4 Configuring the device's firewall

  1. If a firewall is installed on the device, configure it so that it does not block communication with the IP network of the remote FRITZ!Box (for example 192.168.20.0). Refer to the manufacturer of the firewall for information on how to set it up, for example consult the manual.

5 Deleting a VPN connection and reconfiguring it

If the IP address of the remote FRITZ!Box (xxx.xxx.xxx.1) was entered as the "destination network" when setting up the VPN connection instead of its IP network (xxx.xxx.xxx.0), you can only access the remote FRITZ!Box itself over the VPN connection.

Example:
A FRITZ!Box has the IP address 192.168.10.1 with the subnet mask 255.255.255.0. This means that the IP network of this FRITZ!Box is 192.168.10.0.

To rule out that the IP settings or other VPN settings in one of the two FRITZ!Boxes are incorrect, reconfigure the VPN connection:

  1. Delete the VPN connection in the user interface of both of the FRITZ!Boxes.
  2. Set up the VPN connection between the two FRITZ!Boxes again.