Baza wiedzy
AVM Content
Setting up a VPN between two FRITZ!Box networks
With VPN (Virtual Private Network), you can securely connect two FRITZ!Box networks at different locations over the internet, without the risk of eavesdropping or tampering.
This allows you to access all of the devices in the remote network and use all of the IP-based services such as email servers, data banks, and file servers at both locations.
Example values used in this guide
In this guide we show you how to connect "FRITZ!Box A" in a branch with "FRITZ!Box B" in the headquarters.When setting up the connection, replace the values used in this example with your actual values.
- MyFRITZ! address of FRITZ!Box A (branch):
pi80ewgfi72d2os42.myfritz.net - IP network of FRITZ!Box A (branch):
192.168.20.0 (subnet mask: 255.255.255.0) - MyFRITZ! address of FRITZ!Box B (headquarters):
kw23qbmnj31x5aw75.myfritz.net - IP network of FRITZ!Box B (headquarters):
192.168.10.0 (subnet mask: 255.255.255.0) - VPN password (pre-shared key):
secret1234
Requirements / Restrictions
- FRITZ!Box A must establish its own connection to the internet through a modem (for example a DSL or cable modem).
- FRITZ!OS 7 or later is installed on FRITZ!Box B.
- At least one of the two FRITZ!Boxes must obtain a public IPv4 address from the internet service provider.
Note:All instructions on configuration and settings given in this guide refer to the latest FRITZ!OS for the FRITZ!Box.
1 Preparations
Configuring MyFRITZ!
Register the FRITZ!Boxes with MyFRITZ! so that it can be reached on the internet at any time at fixed MyFRITZ! addresses:
- Create a MyFRITZ! account and set it up in both of the FRITZ!Boxes.
Note:You can either configure the same or different MyFRITZ! accounts in both of the FRITZ!Boxes. Even if both FRITZ!Boxes use the same MyFRITZ! account, each FRITZ!Box has its own unique MyFRITZ! address.
Adapting the IP Networks
VPN communication is not possible if both FRITZ!Boxes use the same IP network. Since all FRITZ!Boxes use the IP network 192.168.178.0 in the factory settings, configure IP addresses from different IP networks in the FRITZ!Boxes:
Example:
In this guide, FRITZ!Box A (branch) has the IP address 192.168.20.1 (subnet mask 255.255.255.0) and FRITZ!Box B (headquarters) the IP address 192.168.10.1 (subnet mask 255.255.255.0).
- Click on "Home Network" in the FRITZ!Box user interface.
- Click on "Network" in the "Home Network" menu.
- Click on the "Network Settings" tab.
- Click on the "IPv4 Addresses" button.
- Enter the desired IP address and subnet mask.
- Click on "OK" to save the settings and on the FRITZ!Box, confirm that the procedure may be executed if asked to do so.
2 Configuring FRITZ!Box A (branch)
- Click "Internet" in the user interface of FRITZ!Box A (branch).
- Click "Permit Access" in the "Internet" menu.
- Click on the "VPN" tab.
- Click the "Add VPN Connection" button.
- Click "Connect your home network with another FRITZ!Box network (LAN-LAN linkup)" and then "Next".
- In the field "VPN password (pre-shared key)", enter the password required to establish the VPN connection (secret1234). Use numerals and letters, and combine capitals and lower-case letters.
- Enter the MyFRITZ! address of FRITZ!Box B (kw23qbmnj31x5aw75.myfritz.net) in the "Web address" field.
- Enter the IP network of FRITZ!Box B (192.168.10.0) in the "Remote network" field.
- In the "Subnet mask" field, enter the subnet mask that corresponds to FRITZ!Box B's IP network (255.255.255.0).
- Enable the option "Hold VPN connection permanently" if FRITZ!Box B has a public IPv4 address and you want to maintain the VPN connection all the time.
- Click "OK" to save the settings and on the FRITZ!Box, confirm that the procedure may be executed if asked to do so. The internet connection will be cleared briefly and then re-established right away.
3 Configuring FRITZ!Box B (headquarters)
- Click "Internet" in the user interface of FRITZ!Box B (headquarters).
- Click "Permit Access" in the "Internet" menu.
- Click on the "VPN" tab. If the tab is not displayed, enable the Advanced View first.
- Click the "Add VPN Connection" button.
- Click "Connect your home network with another FRITZ!Box network (LAN-LAN linkup)" and then "Next".
- In the field "VPN password (pre-shared key)", enter the password required to establish the VPN connection (secret1234).
- If the field "Name of the VPN connection" is displayed, enter a unique name (FRITZ!Box branch) for the connection.
- Enter the MyFRITZ! address of FRITZ!Box A (pi80ewgfi72d2os42.myfritz.net) in the "Web address" field.
- Enter the IP network of FRITZ!Box A (192.168.20.0) in the "Remote network" field.
- In the "Subnet mask" field, enter the subnet mask that corresponds to FRITZ!Box A's IP network (255.255.255.0).
- Enable the option "Hold VPN connection permanently" if FRITZ!Box A has a public IPv4 address and you want to maintain the VPN connection all the time.
- Click "OK" to save the settings and on the FRITZ!Box, confirm that the procedure may be executed if asked to do so. The internet connection will be cleared briefly and then re-established right away.
4 Establishing a VPN connection
If you enabled the option "Hold VPN connection permanently" in the FRITZ!Boxes, the VPN connection will be maintained at all times.
If the option "Hold VPN connection permanently" is not enabled, the VPN connection is automatically established when the remote network is accessed and it is cleared again if it has been inactive for one hour.
Note:Active VPN connections are displayed in the user interface of both of the FRITZ!Boxes under "Internet > Permit Access > VPN".