Do bazy wiedzy

Setting up an IPSec VPN to the FRITZ!Box in Linux

IPSec and the vpnc plugin for the GNOME NetworkManager allow you to establish VPN connections to the FRITZ!Box on your computer with Linux. This way you can access your FRITZ!Box and all devices in your home network with your computer over a securely encrypted connection, even when you are away from home.

The vpnc plugin is available free of charge for Debian, Fedora, Ubuntu, and other Linux distributions.

You can find an overview of additional VPN connection options in our guide VPN with FRITZ!.

Example values used in this guide

In this guide we show you how to connect a computer with Ubuntu 22.04 LTS to the FRITZ!Box. When setting up the connection, replace the values used in this guide with your actual values.

Requirements / Restrictions

  • The packages vpnc, network-manager-vpnc, and network-manager-vpnc-gnome are installed on the computer.

    Note:You can install the packages in Ubuntu as follows:
    sudo apt-get install network-manager-vpnc-gnome

Note:All instructions on configuration and settings given in this guide refer to the latest FRITZ!OS for the FRITZ!Box.

1 Preparations

Configuring MyFRITZ!

Register the FRITZ!Box with MyFRITZ!Net so that it can be reached on the internet at any time at a fixed MyFRITZ! address:

Setting up MyFRITZ!
  1. Click "Internet" in the FRITZ!Box user interface.
  2. Click on "MyFRITZ! Account" in the "Internet" menu.
  3. Enter your email address in the "Your email address" field.
  4. Click on "Apply". Now MyFRITZ!Net sends you an email with the confirmation link to your FRITZ!Box.

    Important:If you do not receive an email, the email was classified as unsolicited advertising (spam). In this case, check the spam folder of your email inbox.

  5. Open the email you received from MyFRITZ!Net.
  6. Click the "Register Your FRITZ!Box" button in the email.

Adjusting the FRITZ!Box's IP network

Both ends of the VPN connection must have IP addresses in different IP networks. As soon as the computer is connected to a router (for example another FRITZ!Box) that uses the same IP network as your FRITZ!Box, VPN communication is no longer possible.

Note:All FRITZ!Boxes use the IP network 192.168.178.0 in the factory settings.

Set up an IP address to your FRITZ!Box that differs from the IP addresses of the routers you use to connect to the FRITZ!Box, for example 192.168.10.1 (subnet mask 255.255.255.0):

Changing the FRITZ!Box's IP network
  1. Click "Home Network" in the FRITZ!Box user interface.
  2. Click "Network" in the "Home Network" menu.
  3. Click on the "Network Settings" tab.
  4. Click "Additional Settings" in the section "WAN setting" or "LAN Settings" to display all of the settings.
  5. Click the "IPv4 Settings" button.
  6. Enter the desired IP address and subnet mask.
  7. Click "Apply" to save the settings and on the FRITZ!Box, confirm that the procedure may be executed, if you are asked to do so.

2 Setting up a VPN connection in the FRITZ!Box

Set up a separate user for each VPN connection in the FRITZ!Box:

Creating VPN settings for a FRITZ!Box user
  1. Click "System" in the FRITZ!Box user interface.
  2. Click "FRITZ!Box Users" in the "System" menu.
  3. Click the (Edit) button for the user who intends to connect to the FRITZ!Box via VPN or set up a new user for the VPN connection:
    1. Click the "Add User" button.
    2. Enter a name and password for the user in the corresponding fields.
  4. Enable the option "VPN".
  5. Click "Apply" to save the settings and on the FRITZ!Box, confirm that the procedure may be executed, if you are asked to do so.

3 Opening the VPN settings

Calling up VPN settings of the FRITZ!Box user
  1. Click "Internet" in the FRITZ!Box user interface.
  2. Click on "Permit Access" in the "Internet" menu.
  3. Click the "VPN (IPSec)" tab.
  4. Click the "VPN Settings" link for the user who intends to connect to the FRITZ!Box via VPN.
  5. If you are asked to do so, on the FRITZ!Box confirm that the procedure may be executed and click "OK" to complete the procedure.

4 Setting up and establishing a VPN connection on the computer

Set up the VPN connection on the computer using the VPN settings displayed in the FRITZ!Box user interface for the FRITZ!Box user:

  1. Start the Advanced Network Configuration, for example in the terminal by entering "nm-connection-editor".
  2. Click on the plus sign in the "VPN" section. The "Add VPN" window opens.
  3. In the "Add VPN" window, select "Cisco Compatible VPN (vpnc)".
  4. Enter a name of your choice (FRITZ!Box-VPN) in the "Connection name" field.
  5. Enter the MyFRITZ! address of the FRITZ!Box (pi80ewgfi72d2os42.myfritz.net) in the "Gateway" field.
  6. Enter the username of the FRITZ!Box user (John Smith) in the field "Username".
  7. Click the symbol in the field "User password", select "Store the password only for this user", and enter the password for the FRITZ!Box user (secret1234).

    Note:With some Ubuntu versions, you must enable the option "Store the password for all users" instead.

  8. Enter the username of the FRITZ!Box user (John Smith) in the "Group name" field.
  9. Click the symbol in the field "Group password", select "Store the password only for this user", and enter the "shared secret" for the FRITZ!Box user (Zj7hPCouK65IrPU4). The "shared secret" is displayed in the VPN settings of the user in the section "iPhone, iPad or iPod touch".
  10. Click "Advanced".
  11. Enter tun0 in the field "Tunnel interface name" and click "Apply".
  12. Click the "Save" button to complete the configuration. If the button "Save" is grayed out, click "Advanced" again and then "Apply", and save again.
  13. Click the on/off slider for the VPN connection to establish the connection.