To the knowledge base

Connecting a FRITZ!Box set up as a VPN client to another FRITZ!Box

When you set up a VPN connection between two FRITZ!Boxes, by default both networks are connected to each other (LAN-LAN linkup). This way you can access all of the devices in the other network and all of the IP-based services such as email servers, databases, and file servers can be used at both locations.

However, you can also configure the VPN connection between the FRITZ!Boxes so that one of the FRITZ!Boxes acts as a VPN client. In this kind of client-LAN linkup, only devices in the network of the FRITZ!Box configured as a VPN client can access devices in the network of the FRITZ!Box configured as a VPN server. It is not possible for devices in the network of the VPN server to access devices in the VPN client's network.

Example values used in this guide

In this guide we show you how to connect a FRITZ!Box as a VPN client to a FRITZ!Box as the VPN server. When setting up the connection, replace the values used in this example with your actual values.

  • MyFRITZ! address of the VPN server FRITZ!Box:
    pi80ewgfi72d2os42.myfritz.net
  • IP network of the FRITZ!Box used as the VPN server:
    192.168.10.0 (subnet mask: 255.255.255.0)
  • username of the FRITZ!Box user in the FRITZ!Box used as the VPN server:
    John Smith
  • Password for the FRITZ!Box user in the FRITZ!Box used as the VPN server:
    secret1234
  • Shared secret of the FRITZ!Box user in the FRITZ!Box used as the VPN server:
    Zj7hPCouK65IrPU4

Requirements / Restrictions

  • The FRITZ!Box which is used as the VPN server must obtain a public IPv4 address from the internet service provider.
  • FRITZ!OS 6 or later must be installed on the FRITZ!Box being used as the VPN server.

Note:All instructions on configuration and settings given in this guide refer to the latest FRITZ!OS for the FRITZ!Box.

1 Preparations

Configuring MyFRITZ!

With MyFRITZ! you can reach the FRITZ!Box being used as the VPN server from the internet at any time at its fixed MyFRITZ! address:

Setting up MyFRITZ!
  1. Click on "Internet" in the FRITZ!Box user interface.
  2. Click on "MyFRITZ! Account" in the "Internet" menu.
  3. Enter your email address in the "Your email address" field.
  4. Click on "Apply". Now MyFRITZ! sends you an email with the confirmation link to your FRITZ!Box.

    Important:If you do not receive an email, the email was classified as unsolicited advertising (spam). In this case, check the spam folder of your email inbox.

  5. Open the email you received from MyFRITZ!.
  6. Click on the "Register Your FRITZ!Box" button in the email.

Adapting the IP Networks

VPN communication is not possible if both FRITZ!Boxes use the same IP network. Since all FRITZ!Boxes use the IP network 192.168.178.0 in the factory settings, adjust the IP network of the FRITZ!Box used as the VPN server:

Example:
In this guide, the FRITZ!Box used as the VPN server uses the IP address 192.168.10.1 (subnet mask 255.255.255.0).

  1. Click on "Home Network" in the FRITZ!Box user interface.
  2. Click on "Network" in the "Home Network" menu.
  3. Click on the "Network Settings" tab.
  4. Click on "Additional Settings" in the section "LAN Settings" to display all of the settings.
  5. Click on the "IPv4 Settings" button.
  6. Enter the desired IP address and subnet mask.
  7. Click on "OK" to save the settings and on the FRITZ!Box, confirm that the procedure may be executed if asked to do so.

2 Setting up the VPN server

In the FRITZ!Box that will be used as the VPN server, set up a user for the VPN client:

  1. Click "System" in the FRITZ!Box user interface.
  2. Click "FRITZ!Box Users" in the "System" menu.
  3. Click the (Edit) button for the user who intends to connect to the FRITZ!Box via VPN or set up a new user for the VPN connection:
    1. Click the "Add User" button.
    2. Enter a name and password for the user in the corresponding fields.
  4. Enable the option "VPN".
  5. Click "Apply" to save the settings and on the FRITZ!Box, confirm that the procedure may be executed if asked to do so.
  6. Now the FRITZ!Box sets up the VPN connection for the user and opens a window with the VPN settings of the user.

    Note:You can always call up the VPN settings again by clicking "Show VPN Settings" in the settings for the user under "System > FRITZ!Box Users".

3 Setting up a VPN client

In the FRITZ!Box to be used as the VPN client, set up a VPN connection to the remote FRITZ!Box:

  1. Click "Internet" in the FRITZ!Box user interface.
  2. Click "Permit Access" in the "Internet" menu.
  3. Click on the "VPN" tab.
  4. Click the "Add VPN Connection" button.
  5. Click "Connect this FRITZ!Box with a company's VPN" and then "Next".
  6. Enter the username of the FRITZ!Box user (John Smith) in the field "VPN username (Key ID)".
  7. Enter the "shared secret" of the FRITZ!Box user (Zj7hPCouK65IrPU4) in the field "VPN password (pre-shared key)". The "shared secret" is displayed in the VPN settings of the user in the section "iPhone, iPad or iPod touch".
  8. Enable the option "Use XAUTH".
  9. Enter the username of the FRITZ!Box user (John Smith) in the field "XAUTH username".
  10. Enter the password for the FRITZ!Box user (secret1234) in the "XAUTH password" field.
  11. Enter a unique name for the connection (FRITZ!Box London) in the field "Name of the VPN connection".
  12. Enter the MyFRITZ! address of the FRITZ!Box being used as the VPN server (pi80ewgfi72d2os42.myfritz.net) in the field "Web address of the remote site".
  13. In the "Remote network" field, enter the IP network of the FRITZ!Box that is used as a VPN server (192.168.10.0).
  14. In the "Subnet mask" field, enter the subnet mask that corresponds to the IP network of the FRITZ!Box that is used as the VPN server (255.255.255.0).
  15. If you want to maintain the VPN connection all the time, enable the option "Hold VPN connection permanently".
  16. Enable the option "Allow NetBIOS over this connection (for Microsoft Windows file and printer sharing)" if access to SMB shared files in the remote network should be allowed.
  17. Click "Advanced Settings for Network Traffic".
  18. If you do not only want to use the VPN connection to access the remote network, but also want all web requests to be sent to the FRITZ!Box being used as the VPN server, enable the option "Send all network traffic via the VPN connection".
  19. If only certain devices should be allowed to access the remote network, enable the option "Only certain devices use the VPN connection" and select the corresponding devices.
  20. Click "OK" to save the settings and on the FRITZ!Box, confirm that the procedure may be executed if asked to do so.

4 Establishing a VPN connection

If you enabled the option "Hold VPN connection permanently" in the FRITZ!Box that is set up as the VPN client, then the VPN connection will remain established.

If the option "Hold VPN connection permanently" is not enabled, the VPN connection will be automatically established when a query is sent from the network of the FRITZ!Box set up as the VPN client to a device in the network of the other FRITZ!Box. The connection is cleared again if it has been inactive for one hour.

Note:Active VPN connections are displayed in the user interface of the FRITZ!Boxes under "Overview".