To the knowledge base

Connecting a FRITZ!Box set up as a VPN client (IPSec) to another FRITZ!Box

When you set up an IPSec VPN connection between two FRITZ!Boxes, by default both networks are connected to each other (LAN-LAN linkup). This way you can access all of the devices in the other network and all of the IP-based services such as email servers, databases, and file servers can be used at both locations.

However, you can also configure the VPN connection between the FRITZ!Boxes so that one of the FRITZ!Boxes acts as a VPN client. In this kind of client-LAN linkup, only devices in the network of the FRITZ!Box configured as a VPN client can access devices in the network of the FRITZ!Box configured as a VPN server. It is not possible for devices in the network of the VPN server to access devices in the VPN client's network.

You can find an overview of additional VPN connection options in our guide VPN with FRITZ!.

Example values used in this guide

In this guide we show you how to connect a FRITZ!Box as a VPN client via IPSec to a FRITZ!Box as the VPN server. When setting up the connection, replace the values used in this guide with your actual values.

Requirements / Restrictions

  • The FRITZ!Box which is used as the VPN server must either obtain an IPv6 address or a public IPv4 address from the internet service provider.
  • FRITZ!OS 7.50 or later must be installed on the FRITZ!Box being used as the VPN server.

Note:All instructions on configuration and settings given in this guide refer to the latest FRITZ!OS for the FRITZ!Box.

1 Preparations

Configuring MyFRITZ!

With MyFRITZ!Net you can reach the FRITZ!Box being used as the VPN server from the internet at any time at its fixed MyFRITZ! address:

Setting up MyFRITZ!
  1. Click "Internet" in the FRITZ!Box user interface.
  2. Click on "MyFRITZ! Account" in the "Internet" menu.
  3. Enter your email address in the "Your email address" field.
  4. Click "Apply". Now MyFRITZ!Net sends you an email with the confirmation link to your FRITZ!Box.

    Important:If you do not receive an email, the email was classified as unsolicited advertising (spam). In this case, check the spam folder of your email inbox.

  5. Open the email you received from MyFRITZ!Net.
  6. Click the "Register Your FRITZ!Box" button in the email.

Adapting the IP Networks

VPN communication is not possible if both FRITZ!Boxes use the same IP network. Since all FRITZ!Boxes use the IP network 192.168.178.0 in the factory settings, adjust the IP network of the FRITZ!Box used as the VPN server:

Example:
In this guide, the FRITZ!Box used as the VPN server uses the IP address 192.168.10.1 (subnet mask 255.255.255.0).

Changing the FRITZ!Box's IP network
  1. Click "Home Network" in the FRITZ!Box user interface.
  2. Click on "Network" in the "Home Network" menu.
  3. Click on the "Network Settings" tab.
  4. Click "Additional Settings" in the section "WAN setting" or "LAN Settings" to display all of the settings.
  5. Click the "IPv4 Settings" button.
  6. Enter the desired IP address and subnet mask.
  7. Click "Apply" to save the settings and on the FRITZ!Box, confirm that the procedure may be executed, if you are asked to do so.

2 Configuring a VPN Server

Setting up a VPN connection in the FRITZ!Box

In the FRITZ!Box that will be used as the VPN server, set up a user for the VPN client:

Creating VPN settings for a FRITZ!Box user
  1. Click "System" in the FRITZ!Box user interface.
  2. Click "FRITZ!Box Users" in the "System" menu.
  3. Click the (Edit) button for the user who intends to connect to the FRITZ!Box via VPN or set up a new user for the VPN connection:
    1. Click the "Add User" button.
    2. Enter a name and password for the user in the corresponding fields.
  4. Enable the option "VPN".
  5. Click "Apply" to save the settings and on the FRITZ!Box, confirm that the procedure may be executed, if you are asked to do so.

Opening the VPN settings

Calling up VPN settings of the FRITZ!Box user
  1. Click "Internet" in the FRITZ!Box user interface.
  2. Click "Permit Access" in the "Internet" menu.
  3. Click the "VPN (IPSec)" tab.
  4. Click the "VPN Settings" link for the user who intends to connect to the FRITZ!Box via VPN.
  5. If you are asked to do so, on the FRITZ!Box confirm that the procedure may be executed and click "OK" to complete the procedure.

3 Setting up a VPN client

In the FRITZ!Box to be used as the VPN client, set up a VPN connection to the remote FRITZ!Box:

  1. Click "Internet" in the FRITZ!Box user interface.
  2. Click "Permit Access" in the "Internet" menu.
  3. Click the "VPN (IPSec)" tab.
  4. Click the "Add VPN Connection" button.
  5. Click "Connect this FRITZ!Box with a corporate VPN" and then "Next".
  6. In the "VPN User name (key ID) field, enter the username of the FRITZ!Box user (Anna).
  7. Enter the "shared secret" of the FRITZ!Box user (Zj7hPCouK65IrPU4) in the field "VPN password (pre-shared key)". The "shared secret" is displayed in the VPN settings of the user in the section "iPhone, iPad or iPod touch".
  8. Enable the option "Use XAUTH".
  9. In the "XAUTH username" field, enter the username of the FRITZ!Box user (Anna).
  10. Enter the password for the FRITZ!Box user (secret1234) in the "XAUTH password" field.
  11. Enter a unique name for the connection (FRITZ!Box headquarters) in the field "Name of the VPN connection".
  12. Enter the MyFRITZ! address of the FRITZ!Box being used as the VPN server (pi80ewgfi72d2os42.myfritz.net) in the field "Web address of the remote site".
  13. In the "Remote network" field, enter the IP network of the FRITZ!Box that is used as a VPN server (192.168.10.0).
  14. In the "Subnet mask" field, enter the subnet mask that corresponds to the IP network of the FRITZ!Box that is used as the VPN server (255.255.255.0).
  15. If you want to maintain the VPN connection all the time, enable the option "Hold VPN connection permanently".
  16. Enable the option "Allow NetBIOS over this connection (for Microsoft Windows file and printer sharing)" if access to SMB shared files in the remote network should be allowed.
  17. Click "Advanced Settings for Network Traffic".
  18. If you do not only want to use the VPN connection to access the remote network, but also want all web requests to be sent to the FRITZ!Box being used as the VPN server, enable the option "Send all network traffic via the VPN connection".
  19. If only certain devices should be allowed to access the remote network, enable the option "Only certain devices use the VPN connection" and select the corresponding devices.
  20. Click "Apply" to save the settings and on the FRITZ!Box, confirm that the procedure may be executed, if you are asked to do so.

4 Establishing a VPN connection

If you enabled the option "Hold VPN connection permanently" in the FRITZ!Box that is set up as the VPN client, then the VPN connection will remain established.

If the option "Hold VPN connection permanently" is not enabled, the VPN connection will be automatically established when a query is sent from the network of the FRITZ!Box set up as the VPN client to a device in the network of the other FRITZ!Box. The connection is cleared again if it has been inactive for one hour.

Note:Active VPN connections are displayed in the user interface of the FRITZ!Boxes under "Overview".