Baza wiedzy
AVM Content
FRITZ!VPN cannot establish a VPN connection to FRITZ!Box
The FRITZ!VPN software cannot establish a VPN connection to the FRITZ!Box. One of the following error messages may be displayed in the FRITZ!VPN journal:
- "Timeout: Could not contact the remote site."
- "Establishing connection to [...] failed. No matching security association found"
- "Could not resolve the name of the remote site."
- "The VPN connection cannot be established because FRITZ!VPN could not find any active connection to the internet. Please connect to the internet first."
Simply proceed as described below. After each measure, check whether the problem is solved.
Note:All instructions on configuration and settings given in this guide refer to the latest FRITZ!OS for the FRITZ!Box.
1 Repeating attempt to establish a VPN connection
The following step is only necessary if FRITZ!VPN displays the message "No matching security association found":
Note:FRITZ!VPN does not support the 2048-bit Diffie-Hellman initial key exchange that the FRITZ!Box prefers starting with FRITZ!OS 8 and therefore cannot establish a connection to the FRITZ!Box on the first attempt.
- Start the FRITZ!VPN software on the computer.
- Select the symbol with the MyFRITZ! address of the FRITZ!Box.
- Click "Establish" to establish the VPN connection.
- After the FRITZ!Box rejects the first connection attempt, click "Establish" again to establish the VPN connection.
2 Public IPv4 address required for access
In order for FRITZ!VPN to establish a VPN connection to the FRITZ!Box, the FRITZ!Box must have a public IPv4 address. If the FRITZ!Box does not have one or only has a private IPv4 address, it is not possible to establish VPN connections with FRITZ!VPN.
You can find out whether the FRITZ!Box has a public IPv4 address using the guide Checking accessibility of the FRITZ!Box in the internet.
Important:If the FRITZ!Box does not obtain a public IPv4 address, we recommend using WireGuard as it also allows VPN connections via IPv6.
3 Checking the MyFRITZ! status
If the VPN connection occasionally cannot be established, there may be an issue with the MyFRITZ! service. Therefore, check whether the FRITZ!Box is successfully registered with MyFRITZ! when you try to establish the VPN connection:
- Click "Internet" in the FRITZ!Box user interface.
- Click "Online Monitor" in the "Internet" menu.
- If MyFRITZ! is active, continue with the next section.
- If MyFRITZ! is displayed as not active, wait until the technical issues have been resolved and try to establish the VPN connection at a later time. If the error is permanent, reconfigure the MyFRITZ! account.
4 Adapting the IP networks
For VPN communication to occur, the computer with FRITZ!VPN and the FRITZ!Box must use different IP networks. If the computer with FRITZ!VPN and the FRITZ!Box are in the same IP network, you must adjust either the IP settings of the computer with FRITZ!VPN or the IP network of the FRITZ!Box:
Example:
In the factory settings, all FRITZ!Boxes use the IP network 192.168.178.0 (IP address 192.168.178.1, subnet mask 255.255.255.0).
If the computer with FRITZ!VPN is connected to a FRITZ!Box and both the local and remote FRITZ!Boxes use the IP network 192.168.178.0, VPN connections cannot be established.
If the computer with FRITZ!VPN has the IP address 192.168.20.13 (subnet mask 255.255.255.0), it is located in the IP network 192.168.20.0 and can establish a VPN connection to the FRITZ!Box.
Adjusting the IP settings of the computer with FRITZ!VPN
- Adjust the IP network of the router (for example FRITZ!Box) from which the computer with FRITZ!VPN obtains its IP address. If the computer does not obtain its IP settings via DHCP, change the IP settings on the computer itself.
Adjusting the FRITZ!Box's IP network
- Click "Home Network" in the FRITZ!Box user interface.
- Click "Network" in the "Home Network" menu.
- Click on the "Network Settings" tab.
- Click "Additional Settings" in the section "WAN setting" or "LAN Settings" to display all of the settings.
- Click the "IPv4 Settings" button.
- Enter the desired IP address and subnet mask.
- Click "Apply" to save the settings and on the FRITZ!Box, confirm that the procedure may be executed, if you are asked to do so.
Now the FRITZ!Box uses the new IP network. Reconfigure the VPN connection in FRITZ!VPN and the FRITZ!Box so that the computer with FRITZ!VPN also receives an IP address from the new IP network after establishing the VPN connection.
5 Configuring a firewall for FRITZ!VPN
If the computer with FRITZ!VPN is protected by a firewall on the computer or an upstream router, you may have to open ports and enable IP protocols in the firewall that are required by FRITZ!VPN before you can establish a VPN connection:
- Configure the firewall for FRITZ!VPN.
6 Mobile broadband driver is not supported
The FRITZ!VPN software currently cannot be used with the mobile broadband driver for Windows 8 / 7 or Huawei ("HUAWEI Mobile Connect"). If the internet connection is established by a mobile broadband modem or a mobile network dongle and the modem or dongle uses this driver, FRITZ!VPN cannot establish a VPN connection.
Workaround
You can use the FRITZ!VPN software if the mobile broadband modem or mobile network dongle can also be used without a mobile broadband driver:
- Configure the mobile broadband modem or mobile network dongle so that it uses a driver other than the mobile broadband driver from Windows 8 / 7 or from Huawei, for example a "WAN-Miniport(IP)" driver.
Note:Refer to the manufacturer for information on using the mobile broadband modem or mobile network dongle with other drivers, for example consult the manual.
7 Deleting a VPN connection and reconfiguring it
If the VPN connection cannot be established at all, then the VPN configuration in FRITZ!VPN or the FRITZ!Box is incorrect, for example due to a typing error, an incorrect MyFRITZ! address, or errors made when editing the CFG file. Therefore, reconfigure the VPN connection:
- Delete the VPN connection in the Configure FRITZ!Box VPN Connection software.
- Delete the VPN connection in the FRITZ!VPN software and in the FRITZ!Box.
- Reconfigure the VPN connection between FRITZ!VPN and the FRITZ!Box.