Do bazy wiedzy

Connecting a FRITZ!Box set up as a VPN client to another FRITZ!Box

When you set up a VPN connection between two FRITZ!Boxes, by default both networks are connected to each other (LAN-LAN linkup). This way you can access all of the devices in the other network and all of the IP-based services such as email servers, databases, and file servers can be used at both locations.

However, you can also configure the VPN connection between the FRITZ!Boxes so that one of the FRITZ!Boxes acts as a VPN client. In this kind of client-LAN linkup, only devices in the network of the FRITZ!Box configured as a VPN client can access devices in the network of the FRITZ!Box configured as a VPN server. It is not possible for devices in the network of the VPN server to access devices in the VPN client's network.

Example values used in this guide

In this guide we show you how to connect a FRITZ!Box as a VPN client to a FRITZ!Box as the VPN server. When setting up the connection, replace the values used in this example with your actual values.

  • Dynamic DNS domain name of the FRITZ!Box used as the VPN server:
    fritzbox_a.dyndns.org
  • IP network of the FRITZ!Box used as the VPN server:
    192.168.10.0 (subnet mask: 255.255.255.0)
  • username of the FRITZ!Box user in the FRITZ!Box used as the VPN server:
    John Smith
  • Password for the FRITZ!Box user in the FRITZ!Box used as the VPN server:
    secret1234
  • Shared secret of the FRITZ!Box user in the FRITZ!Box used as the VPN server:
    Zj7hPCouK65IrPU4

Requirements / Restrictions

  • The FRITZ!Box which is used as the VPN server must obtain a public IPv4 address from the internet service provider.
  • FRITZ!OS 6 or later must be installed on the FRITZ!Box being used as the VPN server.

Note:All instructions on configuration and settings given in this guide refer to the latest FRITZ!OS for the FRITZ!Box.

1 Preparations

Setting up dynamic DNS

  1. Set up a dynamic DNS account in the FRITZ!Box that you want to use as a VPN server.

Adapting the IP Networks

VPN communication is not possible if both FRITZ!Boxes use the same IP network. Since all FRITZ!Boxes use the IP network 192.168.178.0 in the factory settings, adjust the IP network of the FRITZ!Box used as the VPN server:

Example:
In this guide, the FRITZ!Box used as the VPN server uses the IP address 192.168.10.1 (subnet mask 255.255.255.0).

  1. Click on "Home Network" in the FRITZ!Box user interface.
  2. Click on "Home Network Overview" in the "Home Network" menu.
  3. Click on the "Network Settings" tab.
  4. Click on the "IPv4 Addresses" button. If the button is not displayed, enable the Advanced View first.
  5. Enter the desired IP address and subnet mask.
  6. Click on "OK" to save the settings.

2 Setting up the VPN server

In the FRITZ!Box that will be used as the VPN server, set up a user for the VPN client:

  1. Click "System" in the FRITZ!Box user interface.
  2. Click "FRITZ!Box Users" in the "System" menu.
  3. Click the (Edit) button for the user who intends to connect to the FRITZ!Box via VPN or set up a new user for the VPN connection:
    1. Click the "Add User" button.
    2. Enter a name and password for the user in the corresponding fields.
  4. Enable the option "VPN".
  5. Click "OK" to save the settings.
  6. Now the FRITZ!Box sets up the VPN connection for the user and opens a window with the VPN settings of the user.

    Note:You can always call up the VPN settings again by clicking "Show VPN Settings" in the settings for the user under "System > FRITZ!Box Users".

3 Setting up a VPN client

Setting up a VPN connection

In the FRITZ!Box to be used as the VPN client, set up a VPN connection to the remote FRITZ!Box:

  1. Click "Internet" in the FRITZ!Box user interface.
  2. Click "Permit Access" in the "Internet" menu.
  3. Click on the "VPN" tab. If the tab is not displayed, enable the Advanced View first.
  4. Click the "Add VPN Connection" button.
  5. Click "Connect this FRITZ!Box with a company's VPN" and then "Next".
  6. Enter the username of the FRITZ!Box user (John Smith) in the field "VPN username (Key ID)".
  7. Enter the "shared secret" of the FRITZ!Box user (Zj7hPCouK65IrPU4) in the field "VPN password (pre-shared key)". The "shared secret" is displayed in the VPN settings of the user in the section "iPhone, iPad or iPod touch".
  8. Enable the option "Use XAUTH".
  9. Enter the username of the FRITZ!Box user (John Smith) in the field "XAUTH username".
  10. Enter the password for the FRITZ!Box user (secret1234) in the "XAUTH password" field.
  11. Enter the dynamic DNS domain name of the FRITZ!Box used as a VPN server (fritzbox_a.dyndns.org) in the "Web address" field.
  12. In the "Remote network" field, enter the IP network of the FRITZ!Box that is used as a VPN server (192.168.10.0).
  13. In the "Subnet mask" field, enter the subnet mask that corresponds to the IP network of the FRITZ!Box that is used as the VPN server (255.255.255.0).
  14. If you want to maintain the VPN connection all the time, enable the option "Hold VPN connection permanently".
  15. Click "OK" to save the settings.

Disabling the NetBIOS filter

The following step is only necessary if you want to access shared files and printers in the VPN server's network:

Important:When the NetBIOS filter is disabled, computers in the home network may be subject to more frequent attacks from the internet. Therefore, set up a firewall on all computers.

  1. Click "Internet" in the FRITZ!Box user interface.
  2. Click "Filter" in the "Internet" menu.
  3. Click on the "Lists" tab.
  4. Disable the option "NetBIOS filter enabled". If the option is not displayed, enable the Advanced View first.
  5. Click "Apply" to save the settings.

4 Establishing a VPN connection

If you enabled the option "Hold VPN connection permanently" in the FRITZ!Box that is set up as the VPN client, then the VPN connection will remain established.

If the option "Hold VPN connection permanently" is not enabled, the VPN connection will be automatically established when a query is sent from the network of the FRITZ!Box set up as the VPN client to a device in the network of the other FRITZ!Box. The connection is cleared again if it has been inactive for one hour.

Note:Active VPN connections are displayed in the user interface of the FRITZ!Boxes under "Overview".