To the knowledge base

Connecting the FRITZ!Box with a company's VPN

With VPN (Virtual Private Network), you can securely connect your FRITZ!Box to the VPN server of your company over the internet, without the risk of eavesdropping or tampering. This way you can access devices and data in the company's network from your home network. It is not possible to access devices in your home network from the company network.

Example values used in this guide

In this guide we show you how to connect a FRITZ!Box as a VPN client to a VPN server. When setting up the connection, replace the values used in this example with your actual values.

  • The VPN server's internet address (domain name):
    sec.companydomain.com
  • IP network of the company's VPN:
    172.16.0.0 (subnet mask: 255.255.0.0)
  • VPN username (IPsec ID, Key ID) of the VPN connection in the VPN server:
    John Smith
  • Preshared key of the VPN connection in the VPN Server:
    Zj7hPCouK65IrPU4

Requirements / Restrictions

  • The FRITZ!Box supports VPN connections according to the IPsec standard with ESP, IKEv1, and pre-shared keys. Authentication Header (AH) and Perfect Forward Security (PFS) are not supported.
  • Supported IPSec algorithms for IKE phase 1:
    • Encryption method: AES with 256, 192, 128 bit, Triple DES with 168 bit or DES with 56 bit
    • Hash algorithms: SHA1 or MD5-96
    • The FRITZ!Box uses 1024-bit Diffie-Hellman initial key exchange (DH group 2). It then also accepts 768, 1536, 2048 and 3072 bit (DH groups 1, 5, 14, and 15).
  • Supported IPSec algorithms for IKE phase 2:
    • Encryption method: AES with 256, 192, 128 bit, Triple DES with 168 bit or DES with 56 bit
    • Hash algorithms: SHA1 or MD5-96
    • The Diffie-Hellman group is determined by IKE phase 1
    • Compression: None, LZJH, or deflate

Note:All instructions on configuration and settings given in this guide refer to the latest FRITZ!OS for the FRITZ!Box.

1 Setting up a VPN connection in the VPN server

  1. Have the administrator of the VPN server in your company set up a VPN client connection for the FRITZ!Box. The IPsec algorithms given above must be used.

2 Setting up a VPN connection in the FRITZ!Box

  1. Click "Internet" in the FRITZ!Box user interface.
  2. Click "Permit Access" in the "Internet" menu.
  3. Click on the "VPN" tab.
  4. Click the "Add VPN Connection" button.
  5. Click "Connect this FRITZ!Box with a company's VPN" and then "Next".
  6. In the field "VPN username (Key ID)", enter the IPsec ID or key ID of the VPN connection (John Smith) configured for the FRITZ!Box in the VPN server.
  7. Enter the password for the VPN connection (Zj7hPCouK65IrPU4) in the field "VPN password (pre-shared key)".
  8. If the VPN server uses XAUTH, enable the option "Use XAUTH" and enter the XAUTH username (John Doe) and the XAUTH password (secret1234) in the corresponding fields.
  9. Enter the VPN server's domain name or fixed public IP address (sec.companydomain.com or 212.42.244.80 in the field "Web address".
  10. Enter the IP network of the company's VPN (172.16.0.0) in the "Remote network" field.
  11. In the "Subnet mask" field, enter the subnet mask (255.255.0.0) that corresponds to the IP network of the company's VPN.
  12. Enable the option "Hold VPN connection permanently" if you want to maintain the VPN connection to the VPN server at all times.
  13. Click "OK" to save the settings.

3 Establishing a VPN connection

If you enabled the option "Hold VPN connection permanently" in the FRITZ!Box, the FRITZ!Box continuously maintains the VPN connection and automatically establishes the connection again if the VPN server clears the connection.

If you did not enable the option "Hold VPN connection permanently", the FRITZ!Box automatically establishes the VPN connection when the company's network is accessed. After an hour of inactivity, the FRITZ!Box clears the VPN connection again.

Note:Active VPN connections are displayed under "Internet > Permit Access > VPN" in the FRITZ!Box user interface.