To the knowledge base

WireGuard cannot establish a VPN connection to the FRITZ!Box

Although the VPN connection was successfully configured, WireGuard cannot establish a VPN connection to the FRITZ!Box. One of the following error messages is displayed:

  • "unknown host"
  • "Error bringing up tunnel: Unable to resolve DNS hostname"
  • "Error bringing up tunnel: Service not authorized by user"
  • "Failed to send handshake initiation [...] no route to host"

Simply proceed as described below. After each measure, check whether the problem is solved.

1 Allowing WireGuard connections on the device

If WireGuard displays the message "Error bringing up tunnel: Service not authorized by user", a different app is preventing the user from establishing a VPN connection.

  1. Check the security apps installed on the device (for example Blokada, ESET NOD32) and make sure that they do not block WireGuard.

2 FRITZ!Box is not accessible on the internet

So that WireGuard can establish a connection to the FRITZ!Box, the FRITZ!Box must have an IPv6 or IPv4 address that is accessible on the internet and the device with WireGuard must be able to access this IP address.

You can determine whether the FRITZ!Box has an IP address that is accessible on the internet and whether the device can access this IP address by using the guide Checking accessibility of the FRITZ!Box in the internet.

Note:If you use MyFRITZ!, you can also check the IP addresses of your FRITZ!Box from on the go in the Device Overview of your MyFRITZ! account at myfritz.net in the section "Device Overview for Your MyFRITZ! Account".

3 Checking the MyFRITZ! status of the FRITZ!Box

If the VPN connection occasionally cannot be established, there may be an issue with the MyFRITZ! service. Therefore, check whether the FRITZ!Box is successfully registered with MyFRITZ! when you try to establish the VPN connection:

  1. Click "Internet" in the FRITZ!Box user interface.
  2. Click "Online Monitor" in the "Internet" menu.
  3. If MyFRITZ! is active, continue with the next section.
    • If MyFRITZ! is displayed as not active, wait until the technical issues have been resolved and try to establish the VPN connection at a later time. If the error is permanent, reconfigure the MyFRITZ! account.

4 WireGuard is blocked by the internet service provider

Some countries (for example Egypt, Iran) block WireGuard connections. If you cannot establish a VPN connection with WireGuard in a country outside the European Union, the internet service provider may not allow WireGuard connections:

  1. Contact your internet service provider or provider of the Wi-Fi hotspot you are using and ask whether it is possible to establish WireGuard connections.

5 Deleting a VPN connection and reconfiguring it

If the VPN connection cannot be established at all, then an invalid or incorrect connection is saved in WireGuard, for example an incorrect MyFRITZ! address. Therefore, reconfigure the WireGuard connection:

  1. Delete the VPN connection in WireGuard and in the FRITZ!Box user interface.
  2. Reconfigure the WireGuard connection in the FRITZ!Box. Proceed as described in the corresponding guide: