Baza wiedzy
AVM Content
Setting up VPN connections in a FRITZ!Box used as a cascading router
You can also set up VPN connections to the FRITZ!Box when you operate the FRITZ!Box as a cascaded router behind another router. Since the other router establishes and manages the internet connection, this requires a procedure that differs from our VPN guides in several points. Follow the instructions in this guide before setting up VPN connections.
1 Ensuring the router obtains a public IP address
VPN connections to the FRITZ!Box are only possible if the upstream router has an IP address that is accessible on the internet:
- Check whether the router obtains an IPv6 address or a public IPv4 address from the internet service provider. You can check which IP address the router is assigned by calling up ipv6-test.com on a device connected to the router.
- If the router does not obtain an IP address that can be reached in the Internet, contact your internet service provider and ask whether you can receive an IPv6 address or a public IPv4 address.
2 Setting up dynamic DNS
The FRITZ!Box only supports VPN (WireGuard) when used with a dynamic DNS address since this is the only way to ensure that the FRITZ!Box can always be reached on the internet over both IPv6 and IPv4:
Note:You can also use DynDNS if you are using the FRITZ!Box on an internet connection with a fixed ("static") public IPv4 address. If both MyFRITZ! and DynDNS are configured in the FRITZ!Box, the FRITZ!Box uses the MyFRITZ! address for WireGuard connections.
- Set up a dynamic DNS service in the router. You can find information on the dynamic DNS services supported by the router and how to set them up in its manual, or consult its manufacturer directly.
- Set up the same dynamic DNS service in the FRITZ!Box under "Internet > Permit Access > DynDNS". You can find examples for different providers in the guide Setting up dynamic DNS in the FRITZ!Box.
- After you have set up all VPN connections in the FRITZ!Box, replace the update URL in the FRITZ!Box with a fictitious address. Otherwise, the FRITZ!Box may transmit its private IP address to the dynamic DNS provider and cannot be reached from the internet.
3 Setting up port sharing
Set up port sharing for the FRITZ!Box in the upstream router:
Note:You can find information on setting up port sharing in the router's manual, or consult its manufacturer directly. With some routers supplied by internet service providers, the provider must set up port sharing. If you are unsure, contact your internet service provider.
- If you set up IPSec connections in the FRITZ!Box, set up port sharing for the UDP ports 500 (ISAKMP) and 4500 (NAT traversal) for the FRITZ!Box in the router.
- If you set up WireGuard connections in the FRITZ!Box, determine the port used by the FRITZ!Box under "Diagnostics > Security > FRITZ!Box Services" in the FRITZ!Box user interface and in the router, configure port sharing for the FRITZ!Box for this port.
Deutschland
International (English)
Österreich
Nederland
España
Italia
Polska
België (Nederlands)
Luxemburg (Deutsch)
Schweiz (Deutsch)