FRITZ!Box 4020 Serwis - Baza wiedzy

FRITZ!Box 4020 Serwis
Not your product?

Cannot establish a VPN connection between two FRITZ!Box networks

The VPN connection between two FRITZ!Box networks cannot be established. One of the following error messages may be displayed in the event log of the FRITZ!Box attempting to establish the VPN connection:

  • "Error: IKE-Error 0x1c"
  • "Error: IKE-Error 0x2020"
  • "Error: IKE-Error 0x2027"

Note:The configuration procedure and notes on functions given in this guide refer to the latest FRITZ!OS for your FRITZ!Box.

Simply proceed as described below. After each measure, check whether the issue persists.

1 Checking whether a public IP address was obtained

You can only establish a VPN connection between two FRITZ!Boxes if at least one of the two FRITZ!Boxes is assigned an IPv4 address from the public address range by the corresponding Internet service provider when it establishes an Internet connection:

Important:If both of the FRITZ!Boxes are used on Internet connections that use DS-Lite ("Dual-Stack Lite"), you cannot establish a VPN connection. When DS-Lite is active, the status "IPv4 over DS Lite" is displayed under "Connections" on the "Overview" page of the FRITZ!Box user interface.

  • Check the address range of the IPv4 address that the FRITZ!Boxes obtained from the Internet service provider.
    • If at least one of the FRITZ!Boxes obtained an IPv4 address from the public address range:
      • Proceed with the following section.
    • If both of the FRITZ!Boxes obtained an IPv4 address from the private address range:
      • You cannot establish VPN connections between both of the FRITZ!Box.

2 Permanently maintaining the Internet connection of the remote FRITZ!Box

To ensure that the remote FRITZ!Box you want to establish the VPN connection to is always ready to accept connections, configure it so that it permanently maintains the Internet connection:

  1. Click "Internet" in the user interface of the remote FRITZ!Box.
  2. Click "Account Information" or "Type of Connection" in the "Internet" menu.
  3. Enable the option "Maintain Internet connection permanently" or "Maintain permanently (recommended for flat rates)".

    Important:If these options are not available, then the FRITZ!Box already remains permanently connected to the Internet.

  4. Click "Apply" to save your settings.

3 Checking the Internet connection of the remote FRITZ!Box

  1. Open the user interface of the remote FRITZ!Box.

    Note:The remote FRITZ!Box is the FRITZ!Box you would like to establish the VPN connection to.

  2. Click "Event Log" in the "System" menu.
  3. Click on the "Internet Connection" tab.
  4. Check for any errors (for example "DSL not responding" or "PPPoE error") that occurred when you attempted to establish a VPN connection.
    • If error messages are displayed:
      • Resolve the problems with the remote FRITZ!Box's Internet connection in order to resolve the VPN connection issues. If necessary, consult your Internet service provider.

4 Checking the dynamic DNS status of the remote FRITZ!Box

If the VPN connection occasionally cannot be established, then there may be an issue with the dynamic DNS service or MyFRITZ!. Therefore, check whether the remote FRITZ!Box is successfully logged into the dynamic DNS service or MyFRITZ! when you attempt to establish the VPN connection:

Note:The remote FRITZ!Box is the FRITZ!Box you would like to establish the VPN connection to.

  1. Click "Internet" in the FRITZ!Box user interface.
  2. Click "Online Monitor" in the "Internet" menu.
  3. Check whether the status "logged on successfully" is displayed for dynamic DNS or MyFRITZ!'s status is active.
    • If the status "logged on successfully" is displayed for dynamic DNS or MyFRITZ!'s status is active:
      • Proceed with the following section.
    • If the status "logged on successfully" is not displayed for dynamic DNS or MyFRITZ!'s status is not active:
      • Wait until the technical issues have been resolved and try to establish the VPN connection at a later point in time. In case of a permanent error, reconfigure the dynamic DNS account or MyFRITZ! account, or consult the dynamic DNS provider.

5 Attempting to connect to the remote network at a later time

This section only applies if the VPN connection occasionally cannot be established and the message "IKE-Error 0x2020" is displayed in the event log of one of the FRITZ!Boxes:

When one of the FRITZ!Boxes is working at high capacity while attempting to establish a VPN connection (for example when copying large volumes of data to FRITZ!NAS), an error may occur when synchronizing the VPN passwords (preshared keys). In this case the VPN connection cannot be established.

In this case, try accessing the shared files or services in the remote FRITZ!Box network at a later point in time. The VPN connection is automatically re-established whenever a query is sent from the network of one FRITZ!Box to a network device in the network of the other FRITZ!Box.

6 Deleting VPN connections and reconfiguring them

If the VPN connection cannot be established at all, the VPN settings in one or both FRITZ!Boxes are incorrect. Therefore, reconfigure the VPN connection:

  1. Delete the VPN connection in the user interface of both FRITZ!Boxes.
  2. Reconfigure the VPN connection between both of the FRITZ!Box networks.

    Important:If MyFRITZ! and dynamic DNS are both configured in the FRITZ!Box, then the MyFRITZ! domain name must be used for the VPN connection. A fixed IP address can only be used as the "web address" if neither MyFRITZ! nor dynamic DNS is configured in the FRITZ!Box.