Configure a VPN connection between a FRITZ!Box and a company VPN

You can configure a VPN connection that connects a FRITZ!Box with a VPN server. When you connect your FRITZ!Box at home with the VPN server at your company's premises, then you can access devices and services in the company network from your home network. It is not possible to access devices in your home network from the company network.

Example scenario in this guide

You want to connect your FRITZ!Box home network with the VPN server of the company network via VPN.

VPN standards and algorithms supported in the FRITZ!Box

The FRITZ!Box supports VPN connections according to the the IPSec standard with ESP, IKEv1, and pre-shared keys.

Authentication Header (AH) and Perfect Forward Security (PFS) are not supported.

Supported IPSec algorithms for IKE phase 1:

  • Encryption methods:
    • AES with 256 bits, 192 bits, 128 bits
    • Triple DES with 168 bits
    • DES with 56 bits
  • Hash algorithm:
    • SHA2-512
    • SHA-1
    • MD5-96
  • Key agreement:
    • initial Diffie-Hellman 1024 bits (DH group 2), thereafter also 768 bits (DH group 1), 1536 bits (DH group 5), 20148 bits (DH group 14) and 3072 bits (DH group 15)

Supported IPSec algorithms for IKE phase 2:

  • Encryption methods:
    • AES with 256 bits, 192 bits, 128 bits
    • Triple DES with 168 bits
    • DES with 56 bits
  • Hash algorithm:
    • SHA2-512
    • SHA-1
    • MD5-96
  • Key agreement:
    • The Diffie-Hellman group is determined by IKE phase 1
  • Compression:
    • none
    • LZJH
    • deflate

Setting up a VPN connection in the VPN server

Have the administrator of the VPN server in your company set up a VPN client connection for the FRITZ!Box. The VPN standards and algorithms supported in the FRITZ!Box must be used in the settings of the VPN client connection.

For configuration of the VPN connection in the FRITZ!Box, the administrator must provide with the values for the following VPN parameters:

  • Domain name of the VPN server
  • IP address of the company network
  • VPN user name of the VPN connection in the VPN server (IPsec ID, Key ID)
  • VPN password (shared key) of the VPN connection in the VPN server
  • If the VPN server uses XAUTH:
    • XAUTH user name
    • XAUTH password

Example values used in this guide

The following example values are used below in this guide:

For your own VPN configuration, replace the example values with the actual values in your scenario.

VPN ParametersExample value
Domain name of the VPN server sec.meinedomain.de
IP address of the company network 172.16.0.0 (subnet mask: 255.255.255.0)

VPN user name of the VPN connection in the VPN server

(IPSec ID, Key ID)

 John Smith
Pre-shared key of the VPN connection in the VPN server Zj7hPCouK65IrPU4
XAUTH user name John Doe
XAUTH password 23Km37Bll89

Establishing a VPN Connection

If you enabled the option "Hold VPN connection permanently" in the FRITZ!Box, then the FRITZ!Box maintains the VPN connection at all times and automatically establishes the connection again if the VPN server clears the connection.

If you did not enable the option "Hold VPN connection permanently", the FRITZ!Box automatically establishes the VPN connection when the company's network is accessed. After an hour of inactivity, the FRITZ!Box clears the VPN connection again.