Example Scenario in this Guide

A small company has branch offices in two towns. They want to connect the FRITZ!Box networks of the two branch offices with each other over VPN. In the instructions below, the FRITZ!Box devices are referred to as "box-berlin" and "box-hamburg".

Example Values Used in this Guide

The following example values are used below in this guide.

For your own VPN configuration, replace the example values with the actual values in your scenario.

box-berlin

box-hamburg

VPN password (pre-shared key):

159PrM131719

Prerequisite: Public IPv4 address

At least one FRITZ!Box must obtain a public IPv4 address from the internet service provider.

Check whether at least one FRITZ!Box obtains a public IPv4 address: Determining the Public IPv4 Address of the FRITZ!Box.

Making FRITZ!Box Accessible with Changing Public IPv4 Address

For VPN connections, it must be possible to reach your FRITZ!Box from the internet at all times. If the FRITZ!Box obtains its public IPv4 address from the internet provider, then the IPv4 address will generally change with each assignment.

With the MyFRITZ! service or another dynamic DNS service, the FRITZ!Box can always be reached from the internet, even when the public IPv4 address changes.

Using MyFRITZ!

box-berlin:

1. Open the user interface of box-berlin.
2. Click on "Internet" and then on "MyFRITZ! Account".
3. Register the box-berlin with a MyFRITZ! account. Create a new MyFRITZ! account or use an existing MyFRITZ! account: Creating a New MyFRITZ! Account And Registering a FRITZ!Box.
4. Determine the MyFRITZ! domain name for box-berlin: Determining MyFRITZ! Domain Name.

box-hamburg:

1. Open the user interface of box-hamburg.
2. Click on "Internet" and then on "MyFRITZ! Account".
3. Register the box-hamburg with the same MyFRITZ! account where you registered the box-berlin: Registering FRITZ!Box with a MyFRITZ! Account.
4. Determine the MyFRITZ! domain name for box-hamburg: Determining MyFRITZ! Domain Name.

If you want to use MyFRITZ!, then create a MyFRITZ! account or use an existing MyFRITZ! account. Register the FRITZ!Box with the MyFRITZ! account. Upon registration, the FRITZ!Box receives a MyFRITZ! domain name. Determine the MyFRITZ! domain name.

Note:You can also register box-hamburg with a different MyFRITZ! account.

Example Values for the MyFRITZ! Domain Names

In this guide, the following example values are for the MyFRITZ! domain names. Replace these example values with the MyFRITZ! domain names you determined.

Using Another Dynamic DNS Service

Instead of MyFRITZ! you can use a different dynamic DNS service.

Setting Up Dynamic DNS

Determining the Dynamic DNS Domain Name

Note:If the FRITZ!Box is registered with a MyFRITZ! account, the FRITZ!Box will automatically use the MyFRITZ! service. If you would like to use a different dynamic DNS service for the FRITZ!Box than MyFRITZ!, then disable MyFRITZ! in the FRITZ!Box before setting up the VPN connection. Disable the MyFRITZ! account in the FRITZ!Box user interface under "Internet / MyFRITZ! Account".

Adjusting the IPv4 Networks on the Ends of the VPN Connection

Both ends of a VPN connection must have IPv4 addresses in different IPv4 networks. Only then is VPN communication possible.

Note:Upon delivery, every FRITZ!Box uses the IPv4 network 192.168.178.0.

Change the IPv4 address in box-berlin and in box-hamburg. The following example values are used below in this guide. You can use these example values or replace them with other values (private IPv4 addresses).

box-berlin:

Change the IPv4 address in box-berlin. Enter the value 192.168.10.0. Enter the subnet mask 255.255.255.0. Changing the IPv4 Network in the FRITZ!Box

box-hamburg:

Change the IPv4 address in box-hamburg. Enter the value 192.168.20.0. Enter the subnet mask 255.255.255.0. Changing the IPv4 Network in the FRITZ!Box

Configuring a VPN Connection in box-berlin

1. Click on "Internet" in the user interface of box-berlin.
2. Click on "Permit Access" in the "Internet" menu.
3. Click the "VPN" tab.
4. Click the "Add VPN Connection" button.
5. Select "Connect your home network with another FRITZ!Box network (LAN-LAN linkup)" and click on "Next".
6. Enter the secret word required to establish the VPN connection (secret) in the field "VPN password (pre-shared key)". Use numerals and letters, and combine capitals and lower-case letters. Example value: 159PrM131719
7. Enter a name for the VPN connection in the "Name of the VPN connection" field. The VPN connection will be displayed with this name in the overview.
8. Enter the MyFRITZ! domain name of box-hamburg in the "Web address" field. Example value: kw23qbmnj31x5aw75.myfritz.net
9. Enter the IP network of box-hamburg in the "Remote network" field. Example value: 192.168.20.0
10. In the "Subnet mask" field, enter the subnet mask that corresponds to the IP network of box-hamburg. Example value: 255.255.255.0
11. Enable the option "Hold VPN connection permanently" if box-hamburg has a public IPv4 address and you want to maintain the VPN connection at all times.
12. Click on "OK".
13. If you are prompted to confirm the application of this setting on the FRITZ!Box, then confirm it as described in the prompt. The internet connection will be cleared briefly and then re-established right away.

Configuring a VPN Connection in box-hamburg

1. Click on "Internet" in the user interface of box-hamburg.
2. Click on "Permit Access" in the "Internet" menu.
3. Click on the "VPN" tab.
4. Click on the "Add a VPN connection" button.
5. Select "Connect your home network with another FRITZ!Box network (LAN-LAN linkup)" and click on "Next".
6. Enter the secret word required to establish the VPN connection (secret) in the field "VPN password (pre-shared key)". Use numerals and letters, and combine capitals and lower-case letters. Example value: 159PrM131719
7. Enter a name for the VPN connection in the "Name of the VPN connection" field. The VPN connection will be displayed with this name in the overview.
8. Enter the MyFRITZ! domain name of box-berlin in the "Web address" field. Example value: pi80ewgfi72d2os42.myfritz.net
9. Enter the IP network of box-berlin in the "Remote network" field. Example value: 192.168.10.0
10. In the "Subnet mask" field, enter the subnet mask that corresponds to the IP network of box-berlin. Example value: 255.255.255.0
11. Enable the option "Hold VPN connection permanently" if box-berlin has a public IPv4 address and you want to maintain the VPN connection at all times.
12. Click on "OK".
13. If you are prompted to confirm the application of this setting on the FRITZ!Box, then confirm it as described in the prompt. The internet connection will be cleared briefly and then re-established right away.

Disabling the NetBIOS filter

To make shared files and printers in the home network of the other FRITZ!Box accessible from the home network of every FRITZ!Box, the NetBIOS filter must be disabled in every FRITZ!Box.

Disable the NetBIOS filter in a FRITZ!Box only if shared files and printers in the home network of the FRITZ!Box are to be accessed from the home network of the other FRITZ!_Box.

Disable NetBIOS filter in the FRITZ!Box:

1. Switch on the advanced view in the FRITZ!Box user interface: Standard View and Advanced View.
2. Click in the user interface on "Internet" and then on "Filters".
3. Click on the "Lists" tab.
4. Disable the "NetBIOS filter enabled" setting.
5. Click on "Apply".

Establishing a VPN Connection

If you enabled the option "Hold VPN connection permanently" in the VPN settings, then the VPN connection will remain established.

If the option "Hold VPN connection permanently" is not enabled, then the VPN connection is automatically established whenever a user in one network accesses the other network. After an hour of inactivity, the VPN connection is cleared.