Configuring a VPN Connection for Apple macOS

Prerequisite: macOS Version

The Apple computer has the version macOSĀ 10.6 or newer installed.

Prerequisite: Public IPv4 Address

The FRITZ!Box must obtain a public IPv4 address from the internet service provider.

Check whether FRITZ!Box obtains a public IPv4 address: Determining the Public IPv4 Address of the FRITZ!Box.

Making FRITZ!Box Accessible with Changing Public IPv4 Address

For VPN connections, it must be possible to reach your FRITZ!Box from the internet at all times. If the FRITZ!Box obtains its public IPv4 address from the internet provider, then the IPv4 address will generally change with each assignment.

With the MyFRITZ! service or another dynamic DNS service, the FRITZ!Box can always be reached from the internet, even when the public IPv4 address changes.

Using a MyFRITZ! Account

If you want to use MyFRITZ!, then create a MyFRITZ! account or use an existing MyFRITZ! account. Register the FRITZ!Box with the MyFRITZ! account. Upon registration, the FRITZ!Box receives a MyFRITZ! domain name. Determine the MyFRITZ! domain name.

Note:You can register multiple FRITZ!Boxes with a single MyFRITZ! account. Each FRITZ!Box receives its own MyFRITZ! domain name.

Creating a MyFRITZ! Account and Registering a FRITZ!Box

Determining the MyFRITZ! Domain Name

Using Another Dynamic DNS Service

Set up another dynamic DNS service.

Setting Up Dynamic DNS

Determining the Dynamic DNS Domain Name

Adjusting the IPv4 Networks on the Ends of the VPN Connection

Both ends of a VPN connection must have IPv4 addresses in different IPv4 networks. Only then is VPN communication possible.

Note:Upon delivery, every FRITZ!Box uses the IPv4 network 192.168.178.0.

When both ends of the VPN network have a FRITZ!Box used for internet access, then at least one of the FRITZ!Boxes must have an IPv4 network different from the factory settings.

  • When using mobile devices, it is not predictable which device will be used to connect the internet. Any public wireless network may have a FRITZ!Box behind it. Change the IPv4 network of the FRITZ!Box when you configure VPN connections for network devices.
  • When you configure a VPN connection for two FRITZ!Box networks, then change the IPv4 network in each FRITZ!Box.

Changing the IPv4 Network in the FRITZ!Box

Configuring a VPN Connection in the FRITZ!Box

  1. Click on "Internet" in the user interface of the FRITZ!Box.
  2. Click on "Permit Access".
  3. Select the "VPN" tab.
  4. Click on the "Add VPN Connection" button.
  5. Select "Configure VPN connection for one user" and click on "Next".

In the FRITZ!Box user interface you are now on the "System / FRITZ!Box Users / User" page.

Configuring VPN Rights for an Existing User

Proceed as follows to configure VPN rights for a user that is already configured:

  1. Select the user and then click on the button.
  2. Enable the setting "VPN" on the "User Account" page.
  3. Click on "Apply".
  4. If you are prompted to confirm the application of this setting, there are several ways you can do so:
    • with a telephone connected to the FRITZ!Box (DECT, ISDN, analog)
    • by pressing any button on the FRITZ!Box

Configuring a New User with VPN Rights

Proceed as follows to configure a new user with VPN rights:

  1. Click on the "Add User" button.
  2. Fill in the entry fields in the "User" area.
  3. Enable the "VPN" setting in the "Rights" area.
    • The other settings in the "Rights" area specify what the user is allowed to do in the user interface. These settings are not relevant for the VPN connection. The "Access from the internet allowed" setting specifies whether the user is allowed to access the user interface of the FRITZ!Box from the internet via a dynamic DNS server. This setting does not apply to the VPN connection.
  4. Click on "Apply".
  5. If you are prompted to confirm the application of this setting, there are several ways you can do so:
    • with a telephone connected to the FRITZ!Box (DECT, ISDN, analog)
    • by pressing any button on the FRITZ!Box

Configuring a VPN Connection on the Computer

These instructions tell you how to set up a VPN connection to the FRITZ!Box using macOS. If you have questions about VPN connections in macOS, contact Apple directly.

Set up the VPN connection on the computer with the VPN settings of the FRITZ!Box user.

Opening VPN Settings in the FRITZ!Box

  1. Click on "System" in the FRITZ!Box user interface.
  2. Click on "FRITZ!Box Users".
  3. Select the FRITZ!Box user and click on the button.
  4. Click on the "Show VPN Settings" link next to the "VPN" setting.

The VPN settings are displayed on a page in a separate browser window. You can print out this page.

Entering VPN Settings in the Computer with macOS and Connecting

  1. Open the "System Settings" in the Apple menu.
  2. Click on "Network" in the "System Preferences" menu.
  3. Click on the plus sign "+" below the list with the existing connections.
  4. Select the "VPN" entry from the "Interface" field.
  5. Select the "Cisco IPSec" entry from the "VPN Type" field.
  6. In the "Service Name" field, enter a name for the VPN connection (for instance, "FRITZ!Box VPN").
  7. Enter the DNS domain name in the "Server Address" field:
    • the MyFRITZ! domain name, if you use MyFRITZ!
    • the dynamic DNS domain name, if you use a different dynamic DNS service
  8. Enter the name of the FRITZ!Box user in the "User name" field.
  9. Enter the password of the FRITZ!Box user in the "Password" field.
  10. Click on "Authentication Settings ...".
  11. Enter the Shared Secret from the VPN settings in the "Key ("Shared Secret")" field.
  12. Enter the name of the FRITZ!Box user in the "Group name" field.
  13. Click on "OK" and then on "Connect".