VPN: Standards and Algorithms Supported in the FRITZ!Box

The FRITZ!Box supports VPN connections according to the the IPSec standard with ESP, IKEv1, and pre-shared keys.

Authentication Header (AH) and Perfect Forward Security (PFS) are not supported.

Supported IPSec algorithms for IKE phase 1:

  • Encryption methods:
    • AES with 256 bits, 192 bits, 128 bits
    • Triple DES with 168 bits
    • DES with 56 bits
  • Hash algorithm:
    • SHA2-512
    • SHA-1
    • MD5-96
  • Key agreement:
    • initial Diffie-Hellman 1024 bits (DH group 2), thereafter also 768 bits (DH group 1), 1536 bits (DH group 5), 20148 bits (DH group 14) and 3072 bits (DH group 15)

Supported IPSec algorithms for IKE phase 2:

  • Encryption methods:
    • AES with 256 bits, 192 bits, 128 bits
    • Triple DES with 168 bits
    • DES with 56 bits
  • Hash algorithm:
    • SHA2-512
    • SHA-1
    • MD5-96
  • Key agreement:
    • The Diffie-Hellman group is determined by IKE phase 1
  • Compression:
    • none
    • LZJH
    • deflate