Configuring a VPN Connection between Two FRITZ!Box Home Networks
With a VPN connection you can link together two FRITZ!Box home networks at different locations. An encrypted VPN tunnel is established over the internet. Through the tunnel, direct access is possible to shared devices and services in the other network.
Example Scenario in this Guide
A small company has branch offices in two towns. They want to connect the FRITZ!Box networks of the two branch offices with each other over VPN. In the instructions below, the FRITZ!Box devices are referred to as "box-berlin" and "box-hamburg".
Example Values Used in this Guide
The following example values are used below in this guide.
For your own VPN configuration, replace the example values with the actual values in your scenario.
box-berlin
VPN Parameters | Example Value |
---|---|
MyFRITZ! domain name | pi80ewgfi72d2os42.myfritz.net |
IP network | 192.168.10.0 (subnet mask: 255.255.255.0) |
box-hamburg
VPN Parameters | Example Value |
---|---|
MyFRITZ! domain name | kw23qbmnj31x5aw75.myfritz.net |
IP network | 192.168.20.0 (subnet mask: 255.255.255.0) |
VPN password (pre-shared key):
159PrM131719
Prerequisite: Public IPv4 address
At least one FRITZ!Box must obtain a public IPv4 address from the internet service provider.
Check whether at least one FRITZ!Box obtains a public IPv4 address: Determining the Public IPv4 Address of the FRITZ!Box.
Making FRITZ!Box Accessible with Changing Public IPv4 Address
For VPN connections, it must be possible to reach your FRITZ!Box from the internet at all times. If the FRITZ!Box obtains its public IPv4 address from the internet provider, then the IPv4 address will generally change with each assignment.
With the MyFRITZ! service or another dynamic DNS service, the FRITZ!Box can always be reached from the internet, even when the public IPv4 address changes.
Using MyFRITZ!
box-berlin:
- Open the user interface of box-berlin.
- Click on "Internet" and then on "MyFRITZ! Account".
- Register the box-berlin with a MyFRITZ! account. Create a new MyFRITZ! account or use an existing MyFRITZ! account: Creating a New MyFRITZ! Account And Registering a FRITZ!Box.
- Determine the MyFRITZ! domain name for box-berlin: Determining MyFRITZ! Domain Name.
box-hamburg:
- Open the user interface of box-hamburg.
- Click on "Internet" and then on "MyFRITZ! Account".
- Register the box-hamburg with the same MyFRITZ! account where you registered the box-berlin: Registering FRITZ!Box with a MyFRITZ! Account.
- Determine the MyFRITZ! domain name for box-hamburg: Determining MyFRITZ! Domain Name.
If you want to use MyFRITZ!, then create a MyFRITZ! account or use an existing MyFRITZ! account. Register the FRITZ!Box with the MyFRITZ! account. Upon registration, the FRITZ!Box receives a MyFRITZ! domain name. Determine the MyFRITZ! domain name.
Note:You can also register box-hamburg with a different MyFRITZ! account.
Example Values for the MyFRITZ! Domain Names
In this guide, the following example values are for the MyFRITZ! domain names. Replace these example values with the MyFRITZ! domain names you determined.
FRITZ!Box Device | Example Value for MyFRITZ! Domain Name |
---|---|
box-berlin | pi80ewgfi72d2os42.myfritz.net |
box-hamburg | kw23qbmnj31x5aw75.myfritz.net |
Using Another Dynamic DNS Service
Instead of MyFRITZ! you can use a different dynamic DNS service.
Adjusting the IPv4 Networks on the Ends of the VPN Connection
Both ends of a VPN connection must have IPv4 addresses in different IPv4 networks. Only then is VPN communication possible.
Note:Upon delivery, every FRITZ!Box uses the IPv4 network 192.168.178.0.
Change the IPv4 address in box-berlin and in box-hamburg. The following example values are used below in this guide. You can use these example values or replace them with other values (private IPv4 addresses).
FRITZ!Box Device | Address of the IPv4 Network |
---|---|
box-berlin | 192.168.10.0 (subnet mask: 255.255.255.0) |
box-hamburg | 192.168.20.0 (subnet mask: 255.255.255.0) |
box-berlin:
Change the IPv4 address in box-berlin. Enter the value 192.168.10.0. Enter the subnet mask 255.255.255.0. Changing the IPv4 Network in the FRITZ!Box
box-hamburg:
Change the IPv4 address in box-hamburg. Enter the value 192.168.20.0. Enter the subnet mask 255.255.255.0. Changing the IPv4 Network in the FRITZ!Box
Configuring a VPN Connection in box-berlin
- Click on "Internet" in the user interface of box-berlin.
- Click on "Permit Access" in the "Internet" menu.
- Click on the "VPN" tab.
- Click on the "Add VPN Connection" button.
- Select "Connect your home network with another FRITZ!Box network (LAN-LAN linkup)" and click on "Next".
- Enter the secret word required to establish the VPN connection (secret) in the field "VPN password (pre-shared key)". Use numerals and letters, and combine capitals and lower-case letters. Example value: 159PrM131719
- Enter a name for the VPN connection in the "Name of the VPN connection" field. The VPN connection will be displayed with this name in the overview.
- Enter the MyFRITZ! domain name of box-hamburg in the "Web address of the remote site" field. Example value: kw23qbmnj31x5aw75.myfritz.net
Note:The value in the "Web address of the remote site" field in box-berlin must be the same as the value in the "Web address of this FRITZ!Box" field in box-hamburg.
- Change the entry in the "Web address of this FRITZ!Box" field if you want to use a different address:
- If box-berlin is registered with a MyFRITZ! account, the MyFRITZ! domain name is displayed here. If box-berlin is also registered with another dynamic DNS service, and you want to use the dynamic domain name of the other service, then enter the other name here.
Note:The value in the "Web address of this FRITZ!Box" field in box-berlin must be the same as the value in the "Web address of the remote site" field in box-hamburg.
- If box-berlin is registered with a MyFRITZ! account, the MyFRITZ! domain name is displayed here. If box-berlin is also registered with another dynamic DNS service, and you want to use the dynamic domain name of the other service, then enter the other name here.
- Enter the IP network of box-hamburg in the "Remote network" field. Example value: 192.168.20.0
- In the "Subnet mask" field, enter the subnet mask that corresponds to the IP network of box-hamburg. Example value: 255.255.255.0
- Enable the option "Hold VPN connection permanently" if box-hamburg has a public IPv4 address and you want to maintain the VPN connection at all times.
- If file and printer sharing in the home network of box-hamburg are to be accessible to the home network of box-berlin, then click on "Advanced Settings for Network Traffic" and enable the setting "Allow NetBIOS over this connection".
- Click on "OK".
- If you are prompted to confirm the application of this setting on the FRITZ!Box, then confirm it as described in the prompt. The internet connection will be cleared briefly and then re-established right away.
Configuring a VPN Connection in box-hamburg
- Click on "Internet" in the user interface of box-hamburg.
- Click on "Permit Access" in the "Internet" menu.
- Click on the "VPN" tab.
- Click on the "Add VPN Connection" button.
- Select "Connect your home network with another FRITZ!Box network (LAN-LAN linkup)" and click on "Next".
- Enter the secret word required to establish the VPN connection (secret) in the field "VPN password (pre-shared key)". Use numerals and letters, and combine capitals and lower-case letters. Example value: 159PrM131719
- Enter a name for the VPN connection in the "Name of the VPN connection" field. The VPN connection will be displayed with this name in the overview.
- Enter the MyFRITZ! domain name of box-berlin in the "Web address of the remote site" field. Example value: pi80ewgfi72d2os42.myfritz.net
Note:The value in the "Web address of the remote site" field in box-hamburg must be the same as the value in the "Web address of this FRITZ!Box" field in box-berlin.
- Change the entry in the "Web address of this FRITZ!Box" field if you want to use a different address:
- If box-hamburg is registered with a MyFRITZ! account, the MyFRITZ! domain name is displayed here. If box-hamburg is also registered with another dynamic DNS service, and you want to use the dynamic domain name of the other service, then enter the other name here.
Note:The value in the "Web address of this FRITZ!Box" field in box-hamburg must be the same as the value in the "Web address of the remote site" field in box-berlin.
- If box-hamburg is registered with a MyFRITZ! account, the MyFRITZ! domain name is displayed here. If box-hamburg is also registered with another dynamic DNS service, and you want to use the dynamic domain name of the other service, then enter the other name here.
- Enter the IP network of box-berlin in the "Remote network" field. Example value: 192.168.10.0
- In the "Subnet mask" field, enter the subnet mask that corresponds to the IP network of box-berlin. Example value: 255.255.255.0
- Enable the option "Hold VPN connection permanently" if box-berlin has a public IPv4 address and you want to maintain the VPN connection at all times.
- If file and printer sharing in the home network of box-berlin are to be accessible to the home network of box-hamburg, then click on "Advanced Settings for Network Traffic" and enable the setting "Allow NetBIOS over this connection".
- Click on "OK".
- If you are prompted to confirm the application of this setting on the FRITZ!Box, then confirm it as described in the prompt. The internet connection will be cleared briefly and then re-established right away.
Establishing a VPN Connection
If you enabled the option "Hold VPN connection permanently" in the VPN settings, then the VPN connection will remain established.
If the option "Hold VPN connection permanently" is not enabled, then the VPN connection is automatically established whenever a user in one network accesses the other network. After an hour of inactivity, the VPN connection is cleared.