Configure a VPN connection between a FRITZ!Box and a company VPN

You can configure a VPN connection that connects a FRITZ!Box with a VPN server. When you connect your FRITZ!Box at home with the VPN server at your company's premises, then you can access devices and services in the company network from your home network. It is not possible to access devices in your home network from the company network.

Example scenario in this guide

You want to connect your FRITZ!Box home network with the VPN server of the company network via VPN.

VPN standards and algorithms supported in the FRITZ!Box

The FRITZ!Box supports VPN connections according to the the IPSec standard with ESP, IKEv1, and pre-shared keys.

Authentication Header (AH) and Perfect Forward Security (PFS) are not supported.

Supported IPSec algorithms for IKE phase 1:

  • Encryption methods:
    • AES with 256 bits, 192 bits, 128 bits
    • Triple DES with 168 bits
    • DES with 56 bits
  • Hash algorithm:
    • SHA2-512
    • SHA-1
    • MD5-96
  • Key agreement:
    • initial Diffie-Hellman 1024 bits (DH group 2), thereafter also 768 bits (DH group 1), 1536 bits (DH group 5), 20148 bits (DH group 14) and 3072 bits (DH group 15)

Supported IPSec algorithms for IKE phase 2:

  • Encryption methods:
    • AES with 256 bits, 192 bits, 128 bits
    • Triple DES with 168 bits
    • DES with 56 bits
  • Hash algorithm:
    • SHA2-512
    • SHA-1
    • MD5-96
  • Key agreement:
    • The Diffie-Hellman group is determined by IKE phase 1
  • Compression:
    • none
    • LZJH
    • deflate

Setting up a VPN connection in the VPN server

Have the administrator of the VPN server in your company set up a VPN client connection for the FRITZ!Box. The VPN standards and algorithms supported in the FRITZ!Box must be used in the settings of the VPN client connection.

For configuration of the VPN connection in the FRITZ!Box, the administrator must provide with the values for the following VPN parameters:

  • Domain name of the VPN server
  • IP address of the company network
  • VPN user name of the VPN connection in the VPN server (IPsec ID, Key ID)
  • VPN password (shared key) of the VPN connection in the VPN server
  • If the VPN server uses XAUTH:
    • XAUTH user name
    • XAUTH password

Example values used in this guide

The following example values are used below in this guide:

For your own VPN configuration, replace the example values with the actual values in your scenario.

VPN ParametersExample value
Domain name of the VPN server sec.meinedomain.de
IP address of the company network 172.16.0.0 (subnet mask: 255.255.255.0)

VPN user name of the VPN connection in the VPN server

(IPSec ID, Key ID)

John Smith
Pre-shared key of the VPN connection in the VPN server Zj7hPCouK65IrPU4
XAUTH user name John Doe
XAUTH password 23Km37Bll89

Configuring a VPN Connection in the FRITZ!Box

  1. Click on "Internet" in the user interface of the FRITZ!Box.
  2. Click on "Permit Access" in the "Internet" menu.
  3. Click on the "VPN" tab.
  4. Click on the "Add a VPN connection" button.
  5. Click on "Connect this FRITZ!Box with a company's VPN" and then on "Next".
  6. In the "VPN User name (Key ID)" field, enter the VPN user name (IPSec ID, Key ID).Example value: John Smith
  7. Enter the password for the VPN connection in the "VPN password (pre-shared key)" field. Example value: Zj7hPCouK65IrPU4
  8. If the VPN server uses XAUTH, enable the "Use XAUTH" option and enter the XAUTH user name and the XAUTH password in the corresponding fields.
    • Example value for XAUTH user name: John Doe
    • Example value for XAUTH password: 23Km37Bll89
  9. Enter the VPN server's domain name or fixed public IP address in the "Web address of the remote site" field. Example value for domain name: sec.mydomain.com
  10. Enter the IP network of the company's VPN in the "Remote network" field. Example value: 172.16.0.0
  11. Enter in the "Subnet mask prefix" field the subnet mask that belongs to the company IP network. Example value: 255.255.0.0
  12. Enable the option "Hold VPN connection permanently" if you want to maintain the VPN connection to the VPN server at all times.
  13. If file and printer sharing in the corporate VPN are to be accessible to the home network of the FRITZ!Box, then click on "Advanced Settings for Network Traffic" and enable the setting "Allow NetBIOS over this connection".
  14. Click on "OK" to save the settings.
  15. If you are prompted to confirm the application of this setting on the FRITZ!Box, then confirm it as described in the prompt. The internet connection will be cleared briefly and then re-established right away.

Establishing a VPN Connection

If you enabled the option "Hold VPN connection permanently" in the FRITZ!Box, then the FRITZ!Box maintains the VPN connection at all times and automatically establishes the connection again if the VPN server clears the connection.

If you did not enable the option "Hold VPN connection permanently", the FRITZ!Box automatically establishes the VPN connection when the company's network is accessed. After an hour of inactivity, the FRITZ!Box clears the VPN connection again.