FRITZ!Box 6590 Cable Service - Knowledge Base

FRITZ!Box 6590 Cable Service

Cannot establish a VPN connection between two FRITZ!Box networks

The VPN connection between two FRITZ!Box networks cannot be established. One of the following error messages may be displayed in the event log of the FRITZ!Box attempting to establish the VPN connection:

  • "IKE-Error 0x1c"
  • "IKE-Error 0x2005"
  • "IKE-Error 0x2020"
  • "IKE-Error 0x2027"

Note:All instructions on configuration and settings given in this guide refer to the latest FRITZ!OS for the FRITZ!Box.

Simply proceed as described below. After each measure, check whether the problem is solved.

1 Public IP address required for access

You can only establish a VPN connection between two FRITZ!Boxes if at least one of the two FRITZ!Boxes obtains a public IPv4 address from the corresponding internet service provider when it establishes an internet connection.

If both of the FRITZ!Boxes obtain private IPv4 addresses, you cannot establish VPN connections.

You can find out whether the FRITZ!Box obtained a public or private IPv4 address by following the steps in our guide Identifying the address range of the IPv4 address for the internet connection.

2 Permanently maintaining the internet connection of the remote FRITZ!Box

To ensure that the remote FRITZ!Box is always reachable, configure it so that it permanently maintains the internet connection:

  1. Open the user interface of the FRITZ!Box you want to establish the VPN connection to.
  2. Click "Internet" and then "Type of Connection" or "Account Information".
  3. Enable the option "Maintain internet connection permanently" or "Maintain permanently (recommended for flat rates)". If the option is not shown, the FRITZ!Box is already permanently connected to the internet.
  4. Click "Apply" to save the settings.

3 Checking the internet connection of the remote FRITZ!Box

  1. Open the user interface of the FRITZ!Box you want to establish the VPN connection to.
  2. Click "System" and then "Event Log".
  3. Click on the "Internet Connection" tab.
  4. If you find error messages such as "DSL not responding" or "PPPoE error" that correspond to your attempts to establish a VPN connection, resolve the problems with the remote FRITZ!Box's internet connection. If necessary, consult your internet service provider.

4 Checking the dynamic DNS status of the remote FRITZ!Box

If the VPN connection occasionally cannot be established, there may be an issue with the MyFRITZ! or dynamic DNS service. Therefore, check whether the FRITZ!Box to which the VPN connection should be established is successfully logged into the MyFRITZ! or the dynamic DNS service when you attempt to establish the VPN connection:

  1. Click "Internet" in the FRITZ!Box user interface.
  2. Click "Online Monitor" in the "Internet" menu.
  3. If MyFRITZ! is enabled or dynamic DNS is "logged on successfully", continue with the next section.
    • If MyFRITZ! is not enabled or "logged on successfully" is not displayed for dynamic DNS, wait until the technical issues have been resolved and try to establish the VPN connection at a later time. If there is a permanent error, reconfigure the MyFRITZ! or dynamic DNS account, or refer to the corresponding provider.

5 Correcting the internet address of the remote FRITZ!Box

  1. Click "Internet" in the FRITZ!Box user interface.
  2. Click "Permit Access" in the "Internet" menu.
  3. Click on the "VPN" tab.
  4. Click the button (Edit) next to the respective VPN connection.
  5. Enter the complete internet address of the remote FRITZ!Box in the "Internet address" field:
    1. If you use MyFRITZ!, enter the MyFRITZ! domain name of the remote FRITZ!Box (kw23qbmnj31x5aw75.myfritz.net). "https://" and the port number do not belong to the MyFRITZ! domain name.
    2. If you use a different DynDNS provider, a MyFRITZ! account may not be configured in the remote FRITZ!Box.
    3. If you use a fixed IP address, neither a MyFRITZ! account nor dynamic DNS may be configured in the remote FRITZ!Box.
  6. Click "OK" to save the settings and confirm that the procedure may be executed on the FRITZ!Box, if asked to do so.

6 Correcting the VPN settings

If only one of the FRITZ!Boxes has a public IP address, the option "Hold VPN connection permanently" can only be enabled in the FRITZ!Box with the private IP address:

Adjusting the VPN settings in the FRITZ!Box with a public IP address

  1. Open the user interface of the FRITZ!Box with a public IP address.
  2. Click "Internet" and then "Permit Access".
  3. Click on the "VPN" tab.
  4. Click the button (Edit) next to the respective VPN connection.
  5. Disable the option "Hold VPN connection permanently".
  6. In the field "VPN password (pre-shared key)", enter the password required to establish the VPN connection.
  7. Click "OK" to save the settings and confirm that the procedure may be executed on the FRITZ!Box, if asked to do so.

Adjusting the VPN settings in the FRITZ!Box with a private IP address

  1. Open the user interface of the FRITZ!Box that does not have a public IP address.
  2. Click "Internet" and then "Permit Access".
  3. Click on the "VPN" tab.
  4. Click the button (Edit) next to the respective VPN connection.
  5. Enable the option "Hold VPN connection permanently".
  6. In the field "VPN password (pre-shared key)", enter the password required to establish the VPN connection.
  7. Click "OK" to save the settings and confirm that the procedure may be executed on the FRITZ!Box, if asked to do so.

7 Attempting to connect to the remote network at a later time

This section only applies if the VPN connection occasionally cannot be established and the message "IKE-Error 0x2020" is displayed in the event log of one of the FRITZ!Boxes:

When one of the FRITZ!Boxes is working at high capacity while attempting to establish a VPN connection (for example when copying large volumes of data to FRITZ!NAS), an error may occur when synchronizing the VPN passwords (preshared keys). In this case the VPN connection cannot be established.

In this case, try accessing the shared files or services in the remote FRITZ!Box network at a later time. The VPN connection is automatically reestablished whenever a query is sent from the network of one FRITZ!Box to a device in the network of the other FRITZ!Box.

8 Deleting VPN connections and reconfiguring them

If the VPN connection cannot be established at all, the VPN settings in one or both of the FRITZ!Boxes are incorrect. Therefore, reconfigure the VPN connection:

  1. Delete the VPN connection in the user interface of both of the FRITZ!Boxes.
  2. Reconfigure the VPN connection between both of the FRITZ!Box networks.