FRITZ!Box 7430 Service - Knowledge Base

FRITZ!Box 7430 Service

Connecting the FRITZ!Box with a company's VPN

VPN (Virtual Private Network) allows you to use your FRITZ!Box to establish a secure connection over the Internet to your company's VPN server; you can then access devices and services in the company's network from your home network. It is not possible to access devices in your home network from the company network.

Example values used in this guide

In this guide we show you how to connect a FRITZ!Box as a VPN client to a VPN server. When you set up your connection, replace the values used in this example with actual ones.

  • The VPN server's Internet address (domain name):
    sec.mydomain.com
  • IP network of the company's VPN:
    172.16.0.0 (subnet mask: 255.255.0.0)
  • VPN user name (IPsec ID, Key ID) of the VPN connection in the VPN server:
    John Smith
  • Preshared key of the VPN connection in the VPN Server:
    Zj7hPCouK65IrPU4

Requirements / Restrictions

  • The FRITZ!Box supports VPN connections according to the the IPSec standard with ESP, IKEv1, and preshared keys. Authentication Header (AH) and Perfect Forward Security (PFS) are not supported.
  • Supported IPSec algorithms for IKE phase 1:
    • Encryption method: AES with 256, 192, 128 bit, Triple DES with 168 bit or DES with 56 bit
    • Hash algorithms: SHA1 or MD5-96
    • The FRITZ!Box uses 1024 bit Diffie-Hellman initial key exchange (DH group 2). It then also accepts 768, 1536, 2048 and 3072 bit (DH groups 1, 5, 14, and 15).
  • Supported IPSec algorithms for IKE phase 2:
    • Encryption method: AES with 256, 192, 128 bit, Triple DES with 168 bit or DES with 56 bit
    • Hash algorithms: SHA1 or MD5-96
    • The Diffie-Hellman group is determined by IKE phase 1
    • Compression: none, LZJH, or deflate

Note:The configuration procedure and notes on functions given in this guide refer to the latest FRITZ!OS for your FRITZ!Box.

1 Setting up a VPN connection in the VPN server

  • Have the administrator of the VPN server in your company set up a VPN client connection for the FRITZ!Box. The IPSec algorithms given above must be used.

2 Setting up a VPN connection in the FRITZ!Box

  1. Click "Internet" in the FRITZ!Box user interface.
  2. Click "Permit Access" in the "Internet" menu.
  3. Click on the "VPN" tab.
  4. Click the "Add VPN Connection" button.
  5. Click "Connect this FRITZ!Box with a company's VPN" and then "Next".
  6. Enter the IPsec ID or Key ID of the VPN connection configured for the FRITZ!Box in the VPN server (John Smith) in the field "VPN user name (Key ID)".
  7. Enter the password for the VPN connection (Zj7hPCouK65IrPU4) in the field "VPN password (pre-shared key)".
  8. If the VPN server uses XAUTH, enable the option "Use XAUTH" and enter the XAUTH user name (John Doe) and the XAUTH password (secret) in the respective fields.
  9. Enter the VPN server's domain name or the fixed public IP address (sec.mydomain.com or 212.42.244.80 in the field "Web address".
  10. Enter the IP network of the company's VPN (172.16.0.0) in the "Remote network" field.
  11. Enter the subnet mask (255.255.0.0) that corresponds to the IP network of the company's VPN in the "Subnet mask" field.
  12. Enable the option "Hold VPN connection permanently" if you would like to maintain the VPN connection to the VPN server at all times.
  13. Click "OK" to save the settings.

3 Establishing a VPN connection

If you enabled the option "Hold VPN connection permanently" in the FRITZ!Box, then the FRITZ!Box maintains the VPN connection at all times and automatically establishes the connection again if the VPN server clears the connection.

If the option "Hold VPN connection permanently" is not enabled, then the VPN connection is automatically established whenever the FRITZ!Box home network accesses the company's network and it is cleared again whenever it has been inactive for one hour.

Note:Active VPN connections are displayed under "Internet > Permit Access > VPN" in the FRITZ!Box user interface.