Recommend:
To the knowledge base
Knowledge document #342

IP communication over a VPN connection (LAN-LAN) is not possible

Although the VPN connection between two FRITZ!Boxes (LAN-LAN linkup) is established, computers and other devices in the network of one of the FRITZ!Boxes cannot access devices, shared files and printers or other services in the network of the other FRITZ!Box. Devices in the remote network do not respond to pings.

Simply proceed as described below. After each measure, check whether the problem is solved.

Note:All instructions on configuration and settings given in this guide refer to the latest FRITZ!OS for the FRITZ!Box.

1 Deleting static IP routes

If static IP routes are set up in the FRITZ!Boxes that point to the IP network of the other FRITZ!Box, reliable VPN communication is not possible.

Delete such static IP routes in both of the FRITZ!Boxes:

  1. Click "Home Network" in the FRITZ!Box user interface.
  2. Click "Network" in the "Home Network" menu.
  3. Click on the "Network Settings" tab.
  4. Click "Additional Settings" in the section "WAN setting" or "LAN Settings" to display all of the settings.
  5. Click the "IPv4 Routes" button.
  6. In the table, disable or delete all entries where the IP network of the remote FRITZ!Box is entered in the "Network" column.

    Example:
    The remote FRITZ!Box uses the IP address 192.168.10.1 with the subnet mask 255.255.255.0. This means that no static route may be active for the IP network 192.168.10.0.

  7. Click "Apply" to save the settings.

2 Restarting the FRITZ!Box

You may be temporarily unable to correctly establish the VPN connection due to an error in the FRITZ!Box or its internet connection. Therefore, restart the FRITZ!Box so that it reinitializes the firewall and re-establishes the internet connection:

  1. Click "System" in the FRITZ!Box user interface.
  2. Click "Backup" in the "System" menu.
  3. Click on the "Restart" tab.
  4. Click the "Restart" button.

3 Configuring the device to automatically obtain IP settings

To ensure that the device always uses the correct IP settings, make sure that it automatically obtains its IP settings from the FRITZ!Box (this is the default setting for most devices):

4 Configuring the device's firewall

  1. If a firewall is installed on the device, configure it so that it does not block communication with the IP network of the remote FRITZ!Box (for example 192.168.20.0). Refer to the manufacturer of the firewall for information on how to set it up, for example consult the manual.

5 Deleting a VPN connection and reconfiguring it

If IP communication over the VPN connection is still not possible, then the VPN connection is configured incorrectly, for example the IP address of the remote FRITZ!Box (xxx.xxx.xxx.1) was entered instead of its IP network (xxx.xxx.xxx.0). Therefore, reconfigure the VPN connection:

  1. Delete the VPN connection in the user interface of both of the FRITZ!Boxes.
  2. Either use IPSec or WireGuard to reconfigure the VPN connection between the two FRITZ!Boxes.