Recommend:
To the knowledge base

Using the Shrew Soft VPN Client to set up a VPN to the FRITZ!Box

You can use the Shrew Soft VPN Client software to establish a secure VPN (Virtual Private Network) connection over the internet from your Windows computer to your FRITZ!Box. This allows you to access your FRITZ!Box and devices in your home network with your computer even when you are away from home.

The standard edition of the Shrew Soft VPN Client is available as a free download for Windows 8 / 7 (64-bit and 32-bit) as well as for Linux and BSD. The VPN Client does not officially support Windows 10. However, according to our experience, the VPN Client can also be used in Windows 10.

Example values used in this guide

In this guide we show you how to connect a computer with Shrew Soft VPN Client 2.2.2 with the FRITZ!Box. When setting up the connection, replace the values used in this example with your actual values.

  • MyFRITZ! address of the FRITZ!Box:
    pi80ewgfi72d2os42.myfritz.net
  • Username of the FRITZ!Box user:
    John Smith
  • Password for the FRITZ!Box user:
    secret1234
  • Shared secret of the FRITZ!Box user:
    Zj7hPCouK65IrPU4

Requirements / Restrictions

Note:All instructions on configuration and settings given in this guide refer to the latest FRITZ!OS for the FRITZ!Box.

1 Preparations

Configuring MyFRITZ!

Register the FRITZ!Box with MyFRITZ! so that it can be reached on the internet at any time at a fixed MyFRITZ! address:

Setting up MyFRITZ!
  1. Click "Internet" in the FRITZ!Box user interface.
  2. Click on "MyFRITZ! Account" in the "Internet" menu.
  3. Enter your email address in the "Your email address" field.
  4. Click "Apply". Now MyFRITZ! sends you an email with the confirmation link to your FRITZ!Box.

    Important:If you do not receive an email, the email was classified as unsolicited advertising (spam). In this case, check the spam folder of your email inbox.

  5. Open the email you received from MyFRITZ!.
  6. Click the "Register Your FRITZ!Box" button in the email.

Adjusting the FRITZ!Box's IP network

Both ends of the VPN connection must have IP addresses in different IP networks. As soon as the computer is connected to a router (for example another FRITZ!Box) that uses the same IP network as your FRITZ!Box, VPN communication is no longer possible.

Note:All FRITZ!Boxes use the IP network 192.168.178.0 in the factory settings.

Set up an IP address to your FRITZ!Box that differs from the IP addresses of the routers you use to connect to the FRITZ!Box, for example 192.168.10.1 (subnet mask 255.255.255.0):

  1. Click "Home Network" in the FRITZ!Box user interface.
  2. Click "Network" in the "Home Network" menu.
  3. Click on the "Network Settings" tab.
  4. Click "Additional Settings" in the section "LAN Settings" to display all of the settings.
  5. Click the "IPv4 Settings" button.
  6. Enter the desired IP address and subnet mask.

    Important:Do not enter an IP address from the network 192.168.100.x. In compliance with DOCSIS, this network is reserved for the cable provider and may not be used in the FRITZ!Box.

  7. Click "OK" to save the settings and on the FRITZ!Box, confirm that the procedure may be executed, if you are asked to do so.

2 Setting up a VPN connection in the FRITZ!Box

Set up a separate user for each VPN connection in the FRITZ!Box:

  1. Click "System" in the FRITZ!Box user interface.
  2. Click "FRITZ!Box Users" in the "System" menu.
  3. Click the (Edit) button for the user who intends to connect to the FRITZ!Box via VPN or set up a new user for the VPN connection:
    1. Click the "Add User" button.
    2. Enter a name and password for the user in the corresponding fields.
  4. Enable the option "VPN".
  5. Click "Apply" to save the settings and on the FRITZ!Box, confirm that the procedure may be executed, if you are asked to do so.
  6. Now the FRITZ!Box sets up the VPN connection for the user and opens a window with the VPN settings of the user.

    Note:You can always call up the VPN settings again by clicking "Show VPN Settings" in the settings for the user under "System > FRITZ!Box Users".

3 Setting up a VPN connection in the Shrew Soft VPN Client

Set up the VPN connection in the Shrew Soft VPN Client using the VPN settings displayed in the FRITZ!Box user interface for the FRITZ!Box user:

  1. Start the Shrew Soft VPN Access Manager and click the "Add" button.
    • The "VPN Site Configuration" window opens.
  2. On the "General" tab, enter the MyFRITZ! address of the FRITZ!Box (pi80ewgfi72d2os42.myfritz.net) in the "Host Name or IP Address" field.
  3. Configure the following settings on the "Authentication" tab:
    1. Select "Mutual PSK + XAuth" from the drop-down list "Authentication Method".
    2. On the "Local Identity" tab, select "Key Identifier" from the drop-down list "Identification Type" and enter the username of the FRITZ!Box user (John Smith) in the "Key String ID" field.
    3. On the "Remote Identity" tab, select "IP Address" from the drop-down list "Identification Type".
    4. On the "Credentials" tab, enter the "shared secret" of the FRITZ!Box user (Zj7hPCouK65IrPU4) in the field "Pre Shared Key". The "shared secret" is displayed in the VPN settings of the user in the section "iPhone, iPad or iPod touch".
  4. If the entire data traffic - requests from the remote FRITZ!Box network as well as all web requests - should be forwarded over the VPN connection, click "Save" to save the settings. The configuration is now completed.
  5. If only requests to the remote FRITZ!Box network should be forwarded over the VPN connection and the local internet connection should still be used for web requests, configure the following settings:
    1. Click on the "Name Resolution" tab.
    2. Disable the option "Enable DNS" on the "DNS" tab.
    3. Disable the option "Enable WINS" on the "WINS" tab.
    4. Click on the "Policy" tab.
    5. Select "shared" from the drop-down list "Policy Generation Level".
    6. Disable the option "Obtain Topology Automatically or Tunnel All".
    7. Click the "Add" button.
      • The "Topology Entry" window opens.
    8. Select "Include" from the drop-down list "Type", enter the IP network of the FRITZ!Box (192.168.10.0) in the "Address" field and the corresponding subnet mask (255.255.255.0) in the "Netmask" field, and then click "OK".
    9. Click "Save" to save the settings and complete the configuration.

4 Establishing a VPN connection

  1. Start the Shrew Soft VPN Access Manager.
  2. Select the VPN connection in the VPN Access Manager and click "Connect".
  3. In the corresponding fields, enter the username and password for the FRITZ!Box user you set the VPN connection up for.
  4. Click "Connect" to establish the VPN connection.

    Note:Active VPN connections are displayed in the FRITZ!Box user interface under "Overview" in the section "Connections".