Recommend:
To the knowledge base
Knowledge document #3717

Accessing multiple IP networks behind a FRITZ!Box over a WireGuard VPN between two FRITZ!Box networks

WireGuard allows you to connect two FRITZ!Box networks at different locations over a secure, encrypted VPN connection (LAN-LAN linkup).

If there is another network router in the network of one of the two FRITZ!Boxes that connects the IP network of this FRITZ!Box with a second IP network, you must configure additional settings to be able to access network devices in the second IP network over the VPN connection.

Example values used in this guide

In this guide we show you how to configure access from the network of "FRITZ!Box A" in a branch to another IP network behind "FRITZ!Box B" in the headquarters. When adjusting the connection settings, replace the values used in this example with your actual values.

  • IP network of FRITZ!Box A (branch):
    192.168.20.0 (subnet mask: 255.255.255.0)
  • IP network of FRITZ!Box B (headquarters):
    192.168.10.0 (subnet mask: 255.255.255.0)
  • IP network of the network router connected to FRITZ!Box B:
    192.168.11.0 (subnet mask: 255.255.255.0)
  • IP addresses of the network router in FRITZ!Box B's network:
    192.168.10.2 and 192.168.11.1

Note:This guide is valid for FRITZ!OS 7.50 or later. If you are using an older FRITZ!OS version, the configuration may differ or functions may not be available. You can find the FRITZ!OS version on the "Overview" page of the FRITZ!Box user interface.

1 Adjusting VPN settings of FRITZ!Box A (branch)

  1. Open the settings file for the WireGuard connection that you created in FRITZ!Box B (headquarters) to be imported into FRITZ!Box A (branch) (wg_config.conf) with a text editor, for example WordPad.
  2. In the section "[Peer]", add the IP network of the network router connected to FRITZ!Box B (headquarters) to the row "AllowedIPs". Separate the entries for the IP networks by commas.

    Example:
    Permitted IPs = 192.168.10.0/24, 192.168.11.0/24

  3. Save the changes and import the edited settings file to FRITZ!Box A (branch).

2 Configuring a static IP route in FRITZ!Box B (headquarters)

You must configure a static IP route in FRITZ!Box B (headquarters) to allow devices to access the network router's IP network (192.168.11.0) over FRITZ!Box B:

  1. Click "Home Network" in the user interface of FRITZ!Box B (headquarters).
  2. Click "Network" in the "Home Network" menu.
  3. Click on the "Network Settings" tab.
  4. Click "Additional Settings" in the section "WAN setting" or "LAN Settings" to display all of the settings.
  5. Click "IPv4 Routes".
  6. Click "New IPv4 Route".
  7. Enter the IP network of the network router connected to FRITZ!Box B (192.168.11.0) as the "IPv4 network".
  8. Enter the subnet mask of the other IP network (255.255.255.0) in the "Subnet mask" field.
  9. For the "Gateway", enter the IP address of the network router in FRITZ!Box B's network (192.168.10.2) that connects the two IP networks.
  10. Enable the option "IPv4 route active".
  11. Click "Apply" to save the settings.

3 Adjusting additional IP settings for the VPN connection

Configuring the IP route in the network router

  1. Configure the network router so that it routes between the IP network of FRITZ!Box B (192.168.10.0) and its own IP network (192.168.11.0). Refer to the manufacturer of the router for information on how to set it up.

    Note:If a Windows computer with several network adapters is used as the network router, "IP routing" must be enabled in Windows. Refer to Microsoft for information on configuring IP routing.

Configuring devices in the network router's IP network

  1. Either: On the devices, configure the IP address of the network router from its own IP network (192.168.11.1) as the default gateway.
    • Or: On the devices, configure a static IP route to the IP network of FRITZ!Box B (192.168.10.0) that uses the network router as the gateway (192.168.11.1).
Language selection