Recommend:

Knowledge Base

AVM Content

Knowledge document #3718

FRITZ!Box 6690 Cable

This support document is available for the following products:

WireGuard cannot establish a VPN connection to the FRITZ!Box

Although the VPN connection was successfully configured, WireGuard cannot establish a VPN connection to the FRITZ!Box. One of the following error messages is displayed:

"unknown host"
"Error bringing up tunnel: Unable to resolve DNS hostname"
"Error bringing up tunnel: Service not authorized by user"
"Failed to send handshake initiation [...] no route to host"

Simply proceed as described below. After each measure, check whether the problem is solved.

1 Allowing WireGuard connections on the device

If WireGuard displays the message "Error bringing up tunnel: Service not authorized by user", a different app is preventing the user from establishing a VPN connection.

Check the security apps installed on the device (for example Blokada, ESET NOD32) and make sure that they do not block WireGuard.

2 FRITZ!Box is not accessible on the internet

So that WireGuard can establish a connection to the FRITZ!Box, the FRITZ!Box must have an IPv6 or IPv4 address that is accessible on the internet and the device with WireGuard must be able to access this IP address.

You can determine whether the FRITZ!Box has an IP address that is accessible on the internet and whether the device can access this IP address by using the guide Checking accessibility of the FRITZ!Box in the internet.

3 Checking the MyFRITZ! status of the FRITZ!Box

If the VPN connection occasionally cannot be established, there may be an issue with the MyFRITZ! service. Therefore, check whether the FRITZ!Box is successfully registered with MyFRITZ! when you try to establish the VPN connection:

Click "Internet" in the FRITZ!Box user interface.
Click on "Online Monitor" in the "Internet" menu.
If MyFRITZ! is active, continue with the next section.
- If MyFRITZ! is displayed as not active, wait until the technical issues have been resolved and try to establish the VPN connection at a later time. If the error is permanent, reconfigure the MyFRITZ! account.

4 Deleting a VPN connection and reconfiguring it

If the VPN connection cannot be established at all, then an invalid or incorrect connection is saved in WireGuard, for example an incorrect MyFRITZ! address. Therefore, reconfigure the WireGuard connection:

Delete the VPN connection in WireGuard and in the FRITZ!Box user interface.
Reconfigure the WireGuard connection in the FRITZ!Box. Proceed as described in the corresponding guide:
- Setting up a WireGuard VPN to the FRITZ!Box on a smartphone or tablet
- Setting up a WireGuard VPN to the FRITZ!Box on the computer