Recommend:
To the knowledge base
Knowledge document #3717

Accessing multiple IP networks behind a FRITZ!Box over a WireGuard VPN between two FRITZ! networks

WireGuard allows you to connect two FRITZ! networks at different locations over a secure, encrypted VPN connection (LAN-LAN linkup).

If there is another network router in one of the two FRITZ! networks that connects the IP network of this FRITZ!Box with a second IP network, you must configure additional settings in order to be able to access network devices in the second IP network over the VPN connection.

Example values used in this guide

In this guide we show you how to configure access from the network of "FRITZ!Box A" in a branch to another IP network behind "FRITZ!Box B" in the headquarters. When adjusting the connection settings, replace the values used in this example with your actual values.

  • IP network of FRITZ!Box A (branch):
    192.168.20.0 (subnet mask: 255.255.255.0)
  • IP network of FRITZ!Box B (headquarters):
    192.168.10.0 (subnet mask: 255.255.255.0)
  • IP network of the router connected to FRITZ!Box B (headquarters):
    192.168.11.0 (subnet mask: 255.255.255.0)
  • IP addresses of the router in network of FRITZ!Box B (headquarters):
    192.168.10.2 and 192.168.11.1

Note:All instructions on configuration and settings given in this guide refer to the latest FRITZ!OS for the FRITZ!Box.

1 Adjusting VPN settings of FRITZ!Box A (branch)

  1. Open the settings file for the WireGuard connection that you created in FRITZ!Box B (headquarters) to be imported into FRITZ!Box A (branch) (wg_config.conf) with a text editor, for example WordPad.
  2. In the section "[Peer]", add the IP network of the router connected to FRITZ!Box B (headquarters) to the row "Allowed IPs". Separate the entries for the IP networks by commas.

    Example:
    Allowed IPs = 192.168.10.0/24, 192.168.11.0/24

  3. Save the changes and import the edited settings file to FRITZ!Box A (branch).

2 Configuring a static IP route in FRITZ!Box B (headquarters)

Configure a static IP route in FRITZ!Box B to allow devices to access the router's IP network (192.168.11.0) over FRITZ!Box B (headquarters):

  1. Click "Home Network" in the user interface of FRITZ!Box B (headquarters).
  2. Click "Network" in the "Home Network" menu.
  3. Click on the "Network Settings" tab.
  4. Click "Additional Settings" in the section "WAN setting" or "LAN Settings" to display all of the settings.
  5. Click "IPv4 Routes".
  6. Click "New IPv4 Route".
  7. Enter the IP network of the router connected to FRITZ!Box B (192.168.11.0) as the "IPv4 network".
  8. Enter the subnet mask of the other IP network (255.255.255.0) in the "Subnet mask" field.
  9. For the "Gateway", enter the IP address of the router in FRITZ!Box B's network (192.168.10.2).
  10. Enable the option "IPv4 route active".
  11. Click "Apply" to save the settings.

3 Adjusting additional IP settings for the VPN connection

Configuring an IP Route in the other router

  1. Configure the router so that it routes between the IP network of FRITZ!Box B (192.168.10.0) and its own IP network (192.168.11.0). Refer to the router's manufacturer for information on how to set it up.

    Note:If a Windows computer with several network adapters is used as the router, "IP routing" must be enabled in Windows. Refer to Microsoft for information on configuring IP routing.

Configuring devices in the other router's IP network

  1. Either: Configure the IP address of the router from its own IP network (192.168.11.1) as the default gateway on the devices.
    • Or: On the devices, configure a static IP route to the IP network of FRITZ!Box B (192.168.10.0) that uses the router as the gateway (192.168.11.1).
Language selection