Knowledge Base
AVM Content
Using WireGuard to access multiple IP networks behind the FRITZ!Box
With WireGuard you can establish a secure VPN connection with a computer, smartphone, or tablet to your FRITZ!Box and access all of the network devices and services in the FRITZ!Box home network.
If there is another network router in the FRITZ!Box home network that connects the IP network of the FRITZ!Box to a second IP network, you must configure additional settings to be able to access network devices in the second IP network over the VPN connection.
Example values used in this guide
In this guide we show you how to configure VPN access via WireGuard to another IP network behind the FRITZ!Box. When adjusting the connection settings, replace the values used in this example with your actual values.
- IP network of the FRITZ!Box:
192.168.10.0 (subnet mask: 255.255.255.0) - IP network of the network router connected to the FRITZ!Box:
192.168.11.0 (subnet mask: 255.255.255.0) - IP addresses of the network router in the FRITZ!Box network:
192.168.10.2 and 192.168.11.1
Note:All instructions on configuration and settings given in this guide refer to the latest FRITZ!OS for the FRITZ!Box.
1 Adjusting WireGuard's settings
If WireGuard is configured so that the entire network traffic is sent over the VPN connection (0.0.0.0/0), then WireGuard automatically forwards all queries to the IP network of the network router connected to the FRITZ!Box. Otherwise you must configure a forwarding rule in WireGuard for the remote IP network:
- Start the WireGuard app on the computer.
- Click on the connection to the FRITZ!Box and then on "Edit".
- If the entire network traffic should be sent via the VPN connection, enter 0.0.0.0/0 in the row "Allowed IPs".
- If only the network traffic to the IP network of the remote FRITZ!Box and the IP network of the router connected to it is to be forwarded, add the IP network of the router in the row "Allowed IPs". Separate the entries for the IP networks by commas.
Example:
Allowed IPs = 192.168.10.0/24, 192.168.11.0/24
- If only the network traffic to the IP network of the remote FRITZ!Box and the IP network of the router connected to it is to be forwarded, add the IP network of the router in the row "Allowed IPs". Separate the entries for the IP networks by commas.
- Click "Save" to apply the changes.
2 Configuring a static IP route in the FRITZ!Box
Configure a static IP route in the FRITZ!Box so that devices in the FRITZ!Box's IP network (192.168.10.0) can access the IP network of the network router connected to the FRITZ!Box (192.168.11.0):
- Click "Home Network" in the FRITZ!Box user interface.
- Click on "Network" in the "Home Network" menu.
- Click on the "Network Settings" tab.
- Click "Additional Settings" in the section "LAN Settings" to display all of the settings.
- Click "IPv4 Routes".
- Click "New IPv4 Route".
- Enter the IP network of the network router connected to the FRITZ!Box (192.168.11.0) as the "IPv4 network".
- Enter the subnet mask of the other IP network (255.255.255.0) in the "Subnet mask" field.
- For the "Gateway", enter the IP address of the network router in the FRITZ!Box home network (192.168.10.2) that connects the two IP networks.
- Enable the option "IPv4 route active".
- Click "Apply" to save the settings.
3 Adjusting additional IP settings for the VPN connection
Configuring the IP route in the network router
- Configure the network router so that it routes between the FRITZ!Box's IP network (192.168.10.0) and its own IP network (192.168.11.0). Refer to the router's manufacturer for information on how to set it up.
Note:If a Windows computer with several network adapters is used as the router, "IP routing" must be enabled in Windows. Refer to Microsoft for information on how to set it up.
Configuring devices in the network router's IP network
- Either: On the devices, configure the IP address of the network router from its own IP network (192.168.11.1) as the default gateway.
- Or: On the devices, configure a static IP route to the IP network of the FRITZ!Box (192.168.10.0) that uses the network router as the gateway (192.168.11.1).