Knowledge Base
AVM Content
- FRITZ!Box 7690
- FRITZ!Box 7682
- FRITZ!Box 7590 AX
- FRITZ!Box 7590
- FRITZ!Box 7583 VDSL
- FRITZ!Box 7583
- FRITZ!Box 7582
- FRITZ!Box 7560
- FRITZ!Box 7530 AX
- FRITZ!Box 7530
- FRITZ!Box 7520
- FRITZ!Box 7510
- FRITZ!Box 7490
- FRITZ!Box 7430
- FRITZ!Box 7390
- FRITZ!Box 7360
- FRITZ!Box 6890 LTE
- FRITZ!Box 6850 5G
- FRITZ!Box 6850 LTE
- FRITZ!Box 6840 LTE
Connecting the FRITZ!Box with a company's VPN
With VPN (Virtual Private Network), you can securely connect your FRITZ!Box to the VPN server of your company over the internet, without the risk of eavesdropping or tampering. This way you can access devices and data in the company's network from your home network. It is not possible to access devices in your home network from the company network.
Example values used in this guide
In this guide we show you how to connect a FRITZ!Box as a VPN client to a VPN server. When setting up the connection, replace the values used in this example with your actual values.
- The VPN server's internet address (domain name):
sec.companydomain.com - IP network of the company's VPN:
172.16.0.0 (subnet mask: 255.255.0.0) - VPN username (IPsec ID, Key ID) of the VPN connection in the VPN server:
John Smith - Preshared key of the VPN connection in the VPN Server:
Zj7hPCouK65IrPU4
Requirements / Restrictions
- The FRITZ!Box supports VPN connections according to the IPsec standard with ESP, IKEv1, and pre-shared keys. Authentication Header (AH) and Perfect Forward Security (PFS) are not supported.
- Supported IPSec algorithms for IKE phase 1:
- Encryption method: AES with 256, 192, 128 bit, Triple DES with 168 bit or DES with 56 bit
- Hash algorithms: SHA2-512, SHA1 or MD5-96
- The FRITZ!Box uses 1024-bit Diffie-Hellman initial key exchange (DH group 2). It then also accepts 768, 1536, 2048 and 3072 bit (DH groups 1, 5, 14, and 15).
- Supported IPSec algorithms for IKE phase 2:
- Encryption method: AES with 256, 192, 128 bit, Triple DES with 168 bit or DES with 56 bit
- Hash algorithms: SHA2-512, SHA1 or MD5-96
- The Diffie-Hellman group is determined by IKE phase 1
- Compression: None, LZJH, or deflate
Note:All instructions on configuration and settings given in this guide refer to the latest FRITZ!OS for the FRITZ!Box.
1 Setting up a VPN connection in the VPN server
- Have the administrator of the VPN server in your company set up a VPN client connection for the FRITZ!Box. The IPsec algorithms given above must be used.
2 Setting up a VPN connection in the FRITZ!Box
- Click "Internet" in the FRITZ!Box user interface.
- Click "Permit Access" in the "Internet" menu.
- Click on the "VPN" tab.
- Click the "Add VPN Connection" button.
- Click "Connect this FRITZ!Box with a corporate VPN" and then "Next".
- In the field "VPN username (Key ID)", enter the IPsec ID or key ID of the VPN connection (John Smith) configured for the FRITZ!Box in the VPN server.
- Enter the password for the VPN connection (Zj7hPCouK65IrPU4) in the field "VPN password (pre-shared key)".
- If the VPN server uses XAUTH, enable the option "Use XAUTH" and enter the XAUTH username (John Doe) and the XAUTH password (secret1234) in the corresponding fields.
- Enter a unique name for the connection (company home office) in the field "Name of the VPN connection".
- Enter the VPN server's domain name or fixed public IP address (sec.companydomain.com or 212.42.244.80 in the field "Web address".
- Enter the IP network of the company's VPN (172.16.0.0) in the "Remote network" field.
- In the "Subnet mask" field, enter the subnet mask (255.255.0.0) that corresponds to the IP network of the company's VPN.
- Enable the option "Hold VPN connection permanently" if you want to maintain the VPN connection to the VPN server at all times.
- If you do not only want to use the VPN connection to access the company's network, but also want all web requests to be sent to the company's VPN:
- Click "Advanced Settings for Network Traffic".
- Enable the option "Send all network traffic via the VPN connection".
- Click "OK" to save the settings and on the FRITZ!Box, confirm that the procedure may be executed, if you are asked to do so.
3 Establishing a VPN connection
If you enabled the option "Hold VPN connection permanently" in the FRITZ!Box, the FRITZ!Box continuously maintains the VPN connection and automatically establishes the connection again if the VPN server clears the connection.
If you did not enable the option "Hold VPN connection permanently", the FRITZ!Box automatically establishes the VPN connection when the company's network is accessed. After an hour of inactivity, the FRITZ!Box clears the VPN connection again.
Note:Active VPN connections are displayed under "Internet > Permit Access > VPN" in the FRITZ!Box user interface.