Connecting the FRITZ!Box with a company's VPN
AVM Content
Setting up a WireGuard VPN between the FRITZ!Box and another router
With WireGuard VPN, you can also connect your FRITZ!Box over the internet (LAN-LAN linkup) with a router from another manufacturer that supports WireGuard. This allows you to access all of the devices in the remote network and use all of the IP-based services such as email servers, databases, and file servers at both locations.
You can find an overview of additional VPN connection options in our guide VPN with FRITZ!.
Requirements / Restrictions
- The other router must obtain either an IPv6 address or a public IPv4 address from the internet service provider. The FRITZ!Box must obtain an IP address with the same protocol version (IPv4 or IPv6) from the internet service provider.
- No WireGuard connections may have been set up in the FRITZ!Box yet (for example for a smartphone). If WireGuard connections have already been set up in the FRITZ!Box, these must be deleted before setting up the connection to the other router.
- The FRITZ!Box 7490 does not support the options "Send all IPv4 network traffic via the VPN connection " and "Only certain devices in the home network are to be accessible over this WireGuard connection".
- FRITZ!Box 6590 Cable and FRITZ!Box 6490 Cable do not support WireGuard.
Note:This guide is valid for FRITZ!OS 7.50 or later. If you are using an older FRITZ!OS version, the configuration may differ or functions may not be available. You can find the FRITZ!OS version on the "Overview" page of the user interface.
1 Preparations
Configuring MyFRITZ!
To set up WireGuard connections, the FRITZ!Box needs a MyFRITZ! address:
- Click "Internet" in the FRITZ!Box user interface.
- Click on "MyFRITZ! Account" in the "Internet" menu.
- Enter your email address in the "Your email address" field.
- Click "Apply". Now MyFRITZ!Net sends you an email with the confirmation link to your FRITZ!Box.
Important:If you do not receive an email, the email was classified as unsolicited advertising (spam). In this case, check the spam folder of your email inbox.
- Open the email you received from MyFRITZ!Net.
- Click the "Register Your FRITZ!Box" button in the email.
Adapting the IP Networks
Both ends of a VPN connection must have IP addresses in different IP networks. VPN communication is not possible if the FRITZ!Box is connected to a router that uses the same IP network as the FRITZ!Box.
Set up an IP address in the FRITZ!Box that differs from the IP addresses of the router that the FRITZ!Box is to connect with:
Example:
The router at headquarters has the IP address 192.168.10.1 (subnet mask 255.255.255.0) and the FRITZ!Box has the IP address 192.168.20.1 (subnet mask 255.255.255.0).
- Click "Home Network" in the FRITZ!Box user interface.
- Click on "Network" in the "Home Network" menu.
- Click on the "Network Settings" tab.
- Click "Additional Settings" in the section "WAN setting" or "LAN Settings" to display all of the settings.
- Click the "IPv4 Settings" button.
- Enter the desired IP address and subnet mask.
- Click "Apply" to save the settings and on the FRITZ!Box, confirm that the procedure may be executed, if you are asked to do so.
2 Configuring a VPN connection in the other router
- In the router, set up a WireGuard connection to another router (LAN-LAN linkup or site-to-site connection). Refer to the router's manufacturer for information on how to set it up.
Important:When creating the WireGuard connection for the FRITZ!Box, do not enter an IP address from a transfer network (intermediate address), enter the local IP address of the FRITZ!Box (for example 192.168.20.1, subnet mask 255.255.255.0) instead.
- Download the settings file for the WireGuard connection from the router to the computer.
3 Setting up a VPN connection in the FRITZ!Box
- Click "Internet" in the FRITZ!Box user interface.
- Click "Permit Access" in the "Internet" menu.
- Click on the "VPN (WireGuard)" tab.
- Click the "Add Connection" button.
- Click "Connect networks or establish special connections" and then "Next".
- By "Has this WireGuard connection already been set up at the remote connection?", click "Yes".
- Click "Next".
- Enter a unique name for the connection (Headquarters) in the field "Name of the WireGuard connection".
- Click the "Choose File" or "Browse..." button.
- Select the settings file for the WireGuard connection that you downloaded from the other router and click "Open".
- If you do not only want to use the VPN connection to access the remote network, but also want all web requests to be sent over the VPN connection to the other router, enable the option "Send all IPv4 network traffic via the VPN connection".
- Enable the option "Allow NetBIOS over this connection" if access to Windows file and printer sharings (SMB shares) in the remote network should be allowed.
- If only certain devices in the home network of the FRITZ!Box should be reachable via the VPN connection, enable the option "Only certain devices in the home network are to be accessible over this WireGuard connection" and select the corresponding devices.
- Click the "Finish" button.
- If you are asked to do so, on the FRITZ!Box confirm that the procedure may be executed and click "OK" to complete the procedure.
Now the VPN connection is set up and the FRITZ!Box is permanently connected to the other router.