VPN Service-Portal - Connecting the FRITZ!Box with a company's VPN

VPN Service-Portal

Connecting the FRITZ!Box with a company's VPN

You can use VPN (Virtual Private Network) to establish a tap- and tamper-proof connection over the internet from your FRITZ!Box to the VPN server of your company. This way you can access devices and data in the company's network from your home network. It is not possible to access devices in your home network from the company network.

Example values used in this guide

In this guide we show you how to connect a FRITZ!Box as a VPN client to a VPN server. When you set up your connection, replace the values used in this example with actual ones.

  • The VPN server's internet address (domain name):
    sec.companydomain.com
  • IP network of the company's VPN:
    172.16.0.0 (subnet mask: 255.255.0.0)
  • VPN user name (IPsec ID, Key ID) of the VPN connection in the VPN server:
    John Smith
  • Preshared key of the VPN connection in the VPN Server:
    Zj7hPCouK65IrPU4

Requirements / Restrictions

  • The FRITZ!Box supports VPN connections according to the IPSec standard with ESP, IKEv1, and pre-shared keys. Authentication Header (AH) and Perfect Forward Security (PFS) are not supported.
  • Supported IPSec algorithms for IKE phase 1:
    • Encryption method: AES with 256, 192, 128 bit, Triple DES with 168 bit or DES with 56 bit
    • Hash algorithms: SHA2-512, SHA1 or MD5-96
    • The FRITZ!Box uses 1024 bit Diffie-Hellman initial key exchange (DH group 2). It then also accepts 768, 1536, 2048 and 3072 bit (DH groups 1, 5, 14, and 15).
  • Supported IPSec algorithms for IKE phase 2:
    • Encryption method: AES with 256, 192, 128 bit, Triple DES with 168 bit or DES with 56 bit
    • Hash algorithms: SHA2-512, SHA1 or MD5-96
    • The Diffie-Hellman group is determined by IKE phase 1
    • Compression: none, LZJH, or deflate

Note:This guide is valid for FRITZ!OS 7.10 or later. If you are using an earlier FRITZ!OS version, the configuration may differ or functions may not be available. You can find the FRITZ!OS version on the "Overview" page of the FRITZ!Box user interface.

1 Setting up a VPN connection in the VPN server

  1. Have the administrator of the VPN server in your company set up a VPN client connection for the FRITZ!Box. The IPSec algorithms given above must be used.

2 Setting up a VPN connection in the FRITZ!Box

  1. Click "Internet" in the FRITZ!Box user interface.
  2. Click "Permit Access" in the "Internet" menu.
  3. Click on the "VPN" tab.
  4. Click the "Add a VPN connection" button.
  5. Click "Connect this FRITZ!Box with a company's VPN" and then "Next".
  6. In the field "VPN user name (Key ID)", enter the IPsec ID or key ID of the VPN connection (John Smith) configured for the FRITZ!Box in the VPN server.
  7. Enter the password for the VPN connection (Zj7hPCouK65IrPU4) in the field "VPN password (pre-shared key)".
  8. If the VPN server uses XAUTH, enable the option "Use XAUTH" and enter the XAUTH user name (John Doe) and the XAUTH password (secret1234) in the corresponding fields.
  9. Enter a unique name for the connection (company home office) in the field "Name of the VPN connection".
  10. Enter the VPN server's domain name or fixed public IP address (sec.companydomain.com or 212.42.244.80 in the field "Web address".
  11. Enter the IP network of the company's VPN (172.16.0.0) in the "Remote network" field.
  12. In the "Subnet mask" field, enter the subnet mask (255.255.0.0) that corresponds to the IP network of the company's VPN.
  13. Enable the option "Hold VPN connection permanently" if you want to maintain the VPN connection to the VPN server at all times.
  14. If you do not only want to use the VPN connection to access the company's network, but also want all web requests to be sent to the company's VPN:
    1. Click "Advanced Settings for Network Traffic".
    2. Enable the option "Send all network traffic via the VPN connection".
  15. Click "OK" to save the settings and on the FRITZ!Box, confirm that the procedure may be executed if asked to do so.

3 Establishing a VPN connection

If you enabled the option "Hold VPN connection permanently" in the FRITZ!Box, the FRITZ!Box maintains the VPN connection at all times and automatically establishes the connection again if the VPN server clears the connection.

If you did not enable the option "Hold VPN connection permanently", the FRITZ!Box automatically establishes the VPN connection when the company's network is accessed. After an hour of inactivity, the FRITZ!Box clears the VPN connection again.

Note:Active VPN connections are displayed under "Internet > Permit Access > VPN" in the FRITZ!Box user interface.