Do bazy wiedzy
Dokument informacyjny #1644

Connecting a FRITZ!Repeater set up as a VPN client (IPSec) to another FRITZ! network

When you set up an IPSec VPN connection between two FRITZ! networks (FRITZ!Box network or FRITZ!Repeater network), by default both networks are connected to each other (LAN-LAN linkup). This way you can access all of the devices in the other network and all of the IP-based services such as email servers, databases, and file servers can be used at both locations.

However, you can also configure the VPN connection between the FRITZ! networks so that the FRITZ!Repeater acts as a VPN client. In this kind of client-LAN linkup, only devices in the network of the FRITZ!Repeater configured as a VPN client can access devices in the network of a FRITZ!Box configured as a VPN server. It is not possible for devices in the network of the VPN server to access devices in the VPN client's network.

You can find an overview of additional VPN connection options in our guide VPN with FRITZ!.

Example values used in this guide

In this guide we show you how to connect a FRITZ!Repeater as a VPN client via IPSec to a FRITZ!Box as the VPN server. When setting up the connection, replace the values used in this guide with your actual values.

Requirements / Restrictions

  • The FRITZ!Repeater must be configured as a router for internet access via a cable, DSL, or fiber optic modem. VPN is not available when it is used as an IP client.

    Note:If you are operating the FRITZ!Repeater with a FRITZ!Box, configure the VPN connection in the FRITZ!Box.

  • The VPN server must receive either an IPv6 address or a public IPv4 address from the internet provider.
  • If the VPN server is a FRITZ!Box, FRITZ!OS 7.50 or later must be installed on it; if the VPN server is a FRITZ!Repeater, FRITZ!OS 8 must be installed on it.

Note:All instructions on configuration and settings given in this guide refer to the latest FRITZ!OS for the FRITZ!Repeater.

1 Preparations

Configuring MyFRITZ!

With MyFRITZ!Net you can reach the VPN server (FRITZ!Box or FRITZ!Repeater) from the internet at any time at a fixed MyFRITZ! address:

Setting up MyFRITZ!
  1. Click "Internet" in the user interface of the FRITZ!Repeater.
  2. Click "MyFRITZ! Account" in the "Internet" menu.
  3. Enter your email address in the "Your email address" field.
  4. Click "Apply". Now MyFRITZ!Net sends you an email with the confirmation link to your FRITZ!Repeater.

    Important:If you do not receive an email, the email was classified as unsolicited advertising (spam). In this case, check the spam folder of your email inbox.

  5. Open the email you received from MyFRITZ!Net.
  6. Click the "Register Your FRITZ!Repeater" button in the email.

Adjusting the IP networks

VPN communication is not possible if both FRITZ! networks use the same IP network. Since all FRITZ!Boxes and FRITZ!Repeaters use the IP network 192.168.178.0 in the factory settings, configure IP addresses from different IP networks in the FRITZ! products:

Example:
In this guide, the FRITZ!Repeater used as the VPN server uses the IP address 192.168.10.1 (subnet mask 255.255.255.0).

Changing the FRITZ!Repeater's IP network
  1. Click "Home Network" in the user interface of the FRITZ!Repeater.
  2. Click "Network" in the "Home Network" menu.
  3. Click on the "Network Settings" tab.
  4. Click "Additional Settings" in the section "LAN Settings" to display all of the settings.
  5. Click the "IPv4 Settings" button.
  6. Enter the desired IP address and subnet mask.
  7. Click "Apply" to save the settings and on the FRITZ!Repeater, confirm that the procedure may be executed, if you are asked to do so.

2 Configuring a VPN Server

Setting up a VPN connection in the VPN server

In the FRITZ!Box that will be used as the VPN server, set up a user for the VPN client:

Creating VPN settings for a FRITZ!Box user
  1. Click "System" in the FRITZ!Box (VPN server)user interface.
  2. Click "FRITZ!Box Users" in the "System" menu.
  3. Click the (Edit) button for the user who intends to connect to the FRITZ!Box via VPN or set up a new user for the VPN connection:
    1. Click the "Add User" button.
    2. Enter a name and password for the user in the corresponding fields.
  4. Enable the option "VPN".
  5. Click "Apply" to save the settings and on the FRITZ!Box, confirm that the procedure may be executed, if you are asked to do so.

Opening the VPN settings

Calling up VPN settings of the FRITZ!Box user
  1. Click "Internet" in the FRITZ!Box (VPN server)user interface.
  2. Click "Permit Access" in the "Internet" menu.
  3. Click on the "VPN (IPSec)" tab.
  4. Click the "VPN Settings" link for the user who intends to connect to the FRITZ!Box via VPN.
  5. If you are asked to do so, on the FRITZ!Box confirm that the procedure may be executed and click "OK" to complete the procedure.

3 Setting up a VPN client

In the FRITZ!Repeater to be used as the VPN client, set up a VPN connection to the VPN server:

  1. Click "Internet" in the user interface of the FRITZ!Repeater.
  2. Click "Permit Access" in the "Internet" menu.
  3. Click on the "VPN (IPSec)" tab.
  4. Click the "Add VPN Connection" button.
  5. Click "Connect this FRITZ!Repeater with a corporate VPN" and then "Next".
  6. In the "VPN User name (key ID)" field, enter the username of the FRITZ!Box user (Anna).
  7. Enter the "shared secret" of the FRITZ!Box user (Zj7hPCouK65IrPU4) in the field "VPN password (pre-shared key)". The "shared secret" is displayed in the VPN settings of the user in the section "iPhone, iPad or iPod touch".
  8. Enable the option "Use XAUTH".
  9. In the "XAUTH username" field, enter the username of the FRITZ!Box user (Anna).
  10. Enter the password for the FRITZ!Box user (secret1234) in the "XAUTH password" field.
  11. Enter a unique name for the connection (FRITZ!Box headquarters) in the field "Name of the VPN connection".
  12. Enter the MyFRITZ! address of the FRITZ!Box being used as the VPN server (pi80ewgfi72d2os42.myfritz.net) in the field "Web address of the remote site".
  13. In the "Remote network" field, enter the IP network of the FRITZ!Box that is used as a VPN server (192.168.10.0).
  14. In the "Subnet mask" field, enter the subnet mask that corresponds to the IP network of the FRITZ!Box that is used as the VPN server (255.255.255.0).
  15. If you want to maintain the VPN connection all the time, enable the option "Hold VPN connection permanently".
  16. Enable the option "Allow NetBIOS over this connection (for Microsoft Windows file and printer sharing)" if access to SMB shared files in the remote network should be allowed.
  17. Click "Advanced Settings for Network Traffic".
  18. If you do not only want to use the VPN connection to access the remote network, but also want all web requests to be sent to the FRITZ!Box being used as the VPN server, enable the option "Send all network traffic via the VPN connection".
  19. If only certain devices should be allowed to access the remote network, enable the option "Only certain devices use the VPN connection" and select the corresponding devices.
  20. Click "Apply" to save the settings and on the FRITZ!Repeater, confirm that the procedure may be executed, if you are asked to do so.

4 Establishing a VPN connection

If you enabled the option "Hold VPN connection permanently" in the FRITZ!Repeater configured as the VPN client, the VPN connection will be maintained at all times.

If the option "Hold VPN connection permanently" is not enabled, the VPN connection will be automatically established when a query is sent from the network of the FRITZ!Repeater set up as the VPN client to a device in the network of the FRITZ!Box configured as the VPN server. The connection is cleared again if it has been inactive for one hour.

Note:Active VPN connections are displayed in the user interface of the FRITZ! products under "Overview".



Related topics:

Wybór języka