It is actually clear what a VPN (Virtual Private Network) does: it enables secure access to a server via an insecure internet connection. This can be used for different purposes, which is why there is always confusion about this technology: For example, you use a VPN service to access content that is not accessible in your country because the VPN connection hides your IP address and to deal with geoblocking.
Photo: AVM
But you can also use VPN to securely access your home network or your company’s network from anywhere. Then your device becomes part of the remote network that you access. Because it gets a suitable IP address, you can directly access file shares and adjust settings on network devices such as routers and NAS as if you were on site. It is the same with surfing: The VPN connection protects your data packets up to the home network, only then do they reach the Internet via your router. For example, you are protected in a public WLAN.
You can also secure the connection of two networks with a VPN: Then connect the network in the holiday home with the home or the home network with the office network.
A Fritzbox does all this without any problems: The AVM router can work as a VPN server and receive secure connections. We explain how to set the Fritzbox and other devices appropriately.
A VPN connection uses encryption to set up a secure tunnel between a client and a server: at the beginning and end of this tunnel, they have to encrypt and decrypt the transmitted data securely and use a standardized procedure for this. The Fritzbox uses the IPsec method as a VPN server for this. Accordingly, you must also use this procedure for the VPN clients, i.e. the devices with which you access the Fritzbox – by means of a corresponding function of the operating system or by an additional app.
Prepare the router for the VPN connection by three settings in the Fritzbox menu: First you should now set up the MyFritz DynDNS service, if you have not already done so. It enables you to be able to reach your Fritzbox guaranteed over the Internet. To do this, he sets up a fixed web address for the router and always connects it to the current public IP address that he receives from the provider.
For the VPN connection, you need the Fritzbox’s fixed web address: You can find it in the menu under “Internet -› MyFRITZ! Account – ›MyFRITZ! Internet access” after “Your MyFRITZ! Address”. It always ends with myfritz.net.
Important: Using a Fritzbox as a VPN server is only easy if it receives a public IPv4 address from the provider. If she works on a DS-Lite Internet connection with an IPv6 address, a VPN connection is not possible or only with difficulty. Next, check which area the Fritzbox uses for assigning IP addresses. Because for the VPN connection to work, the addresses of the VPN client and server must come from different areas.
This is not the case, for example, if the VPN client is in a network in which a Fritzbox works as an Internet router and it wants to access another Fritzbox as a VPN server. Because ex works, every Fritzbox assigns IP addresses from the same address range 192.168.178.0. To rule out this error, it is best to change the IP address range in your Fritzbox in the settings under “Home network -› Network – ›Network settings”. On this page, scroll down to the “IPv4 configuration” button and click on it.
In the following menu, change the IP addresses entered for the Fritzbox under “Home network” in the line “IPv4 address” and in the two lines under “DHCP server assigns IPv4 addresses”. It is usually sufficient to change the number in the third field, i.e. to enter 10 instead of 178.
Finally, secure VPN access to the Fritzbox by creating a new user with a password. With this information, the VPN client can log on to the Fritzbox for the VPN connection. You create the user in the Fritzbox menu under “System -› FRITZ! Box User – ›Add User”. You must also mark the “VPN” option, then save the settings with “Apply” and release using the Fritzphone or Fritzbox button.
If a Windows computer is to connect to the Fritzbox as a VPN client, you need additional tools. A VPN connection with on-board equipment can be created in Windows 10: However, the Microsoft operating system uses different transmission protocols for this than the Fritzbox.
As software you either need to set up the AVM programs Fritz remote access and Fritzbox remote access – or the free tool Shrewsoft VPN Client. Set up the VPN on a Windows computer under an account with admin rights. From the AVM tools, first install Fritz remote access on the PC, which is to serve as a VPN client. Then install Fritzbox remote access, which creates a suitable configuration file for the Fritzbox.
There, click on “New” and select the options “Set up remote access for a user” and “PC with FRITZ! Remote access” in the following windows and enter the Fritzbox user’s email address for the VPN connection. The fixed web address of your Fritzbox comes in the “Name” field. Then mark “Accept FRITZ! Box factory settings for the IP network”, unless you have changed the IP address range for the router.
Otherwise, you must select “Use another IP network” and enter the address range in the format XXX.XXX.XXX.0 and the subnet mask – usually 255.255.255.0. For “IP address of the user in the FRITZ! Box network:” now enter an IP address from the specified range: The last digit must be between 201 and 254.
Now there is an important setting that enables you to use the VPN client computer to surf protected in public and unsecured WLANs: If you activate the “Send all data via VPN tunnel” option, the VPN client sends all data packets first via VPN to the Fritzbox. This forwards them to their destination
on the Internet if the addressee is not a home network device: This means that your files are tap-proof in the VPN tunnel even with an unsecured WLAN connection and only reach the Internet via the Fritzbox – as if the computer were in the home network are located. Click “Next” and “Finish” to finish the setup, and the tool creates the appropriate VPN configuration files for the Fritzbox, which you can see in Windows Explorer.
Now switch to the Fritzbox menu under “Internet -› Shares – ›VPN -› Add VPN connection “. Select “Import a VPN configuration from an existing VPN settings file -› Select file “and enter the path to the configuration file you just created, which begins with fritzbox and ends with .cfg. With “Open” and “OK” you start the import, which you must also confirm.
Now transfer the configuration file for the VPN client to Fritz remote access with “File -› Import “. It is located in the folder whose name is the Fritzbox user’s email address, begins with vpnuser and ends with .cfg. The import takes place with “Open” and “Finish”. Now start a VPN connection with Fritz remote access by marking the desired connection and selecting “Establish”.
AVM offers the Myfritz app for Android: This allows you to access the Fritzbox at home and the home network devices in the home network, but also via the Internet. To do this, you must first grant the app access in the Fritzbox: under “Home network -› Network – ›Network settings -› Home network releases: Allow access for applications “. To activate remote access, connect the smartphone to the Fritzbox WLAN and select “Home network -› Set up home network connection “. Here you enter the password and, if applicable, the user name for logging on to the Fritzbox menu.
If you are on the road afterwards, you can also safely access the settings of your Fritzbox via a public WLAN or a cellular connection with the home network connection and reach the web interfaces of home network devices. However, the app only transmits data packets via this VPN connection, the destination of which is in the home network. It does not redirect the data traffic that should go from the phone to the Internet: For this reason, the app cannot be used, for example, to bypass geoblocking or to surf in an unsecured WLAN in a protected manner.
If you use the free tool Shrewsoft VPN Client, this program is sufficient for the VPN connection. However, it is less clear than the AVM tools. The current version 2.2.2 works with Windows 10.
For the setup you need the “IPsec key / shared secret” for the VPN connection. You can find it in the Fritzbox menu under “Internet -› Shares – ›VPN” if you click on “VPN settings” for the appropriate user. The line with the necessary information is displayed in a pop-up window. You can put them on paper with “Print page” or transfer them via Copy & Paste since Fritz-OS 7.10. Select the “Standard Edition” during installation.
Then start the “VPN Access Manager” program and select “Add”. Enter the web address of your Fritzbox in “Host Name”, select the “Mutual PSK + XAuth” method under “Authentication” – the fourth entry from above. With “Identification Type” the entry “Key Identifier” is correct. Enter the user name of the Fritzbox user with VPN rights in the field below.
Now switch to the “Remote Identity” tab. The entry “IP Address” is correct for “Identification Type”. Finally, click on the “Credentials” tab. This is where the access key for the VPN connection comes in the “Pre Shared Key” field. Finish the settings with “Save”. Now start the VPN connection by clicking on “Connect” and log in with the user name and the appropriate password stored in the Fritzbox. With these settings, the Shrewsoft tool first sends all data packets to the Fritzbox and then on to the Internet: In this way, you can also surf in a public WLAN with protection.
You can also reach the Fritzbox via VPN using a cell phone. You don’t need an app, just the information of the Fritzbox VPN settings.
On an Android phone, look for the “VPN” option, which you can usually find in the “Network & Internet” settings. Use the plus sign to add a connection for which you assign a name. Under “Type” you select “IPsec XauthPSK”, in “Server address” comes the web address of your Fritzbox. The “IPSec-ID” is the user name of the Fritzbox-VPN user, as “preinstalled key” enter the “IPsec-Key / Shared Secret” of the Fritzbox-VPN settings. To start the connection, tap it under “VPN” and enter the name and password of the Fritzbox VPN user.
For an iOS device, start under “Settings -› General – ›VPN -› Set up VPN “. Tap Type at the top to select IPsec. Enter a name for the VPN connection under Description. Then enter the information from the Fritzbox VPN settings: “Server” is the fixed web address of the home router, “Account” and “Password” user name and password of the Fritzbox VPN user, for “Group name” repeat the user name , and “Shared Secret” is the entry “IPsec Key / Shared Secret” in the VPN settings. Start the VPN connection on the iOS device under “Settings” by moving the switch for “VPN” to the right.
You can also connect networks between two Fritz boxes via a VPN connection. This is useful, for example, to connect the network in the apartment to the home network or to bring all devices in the office and home network into a common network. For this you need to know the web addresses of the Fritz boxes and change the IP range for one, as described under “Setting up the Fritz box for a VPN connection”. A router must also have a public IPv4 address.
At the first Fritzbox go to “Internet -› Shares – ›VPN -› Add VPN connection “in the settings. There you select “Connect your home network to another FRITZ! Box network”. At the top, choose a password for the VPN connection. Under “Internet address of the remote station”, enter the fixed web address of the second Fritzbox and underneath its IP address range, which you have adjusted, about 192.168.10.0.
You can also mark “Keep VPN connection permanent” so that you don’t have to log in again and again. Under “Advanced network traffic settings”, select “Send all network traffic via the VPN connection”. This makes sense, for example, if the Fritzbox network from which you are accessing is abroad: Then the data packets go to the Internet with the home IP address of the second Fritzbox, and online services can be used that are blocked abroad are. However, these settings only make sense if both routers have a public IPv4 address.
For the second Fritzbox, enter the common password in the same settings, but otherwise enter the information for the first Fritzbox, i.e. its web address and IP address range. Of course, you must not activate the redirection of network traffic via VPN in the second box. After saving, the Fritzbox briefly disconnects the online connection and then starts it with an active VPN connection.
A VPN connection guarantees security. But there can be problems with the speed of the transmission. In some cases, the online connection from which you want to reach the Fritzbox with a VPN client computer brakes – this is often the case, for example, in a public WLAN.
But mostly it is due to your internet bandwidth: If you access the Fritzbox via VPN and request data from the Internet, the router must return the desired IP packets to the VPN client again: However, since this is not in the Fritzbox’s home network, but connected to it via the Internet, this data transfer runs at the maximum with the upload bandwidth of your Internet connection – and this is usually much narrower than the download rate.
With a Fritzbox there is also the moderate computing power of the AVM router: it is completely sufficient for the usual tasks of a router. But with a VPN connection, data must be permanently encrypted and decrypted, which is very demanding for the Fritzbox. For the VPN connection in larger or company networks, special VPN gateways are usually used, which can process this task faster. However, AVM promises to significantly increase the VPN speed with the new Fritz-OS 7.20. (PC world)