FRITZ!Box 3272 – Service - Knowledge Base

FRITZ!Box 3272 – Service

Using FRITZ!VPN to access multiple IP networks behind a FRITZ!Box

With the FRITZ!VPN software you can establish a secure VPN (Virtual Private Network) connection over the Internet from a Windows computer to your FRITZ!Box and then access all of the network devices and services in the FRITZ!Box home network.

If there is a network router in the FRITZ!Box home network that connects the IP network of this FRITZ!Box with a second IP network, then additional settings are necessary so that you can also access the network devices in the second IP network over the VPN connection.

Example values used in this guide

In this guide we show you how to use FRITZ!VPN to configure VPN access to another IP network behind the remote FRITZ!Box. When adjusting the connection settings, replace the values used in this example with actual values.

  • IP network of the FRITZ!Box:
    192.168.20.0 (subnet mask: 24 - 255.255.255.0)
  • IP address of the computer with FRITZ!VPN in the FRITZ!Box network:
    192.168.20.201
  • IP network of the network router connected to the FRITZ!Box:
    192.168.21.0 (subnet mask: 24 - 255.255.255.0)
  • IP addresses of the network router in the FRITZ!Box network:
    192.168.20.2 and 192.168.21.1

Important:Some of the settings described here are only displayed if the advanced view is enabled in the user interface. The configuration procedure and notes on functions given in this guide refer to the latest FRITZ!OS

1 Adjusting the VPN settings for FRITZ!VPN

  1. Start the Configure FRITZ!Box VPN Connection software.
  2. In the "Existing Configurations" window, click on the plus sign in front of the FRITZ!Box's MyFRITZ! domain name (pi80ewgfi72d2os42.myfritz.net) and select the e-mail address of the VPN user (john.smith@gmail.com) who is to access the IP network of the network router connected to the FRITZ!Box.
  3. Click "Explorer" and open the file named "vpnuser_[...].cfg" with a text editor (for example WordPad).
  4. Look for the entry "accesslist" and add the IP network of the network router connected to the FRITZ!Box to this entry:
    • acesslist =
    • "permit ip any 192.168.20.0 255.255.255.0",
    • "permit ip any 192.168.21.0 255.255.255.0";

      Important:Separate entries for the IP networks with a comma and close the value for "accesslist" with a semicolon!

  5. Save the changes and import the adjusted file "vpnuser_[...].cfg" to FRITZ!VPN.

2 Configuring the FRITZ!Box

Adjusting the FRITZ!Box's VPN settings

  1. Start the Configure FRITZ!Box VPN Connection software.
  2. In the "Existing Configurations" window, select the the FRITZ!Box's MyFRITZ! domain name (pi80ewgfi72d2os42.myfritz.net) and click on "Explorer".
  3. Open the file named "fritzbox_[...].cfg" with a text editor (for example WordPad).
  4. Search for the section in which the "name" entry has been assigned the e-mail address of the VPN user (john.smith@gmail.com) who should access the IP network of the network router connected to the FRITZ!Box.
  5. Look for the entry "accesslist" in this section and add the IP network of the network router connected to the FRITZ!Box to this entry:
    • acesslist =
    • "permit ip 192.168.20.0 255.255.255.0 192.168.20.201 255.255.255.0",
    • "permit ip 192.168.21.0 255.255.255.0 192.168.20.201 255.255.255.0",

      Important:Separate entries for the IP networks with a comma and close the value for "accesslist" with a semicolon!

  6. Save the changes and import the adjusted file "fritzbox_[...].cfg" to the FRITZ!Box.

Configuring a static IP route in the FRITZ!Box

You must configure a static IP route in the FRITZ!Box so that network devices in the FRITZ!Box's IP network (192.168.20.0/24) can access the IP network of the network router connected to the FRITZ!Box (192.168.21.0/24).

  1. Click "Home Network" in the FRITZ!Box user interface.
  2. Click "Home Network Overview" in the "Home Network" menu.
  3. Click on the "Network Settings" tab.
  4. Click "IPv4 Routes".
  5. Click the "New IPv4 Route" button.
  6. Enter the IP network of the network router connected to the FRITZ!Box (192.168.21.0) as the "IPv4 network".
  7. Enter the subnet mask of the other IP network (255.255.255.0) in the "Subnet mask" field.
  8. For "Gateway", enter the IP address of the network router in the FRITZ!Box home network (192.168.20.2) that connects the two IP networks.
  9. Enable the option "IPv4 route active".
  10. Click "OK" to save the settings.

3 Adjusting additional IP settings for the VPN connection

Configuring the IP route in the network router

  • Configure the network router according to the manufacturer's instructions so that it routes between the FRITZ!Box's IP network (192.168.20.0) and its own IP network (192.168.21.0).

    Note:If you are using a windows computer with several network adapters as the network router, you must enable "IP routing" in Windows. Microsoft can provide you with information on configuring IP routing.

Configuring network devices in the network router's IP network

  • On the network devices, configure the IP address of the network router from its own IP network (192.168.21.1) as the standard gateway,
    • or:
  • On the network devices, configure a static IP route to the IP network of the FRITZ!Box (192.168.20.0) that uses the network router as the gateway (192.168.21.1).