Fritz!Box: Set up VPN connection to the FRITZ!Box under Windows (FRITZ! Remote access)

From Embedded Lab Vienna for IoT & Security
Jump to: navigation, search

Summary

With the FRITZ! remote access program, you can establish a secure VPN (Virtual Private Network) connection to your FRITZ! box on your Windows computer via the Internet. This allows you to access all the devices and data in your home network from your computer, even when you are on the road.

Requirements/Restrictions

  • Windows 10 (64/32 bit) is installed on the computer.
  • The FRITZ! box must receive a public IPv4 address from the Internet provider.
Note: All function and setting notes in this manual refer to the current FRITZ!OS of the FRITZ!Box.

Preparations

Step 1: Download and install "FRITZ! remote access"

  1. Call up our VPN service page in your Internet browser.

  2. Download the FRITZ! remote access program.

 ➤ Important:FRITZ! remote access is available for Windows 10 (64Bit) and Windows 8.1 / 8 / 7 (64/32 Bit) in separate versions.

  3. Install FRITZ! remote access on the computer that will establish VPN connections to the FRITZ! box.

Step 2: Download and install "FRITZ!Box remote access"

The program Set up FRITZ!Box remote access allows a fast and comfortable VPN configuration. All security settings are automatically generated by the program and written to configuration files, which then only need to be imported into the VPN remote stations.

Note: The program Set up FRITZ!Box remote access is available for computers with Windows 10 / 8 / 7 (64/32 bit).

  1. Call up our VPN service page in your Internet browser.

  2. Download and install the program Set up FRITZ!Box remote access.

Step 3: Set up MyFRITZ! account and determine domain name

With the help of MyFRITZ! you can reach the FRITZ! box at any time over the Internet, even if the FRITZ! box regularly receives a different public IP address from the Internet provider:

Note: If you already use another Dynamic DNS service, you can also use this service instead of MyFRITZ!

  1. Set up a MyFRITZ! account in the FRITZ! box

  2. Find out the MyFRITZ! domain name of the FRITZ! box.

Step 4: Adjust IP network of the FRITZ!Box

Both ends of a VPN connection must use IP addresses from different IP networks. If your computer is connected to a router (e.g. another FRITZ!Box) that uses the same IP network as your FRITZ!Box, VPN communication is not possible.

Note: All FRITZ! boxes use the IP network 192.168.178.0 in the factory settings.

Set up an IP address in your FRITZ! box that is different from the IP addresses of the routers you use to connect to the FRITZ! box, e.g. 192.168.10.1 (subnet mask 255.255.255.0):

  1. Click on "Home network" in the FRITZ! box user interface.

  2. In the "Home network" menu, click on "Network".

  3. Click the "Network Settings" tab.

  4. Click the "IPv4 addresses" button. If the button is not displayed, first activate the Advanced View.

  5. Enter the desired IP address and subnet mask.

  6. To save the settings, click "OK" and also confirm the execution on the FRITZ! box if you are prompted to do so.

Create VPN settings

  1. Open the program Set up FRITZ!Box remote access and click on "New".

  2. Select the option "Set up remote access for a user" and click on "Next".

  3. Select the option "PC with FRITZ!Box remote access" and click on "Next".

  4. Enter the e-mail address of the user who will establish VPN connections to the FRITZ!box and click on "Next".

  5. In the "Name" box, enter the FRITZ! domain name of the FRITZ! box (pi80ewgfi72d2os42.myfritz.net) and click "Next".

  6. If you have not changed the IP settings of the FRITZ! box (IP address 192.168.178.1, subnet mask 255.255.255.0),
    activate the option "Use FRITZ! box factory settings for the IP network".

  ➤ If you have changed the IP settings of the FRITZ! box, assign the computer an IP address on the FRITZ! box network:

   a. Activate the option "Use other IP network".

   b. Enter the IP network (xxx.xxx.xxx.0) and the subnet mask of the FRITZ! box.
    Do not enter the IP address (xxx.xxx.xxx.1) of the FRITZ! box!

   ➤ Example: If the FRITZ! box uses the IP address 192.168.10.1, enter 192.168.10.0
   as the IP network and select "24 - 255.255.255.0" as the subnet mask.

   c. Adjust the entry "IP address of the user in the network of the FRITZ!Box:" to the IP network of the FRITZ!Box.

   ➤ The IP address of the user must not be within the range used by the DHCP server of the FRITZ! box
  (factory setting: xxx.xxx.xxx.20 to xxx.xxx.xxx.200)

  7. If, with an existing VPN connection, all Internet requests from the computer should be forwarded via the remote FRITZ! box, activate the option
  "Send all data via the VPN tunnel".

Note: For example, you can also retrieve your e-mails from public and insecure WLAN networks (hotspots) in encrypted form.

  8. Click on "Next" and "Finish".

  Now FRITZ!Box Remote Access Setup generates the VPN settings.Then a Windows folder opens automatically, which contains
  the file "fritzbox_[...].cfg" and a subfolder with the file "vpnuser_[...].cfg".

Note: You can access this folder at any time by selecting the FRITZ!Box MyFRITZ! domain name in FRITZ!Box Remote Access Setup and clicking on the "Explorer" button.

Import VPN settings into FRITZ!Box

  1. Click on "Internet" in the user interface of the FRITZ! box.

  2. Click on "Sharing" in the "Internet" menu.

  3. Click on the "VPN" tab.

  4. Click on "Add VPN connection".

  5. Click "Import a VPN configuration from an existing VPN settings file".

  6. Click "Select File".

  7. Select the "fritzbox_[...].cfg" created with FRITZ!Box Remote Access Setup and click "Open".

  8. To save the settings, click on "OK" and confirm the execution additionally on the FRITZ!Box if you are prompted to do so.

Import VPN settings in FRITZ!remote access

  1. Call the FRITZ! remote access program from the Windows start menu and click in the program on "Next" or on "File" and then on "Import".

  2. Select the file "vpnuser_[...].cfg".

  3. Click on "Open" and "Finish".

Establishing a VPN connection

  1. Establish an Internet connection from the computer with FRITZ! remote access.

  2. Call up FRITZ! remote access from the Windows Start menu.

  3. Highlight the icon with the FRITZ! domain name of the FRITZ! box.

  4. Click on "Establish" to establish the VPN connection.

Note: Active VPN connections are displayed in the FRITZ!Box user interface under "Internet > Sharing > VPN" and "Internet > Online Monitor".

Used Hardware

References