This page describes a LAN2LAN connection between netmodule router and fritzbox router. This has been tested with Netmodule SW 4.5.0.106 and Fritz!OS: 07.28. At first, we configure the Fritzbox to accept VPN LAN2LAN connection. Make sure your FritzBox has a static IP or set up DnynamicDNS. In Our example we use DynamiDNS with the hostname: netbox.ddns.net Instructions can be found at AVM https://avm.de/service/wissensdatenbank/dok/FRITZ-Box-7590/30_Dynamic-DNS-in-FRITZ-Box-einrichten/ Internet -> Permit Access -> VPN: Add VPN Connection "Connect your home network with another FRITZ!Box network (LAN-LAN linkup)" {{tablelayout?rowsHeaderSource=Auto}} ^ VPN Connection ^ ^ | VPN password (pre-shared key) | admin01admin01 | | Name of the VPN connection | LAN2LAN | | Web address of the remote site* | 1.2.3.4 | | Web address of this FRITZ!Box*2 | netmodule.ddns.net | | Remote network | 192.168.1.0 | | Subnet mask | 255.255.255.0 | | Hold VPN connection permanently | checked | *This value needs to be set on Netmodule Router as LocalID, Local ID Type IP-Address Click OK to save the changes. *2 Please use your configured hostname. Now we can configure the netmodule router: Goto VPN->IPSEC Tunnel Configuration: {{tablelayout?rowsHeaderSource=Auto}} ^ Tunnel Configuration ^ ^ | Administrative status | enabled | | Config mode | standard | | Local address | 0.0.0.0 | | Remote peer address | netmodule.ddns.net | Uncheck Dead Peer Detection (DPD) Administrative status. **IKE Proposal:** {{tablelayout?rowsHeaderSource=Auto}} ^ IKE Proposal ^ ^ | Key exchange | IKEv1 | | Authentication type | pre-shared key | | PSK | The key you choose in 1). In our case "admin01admin01" | | Local ID type | IP Address | | Local ID | Choosen in 3. In our case 1.2.3.4 | | Peer ID type | Full Qualified Domain Name (FQDN) | | Peer ID | netmodule.ddns.net | **IKE Proposal (Phase 1)** {{tablelayout?rowsHeaderSource=Auto}} ^ IKE Proposal (Phase 1) ^ ^ | Negotiation mode | aggressive | | Encryption algorithm | aes256 | | Authentication algorithm | sha1 | | Diffie-Hellman group | Group2 (modp1024) | | Pseudo-random function | undefined | | SA life time | 86400 | **IPsec Proposal (IKE Phase 2)** {{tablelayout?rowsHeaderSource=Auto}} ^ IPsec Proposal (IKE Phase 2) ^ ^ | Encapsulation mode | Tunnel | | IPsec protocol | ESP | | Encryption algorithm | aes256 | | Authentication algorithm | sha1 | | SA life time | 28800 | | Perfect forward secrecy (PFS) | Check, use DH-Group "use from phase 1" | | Force encapsulation | unchecked | **Networks** {{tablelayout?rowsHeaderSource=Auto}} ^ Networks ^ ^ | Local network | 192.168.1.0 (Used in 4) | | Local netmask | 255.255.255.0 (Used in 4) | | Peer network | 192.168.178.0 (This is the fritzbox network) | | Peer netmask | 255.255.255.0 (This is the fritzbox netmask) | | NAT | Uncheck | Save setting by hitting the hook button. **Ipsec Administration** {{tablelayout?rowsHeaderSource=Auto}} ^ Ipsec Administration ^ ^ | IPsec administrative status | enable | | Propose NAT traversal | checked | | Enable IKEv2 Make-before-Break | unchecked | | Restart on link change | checked | Apply new settings. Now the netmodule router should connect to Fritzbox and both should share there networks. You also can use a config and update your values: ipsec.status=1 ipsec.0.remote.serverIp=netmodule.ddns.net ipsec.0.ike.psk=[enc]sTs/CogAt7bpw4I76mok6w== ipsec.0.ike.mode=aggressive ipsec.0.ike.hash=sha1 ipsec.0.ike.dh=modp1024 ipsec.0.ike.localId=1.2.3.4 ipsec.0.ike.remoteId=netmdoule.ddns.net ipsec.0.ike.remoteIdType=FQDN ipsec.0.esp.hash=sha1 ipsec.0.esp.pfs=1 ipsec.0.dpd.status=0 ipsec.0.local.0.lanAddress=192.168.1.0 ipsec.0.local.0.lanMask=255.255.255.0 ipsec.0.local.0.natAddress=- ipsec.0.remote.0.lanAddress=192.168.178.0 ipsec.0.remote.0.lanMask=255.255.255.0