NetModule Router Wiki

User Tools

Site Tools

This page describes a LAN2LAN connection between netmodule router and fritzbox router. This has been tested with Netmodule SW 4.5.0.106 and Fritz!OS: 07.28.

At first, we configure the Fritzbox to accept VPN LAN2LAN connection. Make sure your FritzBox has a static IP or set up DnynamicDNS. In Our example we use DynamiDNS with the hostname: netbox.ddns.net Instructions can be found at AVM https://avm.de/service/wissensdatenbank/dok/FRITZ-Box-7590/30_Dynamic-DNS-in-FRITZ-Box-einrichten/

Internet → Permit Access → VPN: Add VPN Connection

“Connect your home network with another FRITZ!Box network (LAN-LAN linkup)”

VPN Connection
VPN password (pre-shared key) admin01admin01
Name of the VPN connection LAN2LAN
Web address of the remote site* 1.2.3.4
Web address of this FRITZ!Box*2 netmodule.ddns.net
Remote network 192.168.1.0
Subnet mask 255.255.255.0
Hold VPN connection permanently checked

*This value needs to be set on Netmodule Router as LocalID, Local ID Type IP-Address Click OK to save the changes.

*2 Please use your configured hostname.

Now we can configure the netmodule router:

Goto VPN→IPSEC Tunnel Configuration:

Tunnel Configuration
Administrative status enabled
Config mode standard
Local address 0.0.0.0
Remote peer address netmodule.ddns.net

Uncheck Dead Peer Detection (DPD) Administrative status.

IKE Proposal:

IKE Proposal
Key exchange IKEv1
Authentication type pre-shared key
PSK The key you choose in 1). In our case “admin01admin01”
Local ID type IP Address
Local ID Choosen in 3. In our case 1.2.3.4
Peer ID type Full Qualified Domain Name (FQDN)
Peer ID netmodule.ddns.net

IKE Proposal (Phase 1)

IKE Proposal (Phase 1)
Negotiation mode aggressive
Encryption algorithm aes256
Authentication algorithm sha1
Diffie-Hellman group Group2 (modp1024)
Pseudo-random function undefined
SA life time 86400

IPsec Proposal (IKE Phase 2)

IPsec Proposal (IKE Phase 2)
Encapsulation mode Tunnel
IPsec protocol ESP
Encryption algorithm aes256
Authentication algorithm sha1
SA life time 28800
Perfect forward secrecy (PFS) Check, use DH-Group “use from phase 1”
Force encapsulation unchecked

Networks

Networks
Local network 192.168.1.0 (Used in 4)
Local netmask 255.255.255.0 (Used in 4)
Peer network 192.168.178.0 (This is the fritzbox network)
Peer netmask 255.255.255.0 (This is the fritzbox netmask)
NAT Uncheck

Save setting by hitting the hook button.

Ipsec Administration

Ipsec Administration
IPsec administrative status enable
Propose NAT traversal checked
Enable IKEv2 Make-before-Break unchecked
Restart on link change checked

Apply new settings. Now the netmodule router should connect to Fritzbox and both should share there networks.

You also can use a config and update your values:

USER
ipsec.status=1 ipsec.0.remote.serverIp=netmodule.ddns.net ipsec.0.ike.psk=[enc]sTs/CogAt7bpw4I76mok6w== ipsec.0.ike.mode=aggressive ipsec.0.ike.hash=sha1 ipsec.0.ike.dh=modp1024 ipsec.0.ike.localId=1.2.3.4 ipsec.0.ike.remoteId=netmdoule.ddns.net ipsec.0.ike.remoteIdType=FQDN ipsec.0.esp.hash=sha1 ipsec.0.esp.pfs=1 ipsec.0.dpd.status=0 ipsec.0.local.0.lanAddress=192.168.1.0 ipsec.0.local.0.lanMask=255.255.255.0 ipsec.0.local.0.natAddress=- ipsec.0.remote.0.lanAddress=192.168.178.0 ipsec.0.remote.0.lanMask=255.255.255.0

Page Tools

app-notes/ipsec-fritzbox.txt · Last modified: 2021/11/25 09:00 by klueppel