This page describes a LAN2LAN connection between netmodule router and fritzbox router. This has been tested with Netmodule SW and Fritz!OS: 07.28.

At first, we configure the Fritzbox to accept VPN LAN2LAN connection. Make sure your FritzBox has a static IP or set up DnynamicDNS. In Our example we use DynamiDNS with the hostname: Instructions can be found at AVM

Internet → Permit Access → VPN: Add VPN Connection

“Connect your home network with another FRITZ!Box network (LAN-LAN linkup)”

VPN Connection
VPN password (pre-shared key) admin01admin01
Name of the VPN connection LAN2LAN
Web address of the remote site*
Web address of this FRITZ!Box*2
Remote network
Subnet mask
Hold VPN connection permanently checked

*This value needs to be set on Netmodule Router as LocalID, Local ID Type IP-Address Click OK to save the changes.

*2 Please use your configured hostname.

Now we can configure the netmodule router:

Goto VPN→IPSEC Tunnel Configuration:

Tunnel Configuration
Administrative status enabled
Config mode standard
Local address
Remote peer address

Uncheck Dead Peer Detection (DPD) Administrative status.

IKE Proposal:

IKE Proposal
Key exchange IKEv1
Authentication type pre-shared key
PSK The key you choose in 1). In our case “admin01admin01”
Local ID type IP Address
Local ID Choosen in 3. In our case
Peer ID type Full Qualified Domain Name (FQDN)
Peer ID

IKE Proposal (Phase 1)

IKE Proposal (Phase 1)
Negotiation mode aggressive
Encryption algorithm aes256
Authentication algorithm sha1
Diffie-Hellman group Group2 (modp1024)
Pseudo-random function undefined
SA life time 86400

IPsec Proposal (IKE Phase 2)

IPsec Proposal (IKE Phase 2)
Encapsulation mode Tunnel
IPsec protocol ESP
Encryption algorithm aes256
Authentication algorithm sha1
SA life time 28800
Perfect forward secrecy (PFS) Check, use DH-Group “use from phase 1”
Force encapsulation unchecked


Local network (Used in 4)
Local netmask (Used in 4)
Peer network (This is the fritzbox network)
Peer netmask (This is the fritzbox netmask)
NAT Uncheck

Save setting by hitting the hook button.

Ipsec Administration

Ipsec Administration
IPsec administrative status enable
Propose NAT traversal checked
Enable IKEv2 Make-before-Break unchecked
Restart on link change checked

Apply new settings. Now the netmodule router should connect to Fritzbox and both should share there networks.

You also can use a config and update your values:

ipsec.status=1 ipsec.0.ike.psk=[enc]sTs/CogAt7bpw4I76mok6w== ipsec.0.ike.mode=aggressive ipsec.0.ike.hash=sha1 ipsec.0.ike.dh=modp1024 ipsec.0.ike.localId= ipsec.0.ike.remoteIdType=FQDN ipsec.0.esp.hash=sha1 ipsec.0.esp.pfs=1 ipsec.0.dpd.status=0 ipsec.0.local.0.lanAddress= ipsec.0.local.0.lanMask= ipsec.0.local.0.natAddress=- ipsec.0.remote.0.lanAddress= ipsec.0.remote.0.lanMask=