This page describes a LAN2LAN connection between netmodule router and fritzbox router. This has been tested with Netmodule SW 4.5.0.106 and Fritz!OS: 07.28.
At first, we configure the Fritzbox to accept VPN LAN2LAN connection. Make sure your FritzBox has a static IP or set up DnynamicDNS. In Our example we use DynamiDNS with the hostname: netbox.ddns.net Instructions can be found at AVM https://avm.de/service/wissensdatenbank/dok/FRITZ-Box-7590/30_Dynamic-DNS-in-FRITZ-Box-einrichten/
Internet → Permit Access → VPN: Add VPN Connection
“Connect your home network with another FRITZ!Box network (LAN-LAN linkup)”
VPN Connection | |
---|---|
VPN password (pre-shared key) | admin01admin01 |
Name of the VPN connection | LAN2LAN |
Web address of the remote site* | 1.2.3.4 |
Web address of this FRITZ!Box*2 | netmodule.ddns.net |
Remote network | 192.168.1.0 |
Subnet mask | 255.255.255.0 |
Hold VPN connection permanently | checked |
*This value needs to be set on Netmodule Router as LocalID, Local ID Type IP-Address Click OK to save the changes.
*2 Please use your configured hostname.
Now we can configure the netmodule router:
Goto VPN→IPSEC Tunnel Configuration:
Tunnel Configuration | |
---|---|
Administrative status | enabled |
Config mode | standard |
Local address | 0.0.0.0 |
Remote peer address | netmodule.ddns.net |
Uncheck Dead Peer Detection (DPD) Administrative status.
IKE Proposal:
IKE Proposal | |
---|---|
Key exchange | IKEv1 |
Authentication type | pre-shared key |
PSK | The key you choose in 1). In our case “admin01admin01” |
Local ID type | IP Address |
Local ID | Choosen in 3. In our case 1.2.3.4 |
Peer ID type | Full Qualified Domain Name (FQDN) |
Peer ID | netmodule.ddns.net |
IKE Proposal (Phase 1)
IKE Proposal (Phase 1) | |
---|---|
Negotiation mode | aggressive |
Encryption algorithm | aes256 |
Authentication algorithm | sha1 |
Diffie-Hellman group | Group2 (modp1024) |
Pseudo-random function | undefined |
SA life time | 86400 |
IPsec Proposal (IKE Phase 2)
IPsec Proposal (IKE Phase 2) | |
---|---|
Encapsulation mode | Tunnel |
IPsec protocol | ESP |
Encryption algorithm | aes256 |
Authentication algorithm | sha1 |
SA life time | 28800 |
Perfect forward secrecy (PFS) | Check, use DH-Group “use from phase 1” |
Force encapsulation | unchecked |
Networks
Networks | |
---|---|
Local network | 192.168.1.0 (Used in 4) |
Local netmask | 255.255.255.0 (Used in 4) |
Peer network | 192.168.178.0 (This is the fritzbox network) |
Peer netmask | 255.255.255.0 (This is the fritzbox netmask) |
NAT | Uncheck |
Save setting by hitting the hook button.
Ipsec Administration
Ipsec Administration | |
---|---|
IPsec administrative status | enable |
Propose NAT traversal | checked |
Enable IKEv2 Make-before-Break | unchecked |
Restart on link change | checked |
Apply new settings. Now the netmodule router should connect to Fritzbox and both should share there networks.
You also can use a config and update your values: