Differences

This shows you the differences between two versions of the page.

--- app-notes:ipsec-fritzbox [2021/11/24 10:08] – klueppel
+++ app-notes:ipsec-fritzbox [2021/11/25 09:00] (current) – klueppel
@@ Line 2: / Line 2: @@
 This has been tested with Netmodule SW 4.5.0.106 and Fritz!OS: 07.28.
-At first, we configure the Fritzbox to accept VPN LAN2LAN connection.
+At first, we configure the Fritzbox to accept VPN LAN2LAN connection. Make sure your FritzBox has a static IP or set up DnynamicDNS. In Our example we use DynamiDNS with the hostname: netbox.ddns.net
+Instructions can be found at AVM https://avm.de/service/wissensdatenbank/dok/FRITZ-Box-7590/30_Dynamic-DNS-in-FRITZ-Box-einrichten/
-Internet -> Freigaben -> Tab VPN: VPN Verbinung hinzufügen.
+Internet -> Permit Access -> VPN: Add VPN Connection
-"Ihr Heimnetz mit einem anderen FRITZ!Box-Netzwerk verbinden (LAN-LAN-Kopplung)"
+"Connect your home network with another FRITZ!Box network (LAN-LAN linkup)"
-  - Please choose a VPN Preshared key, in our example we use "admin01admin0"
+{{tablelayout?rowsHeaderSource=Auto}}
-  - Name der VPN-Verbindung: We choose LAN2LAN (this is only for internal use for the fritzbox)
+^ VPN Connection                   ^                     ^
-  - Internet-Addresse der Gegenstelle: 1.2.3.4 (This is used as Local-ID in NM-Router and must not be reachble)
+| VPN password (pre-shared key)    | admin01admin01      |
-  - Internet-Addresse dieser Fritz!Box: Please insert your DynamicDNS name of you fritzbox. For example netmodule.ddns.net
+| Name of the VPN connection       | LAN2LAN             |
-  - Entferntes Netzwerk: This is the Subnet shared by Netmodule Router. In our case we use: 192.168.1.0/ 255.255.255.0
+| Web address of the remote site*  | 1.2.3.4            |
-  - Check "VPN-Verbindung dauerthaft halten"
+| Web address of this FRITZ!Box*2  | netmodule.ddns.net  |
+| Remote network                   | 192.168.1.0         |
+| Subnet mask                      | 255.255.255.0       |
+| Hold VPN connection permanently  | checked             |
+*This value needs to be set on Netmodule Router as LocalID, Local ID Type IP-Address
 Click OK to save the changes.
+*2 Please use your configured hostname.
 Now we can configure the netmodule router:
@@ Line 25: / Line 32: @@
 |            Config mode |                                     standard |
 |          Local address |                                      0.0.0.0 |
-|    Remote peer address |  netmodule.ddns.net (This has been set in 4) |
+|    Remote peer address |                           netmodule.ddns.net |
@@ Line 56: / Line 63: @@
 {{tablelayout?rowsHeaderSource=Auto}}
-^   ^   ^
+^ IPsec Proposal (IKE Phase 2)   ^                                         ^
-| Encapsulation mode  | Tunnel  |
+| Encapsulation mode             |                                  Tunnel |
-| IPsec protocol  |  ESP |
+| IPsec protocol                 |                                     ESP |
-| Encryption algorithm |  aes256 |
+| Encryption algorithm           |                                  aes256 |
-| Authentication algorithm |  sha1 |
+| Authentication algorithm       |                                    sha1 |
-| SA life time | 28800 |
+| SA life time                   |                                   28800 |
 | Perfect forward secrecy (PFS)  |  Check, use DH-Group "use from phase 1" |
-| Force encapsulation | unchecked |
+| Force encapsulation            |                               unchecked |
 **Networks**
 {{tablelayout?rowsHeaderSource=Auto}}
-^   ^   ^
+^ Networks       ^                                               ^
-| Local network  | 192.168.1.0 (Used in 4) |
+| Local network  | 192.168.1.0 (Used in 4)                       |
-| Local netmask  | 255.255.255.0 (Used in 4) |
+| Local netmask  | 255.255.255.0 (Used in 4)                     |
-| Peer network  | 192.168.178.0 (This is the fritzbox network) |
+| Peer network   | 192.168.178.0 (This is the fritzbox network)  |
-| Peer netmask  | 255.255.255.0 (This is the fritzbox netmask) |
+| Peer netmask   | 255.255.255.0 (This is the fritzbox netmask)  |
-| NAT | Uncheck  |
+| NAT            | Uncheck                                       |
 Save setting by hitting the hook button.
@@ Line 78: / Line 85: @@
 **Ipsec Administration**
 {{tablelayout?rowsHeaderSource=Auto}}
-^   ^   ^
+^  Ipsec Administration           ^            ^
-| IPsec administrative status | enable |
+| IPsec administrative status     | enable     |
-| Propose NAT traversal  | checked |
+| Propose NAT traversal           | checked    |
-| Enable IKEv2 Make-before-Break  | unchecked |
+| Enable IKEv2 Make-before-Break  | unchecked  |
-| Restart on link change  | checked |
+| Restart on link change          | checked    |
 Apply new settings. Now the netmodule router should connect to Fritzbox and both should share there networks.
+You also can use a config and update your values:
+<konsole>
+ipsec.status=1
+ipsec.0.remote.serverIp=netmodule.ddns.net
+ipsec.0.ike.psk=[enc]sTs/CogAt7bpw4I76mok6w==
+ipsec.0.ike.mode=aggressive
+ipsec.0.ike.hash=sha1
+ipsec.0.ike.dh=modp1024
+ipsec.0.ike.localId=1.2.3.4
+ipsec.0.ike.remoteId=netmdoule.ddns.net
+ipsec.0.ike.remoteIdType=FQDN
+ipsec.0.esp.hash=sha1
+ipsec.0.esp.pfs=1
+ipsec.0.dpd.status=0
+ipsec.0.local.0.lanAddress=192.168.1.0
+ipsec.0.local.0.lanMask=255.255.255.0
+ipsec.0.local.0.natAddress=-
+ipsec.0.remote.0.lanAddress=192.168.178.0
+ipsec.0.remote.0.lanMask=255.255.255.0
+</konsole>

User Tools

Site Tools

Differences

Page Tools