NetModule Router Wiki

User Tools

Site Tools

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
app-notes:ipsec-fritzbox [2021/11/24 10:09] – [Table] klueppelapp-notes:ipsec-fritzbox [2021/11/25 09:00] (current) klueppel
Line 2: Line 2:
 This has been tested with Netmodule SW 4.5.0.106 and Fritz!OS: 07.28. This has been tested with Netmodule SW 4.5.0.106 and Fritz!OS: 07.28.
  
-At first, we configure the Fritzbox to accept VPN LAN2LAN connection.+At first, we configure the Fritzbox to accept VPN LAN2LAN connection. Make sure your FritzBox has a static IP or set up DnynamicDNS. In Our example we use DynamiDNS with the hostname: netbox.ddns.net 
 +Instructions can be found at AVM https://avm.de/service/wissensdatenbank/dok/FRITZ-Box-7590/30_Dynamic-DNS-in-FRITZ-Box-einrichten/
  
-Internet -> Freigaben -> Tab VPN: VPN Verbinung hinzufügen.+Internet -> Permit Access -> VPN: Add VPN Connection
  
-"Ihr Heimnetz mit einem anderen FRITZ!Box-Netzwerk verbinden (LAN-LAN-Kopplung)"+"Connect your home network with another FRITZ!Box network (LAN-LAN linkup)"
  
-  - Please choose a VPN Preshared key, in our example we use "admin01admin0" +{{tablelayout?rowsHeaderSource=Auto}} 
-  Name der VPN-Verbindung: We choose LAN2LAN (this is only for internal use for the fritzbox) +VPN Connection                                       ^ 
-  - Internet-Addresse der Gegenstelle: 1.2.3.4 (This is used as Local-ID in NM-Router and must not be reachble) +| VPN password (pre-shared key)    | admin01admin01      | 
-  - Internet-Addresse dieser Fritz!Box: Please insert your DynamicDNS name of you fritzbox. For example netmodule.ddns.net +Name of the VPN connection       LAN2LAN             | 
-  - Entferntes Netzwerk: This is the Subnet shared by Netmodule Router. In our case we use: 192.168.1.0255.255.255.0 +| Web address of the remote site*  1.2.3.4            | 
-  - Check "VPN-Verbindung dauerthaft halten"+| Web address of this FRITZ!Box*2  | netmodule.ddns.net  | 
 +| Remote network                   192.168.1.0         | 
 +| Subnet mask                      | 255.255.255.0       | 
 +| Hold VPN connection permanently  | checked             |
  
 +*This value needs to be set on Netmodule Router as LocalID, Local ID Type IP-Address
 Click OK to save the changes. Click OK to save the changes.
 +
 +*2 Please use your configured hostname.
  
 Now we can configure the netmodule router: Now we can configure the netmodule router:
Line 25: Line 32:
 |            Config mode |                                     standard | |            Config mode |                                     standard |
 |          Local address |                                      0.0.0.0 | |          Local address |                                      0.0.0.0 |
-|    Remote peer address |  netmodule.ddns.net (This has been set in 4) |+|    Remote peer address |                           netmodule.ddns.net |
  
  
Line 57: Line 64:
 {{tablelayout?rowsHeaderSource=Auto}} {{tablelayout?rowsHeaderSource=Auto}}
 ^ IPsec Proposal (IKE Phase 2)                                           ^ ^ IPsec Proposal (IKE Phase 2)                                           ^
-| Encapsulation mode             Tunnel                                  |+| Encapsulation mode                                              Tunnel |
 | IPsec protocol                                                     ESP | | IPsec protocol                                                     ESP |
 | Encryption algorithm                                            aes256 | | Encryption algorithm                                            aes256 |
 | Authentication algorithm                                          sha1 | | Authentication algorithm                                          sha1 |
-| SA life time                   28800                                   |+| SA life time                                                     28800 |
 | Perfect forward secrecy (PFS)  |  Check, use DH-Group "use from phase 1" | | Perfect forward secrecy (PFS)  |  Check, use DH-Group "use from phase 1" |
-| Force encapsulation            | unchecked                               |+| Force encapsulation            |                               unchecked |
  
 **Networks** **Networks**
Line 78: Line 85:
 **Ipsec Administration** **Ipsec Administration**
 {{tablelayout?rowsHeaderSource=Auto}} {{tablelayout?rowsHeaderSource=Auto}}
-                                ^            ^+ Ipsec Administration           ^            ^
 | IPsec administrative status     | enable     | | IPsec administrative status     | enable     |
 | Propose NAT traversal           | checked    | | Propose NAT traversal           | checked    |
Line 85: Line 92:
  
 Apply new settings. Now the netmodule router should connect to Fritzbox and both should share there networks. Apply new settings. Now the netmodule router should connect to Fritzbox and both should share there networks.
 +
 +You also can use a config and update your values: 
 +<konsole>
 +ipsec.status=1
 +ipsec.0.remote.serverIp=netmodule.ddns.net
 +ipsec.0.ike.psk=[enc]sTs/CogAt7bpw4I76mok6w==
 +ipsec.0.ike.mode=aggressive
 +ipsec.0.ike.hash=sha1
 +ipsec.0.ike.dh=modp1024
 +ipsec.0.ike.localId=1.2.3.4
 +ipsec.0.ike.remoteId=netmdoule.ddns.net
 +ipsec.0.ike.remoteIdType=FQDN
 +ipsec.0.esp.hash=sha1
 +ipsec.0.esp.pfs=1
 +ipsec.0.dpd.status=0
 +ipsec.0.local.0.lanAddress=192.168.1.0
 +ipsec.0.local.0.lanMask=255.255.255.0
 +ipsec.0.local.0.natAddress=-
 +ipsec.0.remote.0.lanAddress=192.168.178.0
 +ipsec.0.remote.0.lanMask=255.255.255.0
 +</konsole>
 +
  
  

Page Tools

app-notes/ipsec-fritzbox.1637748550.txt.gz · Last modified: 2021/11/24 10:09 by klueppel