User Tools
Site Tools
This is an old revision of the document!
This page describes a LAN2LAN connection between netmodule router and fritzbox router. This has been tested with Netmodule SW 4.5.0.106 and Fritz!OS: 07.28.
At first, we configure the Fritzbox to accept VPN LAN2LAN connection.
Internet → Permit Access → VPN: Add VPN Connection
“Connect your home network with another FRITZ!Box network (LAN-LAN linkup)”
- Please choose a VPN Preshared key, in our example we use “admin01admin0”
- Name der VPN-Verbindung: We choose LAN2LAN (this is only for internal use for the fritzbox)
- Internet-Addresse der Gegenstelle: 1.2.3.4 (This is used as Local-ID in NM-Router and must not be reachble)
- Internet-Addresse dieser Fritz!Box: Please insert your DynamicDNS name of you fritzbox. For example netmodule.ddns.net
- Entferntes Netzwerk: This is the Subnet shared by Netmodule Router. In our case we use: 192.168.1.0/ 255.255.255.0
- Check “VPN-Verbindung dauerthaft halten”
Click OK to save the changes.
Now we can configure the netmodule router:
Goto VPN→IPSEC Tunnel Configuration:
| Tunnel Configuration | |
|---|---|
| Administrative status | enabled |
| Config mode | standard |
| Local address | 0.0.0.0 |
| Remote peer address | netmodule.ddns.net (This has been set in 4) |
Uncheck Dead Peer Detection (DPD) Administrative status.
IKE Proposal:
| IKE Proposal | |
|---|---|
| Key exchange | IKEv1 |
| Authentication type | pre-shared key |
| PSK | The key you choose in 1). In our case “admin01admin01” |
| Local ID type | IP Address |
| Local ID | Choosen in 3. In our case 1.2.3.4 |
| Peer ID type | Full Qualified Domain Name (FQDN) |
| Peer ID | netmodule.ddns.net |
IKE Proposal (Phase 1)
| IKE Proposal (Phase 1) | |
|---|---|
| Negotiation mode | aggressive |
| Encryption algorithm | aes256 |
| Authentication algorithm | sha1 |
| Diffie-Hellman group | Group2 (modp1024) |
| Pseudo-random function | undefined |
| SA life time | 86400 |
IPsec Proposal (IKE Phase 2)
| IPsec Proposal (IKE Phase 2) | |
|---|---|
| Encapsulation mode | Tunnel |
| IPsec protocol | ESP |
| Encryption algorithm | aes256 |
| Authentication algorithm | sha1 |
| SA life time | 28800 |
| Perfect forward secrecy (PFS) | Check, use DH-Group “use from phase 1” |
| Force encapsulation | unchecked |
Networks
| Networks | |
|---|---|
| Local network | 192.168.1.0 (Used in 4) |
| Local netmask | 255.255.255.0 (Used in 4) |
| Peer network | 192.168.178.0 (This is the fritzbox network) |
| Peer netmask | 255.255.255.0 (This is the fritzbox netmask) |
| NAT | Uncheck |
Save setting by hitting the hook button.
Ipsec Administration
| Ipsec Administration | |
|---|---|
| IPsec administrative status | enable |
| Propose NAT traversal | checked |
| Enable IKEv2 Make-before-Break | unchecked |
| Restart on link change | checked |
Apply new settings. Now the netmodule router should connect to Fritzbox and both should share there networks.