Configurare VPN su FRITZ!Box (various models)

Published by TheJoe on

Estimated reading time: 4 minutes


This article was published more than a year ago, there may have been developments.
Please take this into account.

In this article we will deal with create a VPN connection via a PC with Linux and a FRITZ!Box 4020. The instructions in this guide also apply to other FRITZ routers!Box then if the 4020 it is not your model however try to follow the guide, often the steps are identical.

First you need to know that FRITZ!Box integrate a function called “dynamic DNS“. If you are familiar with the famous service “dyndns” you will know that with this function your router will be reachable from the outside, on an address that is always the same, even when the router's public IP address changes.

The same result can be achieved by registering a free MyFRITZ account! directly from the administrative interface of the router. In addition to remote HTTPS access to the router, this system allows you to keep all FRITZ routers under control!Box register on the site and be able to access it quickly. I will use this second option.

The router configuration page

Once the account is registered, we will find our router by logging into our account on

In my case, my home router is the only one configured. By clicking on it we will be redirected to the login page of the actual router, on which we must have already set the possibility of logging in remotely.


To connect a computer to a VPN, there must be no IP conflicts between the local network and the remote network. If there is a local device and a remote device with the same local IP the computer, even by activating the VPN, it will only connect to the local device.

If this is the problem, it is still possible to modify the entire FRITZ network!Box (or any other router) quite simply.

Home network > Home network diagram > Network settings > IPv4 addresses

From this page we can change the whole network. Let's assume that the starting network is configured with this class: ““. The remote router will have to be configured by assigning the class “192.168.x.0” (x = “any number between 1 and 255, different from 1“. In our case I have assigned

It is also possible to keep the same class if you want, but there is a risk that two devices (remote and local) share the same IP, maybe automatically assigned via DHCP. Better to avoid it right away.

Look here:  Migrate a site in PHP / MySQL as an Apache server to another

We configure the router user who will be able to access the VPN service

System > Utente FRITZ!Box

In this section, the user who will have access to the VPN must be added. Click on “Add user“, we create the authentication credentials and at the bottom of the page we select the box “VPN“. Click “Applica” to confirm.

We just started a VPN.

The settings have been saved on the router. To recall them, click on the button “modification” ( ), and at the bottom of the page on the link “Show VPN settings“.

Here we find the instructions to configure iOS or Android devices. The information is simple and clear and I shouldn't go into this too much.

However, I recommend keeping these settings handy, because we will need them on the computer we will use to connect to the VPN.

Let's set up the VPN on the computer

I have tried several GUI solutions to connect to the VPN, is the connection editor built into Gnome, be “nm-connection-editor“. Both appear to be two simple and functional programs, too bad I can't connect them to my VPN in any way for the simple fact that I can't find the button anywhere “Connect“. If anyone has had more luck let me know in the comments.

When I lost hope looking through the GUIs, I turned to CLI applications and I must say that if I had done it before I would have saved a lot of time. The program that saved me is vpnc.

To install it on Debian just run:

~# apt install vpnc

After installing it, you need to create a configuration file and save it in /etc/vpnc/vpn-casa.conf.

The content of the file will be as follows:

IPSec gateway   l'indirizzo del FRITZ!Box
IPSec ID        l'utente "vpn-user" configurato poco fa
IPSec secret    nelle impostazioni del router si chiama "Shared secret"
IKE Authmode    psk
Xauth username  ancora l'utente "vpn-user"
Xauth password  la password assegnata all'utente

Once the file has been saved we will have to start it with the command:

~# vpnc /etc/vpnc/vpn-casa.conf
VPNC started in background (pid: 23306)...

To terminate the connection we will launch:

~# vpnc-disconnect

Now I can make a backup of my data even remotely.


I keep this blog as a hobby by 2009. I am passionate about graphic, technology, software Open Source. Among my articles will be easy to find music, and some personal thoughts, but I prefer the direct line of the blog mainly to technology. For more information contact me.


Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.