Via the VPN server of the Fritzbox you can set up a secure encrypted client for the remote access from the Internet to the home network. The abbreviation VPN stands for “Virtual Private Network” and enables a secured data connection (“VPN tunnel”) over the unsafe Internet. A VPN tunnel of this kind can also be used in a private environment, as it also elegantly avoids the risks of public hotspots.
Prerequisite: Fritzbox with VPN server must be in the home network
The workshop will show you how to set up secure VPN access on your notebook. Your notebook behaves as if it were directly connected to your home network router via WLAN or network cable. Once your VPN connection is enabled, the entire communication runs through this secured VPN tunnel - even though you are connected to your notebook via a public hotspot. Other computers connected to public access are cut off from your VPN-protected connection. These therefore have no chance of accessing data. The actual communication with the Internet then starts from your Fritzbox at home.
Step 1: Set up Dynamic DNS at the Fritzbox
AVM has integrated the VPN service very early in its Fritzbox home network. The manufacturer provides all the necessary help and a free VPN client for Windows computers.
Step 2: Set up Myfritz and activate the Myfritz account
A VPN server was already on older g-WLAN models as the Fritz box 7170 available. The following workshop refers to the more modern devices, which support the current FritzOS firmware. In addition to numerous new features, FritzOS offers a comfortable DDNS service, which you need urgently for remote access via VPN. Before proceeding with the workshop, check the firmware of your AVM router in the router interface under "System / Firmware Update". Access the configuration interface in the browser with the address http://fritz.box
More about Fritzbox
To be able to dial up later from the Internet on your Fritzbox, you need their public IP address. Since this address changes daily with private DSL connections, you can use a special service such as DDNS or DynDNS. The DDNS service ensures that your Fritzbox is always accessible under the same web address every day, even if its public IP address changes.
Fritzbox routers offer the possibility to use an external DDNS service for this task. However, AVM with the new firmware version FritzOS offers its own, free DDNS service. It is more comfortable and can easily be set up directly from the router setup of the Fritzbox.
In the browser, open the Fritzbox user interface. Go to "Internet / Myfritz" in the menu on the left, select the option "Create new Myfritz account" and enter your valid e-mail address. Also, enter a secure, at least 12-digit Myfritz password for your new account. Write down your Myfritz password. After you click "Next", you can set another password under the same e-mail address. This is the "Fritzbox Internet password". It should be different from the Myfritz password. Make a note of the Fritzbox Internet password, click "Next", and then click "Exit."
Check your e-mail box for a Myfritz mail. Once it is received, open it and click on the registration link. A browser window will open with the terms of use, which you agree to check. Then click the "Activate account" button. You will then return to the AVM router interface. Change again to "Internet / Myfritz". A "green" light should light up under "Status". In the course of this workshop, you will not need the Myfritz user name (e-mail address) and the two passwords, but you should keep the created note in any case.
With activated Myfritz service your Fritzbox is always accessible under a constant web address from the Internet. This web address or DDNS address is displayed in the user interface of your Fritzbox under "Internet / Online-Monitor" in the list to the right of "Myfritz". The front part to the left of the first point is somewhat cryptic. This is for each Fritz box rout individually - the second part is with the domain ending "myfritz.net" with every Fritz box the same. With the Myfritz.net web address, you have met the second requirement that you need to set up a VPN access.
For VPN use, create two configuration files with the file "cfg". The first file you need for the VPN server in the Fritzbox. The second is for the VPN client on your notebook. For the creation, install the AVM tool "Set up Fritzbox remote access" from the AVM homepage. Then start the tool. Click New. A wizard opens: In the first window, select the setting "Remote access for a user" ("4 steps", point 1) and click the "Next" button
In the following window, leave the setting "PC with Fritz remote access". After clicking on "Next", enter an arbitrary user name ("4 steps", point 2) instead of the required e-mail address and use the "Next" button. In the next step, copy the Myfritz.net address of your Fritzbox router into the input field next to "Name of your FritzBox" ("4 steps", point 3). When you click on "Next", you will be prompted "Send all data via the VPN tunnel" ("4 steps", point 4) in the lower part of the following window.
This setting is especially important for the secure use of your remote access at the public hotspot. Confirm with "Next" and then "Finish". The VPN password is automatically generated and also stored in the CFG files. When you click on "Finish", an Explorer window opens. This shows the configuration for the VPN connection. How to copy these to the Fritzbox, read in the "Import VPN configuration" box.
This contains a CFG file, which starts with the fritzbox_ file name. This is the CFG file, which you have to import into the Fritzbox. Another CFG file can be found in the folder. It has the user name of the user entered as the name, and is required later for setting up the VPN client. Copy this CFG file for the Fritzbox from the directory to your desktop. This gives you easier access during import.
Step 3: Determine the web address of the router
The Fritzbox grants only users with the appropriate key access. This key is the second CFG file that was created in Chapter 4. To use the key, install the "FritzFernzugang" tool on your notebook.
Note: For Fritz remote access, there is a version for 32-bit and 64-bit Windows operating systems. If you are not sure what version of Windows is installed on your notebook, press the key combination "Win + Pause". Windows will then display the information about your computer and the operating system installed in a new system window.
Picture gallery
After the installation start "FritzFernzugang" and go to the menu "File / Import ...". Navigate to the directory with the second configuration file. Alternatively, copy the CFG file that is stored in the folder with the user name to the desktop. Then change back to "FritzFernzugang" and import the data beginning with "vpnuser _..." by double-clicking into FritzFernzug.
After the installation start "FritzFernzugang" and go to the menu "File / Import ...". Navigate to the directory with the second configuration file. Alternatively, copy the CFG file that is stored in the folder with the user name to the desktop. Then you switch back to "FritzFernzugang" and import the data, which begin with "vpnuser _...", by double-clicking in FritzFernzug. The new connection appears in the window of "Fritz Fernzugang" as a connection icon and is labeled with the web address
To test the secure VPN access from your notebook to your Fritzbox, you must be outside your home network. You should use another online access at the office or a friend. To make the secure VPN connection to your Fritzbox from there, just double-click on the newly created connection symbol in "FritzFernzug."
Step 4: Copy and import configuration file
Step 5: Set up "VPN remote access" VPN
Step 6: Build remote access from the Internet via VPN
Once the VPN connection is established, the entire network traffic is routed to the Fritzbox via the encrypted VPN tunnel. If you are browsing a public hotspot with your notebook from now on, start FritzFernzugang and go to the connection icon by double-clicking. Once the connection is established, your entire network traffic runs through a secure tunnel to your Fritzbox and only from there "open" into the Internet.
No comments:
Post a Comment