Knowledge Base
AVM Content
- FRITZ!Box 7690
- FRITZ!Box 7682
- FRITZ!Box 7590 AX
- FRITZ!Box 7590
- FRITZ!Box 7583 VDSL
- FRITZ!Box 7583
- FRITZ!Box 7582
- FRITZ!Box 7581
- FRITZ!Box 7560
- FRITZ!Box 7530 AX
- FRITZ!Box 7530
- FRITZ!Box 7520
- FRITZ!Box 7510
- FRITZ!Box 7490
- FRITZ!Box 7430
- FRITZ!Box 7390
- FRITZ!Box 7360
- FRITZ!Box 6890 LTE
- FRITZ!Box 6860 5G
- FRITZ!Box 6850 5G
- FRITZ!Box 6850 LTE
Cannot establish a VPN connection between two FRITZ! networks
The VPN connection between two FRITZ! networks (FRITZ!Box network or FRITZ!Repeater network) is not established. One of the following error messages may be displayed in the event log of the FRITZ!Repeater:
- "IKE-Error 0x1c"
- "IKE-Error 0x2005"
- "IKE-Error 0x2020"
- "IKE-Error 0x2027"
Simply proceed as described below. After each measure, check whether the problem is solved.
Note:All instructions on configuration and settings given in this guide refer to the latest FRITZ!OS for the FRITZ!Repeater.
1 FRITZ! network cannot be reached in the internet
You can only establish a VPN connection between two FRITZ! networks if at least one of the two FRITZ! networks has an IPv6 or IPv4 address that can be reached on the internet. If both of the FRITZ! networks only have a private IPv4 address, it is not possible to establish VPN connections.
You can find out whether the FRITZ!Repeater has an IP address that can be reached on the internet using the guide Checking accessibility of the FRITZ!Repeater in the internet.
Note:If you use MyFRITZ!, you can also check the IP addresses of your FRITZ!Repeater from on the go in the Device Overview of your MyFRITZ! account at myfritz.net in the section "FRITZ!Repeater Information and Access Options".
2 Permanently maintaining the internet connection of the remote FRITZ! network
To ensure that the remote FRITZ! network is always reachable, configure the FRITZ! product (FRITZ!Box or FRITZ!Repeater) that establishes the internet connection in the remote network so that it permanently maintains the internet connection:
- Open the user interface of the FRITZ!Box or the FRITZ!Repeater you want to establish the VPN connection to.
- Click "Internet" and then "Account Information" or "Type of Connection".
- Click "Change connection settings".
- Enable the option "Maintain permanently (recommended for flat rates)". If the option is not shown, then the internet connection is already permanently established.
- Click "Apply" to save the settings.
3 Internet connection of the remote FRITZ! network is disrupted
- Open the user interface of the FRITZ!Box or the FRITZ!Repeater you want to establish the VPN connection to.
- Click "System" and then "Event Log".
- If you find error messages such as "DSL not responding" or "PPPoE error" that correspond to your attempts to establish a VPN connection, resolve the problems with the remote FRITZ! network's internet connection. If necessary, consult your internet service provider.
4 MyFRITZ! address of the remote FRITZ! network cannot be reached
If the VPN connection occasionally cannot be established, there may be an issue with the MyFRITZ! service. Therefore, check whether the FRITZ! product (FRITZ!Box or FRITZ!Repeater) that establishes the internet connection in the remote network is successfully registered with MyFRITZ! when you try to establish the VPN connection:
- Open the user interface of the FRITZ!Box or the FRITZ!Repeater you want to establish the VPN connection to.
- Click "Internet" and then "Online Monitor".
- If MyFRITZ! is active, continue with the next section.
- If MyFRITZ! is displayed as not active, wait until the technical issues have been resolved and try to establish the VPN connection at a later time. If the error is permanent, reconfigure the MyFRITZ! account.
5 Correcting the internet address of the remote FRITZ! network
If you want to connect two FRITZ! networks via IPSec (LAN-LAN linkup), enter the MyFRITZ! address for the remote FRITZ! network in the FRITZ!Repeater again.
- Click "Internet" in the user interface of the FRITZ!Repeater.
- Click "Permit Access" in the "Internet" menu.
- Click on the "VPN (IPSec)" tab.
- Click the
(Edit) button next to the respective VPN connection. - Enter the MyFRITZ! address of the remote FRITZ! product (kw23qbmnj31x5aw75.myfritz.net) in the field "Web address".
Note:The MyFRITZ! address is displayed under "Internet > MyFRITZ! Account" in the section "MyFRITZ! Internet Access " of the user interface of the remote FRITZ! product.
- Click "Apply" to save the settings and on the FRITZ!Repeater, confirm that the procedure may be executed, if you are asked to do so.
6 Adjusting the VPN settings
If you connected two FRITZ! networks via IPSec and only one of the two FRITZ! networks has a public IP address, the option "Hold VPN connection permanently" may only be enabled in the FRITZ!Box or the FRITZ!Repeater with the private IP address:
Adjusting the VPN settings in the FRITZ! network with a public IP address
- Open the user interface of the FRITZ!Box or the FRITZ!Repeater with the public IP address.
- Click "Internet" and then "Permit Access".
- Click on the "VPN (IPSec)" tab.
- Click the (Edit) button next to the respective VPN connection.
- Disable the option "Hold VPN connection permanently".
- Enter the password required to establish the VPN connection in the field "VPN password (pre-shared key)".
- Click "Apply" to save the settings and confirm that the procedure may be executed, if you are asked to do so.
Adjusting the VPN settings in the FRITZ! network with a private IP address
- Open the user interface of the FRITZ!Box or the FRITZ!Repeater without a public IP address.
- Click "Internet" and then "Permit Access".
- Click on the "VPN (IPSec)" tab.
- Click the (Edit) button next to the respective VPN connection.
- Enable the option "Hold VPN connection permanently".
- Enter the password required to establish the VPN connection in the field "VPN password (pre-shared key)".
- Click "Apply" to save the settings and confirm that the procedure may be executed, if you are asked to do so.
7 Attempting to connect to the remote network at a later time
This section only applies if the VPN connection occasionally cannot be established and the message "IKE-Error 0x2020" is displayed in the event log of one of the FRITZ! products (FRITZ!Box or FRITZ!Repeater):
When one of the two FRITZ! networks is working at high capacity while attempting to establish a VPN connection, an error may occur when synchronizing the VPN passwords (preshared keys). In this case the VPN connection cannot be established.
In this case, try accessing the shared files or services in the remote FRITZ! network at a later time. The VPN connection is automatically re-established whenever a query is sent from one FRITZ! network to a device in the other FRITZ! network.
8 Deleting a VPN connection and reconfiguring it
If the VPN connection can never be established, then the VPN settings in one or both of the FRITZ! networks are incorrect. Therefore, reconfigure the VPN connection:
Deutschland
International (English)
United Kingdom
Österreich
Nederland
España
Italia
Polska
België (Nederlands)
Luxemburg (Deutsch)
Schweiz (Deutsch)