FRITZ!Box 4020 Service - Knowledge Base

FRITZ!Box 4020 Service

Using the Shrew Soft VPN Client to set up a VPN connection to the FRITZ!Box

The Shrew Soft VPN Client software allows you to establish a secure VPN (Virtual Private Network) connection over the internet from a Windows computer to your FRITZ!Box and then access all of the devices and services in the home network of your FRITZ!Box.

The standard edition of the Shrew Soft VPN Client is available as a free download for Windows 8 / 7 (64-bit and 32-bit) as well as for Linux and BSD. The VPN Client does not officially support Windows 10. However, according to our experience, the VPN Client can also be used in Windows 10.

Example values used in this guide

In this guide we show you how to connect a computer with Shrew Soft VPN Client 2.2.2 with the FRITZ!Box. When you set up your connection, replace the values used in this example with actual ones.

  • MyFRITZ! domain name of the FRITZ!Box:
  • User name of the FRITZ!Box user:
    John Smith
  • Password of the FRITZ!Box user:
  • Shared secret of the FRITZ!Box user:

Requirements / Restrictions

  • The FRITZ!Box must establish its own connection to the internet using a modem (for example a DSL or cable modem).
  • The FRITZ!Box must obtain a public IPv4 address from the internet service provider.

    Important:The FRITZ!Box cannot be accessed from the internet over IPv4 when used on an internet connection with DS-Lite tunnel. If a DS-Lite tunnel is enabled, this is displayed under "Connections" on the "Overview" page of the FRITZ!Box user interface.

Note:The configuration procedure and notes on functions given in this guide refer to the latest FRITZ!OS for the FRITZ!Box.

1 Preparations

Setting up MyFRITZ!

With MyFRITZ! you can even access the FRITZ!Box over the internet at all times if the FRITZ!Box receives a different public IP address from your internet service provider on a regular basis:

Note:If you already use a different dynamic DNS service, you can also use this service instead of MyFRITZ!.

Adjusting the FRITZ!Box's IP network

Both ends of a VPN connection must have IP addresses in different IP networks. VPN communication cannot occur if your computer is connected to a router (for example another FRITZ!Box) that uses the same IP network as your FRITZ!Box.

Note:All FRITZ!Boxes use the IP network in the factory settings.

Assign an IP address to your FRITZ!Box that differs from the IP addresses of the routers you will use to connect to the FRITZ!Box, for example (subnet mask

  1. Click "Home Network" in the FRITZ!Box user interface.
  2. Click "Home Network Overview" in the "Home Network" menu.
  3. Click on the "Network Settings" tab.
  4. Click the "IPv4 Addresses" button.
  5. Enter the desired IP address and subnet mask.
  6. Click "OK" to save the settings.

2 Setting up a VPN connection in the FRITZ!Box

Set up a different user for each VPN connection in the FRITZ!Box:

  1. Click "System" in the FRITZ!Box user interface.
  2. Click "FRITZ!Box Users" in the "System" menu.
  3. Click the (Edit) button for the user who intends to connect to the FRITZ!Box via VPN. If you have not set up any users yet:
    1. Click the "Add User" button.
    2. Enter a name and password for the user in the corresponding fields.
  4. Enable the option "VPN".
  5. Click "OK" to save the settings.

Now the FRITZ!Box sets up the VPN rights for this FRITZ!Box user.
A window displaying the VPN settings for the FRITZ!Box user then opens automatically.

Note:You can open this window any time by clicking "Show VPN Settings" in the settings for the FRITZ!Box user.

3 Setting up a VPN connection in the Shrew Soft VPN Client

Set up the VPN connection in the Shrew Soft VPN Client using the VPN settings displayed in the FRITZ!Box user interface for the FRITZ!Box user:

Note:You can access the VPN settings if you select "System > FRITZ!Box Users" in the user interface, call up the settings for the user, and click "Show VPN Settings".

  1. Start the Shrew Soft VPN Access Manager and click the "Add" button.
    • The "VPN Site Configuration" window opens.
  2. On the "General" tab, enter the MyFRITZ! domain name of the FRITZ!Box ( in the "Host Name or IP Address" field.
  3. Configure the following settings on the "Authentication" tab:
    1. Select "Mutual PSK + XAuth" from the drop-down list "Authentication Method".
    2. On the "Local Identity" tab, select "Key Identifier" from the drop-down list "Identification Type" and enter the user name of the FRITZ!Box user (John Smith) in the "Key String ID" field.
    3. On the "Remote Identity" tab, select "IP Address" from the drop-down list "Identification Type".
    4. On the "Credentials" tab, enter the "shared secret" of the FRITZ!Box user (Zj7hPCouK65IrPU4) in the field "Pre Shared Key". The "shared secret" is displayed in the VPN settings of the user in the section "iPhone, iPad or iPod touch".
  4. If the entire data traffic - requests from the remote FRITZ!Box network as well as all web requests - should be forwarded over the VPN connection, click "Save" to save the settings. The configuration is now completed.
  5. If only requests to the remote FRITZ!Box network should be forwarded over the VPN connection and the local internet connection should still be used for web requests, configure the following settings:
    1. Click on the "Name Resolution" tab.
    2. Disable the option "Enable DNS" on the "DNS" tab.
    3. Disable the option "Enable WINS" on the "WINS" tab.
    4. Click on the "Policy" tab.
    5. Select "shared" from the drop-down list "Policy Generation Level".
    6. Disable the option "Obtain Topology Automatically or Tunnel All".
    7. Click the "Add" button.
      • The "Topology Entry" window opens.
    8. Enter the IP network of the FRITZ!Box ( in the "Address" field and the corresponding subnet mask ( in the "Netmask" field, then click "OK".
    9. Click "Save" to save the settings.

Now the VPN connection to the FRITZ!Box has been configured.

4 Establishing a VPN connection

  1. Start the Shrew Soft VPN Access Manager.
  2. Select the VPN connection in the VPN Access Manager and click "Connect".
  3. In the corresponding fields, enter the user name and password of the FRITZ!Box user you set the VPN connection up for and click "Connect".

Now the VPN connection is established.

Note:Active VPN connections are displayed under "Internet > Permit Access > VPN" and "Internet > Online Monitor" in the FRITZ!Box user interface.