VPN IPSec IPFire to FritzBox 7590

Hello, we are running several networks connected via IPFire with IP-Sec. Now at one location unfortunately no commissioning of an IP-Fire system is possible, here I would have to establish a VPN IP-Sec connection with the FritzBox 7590 to our main location (IP Fire). Unfortunately, even after my thorough research on the net, I did not find anything that worked.

Is there anyone here who has ever gotten such a combination to work?

1 Like

hello densu,

we have been running ipsec n2n between ipfire and fritzbox 7490 until 2017. There was a thread in the old forum (closed now) discussing that, especially the ipfire config. This solution was very reliable and worked for several years. Unfortunately i have only little documentation (we do not use this any more), but I found the fritzbox configuration file that we used. On the ipfire side - as far as I remember - only a very few number of options was able to be used/activated. I hope this will help:

vpncfg {
connections {
enabled = yes;
conn_type = conntype_lan;
name = “{fritzbox_internal_connection_name_here}”;
always_renew = yes;
reject_not_encrypted = no;
dont_filter_netbios = yes;
localip = 0.0.0.0;
local_virtualip = 0.0.0.0;
remoteip = 0.0.0.0;
remote_virtualip = 0.0.0.0;
remotehostname = “{ipfire_public_dns_entry}”;
localid {
fqdn = “{fritbox_public_dns_entry}”;
}
remoteid {
fqdn = “{ipfire_public_dns_entry}”;
}
mode = phase1_mode_idp;
phase1ss = “all/all/all”;
keytype = connkeytype_pre_shared;
key = “{preshared_key_here}”;
cert_do_server_auth = no;
use_nat_t = yes;
use_xauth = no;
use_cfgmode = no;
phase2localid {
ipnet {
ipaddr = {fritbox_network_here_eg_192.168.212.0};
mask = {fritzbox_network_mask_here_eg_255.255.255.0};
}
}
phase2remoteid {
ipnet {
ipaddr = {ipfire_green_network_here_eg_192.168.16.0};
mask = {ipfire_green_network_here_eg_192.168.16.0};
}
}
phase2ss = “esp-all-all/ah-all/comp-all/pfs”;
accesslist = “permit ip any {ipfire_green_network_here_eg_192.168.16.0} {ipfire_green_network_here_eg_192.168.16.0}”;
}
ike_forward_rules = “udp 0.0.0.0:500 0.0.0.0:500”,
“udp 0.0.0.0:4500 0.0.0.0:4500”;
}

// EOF

1 Like