Creating an IPSEC VPN between your iPhone and an AVM Fritz!Box

Aus FHEMWiki

To create a working IPSEC VPN you need the following config file:

vpncfg {
	connections {
		enabled = yes;
		conn_type = conntype_user;
		name = "[NAME OF MY VPN]";
		always_renew = no;
		reject_not_encrypted = no;
		dont_filter_netbios = yes;
		localip = 0.0.0.0;
		local_virtualip = 0.0.0.0;
		remoteip = 0.0.0.0;
		remote_virtualip = 192.168.178.201;
		remoteid {
			key_id = "[MY EMAIL-ADDRESS]";
		}
		mode = phase1_mode_aggressive;
		phase1ss = "all/all/all";
		keytype = connkeytype_pre_shared;
		key = "[PRE-SHARED KEY SECRET]";
		cert_do_server_auth = no;
		use_nat_t = yes;
		use_xauth = yes;
		use_cfgmode = no;
		xauth {
			valid = yes;
			username = "[USERNAME]";
			passwd = "[PASSWORD]";
		}
		phase2localid {
			ipnet {
				ipaddr = 0.0.0.0;
				mask = 0.0.0.0;
			}
		}
		phase2remoteid {
			ipaddr = 192.168.178.201;
		}
		phase2ss = "esp-all-all/ah-none/comp-all/no-pfs";
		accesslist = "permit ip 192.168.178.0 255.255.255.0 192.168.178.201 255.255.255.255";
	}
	ike_forward_rules = "udp 0.0.0.0:500 0.0.0.0:500",
	"udp 0.0.0.0:4500 0.0.0.0:4500";
}
// EOF

Please edit the following entries:

  • [NAME OF MY VPN] Whatever you like
  • [PRE-SHARED KEY SECRET] This should be a very secret password (20 chars or more)
  • [USERNAME] Your username
  • [PASSWORD] Your password

Upload this config file to your AVM Fritz!Box (VPN Settings).

On the iPhone, you'll find the VPN config under "Settings->Network->VPN". Choose "IPSec", enter your dyndns-name under "Server". "Shared Secret" is the long password [PRE-SHARED KEY SECRET]. Voilá, your done.