VPN via FritzBox on Windows

This howto is tested on Windows XP SP3 and Windows 7. Probably it also will work on Windows Vista. The router I used is the Fritz!Box WLAN 7170, but the tools for the other Fritz!Boxes like the Fritz!Box 7270 are the same, so it will also work for the other Fritz!Box routers with VPN capabilities.

Replacement for the unstable FRITZ!VPN client

This post describes the configuration of a replacement for the unstable official FRITZ!VPN client (English v01.01.03 or German v01.02.02).

This replacement is the Shrew Soft VPN client, which can be downloaded (for Windows) from: shrew.net/download/vpn

Installing the ShrewSoft VPN client

To use this client, do the following steps:

  1. Download and install the ShrewSoft VPN client.
  2. Accept all warnings and when installing, press Next in all screens.
  3. Select that you trust software from Shrew Soft and press OK.
  4. Then press Finished

Configuring the ShrewSoft VPN client

Start the VPN client with the following menu path:

Start->All Programs->ShrewSoft VPN Client->Access Manager

Click on the ‘Add’-button to Add your VPN connection.

The General tab

Remote Host:

  • Host Name or IP Address: fill in your Fritz!Box router external IP nr at ‘yourrouterIPnr‘.You can find your external IP address, when you are using the router, goto: checkip.dyndns.com
  • Leave the other settings as default.

The Client Tab

The default settings are ok.

The Name Resolution tab


  • Deselect ‘Enable WINS’
  • Deselect ‘Enable DNS’

The Authentication->Local Identity tab

  • Authentication Method select: Mutual PSK
  • Identification Type select: User Fully Qualified Domain Name
  • Fill in at UFQDN String, your VPN email address: yourmailadres@example.com (which is also used for the VPN cfg-file)

Remark: Select ‘User Fully Qualified Domain Name’ and not of ‘Fully Qualified Domain Name’. You can make easily this mistake. Otherwise it will not work!

The Authentication->Remote Identity tab

  • Select at Identification Type: IP Address
  • Leave the other settings as default.

The Authentication->Credentials tab

Now open the VPN user configuration file in an editor. This file is generated by the program ´Configure FRITZ!Box VPN Connection´.

  • The filename is something like: vpnuser_yourmailadres_example_com.cfg
  • Search in the .cfg-file to the key-value. You can find this in the structure targets.policies.key. Copy the key value without the quotes.
  • Past the key-value in the ‘Pre Shared Key‘ field.

The Phase1 tab

Proposal Parameters:

  • Exchange Type select: aggressive
  • DH Exchange select: group 2
  • Cipher Algorithm select: aes
  • Cipher Key Length select: 256
  • Hash Algorithm select: sha1
  • Key Life Time limit: 3600 Secs
  • Key Life Data limit: 0 Kbytes

The Phase2 tab

Proposal Parameters:

  • Transform Algoritm select: esp-aes
  • Transform key length select: 256
  • HMAC Algorithm select: sha1
  • PFS Exchange select: group 2
  • Compress Algorithm select: deflate
  • Key Life Time limit: 3600 Secs
  • Key Life Data limit: 0 Kbytes

The Policy tab

IPSec Policy Configuration:

  • Deselect ‘Maintain Persistent Security Associations
  • Deselect ‘Obtain Topology Automatically or Tunnel All

  • Click on Add
  • Type select: Include
  • Fill in your remote network Address: (in our case)
  • Netmask:

  • Click on ‘Save‘ to save your complete VPN Site configuration
  • Now your VPN connection name/IP address is selected, you can change it in a readable VPN name

Testing the VPN

  • Click on your VPN connection name
  • Click on ‘Connect
  • Click in this new window again on ‘Connect
  • The VPN connection will be build up
  • You can minimize this window, but if you close this window, the VPN will also be closed.

Shrew Soft VPN Access Manager Preferences

To show the VPN Access Manager in the system tray, do the following:

  • Go to menu: File->Preferences
  • Access Manager, Windows Style select: Visible in System Tray only
  • VPN Connect, Window Style select: Visible in System Tray only
  • Select: Minimize when connection succeeds
  • Click on OK

This article belongs to the Fritz!Box VPN guide.
The other articles in the guide are:

  2. Configuring the Fritz!Box router
  3. VPN via FritzBox on Windows
  4. VPN via FritzBox on Linux

19 thoughts on “VPN via FritzBox on Windows”

  1. Hello Arjan

    Thanks for this guide. But I got exactly the same problem as HeinA did, and the link in your solution points to nothing right now.

    Could you tell me what your solution is about? Thanks!

    — MXW

    1. Indeed the link did not work anymore, but I updated the comment with a Google search string.

      1. Thanks for your answer, Arjan. I found out the problem later. It was because there was a firewall between the client and Fritz!Box. Now it is working well.

  2. Great guide. Work first time for me. I’ve been searching for a windows 7 solution for ages. So happy to have found this. Great Stuff

  3. Hi
    I used to use fritz vpn in windows vista.
    I have now tested shrewsoft in Ubuntu 12.04, current version (v. 2.1.7) and in phase 2 there is no esp-aes option. Could you please what is the one that should be selected from following?
    auto / aes / blowfish / 3des / des / cast?
    In the fritzbox it says connecting but I have no success (green light).
    thank you

    1. Hi Bob,
      I had exactly the same problem with version 2.1.4, but it was solved in 2.1.5. See my post VPN via FritzBox on Linux. Strange that the problem is back. Maybe it is a problem with Shrewsoft or do you need to install extra libs in Ubuntu?

  4. Thanks a lot Arjan
    I apologize for posting in wrong place; dependencies are all installed but I have to uninstall 2.1.7 and compile 2.1.5. now; I hope I manage it.

  5. Hi Arjan
    No, I could not compile it (so I could not run this version).
    It stopped at:
    Unable to locate openssl crypto include files
    I looked for solution to this problem which refers to the installed ubuntu libs but I have tried everything with no success.
    In my windows install, fritzvpn works with phase2ss = “esp-all-all/ah-none/comp-all/pfs
    Thanks a lot for your interest; maybe you think of a solution ;)

  6. Hi Arjan
    Problem is solved with 2.1.7 version. I used aes in group2. Solution is after connecting, I should ping my network printer (e.g. ping or network disk. After doing this, in network tab of shrewsoft says established and also in fritz!box menu vpn goes to active and connected!

  7. Hi,
    I would really like some setup advice via the standard WinXP “network connection” package – I.e. VPN client setup without having to install a 3rd party software if possible ???

    I thought it would be fairly straight forward to setup a number of PC’s however, this makes it quite annoying to setup my GF’s work PC to access stuff…..


    1. Windows uses by default PPTP and this is in the standard Fritzbox not available I think.
      You can run a PPTP server on the other side, like buying a Synology DiskStation. This will be easy to setup.

Comments are closed.