FRITZ!Box: Not working LAN-LAN-connection (Routing) due to faulty VPN configuration

Written on 03. Jan 2021, 18:15

For several years now, the widely used AVM FRITZ!Boxes have the possibility of establshing VPN tunnels between several FRITZ!Boxes. I had planned to pair my own home network with my parents' to make regular backups from my parents' computers. Thanks to VPN coupling, also called LAN-LAN-connection, data transmission would have been secure and encrypted. However, I encountered an error in setting up the configuration, which made it possible to establish a connection, but did not allow data transfer between the networks. How I solved the problem, I would like to describe here.

The setup

My setup looked like this in a nutshell:

Network 1 (My Home):
- FRITZ!Box 1 (private address: 192.168.178.1): FRITZ!Box 7490 with OS version 07.21 (current version to date)
- Network configuration: 192.168.178.0/24
- Has public IPv4 address and DNS name from service Myfritz.net
Network 2 (home network of a parent):
- FRITZ!Box 2 (private address: 192.168.0.1): FRITZ!Box 7390 with OS version 06.86 (current version to date)
- Network configuration: 192.168.0.0/24
- Has public IPv4 address and DNS name from service Myfritz.net

There are a variety of devices in each network (network 1 & 2). The goal was to periodically back up a computer on Network 2 to another computer on Network 1.

The problem

The setup of the VPN tunnel (LAN-LAN-connection) between the two FRITZ!Boxes was successful and a connection could be established. Despite the successful connection establishment, however, no data transfer could take place. The symptom was a routing that seemed faulty, which did not work when connecting from network 1 to network 2.

So I went on a troubleshooting.

The solution

When diagnosing the configuration and the so-called event logs on the FRITZ! Boxing caught my mind about a recurring error on the far box:

03.01.21 10:36:49 VPN error: 95.91.247.201, IKE error 0x2027 [4 messages since 01/03/21 10:35:11]

The above highlighted IKE-Error 0x2027 basically means nothing else than the timeout during the construction of a tunnel (Source: https://service.avm.de/help/de/FRITZ-Box-Fon-WLAN-7390/016/hilfe_syslog_122). However, I noticed that the IP address mentioned here (95.91.247.201) did not go to the public IPv4 address of the two FRITZ!Boxes.

It turns out that this was a relic from an earlier attempt to set up a VPN tunnel. After deleting the configuration, which regularly generated the timeout, the data transfer of the just-set LAN-LAN pairing worked.

The conclusion

It seems as if the VPN component of FRITZ!OS interferes with any other VPN configuration set up in the event of a faulty configuration that results in a timeout when attempting to establish a connection.

My recommendation is therefore to double-check the configuration of the other VPN tunnels, if any, in the case of VPN tunnels that do not function properly.

AVM Netzwerk VPN

About this Blog

What is the content of this blog, you may ask? My name is Julian Joswig and I am a big fan of IT and technology (mainly Linux, servers, networks and all related topics). Sometimes I almost bite my teeth on difficult issues. But if I have found a solution, I want to share it with the world. Professionally, I work as a management consultant in Germany with a focus on IT and business.

Newest Articles:

Article Archive:

Twitter Timeline:

Tweets by jjoswig