The following examples will show you how to establish an IPsec connection to a Fritz!Box from linux (vpnc) and Android (with builtin IPsec, Android 4.x or higher).

VPN configuration file

AVM supplies a special tool to create a configuration files. However, it has several flaws (one of them is that it is Windows only), and you actually don’t need it. Just customize the configuration file below to suit your needs.

 * Fritz!Box VPN Configuration File

vpncfg {
        connections {
                enabled = yes;
                conn_type = conntype_user;
                name = "My_DNS_here";
                always_renew = no;
                reject_not_encrypted = no;
                dont_filter_netbios = yes;
                localip =;
                local_virtualip =;
                remoteip =;
                remote_virtualip =;
                remoteid {
                        key_id = "MyKeyID";
                mode = phase1_mode_aggressive;
                phase1ss = "all/all/all";
                keytype = connkeytype_pre_shared;
                key = "Put_your_secret_PSK_here";
                cert_do_server_auth = no;
                use_nat_t = yes;
                use_xauth = yes;
                xauth {
                        valid = yes;
                        username = "My_Username";
                        passwd = "My_Password";
                use_cfgmode = yes;
                phase2localid {
                        ipnet {
                                ipaddr =;
                                mask =;
                phase2remoteid {
                        ipaddr =;
                phase2ss = "esp-all-all/ah-none/comp-all/no-pfs";
                accesslist =
                             "permit ip",
                             "permit ip any";
        ike_forward_rules = "udp",

// EOF

The configuration file is made for a Fritz!Box with default IP settings on the LAN side. You will have to change the IP addresses accordingly if you have changed your internal network. Other options you will need to modify:

  • name = "My_DNS_here"; You will probably have a dynamic IP, so you will need to configure DynDNS and insert your A record here.

  • key_id = "MyKeyID"; This is the IPsec ID in vpnc terminology. IMPORTANT: If you plan to connect from an Android device with the builtin IPsec (i.e. without VPNCilla or other additional apps), DO NOT USE ANY SPECIAL CHARACTERS HERE AT ALL, OTHERWISE THE CONNECTION WILL FAIL. No "@", no ".", no "-", etc.. Only an alphanumeric ID will work with Android for whatever reason. AVM has a guide for Android, but it does not mention this.

  • key = "Put_your_secret_PSK_here"; This should be a long key with special characters, upper / lower case etc..

  • username = "My_Username"; This is the Xauth username. No special requirements.

  • passwd = "My_Password"; The Xauth password, should be secure (special characters, upper / lower case etc.).

Connecting from Android

You can follow the guide from AVM:


Connecting from a Linux system with vpnc

This is a working configuration file for vpnc. Insert your variables and save it under /etc/vpnc/fritzbox.conf, you will be able to establish the connection with the command "vpnc-connect fritzbox" (as root).

# "name" from the Fritz!Box VPN configuration
IPSec gateway My_DNS_here

IKE DH Group dh2
Perfect Forward Secrecy nopfs

# "key_id" from the Fritz!Box VPN configuration
# "key" from the Fritz!Box VPN configuration
IPSec secret Put_your_secret_PSK_here

NAT Traversal Mode force-natt

# This will prompt you for username and password
Xauth interactive

# If you want to store Xauth username and password instead, use this:
# "username" from the Fritz!Box VPN configuration
# Xauth username My_Username
# "passwd" from the Fritz!Box VPN configuration
# Xauth password My_Password

# If you experience problems, this might help:
# Debug 3