VPN Connection to a Fritz Box

Platform Development
#1

Hello

I tried for hours now, but did not get the vpn setup (vpnc) to a fritzbox working.
I basically followed this guide:

It is ‘old’ and did not match the current UI, but with a little scrolling, you find the correct values for the available settings and configurations.

This is what I got from the Fritz-Box after configuration of the VPN

fritz_vpn
fritz_vpn963×295 39.4 KB

I inserted the blue values into the forms and adjusted the blue, underlined settings.

This is the first dialog

Bildschirmfoto_20220920_001
Bildschirmfoto_20220920_0011080×1920 503 KB

The ‘advanced’ dialog, part 1

Bildschirmfoto_20220920_002
Bildschirmfoto_20220920_0021080×1920 168 KB

The ‘advanced’ dialog, part 2

Bildschirmfoto_20220920_003
Bildschirmfoto_20220920_0031080×1920 170 KB

After saving this configuration, a dialog appears which asks for Username (4), the password of that user and the shared secret (3).

Thats it. Straigth forward. With this, I got a new configured VPN connection. But when I try to activate it, it loops forever trying to connect and runs into error. Over and over again.

Does anyone has done this before and had success? Any hints of what I am doing wrong is appreciated.

BTW: I use the settings direct from the Settings → VPN menu. No external app.
sfos version is 4.3.0.12

Best regards
geobra

#2

Can reproduce on 4.4.0.64.

#3

I have always looping error when saving a wrong password with vpn (not fritzbox, other vpn). The “solution” is to delete an re create the connection…
Might be other saved settings that do this…

#4

Rather a workaround than a hint - I always put freetz on my fritzboxes in order to install an ordinary foss vpn server (e.g. OpenVPN or even Wire Guard is available). It’s easy to configure the client using .ovpn files then.
For the courageous, there is also OpenWRT available for some fritzboxes:)
Happy hacking!

#5

It had it working long time ago with my old Jolla 1. Then I switched to my current XA2 and did not need it for some time. Now I wanted to configure it again and it just fails :-(. I tried to change the password with a simple one, just to be sure. No luck at all.

I am aware that there are more modern vpn solutions out there. But I was hoping to get it working again ‘out of the box’ ;-)…

#6

Okay, did some debugging.
On the console, we can do a ps ax | grep connman-vpn and kill the pid. Then we can start it again with debug and stay on console enabled:

connman-vpnd -d -n


connman-vpnd[14557]: vpn/vpn-provider.c:vpn_provider_add_error() 0x5ee350 connect errors 1 auth errors 0

Hm, first idea is to ping my fritz-box and it can do this, but…
64 bytes from 2003:ec:7f…

It is an IPV6 address. Maybe this is already the problem? Does connman on sfos supports this?

Edit:
Just checked: connman should work fine, also on ipv6 networks.

#7

My mobile connection also have an ipv6 address assigned.

[root@XperiaXA2 nemo]# ping6 foobar.myfritz.net
PING foobar.myfritz.net (2003:ec:7f…): 56 data bytes
64 bytes from 2003:ec:7…: seq=0 ttl=56 time=204.328 ms

#8

I have it working with my Xperia 10 II and the most recent Firmware (4.4). The Guide isn’t completely accurate anymore because it’s for an firmware version that had a different GUI. The differences are not that big and with a bit of experimenting you should get it to work. If i remember correctly package for Firmware 3.3 has nowadays the problem that it always forgets the password. and that there is no aarch64 package for the 64bit devices. Nokius has more recent builds in his repository that are working fine with firmware 4.4. I’m not sure if IPv6 might be a problem.

I wish you the best of luck to get it working on your side.

Add vpnc patches to ease usage of VPN for FRITZ box users
#9

To sort out possiible ipv6 issues it might be usefull to try to connect from an ipv4 wifi network in the first place.

#10

To sort out ipv6 issues, I tried to connect inside my local lan. The ipsec ports are also reachable not only from the outer internet. But also with this setup, no connection was possible.
Then I tried an old Android phone. The VPN connection worked almost on the first try. So, the FritzBox is setup correct.
I will stop trying to fix the issue in my SFOS version and will now update to the latest firmware first. Hopefully, after that the VPN connection will also work on my side…

#12

I’ve deleted my last post because I was in the wrong way to try to solve this problem. Now I found a binary for 64bits sailfish (https://talk.maemo.org/attachment.php?attachmentid=34364&d=1389339882) that runs from terminal. I created a configuration file as explained on this post: [2.1.0.9] VPN config for Fritzbox? - together.jolla.com and then run the file from terminal which throws the following message:

vpnc: unknown host `***********.myfritz.net’

I’m stucked here and wonder if there’s any way to debug this problem or know why it happens… could it be that sailfish can not resolve ipv6 addresses which my router uses?

Thanks

#13

Have you already searched the web for VPN issues with IP6 and DS-Lite. There are good chances, that not Sailfish is the problem.

#14

I’ve just checked some websites and I think you are right: This is an example of someone having problems with ds-lite: ipv6 - VPN cant connect to ipv4 server through isp which has ds-lite - Server Fault.

I think the only solution is to connect only with ipv6 on the vpnc client so that ds-lite is not used. I’m not sure if this is possible but at least I hope this information guides someone with the right skills towards the solution.

#15

After updating SFOS to 4.4.0.72, I tried again. Still no luck.

Then I followed the idea of @RosSigudottir . I checked out the trunk from vpnc and compiled that version. With the adapted configuration, described on that side, the connection to the Fritz Box instantly succeeds :-).

Interestingly, both vpnc binaries (the already installed one, and the fresh compiled one) report the same version of 0.5.3.

1 Like