I spent hours of surfing the web and looking for a working solution to connect my IPFIRE with a FritzBox in another country.

The following solution is working so far, but I still did not get a reliable VoIP connection, so this should be seen at least as a good starting point.

In this example I use two hostnames which have to be different of course (dyndns, no-ip, ...):



Behind the IPFIRE the subnet is, behind the FritzBox it's For a secure connection, a long enough key has to be used. Here it is represented by the string PRESHAREDKEY.


Upload this VPN configuration to your FritzBox after modifying it for your own scenario:

 * Fri Mar 29 23:18:49 2013

vpncfg {
        connections {
                enabled = yes;
                conn_type = conntype_lan;
                name = "HOSTNAME-A";
                always_renew = no;
                reject_not_encrypted = no;
                dont_filter_netbios = yes;
                localip =;
                local_virtualip =;
                remoteip =;
                remote_virtualip =;
                remotehostname = "HOSTNAME-A";
                localid {
                        fqdn = "HOSTNAME-B";
                remoteid {
                        fqdn = "HOSTNAME-A";
                mode = phase1_mode_idp;
                phase1ss = "all/all/all";
                keytype = connkeytype_pre_shared;
                key = "PRESHAREDKEY";
                cert_do_server_auth = no;
                use_nat_t = yes;
                use_xauth = no;
                use_cfgmode = no;
                phase2localid {
                        ipnet {
                                ipaddr =;
                                mask =;
                phase2remoteid {
                        ipnet {
                                ipaddr =;
                                mask =;
                phase2ss = "esp-all-all/ah-none/comp-all/pfs";
                accesslist = "permit ip any";
        ike_forward_rules = "udp",

// EOF

This file has to be uploaded to your IPFIRE in /var/ipfire/vpn/ and must be named ipsec.conf (you have to replace an existing one or modify it if you'd like to use more than one IPSEC connection):

version 2

config setup
    charondebug="dmn 0, mgr 0, ike 0, chd 0, job 0, cfg 0, knl 0, net 0, asn 0, enc 0, lib 0, esp 0, tls 0, tnc 0, imc 0, imv 0, pts 0"

conn %default

include /etc/ipsec.user.conf


Do NOT use the GUI in the IPFIRE web interface for modifying this VPN connection or it will overwrite your config file.

After that, modify the ipsec.secrets file in the same path:

include /etc/ipsec.user.secrets

Finally this command should initiate the vpn connection between your IPFIRE's and FritzBox's subnets:

/etc/init.d/ipsec restart


This configuration example is garantueed to be working with IPFIRE core 67, a FritzBox 7390 FRITZ!OS 05.50 and StrongSwan 5.0.3RC1 (has to be updated manually, the already included version does not work) or higher on the IPFIRE.

Other FritzBoxes should run aswell. If you don't get any connection at all, you should check your IPFIRE's firewall (port 500 and 4500).