Requirements:
- FRITZ!Box with VPN and telephony capability (analog or digital)
- DynDNS address pointing to your FRITZ!Box
- iPhone with data connection (E/3G or WLAN)
The mobile is iPhone 4 version 4.3.5.
FRITZ!APP FON is Version 1.5.4 [811]
Basically, FRITZ!APP FON uses data connection to connect via VPN to FRITZ!Box. Fees on this data communication should be reduced using E/3G only with flat rate subscription and WLAN when free of charge. Data volume in home E/3G network is preferential while free WLAN hotspots should be used abroad in roaming area. On top, VPN offers encrypted data transfer to the FRITZ!Box. Also, VPN offers the possibility to use Internet via the FRITZ!Box ... meaning that the VPN tunnel to the FRITZ!Box is encrypted and hence secure, and Internet requests (traffic requests deistination outside LAN, usually forwarded to the gateway) are processed by the FRITZ!Box. This is not obvious since firmware 29.04.87 is the first one which offers this functionality. Previous firmware versions only allowed to connect to the LAN. Big improvement!
Next, FRITZ!Box converts this digitized voice signal to analog or digital (ISDN) signal and places the call on regular telephone network line. If the previous data communication was free (if chosen wisely), this regular phone call is subject to local fees only.
All this has nothing to do with VoIP (voice over IP).
The hairy part is to configure VPN properly for FRITZ!Box. Therefore you need to create a VPN configuration file, which will be imported into FRITZ!Box using the internal FRITZ!Box web interface. First, this VPN configuration file is created using an application (FRITZ!Fernzugang Version 01.02.03 ) provided by AVM (general VPN infomation). Then, it needs to be exported and slightly modified in order to match iPhone's idea what VPN is supposed to be.
Here the general VPN setup instructions for FRITZ!Box / iPhone: VPN-Verbindung mit Apple iOS (z.B. iPhone) bzw. Mac OS X zur FRITZ!Box (Client-LAN-Kopplung)
The required changes can be found after "VPN-Konfigurationsdatei anpassen und in die FRITZ!Box importieren" (12 items).
The raw VPN configuration file
The raw VPN configuration file looks like this:
Code: Select all
/*
* C:\...
* Sun Jul 31 17:50:05 2011
*/
vpncfg {
connections {
enabled = yes;
conn_type = conntype_user;
name = "toni_mobile@gmail.com";
always_renew = no;
reject_not_encrypted = no;
dont_filter_netbios = yes;
localip = 0.0.0.0;
local_virtualip = 0.0.0.0;
remoteip = 0.0.0.0;
remote_virtualip = 192.168.178.200;
remoteid {
user_fqdn = "toni_mobile@gmail.com";
}
mode = phase1_mode_aggressive;
phase1ss = "all/all/all";
keytype = connkeytype_pre_shared;
key = "x3z4ur72";
cert_do_server_auth = no;
use_nat_t = yes;
use_xauth = no;
use_cfgmode = no;
phase2localid {
ipnet {
ipaddr = 192.168.178.0;
mask = 255.255.255.0;
}
}
phase2remoteid {
ipaddr = 192.168.178.200;
}
phase2ss = "esp-all-all/ah-none/comp-all/pfs";
accesslist =
"permit ip 0.0.0.0 0.0.0.0 192.168.178.200 255.255.255.255";
}
ike_forward_rules = "udp 0.0.0.0:500 0.0.0.0:500",
"udp 0.0.0.0:4500 0.0.0.0:4500";
}
// EOFThe modified VPN configuration file looks like that:
Code: Select all
/*
* C:\...
* Sun Jul 31 17:50:05 2011
*/
vpncfg {
connections {
enabled = yes;
conn_type = conntype_user;
name = "toni_mobile@gmail.com";
always_renew = no;
reject_not_encrypted = no;
dont_filter_netbios = yes;
localip = 0.0.0.0;
local_virtualip = 0.0.0.0;
remoteip = 0.0.0.0;
remote_virtualip = 192.168.178.200;
remoteid {
key_id = "toni_mobile@gmail.com";
}
mode = phase1_mode_aggressive;
phase1ss = "all/all/all";
keytype = connkeytype_pre_shared;
key = "x3z4ur72";
cert_do_server_auth = no;
use_nat_t = yes;
use_xauth = yes;
use_cfgmode = no;
xauth {
valid = yes;
username = "geohei";
passwd = "geohei_pwd";
}
phase2localid {
ipnet {
ipaddr = 0.0.0.0;
mask = 0.0.0.0;
}
}
phase2remoteid {
ipaddr = 192.168.178.200;
}
phase2ss = "esp-all-all/ah-none/comp-all/no-pfs";
accesslist =
"permit ip 0.0.0.0 0.0.0.0 192.168.178.200 255.255.255.255";
}
ike_forward_rules = "udp 0.0.0.0:500 0.0.0.0:500",
"udp 0.0.0.0:4500 0.0.0.0:4500";
}
// EOFUse IPSec
Description: anything you like (e.g. "My FRITZ!Box VPN")
Server: your DynDNS address (e.g. "home.dyndns.org")
Account: <VPN user> used in VPN configuration file previously created (e.g. "geohei")
Password: Needs to be entered. Textbox shows after first contact "Ask Every Time"
Use Certificate: OFF
Group Name: <e-mail address> used in VPN configuration file previously created (e.g. "toni_mobile@gmail.com")
Secret: <VPN password> used in VPN configuration file previously created (e.g. "x3z4ur72")
- IMG_0873.png (118.01 KiB) Viewed 3093 times
- IMG_0874.png (102.82 KiB) Viewed 3093 times
- IMG_0884.png (93.56 KiB) Viewed 3093 times
- IMG_0883.png (286.09 KiB) Viewed 3090 times
FRITZ!APP FON > More > Settings > Address > [local LAN address of FRITZ!Box (e.g. 192.,168.178.1)]
FRITZ!APP FON > More > Settings > Telephony device > [select the right one if more were created in VPN configuration file]
- IMG_0879.png (77.48 KiB) Viewed 3093 times
- IMG_0878.png (84.54 KiB) Viewed 3093 times
- IMG_0886.png (176.75 KiB) Viewed 3093 times
- IMG_0888.png (179.56 KiB) Viewed 3093 times
- IMG_0876.png (179.51 KiB) Viewed 3093 times
- IMG_0887.png (271.04 KiB) Viewed 3093 times
- IMG_0877.png (154.5 KiB) Viewed 3093 times
- IMG_0882.png (120.71 KiB) Viewed 3093 times
- IMG_0881.png (98.02 KiB) Viewed 3093 times
- IMG_0880.png (56.62 KiB) Viewed 3093 times
Remark: I had to noise the screenshots quite a bit since this forum is public.
Please post if there are any questions, corrections, ...
Thanks,
)