Wireguard VPS and Fritzbox

Version: 25.05.03

Connect your VPS to your Fritzbox via WireGuard

This guide explains how to permanently connect your VPS (Virtual Private Server) to your Fritzbox using WireGuard—allowing your server, for example, to securely access your home network. This is made possible by the built-in WireGuard support available starting with FritzOS 7.50. In this setup, the Fritzbox acts as a VPN server, and the VPS is connected as a WireGuard client.

Requirements

  • A VPS running Linux (e.g., Debian/Ubuntu) with root access
  • A Fritzbox with FritzOS 7.50 or newer
  • MyFritz service or a static IP address for your Fritzbox (recommended)
  • SSH access to the VPS

🧭 Step-by-Step Guide


🧱 1. Set Up WireGuard on the Fritzbox

  • Open the Fritzbox web interface.
  • Navigate to Home Network → Network → Network Settings → VPN (WireGuard).
  • Click on “Add New Connection”.
  • Select “Configure for a device (e.g. laptop, smartphone)”.
  • Enter a name for the connection, e.g., vps.
  • Optionally, enable “Allow access to the entire home network”.
  • Click “Finish”.
  • Download the generated .conf file or copy the displayed configuration details.

⚙️ 2. Install WireGuard on the VPS

Log in to your VPS via SSH and install WireGuard:

sudo apt update && sudo apt install wireguard -y

📁 3. Set Up the Configuration File on the VPS

Create the file /etc/wireguard/fritzbox.conf on the VPS:

sudo nano /etc/wireguard/fritzbox.conf

Insert the contents from the Fritzbox configuration—for example:

[Interface]
PrivateKey = <VPS_PRIVATE_KEY>
Address = 10.0.0.2/32
DNS = 192.168.178.1

[Peer]
PublicKey = <FRITZBOX_PUBLIC_KEY>
Endpoint = <fritzbox-dyndns>:51820
AllowedIPs = 192.168.178.0/24
PersistentKeepalive = 25

🔐 Make sure to secure the file with the following permissions:

sudo chmod 600 /etc/wireguard/fritzbox.conf

▶️ 4. Test the Connection

Start the connection manually:

sudo wg-quick up fritzbox

Check whether a handshake has occurred:

sudo wg

🔁 5. Enable Connection on System Startup

Enable the service so that the connection is automatically established at boot:

sudo systemctl enable wg-quick@fritzbox

🧪 6. Test the Connection (e.g., Ping to the Home Network)

From the VPS, you can now check:

ping 192.168.178.1       # Fritzbox
ping 192.168.178.XX      # Heimgerät

🛡️ Notes

If no handshake occurs, check the VPN logs on the Fritzbox and ensure that port 51820 (UDP) is properly accessible.

By default, the Fritzbox does not allow full tunnel routing (i.e., routing all internet traffic through the VPN)—only access to the home network is permitted.

Using Dynamic DNS (e.g., MyFritz or a custom domain) is recommended if you do not have a static IP address.

Enjoy your WireGuard connection to your home network!

bc1q8dxp9mlt3mkvaklu2vn8j6jteqyv53kschc90v

Lightning: itsc@strike.me