Short tip: WireGuard VPN via FRITZ!Box and Network Manager

The biggest highlight of the recently released FRITZ!OS version 7.50 is the added WireGuard support. Compared to the previous IPSec standard, which can still be used, VPN connections can be set up significantly easier on different platforms. It also offers stronger cryptographic algorithms and better performance because it is provided directly as a kernel module.

Setting up IPSec VPN clients didn't work for my FRITZ!Box 7530, even though I followed the instructions exactly - I suspect IPv6 and DSLite-related problems here, but couldn't find any evidence for this. All the better that there is now a better alternative with WireGuard.

After updating the router, you will find a wizard in the web interface under Internet > Shares > VPN (WireGuard), with which VPN accounts can be created. Several routers can be networked with each other or individual external users.

In this context, a configuration file can also be downloaded, which can be easily used under Linux using the wg-quick command (part of the wireguard-tools or wireguard package). Network Manager supports WireGuard since version 1.16.

This looks something like this:

 1[Interface]
 2PrivateKey = ...
 3Address = x.x.x.x/24
 4DNS = x.x.x.x
 5DNS = fritz.box
 6
 7[Peer]
 8PublicKey = ...
 9PresharedKey = ...
10AllowedIPs = x.x.x.x/24,0.0.0.0/0
11Endpoint = ...
12PersistentKeepalive = 25

Import the configuration as follows:

1$ nmcli connect import type wireguard file <configuration_file>
2Connection 'wg0' (...) successfully added.

However, in my case the profile was configured for automatic activation - fix it like this:

1$ nmcli con mod <profile> connection.autoconnect no