Fritz.Box ddns on Wireguard on an OpenWRT AP connected to the Fritx


At home I have a Fritz.Box 7590 that is my main modem.

I am thinking of adding a Zyxel nwa50ax pro as Wifi6 AP, however, if I open the ports of the fritz, can I use the ddns that the fritz provides to me to create a wireguard server on the Zyxel and connect to it (and from the lan) from outside?

Did someone try it?

The stock firmware of the Fritz should provide this functionality, although this is not related to OpenWrt and your planned APs.

You could port-forward, but I don't see the advantage when this can be handled by the router alone.

My issue is that I have a WAX206 with OpenWRT and connected it as client to the Wireguard of the Fritz, however, after 1-2 days, the fritz closes the connection (not sure why). I tried every possible configuration but it does not work after 1-2 days.

Since I would like to add wifi 6 in the house, via a Zyxel (also with openwrt), I thought of moving the wireguard server from the fritz to the Zyxel.

By doing this I would need to have a DDNS service to know to which IP connect to, and instead of using duck dns or similar, I thought about using that the Fritz provides already :).

Just a wild guess: Does your ISP disconnect you and forces a new IP after this period? If yes, did you enable a script to re-resolve DNS names on the Wireguard system? On OpenWrt, this needs to be done manually and on the console. See here:

Is the WAX206 on the same local network as the Fritz?
It sounds like you have Wireguard acting as a server on the Fritz and the WAX206 acting as a client... is that correct?

If so, why are you running this type of topology?

The fritz is in one country, in the house of my parents and act as modem for the FTTC, while the WAX is in another country, in my house.

Sometimes I need to connect back home to help my dad with the pc, plus I use it also to browse the local newspaper :slight_smile:

No disconnection from the ISP, I am connected since 80 days with the Fritz.

Ok... sorry, I thought they were on the same local network.

You could always just connect on-demand. When I need to connect to my dad's network, I enable WG on my computer (the endpoint at his house is an OpenWrt router).

If the IP address on the 'server' side changes, it would disrupt the wireguard tunnel. This may happen both quickly and infrequently enough that it isn't noticable at human scales. But it would require re-establishing the connection. I think a change on the 'client' side would not likely cause this problem.

I would still try enabling the wireguard_watchdog script that was mentioned by me and @psherman before restructuring. I haven't used a Fritz!OS for years, but they used to be quite solid.

That said, you can always add any other OpenWrt device and port-forward the Wireguard port to it. I do this on locations where I am not allowed to fully reconfigure the router.

Thank you very much for the hint, I was not aware of that package (how wonderful OpenWRT is).

I installed Watchcat and configured to keep pinging the host every 5 min, let's see how it behaves now.

1 Like