moritz
/
infrapuzzle
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
infrapuzzle/fritzbox
History
Moritz Graf c2262b4679 docs(fritzbox): add OVH DynDNS setup instructions 2026-05-17 10:36:28 +02:00
..
README.md feat(wireguard): setup K8s to FritzBox Site-to-Site VPN 2026-05-17 10:36:06 +02:00
dyndns_ovh_setup.md docs(fritzbox): add OVH DynDNS setup instructions 2026-05-17 10:36:28 +02:00
fritzbox-wireguard.secret.conf feat(wireguard): setup K8s to FritzBox Site-to-Site VPN 2026-05-17 10:36:06 +02:00

README.md

FritzBox Wireguard Setup

This folder contains configuration and documentation for connecting your FritzBox router (home network) to the Kubernetes cluster via a Wireguard Site-to-Site VPN.

1. Prerequisites

  • Your FritzBox must be running FRITZ!OS 7.50+ (Tested with 8.25).
  • The Kubernetes Wireguard endpoint (k8s/wireguard) must be deployed and running on vpn.haumdaucher.de.

2. Connecting the FritzBox

The FritzBox will be configured to connect to the cluster via a "LAN-to-LAN" coupling. Since we prefer "infrastructure as code", we have pre-generated the exact configuration file. For FritzBox specifically, this requires a manual import step.

  1. Locate the file fritzbox-wireguard.secret.conf in this directory.
  2. Ensure you have unlocked git-crypt so you can read its decrypted contents.
  3. Open your FritzBox Web Interface (usually http://fritz.box).
  4. Navigate to Internet > Permit Access > VPN (WireGuard).
  5. Click on Add Connection (or "Verbindung hinzufügen").
  6. Select Connect networks or establish special connections (Netzwerke koppeln oder spezielle Verbindungen herstellen).
  7. Ask if it has been set up on the other side -> choose Yes (or choose to upload a config file directly).
  8. Choose Upload a configuration file and select the decrypted fritzbox-wireguard.secret.conf file.
  9. Finish the setup.

The FritzBox will immediately try to connect to vpn.haumdaucher.de:51820.

3. Verifying the Connection

From the Kubernetes Side

Connect to your cluster and check the Wireguard pod logs:

# Get the pod name
kubectl get pods -n wireguard

# Execute into the pod to check connection status
kubectl exec -it <pod-name> -n wireguard -- wg show

You should see a peer connected and the latest handshake timestamp indicating a successful connection.

Bidirectional Ping Test

  1. Cluster -> Home Network: Exec into any pod in your cluster (e.g., a toolbox or home-assistant pod) and ping a device on your local network: 
    ping 192.168.10.1  # Ping your FritzBox local IP
  2. Home Network -> Cluster: From your laptop at home, try to ping a known K8s Service IP (e.g., 10.233.0.1 for kubernetes default service, or a specific pod IP): 
    ping 10.233.0.1

Backups

Any future manual configurations, firmware backups, or notes related to the FritzBox should be stored within this fritzbox/ folder. Use .secret extensions for any files containing sensitive tokens or passwords.