Hi,
I need to login to my remote network through my Balance 310 5G so I can manage some network devices, I’ve bought the OpenVPN licence and setup OpenVPN with my NordVPN subscription and the OpenVPN is connected on my dashboard.
Can anyone please tell me how to connect to it on my MAC? The remote user access asks for a user name and password, which ones? Please help!
Thanks
Jay
That is all about being an openVPN client, not a server.
If you need openVPN to your servers then you can follow the instructions here:
You will of course need accessible IP’s on the WAN links of your B3105G.
There is also no reason to use OpenVPN, a mac can connect to the L2TP server natively without extra software.
If your B3105G is only accessible via CGNAT then you will have to run a FusionHub and run the L2TP or OpenWan endpoint on your HUB. You can search for instructions about FusionHubs and VULTR and other cloud providers.
Thanks Paul. I thought the OpenVPN would perform some kind of VPN magic without having a static WAN address.
I’m pretty new to cellular networking, and very new to CGNAT, do all consumer grade cellular circuits use CGNAT? I’m guessing my 4 current cellular connections are CGNAT as L2TP won’t connect to any of them.
On my dashboard, the 2 cellular connections start with 10, would it show a WAN addresses if they weren’t CGNAT? Is there a way to see the WAN address on the Peplink? I’ve connecting to one at a time and checking my IP online.
On an upcoming project I’ll be using 4 cellular connections on my B3105G, 3 will be normal consumer SIM cards and one will be a multi network enterprise type which I’m trialing, it’s marketed as cellular ethernet, I think it’ll have a static IP (should have checked) so will use L2TP, otherwise will have static added or will have to use a Fusionhub.
Jay.
There is very little magic in networking. Accessing resources behind CGNAT Isn’t really possible without a fixed internet coordinator. Those 10.x addresses (RFC1918) imply CGNAT. I’m sure the other two are in similar private IP space.
My systems use Starlink and AT&T. Both CGNAT. The second site uses double NAT Xfinity and Verzion (CGNAT). So both are fed from FusionHubs for their fixed inbound internet presence (Web, Mail, VPN etc).
All sites are cross connected via Speedfusion and the FusionHubs to allow seamless multi WAN connectivity .
I also travel with a MaxTransit that allows me to just connect all of my devices to the internet anywhere and be linked back into my networks via Speedfusion with minimal configuration. (Wifi-wan + SIM)
My suggestion is to get that FusionHub. That is the only way you will have the benefit of the 4 cellular connections… you need the SpeedFusion technology between your internet anchor and the B3105G.
A Vultr FH costs $5/month… well worth the value.
If/when we get IPv6 support this can all change… but if you need multiWAN bonding/failover etc… then you want your internet endpoint to be a FusionHub.
I’m using Speedfusion Cloud as a year was included with the B3105G, it’s very disappointing mostly giving me less than half of the total bandwidth I would expect minus overheads. I think I read somewhere that L2TP isn’t possible with SFC?
SpeedFusion Cloud is an outbound only service.
For VPN inbound service you need your own internet IP Anchor. Therefore a FusionHub.
I setup a fusionhub on Vultr today and got it all working, thanks for you guidance.
I thought I had it all working, now I’m unable to remotely access my network.
The FusionHub is working fine, and my L2TP VPN connects on my Mac. I just need to check I’ve got this setup correctly. The L2TP is setup on the remote hosted instance, with no remote user access configuration on the physical router, right? Then when connected I should be able to type a devices IP address in a browser and login to it?
I can ping devices on my remote network but not connect, can anyone offer some advice please?
Also, I added my Starlink management address to the WAN config and can login when on site but not remotely.
I’m deploying a Terragraph network next week so will need to login to my nodes from 230 miles away, I hope I can get it working!
Yes, the L2TP remote access is to the FusionHub as it is the IP address you are connecting to.
Then test with ping and CURL. Basic network debugging tools… (tcpdump as well). It can be critical to know your packets are reaching your destination but not getting back correctly, and you would debug each differently.
#1 Did you create a local LAN network in the FusionHub?. (Private Network)
I found you had to have a real network with default VLAN to assign a DHCP server and hand out IP addresses (even though it will NAT)
#2 How are you routing traffic to the L2TP?.. are you using it as a default route?.. If not you have to add static routes to your remote networks. You can do this by hand as root to test or once you have tested it it can be defined automatically
On MacOS they go in /etc/ppp/ip-up
#!/bin/sh
/sbin/route add -net 192.168.0.0/24 -interface $1
/sbin/route add -net 192.168.100.0/24 -interface $1
/sbin/route add -net 192.168.123.0/24 -interface $1
If you still have problems then you need to turn on Firewall rules
Under "Internal Network Firewall Rules" Set them to LOG and see where the traffic goes missing.
Hi Paul,
I can ping the B3105G and all network devices attached fine. I’m not familiar with CURL, but from a google search, it looks like a handy tool but I don’t have the time to learn it at the moment.
There is no option to create networks on the fusionhub like there is on the router, I’ve enable the DHCP server with the same network as the Starlink but that doesn’t help, To be honest, I don’t understand the purpose of a DHCP server on the Fusionhub.
On my Mac, its set to send all traffic over the VPN connection and that works fine on a L2TP VPN I use to connect to a remote Unifi UDM Pro.
Cheers
Jay
curl is a standard tool, it will be on your mac and accessible via a terminal like all other CLI tools.
If the server you are trying to talk to has a web interface then ping and test with curl
curl -v -k https://IP.IP.IP.IP
If that does not connect then nothing you do in a browser will work. These are lower level tools and tell you more about the protocols than Safari would.
You have to create the “private network” in VULTR… then the FH will notice you have an internal network it can manage (after reboot) and you need to configure that and assign assign the DHCP range On the FH. Whatever internal LAN Vultr assigns you, you put that in and assign a DHCP scope in that range (a /24)
L2TP assigns you an IP on the designated LAN… (use ifconfig -a on your mac to confirm that assignment)
read the ? under “connect to network:” (Untagged VLAN)
“Users establish VPN connection to the selected network require a DHCP server to offer IP addresses to them. You can either use a standalone DHCP server, or use the internal DHCP server of the selected network.”
So, you must have an internal LAN on the FH, with a DHCP server to supply those IP addresses. Yes it seems silly but that is the way they designed it.
Send all traffic should work for testing… but if you don’t really want to send all traffic, then the /etc/ppp/ip-up will allow you to just send those networks and allow the rest of the internet to go locally .
