What is the relationship between the OpenVPN WAN licensed feature, and the OpenVPN feature in software version 8.3.0 managed under Advanced/OpenVPN? Does the OpenVPN feature now included in 8.3.0 replace the licensed Open VPN WAN? Or are they somehow different? When would I use one versus the other? I can’t find anything on the web site that explains it. Just platitudes and smiling faces.
Advanced > OpenVPN is remote client VPN.
You can read more about that here: Configure Remote User Access using OpenVPN
Or in the manual - https://download.peplink.com/manual/pepwave-max-user-manual-8.3.0.pdf
OpenVPN WAN is used when you want the router to access an OpenVPN service.
I don’t know how to respond to this. What did you expect to find on the website?
I believe that the config for remote access OpenVPN (Router is the VPN server, and some client computer is the VPN Client) is done in Advanced/Remote User Access.
Advanced/OpenVPN is newly appeared in 8.3.0, and the profile that it allows you to load is typical of a Client profile, as though the router is to act as an OpenVPN client. And the status once you load a profile shows the OpenVPN server that it is attempting to connect to. So by all indications this is some sort of OpenVPN Client, just as is the optional OpenVPN WAN feature.
So what’s the difference? Did the optional OpenVPN WAN become a standard feature as of 8.3.0 rather than being a paid add-on?
You’re right of course in advanced / openvpn that is site to site rather than user access.
Peplink devices are very specific when it comes to the WAN and lan role. Site to site vpn is seen as a lan connection rather than a WAN connection in that you can’t use the site to site vpn in outbound policies typically.
Although I haven’t tested that recently actually.
OK, so you think Advanced/OpenVPN is an OpenVPN client, but only for traffic for the LAN subnet? So it sends all LAN traffic over that link? Does Peplink say that’s what “site to site” means?
I think my question still stands, probably for Peplink to answer. What is the feature in Advanced/OpenVPN, what does it do, and how does it compare to the purchased OpenVPN WAN feature? So far the documentation on Advanced/OpenVPN is pretty sparse. It just tells you what the config fields are, and nothing about what it does, limitation, when to use it vs OpenVPN WAN.
Advanced/OpenVPN is used on the lan side , for connecting whole lan subnets, similar to how you setup ipsec.
OpenVPN WAN can be used by outbound policied and you can easily specific what traffic goes over it.
1 Like
Does that mean that it’s a bridged connection, not a routed connection?
It would be great to add some language to the manual to explain some of this.
I want to make sure I’m answering this the best I can, what are you trying to accomplish and what hardware are you using. Then I can make better recommendations and explaination.
I want to create a site to site VPN using the pelink routers at each end. However neither of the routers can have a public IP address. So I need some sort of hosted VPN server service that each of the sites can connect to., and that will route packets between the the sites.
But what I really want to understand is what the features in the Peplink do. There appear to be three places where OpenVPN is used/supported in some way in the Peplink routers.
-
Router acting as an OpenVPN server, accepting incoming OpenVPN client connections for remote management. This is managed in Advanced/Remote User Access. I understand this one, and it doesn’t address my needs.
-
The optional OpenVPN WAN module. Once activated, this appears on the Dashboard and is managed like other WAN connections. I believe this is an OpenVPN client that can connect to some OpenVPN service. Whatever traffic you designate gets routed to the OpenVPN WAN port on the peplink, presumably to then be routed by the OpenVPN Server to some other connected Client. This is exactly what I want to do, except it doesn’t work in the Peplink Routers. I just get a Connecting/Disconnected infinite loop. I have a support ticket open in this, but so far no progress. For what it’s worth, I have done this successfully using OpenVPN clients in Macs, and the OpenVPN Cloud service to rouse between the two IP networks (areas) where the two Macs reside. I just want the router to do this rather than try to turn the Macs into routers.
-
“OpenVPN” as enabled and configured in Advanced/OpenVPN. This is a newly appeared feature in 8.3.0, with no explanation what it is, what it does, and how it’s different from the other two OpenVPN features. I think what people are telling me here is that any connections made using this OpenVPN feature will be a bridged connection with all LAN traffic on both sides being forwarded to the other side. Someone created this feature, so I would expect someone could also explain what it does and how it’s different. All the site to site VPN configs I’ve seen are routed, not bridged, so I don’t see the value in this as described, but perhaps others do.
Speedfusion Cloud Protect should be able to act as that “hosted VPN server” that instance, with inbound connections setup
HELLO…
Just for knowledge. Using openvpn cloud solution I was able to offer a solution of intranet between offices, for a customer behind CGNAT.
1)Remote access in for work from home users.
2) Allow a public ip, and port forwarding rules direct on the router.
3) Routing between Lan segments.
So for your application I recommend #2 and open a ticket with peplink if you can’t get the openvpn service to work. If you don’t have the openvpn wan license let me know and I can order it for you.