I have a device behind a Peplink Max BR1 cellular router which I’d like to remotely access from anywhere using my laptop. The WAN side of the BR1 is getting a private IP address from Verizon Wireless (VZW). We’d prefer to not pay the money to get a static/public IP address from VZW. I’ve read a number of topics in this forum regarding my requirements (i.e., accessing a device behind a BR1 when the BR1 does not have a static/pubic IP). One option many forum members have suggested is to run a FusionHub instance on a cloud service (e.g., AWS). The FusionHub instance would have a public IP and my BR1 can create a PepVPN connection to the FusionHub instance.
The question I have is can my laptop connect to the FusionHub instance and then via port forwarding get to the device behind the BR1?
Hi Peter - Welcome to the forum!
When you have a Fusionhub hosted in the cloud (try vultr its $5/month for hosting) and the BR1 connected to it using PepVPN you will have a static cloud hosted public IP on the WAN of the Fusionhub that you can use in one of two ways for remote access.
Port forwarding from the WAN IP to a LAN IP.
As a VPN server, so you would connect to the Fusionhub using L2TP over IPSEC or OpenVPN from your laptop / PC /Phone then be able to connect to any LAN side device as required.
Hope that helps, if you do a search for installing Fusionhub on here you’ll find some links to videos I’ve made showing how its done.
Kindest,
I followed the steps detailed your “Setting Up FusionHub on Vultr” video and now have my BR1 talking to my vultr instance of FusionHub using PepVPN. That’s great!
In terms of remote access to the laptop behind the BR1, I’m trying option #2 you provided in your response. Since I’m able to access the FusionHub instance via IC2 Remote Web Admin, I’m doing everything within IC2. Here’s what I’ve done so far on the FusionHub page:
Choose Network → Remote User Access
Check the Enable box and select L2TP w/ IPSEC
Enter a pre-shared key, username and password
Click Save and Apply Changes
On my MacBook Pro (which is connected to the internet via my ISP) I enter the above information along with the IP address of my vultr instance and then click Connect. The VPN connection seems to be created. But to be honest I’m not sure how to test things. When I enter the LAN IP address of the BR1 (192.168.50.1) the browser says connecting but nothing happens.
On my MacBook while the VPN connection to the FusionHub is active I ran the command “ifconfig | grep 169”. Below is the result. The IP address 149.28.195.158 is the public IP address of my vultr FusionHub service.
I made some progress. On my MacBook Pro I needed to tell the OS which network interface to use for the 192.168.50.1 request. There were two ways of doing this. The first was to change the order of interfaces. The image below shows that the VPN interface takes precedence over the WiFi interface.
Once I did either of the above steps, I was able to ping 192.168.50.1 and I could point my browser to https://192.168.50.1 and get the login screen for the BR1. Of course, I don’t know the password anymore since IC2 generates it randomly.
Well done! To see the password for the BR1 you click Show All link in the device view on IC2 then click the row of asterisks ***** to see what the password is:
There were two options you suggested for remotely accessing devices behind the BR1. The first was via VPN. The second was via “Port forwarding from the WAN IP to a LAN IP”. I have the first method working (thanks to your help). I’d like learn how to implement the second option. Can I do the configuration on the FusionHub web interface on the Network → WAN page (see first screenshot below) or the Newtork → Firewall page (see second screenshot below).
Hello @djm.tech,
Welcome to the Peplink Forum.
Have you worked through this guide?
Make sure you have set the Security settings with Microsoft CHAP Version 2 (MS-CHAP v2) set correctly.
You find the full details within the guide.
Happy to Help,
Marcus
Martin, I have created this setup thanks to the video you posted on Vimeo. PepVPN is working between my Fusionhub on Vultr and my BR1.
I am trying to take the next step which is to create an OpenVPN connection to the Fusionhub. This is not working. Is there anything unusual about Vultr with respect to firewalling inbound? I have not created any inbound rules on Vultr. It seems to allow all inbound connections.
Hi Dave.
I expect you don’t have a LAN connection on the Fusionhub (you’ll need that so that DHCP can assign your OpenVPN client with an IP)? In Vultr add a private network to the VM and reboot the fusionhub.
If you do have a LAN / or if that doesn’t work let me know what error you’re seeing.
Thanks for the reply. I do have a LAN setup on the VM, 10.2.96.0/20. I assigned 10.2.96.1 to the LAN interface. I also have the DHCP server enabled (check box) but did not adjust the IP range on that screen.
OpenVPN is just not answering on port 1194. I am looking at the client side logs (Tunnelblick on Macbook) and it just times out.
I have openvpn working against a FusionHub on vultr with no additional settings other than LAN setup. This is currently running 8.0.1 build 1644. I’ll upgrade a test against 8.0.2
Not sure you have opened a ticket for this. If you want to verify whether the OpenVPN traffics reaching to the FusionHub, you can actually perform packet capture at the FusionHub Web Admin support.cgi page and open the captured files using WiredShark application to verify any traffics for port 1194 reaching to the Fusionhub WAN. If you did not to see any traffics for the captured logs, that mean the traffics is being blocked at the network level.
