Accessing my LAN through FusionHub Bonded Connection on AWS

I have a Peplink Balance 30 in a remote location whose internet is provided by DSL and Starlink satellite service. DSL has a fixed IP, Starlink has carrier grade NAT. My lan at that location is a typical 192.168.xxx.xxx network.

I have FusionHub working on AWS and the bonded connection is working remarkably well considering the connections (the DSL line is about 18,000 feet from the Telco equipment and the Starlink dish is pointing up through a pretty constrained hole in some tall trees).

I want to be able to access the network from the WAN via a VPN client (from a Mac) so I can access any of the devices in the 192.168 LAN, as well as port forward to some of the machines. But I want to do it through the AWS fusion hub so I get the benefit of the bonded connection (and a fixed IP address).

I’ve been unable to figure out how to do this. I can setup remote access on the actual Peplink hardware, but can only apply it to the individual WAN connections. I have setup a VPN remote access account on FusionHub, but can’t get it to work (and then have no idea how to channel that traffic back into the 192.168 network). I setup the port forwarding on both devices, but can’t get that to work either.

One of the issues is that I’m not even sure what IP address I should be using. AWS gave me a 52.70.118.xx address, but the interface to the FusionHub on AWS says the WAN IP is 172.31.95.xxx.

I have a case going with support - originally the FusionHub wasn’t working with Starlink; they got that to work but I haven’t gotten specific help on getting the remote access VPN client to work nor the port forwarding.

Any and all suggestions are appreciated.

Port forwarding: You’d configure this on FusionHub, and forward directly to the 192.168.xxx.xxx network, no port forwarding needed on the WANs of your Balance. However you’ll need to adjust the AWS security to allow inbound traffic on the ports you have opened.

Remote VPN - same as port forwarding, AWS firewall / security rules, client VPN connects to Fusionub and then you’ll be able to access the remote LAN devices over the VPN.

Martin,

The AWS portal is quite intimidating. Where/how do you get to the place where you can open ports for VPN and/or port forwarding access?

I seem to remember when I configured L2TP in my VULTR account that you had to actually provision the internal LAN to a network interface. Configuring a DHCP scope and assigning the L2TP to “untagged LAN” was not enough.

I thought I had a forum discussion on this, but it must have been a private ticket:
I had noticed that all L2TP traffic via the PepVPN was sourced from the LAN IP of the FusionHub… not the assigned L2TP IP address. They said that this was because people would not add the correct routes to the other VPC members, and that if they used NAT it would just work. if you haven’t assigned a LAN IP it has nothing to connect this NAT traffic to.

I have a AWS FusionHUB but I haven’t had the need for L2TP on it…
I would suggest that you connect another VPC to the internal interface of the FusionHub, and provision the internal network.

Port forwarding works fine for regular TCP and UDP streams… but not for any VPN/IKE protocols… Peplink intercepts those before they reach any rulesets.