An additional speedfusion connection across an existing speedfusion connection

Background

  • A set of static unencrypted SpeedFusion connections from a site (Balance 380, #1) to HQ (Balance 380, #2)
  • A mobile device (#3) connected by encrypted SpeedFusion connection to HQ (#2)

Question
When mobile device #3 connects to the LAN of #1, is there a way for the #3<->#2 SpeedFusion connection to be maintained (or established) within the #1<->#2 SpeedFusion connection?

Essentially, tunneling between #3 and #2 occurring within the tunnels of #1 to #2.

I expect the answer is “no,” but if there are clever ways to achieve this then that’ll make us happy.

Use case
We want to maintain the benefit of the encryption plus the routing of the #3<->#2 connection as the physical connection of #3 changes, while adding the improved infrastructure of the #1<->#2 infrastructure when it becomes available to #3 (via the connection to the LAN of #1)

PepVPN/Speedfusion sessions can only be built between WAN ports on peplink devices.

So mobile Device #3 connected to the LAN of #1 would be able to establish its own encrypted speedfusion connection to the #2 Balance 380 (with the SF VPN target set as the B380’ WAN), but this traffic would not pass over the existing unencrypted SF connection since that provides routing between the LANs of the B380s…

2 Likes

Yeah, that was my take on it as well. No clever tricks :slight_smile:

Z

Need to take the time to clarify this answer quickly.

In your question you describe the following topology:
image

And then asked:

My response is still valid:

However, you could still achieve what you want if you kept the traffic from #3 outside of the tunnel between #1 and #2.

2 Likes