This week, I setup the new Bal30, accessing the Internet via a DSL Brigde modem out of WAN1. It is the ‘hub’ of a star-shaped PepVPN, with the ‘spoke’ being a sometimes-on MAX BR1 Ent via Cellular. It’s been working brilliantly.
“I’ll setup those SIM cards next week … the Internet has been rock steady for months now”.
Of course, today the Internet experienced 35mins and 2hrs of downtime. 
So I quickly flipped the SIM card out of my phone and stuck it in the Bal30, and saw the Cellular interface come up.
However, the PepVPN did’t re-establish, despite the ‘spoke’ system being on.
Where can I read about how to setup the Bal30 properly so that fails over the PepVPN via the Cellular interface? I thought each PepLink device would be in touch with InControl and make arrangements to re-establish the VPN? As in, the BRI1 could discover the new IP address of the hub from InControl? Is it supposed to work like that? If so, what have I mis-configured? If not, what arrangements do I need to make? Get a static IP for the SIM? Setup DDNS on the Bal30, and involve the hostname in the PepVPN definition somehow?
Am really enjoying my awesome edge routers.
thanks,
David.
Follows is the ‘profile summary’ from the last page in the InControl wizard for editing PepVPN profiles. I can’t find any documentation on what the ‘dynamic links’ checkbox does:
Profile Name: CWell
Topology: Star
Dynamic Links: Disabled
End Points: 1
Hub: Balance_4AD7
Encryption: 256-bit AES
NAT Mode: Disabled
Send All Traffic To Remote Hub: Disabled
Path Cost: 10
Data Port: Default
Link Failure Detection Time: Fast (Approx. 6 secs)
WAN Smoothing: Off - Disable WAN Smoothing
Graph: Show graph
Note:
Hello David, @dtbullock
I’m fairly certain we know what is happening with your system, it is in part due to the dynamic & carrier grade NATed IP addresses used.
In Australia there are some techniques we have for getting around this that work with both Optus & Telstra (we’ve yet to find away with Vodafone). This is the simplified version here:
- First thing you will need with your mobile carier is to have a business account (its a lot easier with a business account than a personal account), the account also must not be Pre-Paid.
- Next you will need to have the codes added to your account to be entitled to have a Public Facing IP, these will be dynamic on Telstra, you can get an almost static with Optus, be prepared to pay an extra fee per month for these.
- Progressing you will need to program into your router the required APN codes, with Telstra this is just the APN, with Optus it is the APN plus a login for the account.
- Once that is operation you can then retest your PepVPN SpeedFusion connection
If after this it still does not work then you can do this:
- Either enable the “Where Is My Peplink” inside InControl2 or setup a DYN service.
- Reconfigure your PepVPN to use the new URL to your device from above.
Reach out to us for more options, our team has a more tricks up our sleeves to establish the connections for customers here in Australia.
Happy to Help,
Marcus 
Hi Marcus, @mldowling
I think you’re on the right track there: the Cellular interface on the Bal30 says:
IP Address 10.x.x.175
InControl Detected IP 1.x.x.208
FMP is publishing the the 1.x.x.208 address into the y.mypep.link DNS entry. (Incidentally, the per-interface DNS entries for the Balance30 (7.1.0 build 3433) are not being published … <anything>.y.mypep.link is nxdomain … but they are all fine for the BR1 Ent (7.1.0 build 3433) … go figure).
If I define a ‘star’ PepVPN using y.mypep.link, with just the cellular interface is active on the hub, the VPN doesn’t form until I bring up the WAN1 interface (a couple of minutes until the FMP DNS entry is updated, and then another minute or two until the spoke router picks up the new address when contacting the hub).
So yeah, there is something about the SIM being used which is preventing the VPN from forming: probably the NATing as you suspect.
So probably I am up for another Bal30 LTE (because of having a ‘disaster recovery/backup VPN’ ready-formed), and will put more-proper SIM(s) in that at the hub site. (At least, InControl wouldn’t let me define a 2nd hub/spoke between the same 2 devices, despite giving an alternative IP address for the hub … so I guess a 2nd device is warranted :-\ )
I’ll be sure to let you know if I run into more trouble
regards,
David.
1 Like
