Balance One: outgoing VPN for some users?


#1

I’d like to set up my Balance One so that some users’ traffic will be sent via a VPN provider. Is this possible? If so, is there anything I need to look for when shopping for a VPN provider? (OpenVPN, L2TP, IPSec support, etc…)


#2

Hi. Silly question back to ya … How about just buying another, perhaps “relatively low-end” Peplink device and make your own VPN? Peplink products already have the VPN technology built-in as you know. If you don’t need a ton of bandwidth, even a SOHO will do it – and do it well – with PepVPN, L2TP, etc. We have several installations where the Peplink device’s primary role is to receive inbound L2TP connections.

Maybe I’m missing something here? :slight_smile:

Rick


#3

Hi Rick,

The goal here is privacy from the ISP – viz. yesterday’s Senate vote which gutted the FCC regulations that prevent ISPs from capturing and selling one’s browsing data.

For this to work, the VPN must be going outbound to an international VPN provider.

Is that possible?

Thanks


#4

OK, now I understand. I don’t see Peplink hardware as a barrier here in any respect. How about using a VPN service with POPs in various other countries (perhaps one where there are real privacy laws)? Then, use whichever of the Peplink’s seven outbound rules that suits you to connect to that POP.

Example: I am quite familiar with an individual who has a subscription to OpenVPN and has one machine behind each of two Peplink Balance routers. He can select the endpoint - e.g., Switzerland, Italy, S Korea, Chicago, etc. The tunnel through his ISP(s) is(are) encrypted so his US ISP sees nothing. The solution is trivial to implement and does not cost much.

Would that meet your needs?

Side note: The VPN endpoints are fairly well known among many. They certainly have the potential to be a “honey pot” for miscreants.


#5

Yes, that sounds like it would work. Is there any documentation for setting this up using the Peplink Balance One?

Do I start at Network / VPN/ IPsecVPN and create a New Profile? I’m not clear what the steps are.

Thanks!


#6

No. The solution I described (or m eant to describe) is pretty much independent of the Balance. A tunnel would be created directly from a client machine on your local LAN to the VPN provider’s POP/endpoint. It’s simple. While I am not necessarily recommending this product, check out https://www.privateinternetaccess.com/pages/how-it-works/ . They have some pretty good illustrations. If you have more than one client each can create a tunnel to a different endpoint if you wish.

I referred to OpenVPN in my previous message – brain fart related to something else I’m working on. I suspect I confused you. Very sorry about that! :hushed:


#7

Right - sorry it sounds like some miscommunication on both sides. I know about PIA and have seen many recommendations for them. I know that one can set up a VPN from a device as client to a VPN provider (iOS, MacOS, Windows, Android all have this built in).

The question I’m asking is: can a Peplink Balance do this at the router level, e.g. can I set up a VPN on the Peplink and then have a group of users for whom all their traffic will be routed over that VPN.

Imagine a use scenario: I have the Peplink set up with a captive portal, but I really don’t trust those users using my ISP, so I want to route all of their traffic to a VPN to be safe.

If that’s not possible with a provider such as PIA, is that something I could do home-brew style, perhaps using a VPS instance on Amazon S3?


#8

Understood. That’s what I was referring to in my message of a few hours ago when I mentioned that we have a couple of Peplink products whose primary mission is just to provide VPN endpoints and L2TP connections. Some ISP will see the unencrypted traffic but the ISPs that provide the local WANs won’t.
It’s a simple matter to direct gateway traffic to the VPN. And, users in the field can connect via L2TP. That’s our "home-brew style."
There are advantages to both approaches which is why we use both.

I’ll be leaving for a couple of days shortly. Maybe someone smarter than me can jump in here with some ideas. Didn’t mean to monopolize this … :sunglasses:


#9

Hey SoylentGreen

It’s possible to make it work and Peplink hardware won’t create a hurdle in any possible way. It’s easy to get over it too. all you gotta do is setup your machine behind router and configure a vpn. like rick said, vpns offer encrypted tunnel so the data passing through it is pretty much secure. you’re good as long as you get a vpn that isn’t from US and configure it right. The only issue with ones bound by US laws is obvious, they’ll be keeping logs, failing the whole purpose. try searching something outside US like ivacy, express, pure, astrill,really anything outside US that doesn’t keep logs might work.