Balance one site-to-site to Balance 710

Hi PepLink Support,

I try to set up VPN for our external worker access to our LAN network. I followed your guide here(Setting up L2TP With IPsec) Setting up L2TP With IPsec but without success. When connecting using Windows 10 VPN client, I got “A connection to the remote computer could not be established, so the port used for this connection was closed…”. i have B710 firmware version: 7.1.0

Please check the forum thread below:

1 Like

Dear
my B710 is not behind a NAT device and I’m not able to connect to the VPN on a Mac, iPhone and Android devices.

Would you able to perform packet capture and verify whether the L2TP VPN traffics reaching to the Balance 710 WAN interface ?

1 Like

i did not find event log regarding the issue

I mean packet capture and verify traffics reaching to the WAN interface.

1 Like

Dear Peplink Supportو
kindly i need explain the difference between outbound policy and outbound/inbound firewall rules with examples.

Outbound policies are routing policies for outbound traffic.
You can identify which traffic a policy is applied to by the internal source of the traffic (eg IP / MAC addresses) , its destination (IP / Domain) or a combination of the two and then apply specific load balancing algorithms to the traffic. Those load balancing algorithms can selectively use available healthy WANs for the identified traffic.

Firewall rules allow or deny traffic to pass between subnets. Those rules can apply to Outbound traffic (LAN to WAN) Inbound traffic (WAN to LAN) and Internal traffic (LAN/VLAN to LAN/VLAN). Traffic is identifiable by source MAC / IP or protocol.

Examples

Your VoIP traffic to your hosted provided is authenticated by your public IP (so only VoIP traffic from your fibre internet connectivity is allowed), but you have multiple WANs (Fiber, DSL and 4G).

In this case you would use outbound policies with your hosted voip service public IP entered as the destination IP to identify the traffic in scope and then the enforce algorithm to send it over the fibre line and not the DSL or 4G.

You have a CCTV server / DVR hosted on your LAN with port forwarding through your Peplink device for remote access to it. You want to restrict access to that DVR to known remote users (by IP address).

You would add two inbound firewall rules, 1 that denies all traffic from WAN to the LAN IP of the DVR to block general access to the DVR. Then another above that that allows access to the DVR by source IP (the source being the public IP of the remote user).

You have three VLANS configured on your Peplink, one for IoT devices (home heating control, temp monitoring, smart meter), another for guest wifi and a third for your own laptops / PCs. You don’t want your home devices to be accessible by the IoT or guest networks / devices.
You have three WANs, DSL, Satellite - and cellular as backup, and only want your home devices to use the satellite link when the DSL is saturated and the cellular when both DSL and Satellite have failed. The IoT and guest wifi devices should never use the satellite or cellular WAN links

  • Set up Internal firewall rules that deny the IoT and guest network from accessing your home network.
  • Set an outbound policy (enforced) with a source of any and a destination of DSL WAN. (so the default is all devices can only use the DSL)
  • Add a new outbound policy (above the last) that identifies the source as your home network - chose the overflow algorithm (dsl first then satellite). (this lets your home network devices access the DSL and satellite WANs).
  • Below that rule add another outbound policy (enforced) identifying your home network as the source with the cellular WAN as the destination. (this policy only has an effect if the DSL and satellite and both unavailable)
  • Set the Cellular WAN as P2 in the dashboard (so its only used for failover).
2 Likes

Dears,
we are using PRTG for monitoring our network. PRTG showing the below warning about my Balance 710
(20 % (Free Space) is below the warning limit of 25 % in Free Space)
image

@msaeed

You can actually ignore the warning. Believe you are using generic DISK space SNMP OIDs for server to monitor Peplink devices. This is not applicable to Peplink router.

1 Like

Dear,
I will use MAX BR1. it has 2 SIM. i need to know how it works, failover or load balancing.

Hi @msaeed,

The MAX BR1 does not support loadbalacing with its SIM-cards.
Only 1 SIM-card can be active at the same time, the other SIM-card is used for failover.

If you connect a WiFi WAN and/or Ethernet WAN to the MAX BR1, load balancing is possible with the newer firmware versions.

1 Like

Dear Peplink support team,
i will add a balance 710 to my existing balance 710 as HA.
my exiting one has two WAN connections to different ISP.
i need your guide for configuration and tips and trikes.

@msaeed, please refer to the link below.

1 Like

Dear Peplink support team,
the VPN tunnel is flapping between my main balance 710 and remote office balance one.at balance one i configured WAN1 as standby and using 4G with WAN2 for testing 4G stability
i got the below event log

Oct 04 10:10:07 SpeedFusion: (Fuchs-YanbuFactory-C1A0, sn:) connected to GHQ_TO_Fuchs-Yanbu
Oct 04 10:06:25 SpeedFusion: (Fuchs-YanbuFactory-C1A0, sn:) disconnected from GHQ_TO_Fuchs-Yanbu
Oct 04 09:56:12 SpeedFusion: (Fuchs-YanbuFactory-C1A0, sn:) connected to GHQ_TO_Fuchs-Yanbu
Oct 04 09:54:30 SpeedFusion: (Fuchs-YanbuFactory-C1A0, sn:) disconnected from GHQ_TO_Fuchs-Yanbu
Oct 04 09:43:52 SpeedFusion: (Fuchs-YanbuFactory-C1A0, sn:) connected to GHQ_TO_Fuchs-Yanbu
Oct 04 09:42:00 SpeedFusion: (Fuchs-YanbuFactory-C1A0, sn:) disconnected from GHQ_TO_Fuchs-Yanbu

Oct 04 10:10:07 PepVPN: (GHQPeplink-9684, sn:) connected to Fuchs-Yanbu_TO_GHQ
Oct 04 10:06:24 PepVPN: (GHQPeplink-9684, sn:) disconnected from Fuchs-Yanbu_TO_GHQ
Oct 04 09:56:12 PepVPN: (GHQPeplink-9684, sn:) disconnected from Fuchs-Yanbu_TO_GHQ
Oct 04 09:43:52 PepVPN: (GHQPeplink-9684, sn:) connected to Fuchs-Yanbu_TO_GHQ
Oct 04 09:42:00 PepVPN: (GHQPeplink-9684, sn:) disconnected from Fuchs-Yanbu_TO_GHQ

@msaeed, looks like this is related to the WAN connectivity issue between Balance 710 and Balance One or the sensitivity of the SpeedFusion tunnel/WAN health check or others reason. This required further check on both boxes. I suggest getting help from your point of purchase to further diagnose the problem.

could the below cause the problem?
1- Balance one WAN1 connected to DSL and take 192.168.1.5
WAN2 connected to 4G modem and take 192.168.1.10. i mean same rang.
2-Balance one ,i changed WAN1 to standby which is by default is the main one
3- Balance one ,the remote branch has around 50 users connect to the main branch using the tunnel.
4- Balance one, 4G signal is weak .(but by checking the log WAN2 didn’t disconnect. only VPN tunnel disconnected
kindly i need your suggestions.

@msaeed

You are mentioned that no WAN disconnection for the devices end and that show that the issue can be related to the point to point between the devices.

Suggestion is to check the point to point connection between the Balance One & the B710. You may need to do some packet capture for both end to verify the packets sent whether can reach to the both end devices when the issue happen.

1 Like

Dear Peplink Support,
my Balance 710 Firmware is (7.1.0 build 2287).now version: 7.1.1 is available and i already update all Balance one remote branches to version: 7.1.1.
is it save to update balance 710 to version: 7.1.1.

Dear Peplink support,
still waiting for your help about the above issue