I am facing an issue when building a PepVPN between my Balance 210 and my Balance One Core but the the PepVPN status is stucking at starting.
I configured Dynamic DNS on B210 and it is working.
I have also made redirection on port 4500-UDP & 32015-TCP from the FTTH receiver to the B210.
How have you configured the PepVPN? Manually or using InControl2?
Starting means the device is waiting for a connection generally. Did you put the WAN IP of the B210 in the pepvpn profile of the Balance One? Is there any other device netween the Balance One and the internet that could be blocking traffic?
I have a noip account and i configured the B210 to use it with a dynamic domain. B210 is correctly upgrading Public IP adress to my account.
We have a router where the FTTH is connected and then this router is connect to the Peplink.
The WAN IP address of the FTTH router is a 10.X.X.X and is not the public IP we are seeing in the noip platform.
Do you think it can be the root cause ?
Yes. Sounds like Carrier Grade NAT, so inbound traffic is being blocked at the ISPs perimeter. You might need to use a FusionHub to act as a middle hop that both devices talk to. Or you could use a hosted Fusionhub to give your Balance a new virtual IP to build the tunnel.
Of you could try building the tunnel the other way, so outbound on the FTTH connection. Who is the ISP?
If the Balance 210 is stuck behind a restrictive NAT router you could set the B210 to create a VPN outbound to the Balance One which should work fine.
Sure. You could host a fusionhub appliance with multiple peer licenses (one per remote device) in the cloud and let all devices connect to it as a hub.
Hi Martin,
Thanks for your support.
Sorry for the delayed answer.
On the âProfile Optionsâ page of the PepVPN Management wizard for your profile, enable âshow advanced settingsâ and disable âsuppress endpoint IPsâ to allow B210 to create a VPN outbound to BOne but it failed. I have âfailed to connect remote peerâ (also stucking at starting) in B210 log probably BOne is behind a restrictive NAT router also.
FusionHub seems to be our best solution.
Question with FusionHub : we have multiple clients (with multiple sites per clients), can we add multiple peer licenses to FusionHub & create separated PepVPN profile for each clients or we need one FusionHub appliance per client ?
Yuo can do it with one Fusionhub and VRF (see here) or you could dedicate a fusionhub per customer.
Personally I dedicate a fusionhub per customer then have a secondary fusionhub acting as backup. The backup Fusionhub has the same amount of peer licenses as the largest customerâs Fusionhub so that any customer can fail-over to it.
Hi Martin,
Thanks for your highlight. I have 2 questions regarding your configuration :
1- Each FusionHub you dedicate to your customer have a unique public IP or you use use port fowarding on entry router of your FusionHub cloud ?
2- With the backup FusionHub you use different profile for customer or VRF