Build PepVPN on FTTH stuck at starting

Good morning all,

I am facing an issue when building a PepVPN between my Balance 210 and my Balance One Core but the the PepVPN status is stucking at starting.
I configured Dynamic DNS on B210 and it is working.

I have also made redirection on port 4500-UDP & 32015-TCP from the FTTH receiver to the B210.

Thanks for your help.

Hi Rudy - welcome to the forum!

How have you configured the PepVPN? Manually or using InControl2?

Starting means the device is waiting for a connection generally. Did you put the WAN IP of the B210 in the pepvpn profile of the Balance One? Is there any other device netween the Balance One and the internet that could be blocking traffic?

1 Like

Hi Martin - Thanks

I have use InControl2 to configured the PepVPN.

I have a noip account and i configured the B210 to use it with a dynamic domain. B210 is correctly upgrading Public IP adress to my account.
We have a router where the FTTH is connected and then this router is connect to the Peplink.

The WAN IP address of the FTTH router is a 10.X.X.X and is not the public IP we are seeing in the noip platform.
Do you think it can be the root cause ?

Yes. Sounds like Carrier Grade NAT, so inbound traffic is being blocked at the ISPs perimeter. You might need to use a FusionHub to act as a middle hop that both devices talk to. Or you could use a hosted Fusionhub to give your Balance a new virtual IP to build the tunnel.

Of you could try building the tunnel the other way, so outbound on the FTTH connection. Who is the ISP?

1 Like

The solution with FusionHub sound good.

We are in Cameroon and our ISP is Camtel the national Provider.

Can you clarify here please ?

Do you think we can use 1 hosted FunsionHub to build multiple PepVPN for differents purposes ?

If the Balance 210 is stuck behind a restrictive NAT router you could set the B210 to create a VPN outbound to the Balance One which should work fine.

Sure. You could host a fusionhub appliance with multiple peer licenses (one per remote device) in the cloud and let all devices connect to it as a hub.

1 Like

Hi Martin,
Thanks for your support.
Sorry for the delayed answer.

On the “Profile Options” page of the PepVPN Management wizard for your profile, enable ‘show advanced settings’ and disable ‘suppress endpoint IPs’ to allow B210 to create a VPN outbound to BOne but it failed. I have “failed to connect remote peer” (also stucking at starting) in B210 log probably BOne is behind a restrictive NAT router also.

FusionHub seems to be our best solution.
Question with FusionHub : we have multiple clients (with multiple sites per clients), can we add multiple peer licenses to FusionHub & create separated PepVPN profile for each clients or we need one FusionHub appliance per client ?

Yuo can do it with one Fusionhub and VRF (see here) or you could dedicate a fusionhub per customer.

Personally I dedicate a fusionhub per customer then have a secondary fusionhub acting as backup. The backup Fusionhub has the same amount of peer licenses as the largest customer’s Fusionhub so that any customer can fail-over to it.

2 Likes

Hi Martin,
Thanks for your highlight. I have 2 questions regarding your configuration :
1- Each FusionHub you dedicate to your customer have a unique public IP or you use use port fowarding on entry router of your FusionHub cloud ?
2- With the backup FusionHub you use different profile for customer or VRF

where can i find this option please ?

Thanks.