Hi Support,
We know that a VPN tunnel can be established between two Peplink devices. When one side has a static IP and the other has a dynamic (floating) IP, the VPN connection works fine. However, can a VPN still be established if both sides use dynamic IPs?
Specifically, why does the “one static, one dynamic” configuration work, while a “dual dynamic IP” setup typically fails? Furthermore, what specific mechanism does SpeedFusion VPN use to establish and maintain its connection?
Dyanmic IP on both yes, but not if both devices are behind NAT because neither device can start the handshake process to build the tunnel.
There is a handshake process on TCP 32015 that sets up the VPN session.
If you nav to a device dashboard in IC2 and select “edit” next to information in the top left corner, you can turn of “find my peplink” service witch will create a domain you can use to locate the device instead of just the IP address. I use it all the time for my mobile setups that do not have static IPs. Also, to tie into what @MartinLangmaid said, make sure at least the device you choose as the server side of the VPN has the SF ports needed to create and maintain the tunnel publicly accessible.
You might be able to get it to work, if at least one end is not behind a NAT. That is you have a real routable IP on at least one end. Routability is usually the issue if a connection can’t be made.
Dynamic IPs are quite often very static really, and once you find out what dynamic IP one end has been assigned, you can give it to the other end as a static IP. That’s how I connect to my cable modem, and my VDSL. The IPs have not changed for years. (However, a different site, the cable IP did change, and I had to update it manually. I didn’t notice for a while, as both ends try to connect.)
DHCP servers often cache the IP they’ve given a particular device, and continue to give it the same one. That leads to less unhappy users, as changing the IP can cause things to break.
If you really have a dynamic IP which like changing frequently, then you might get it to work with a dynamic DNS. There’s settings for that under the WAN connections. That tells a DNS server what IP it’s using, and the other end can query that and connect to the dynamic DNS name.
