Configure AWS FusionHub with additional interface


#1

I have an AWS FusionHub which four other sites connect to. I’d like to also have an AWS instance of OpenVPN that the FusionHub is connected to via a secondary interface so that I can serve out client VPN connections which can also access the four sites.

Do I simply add another interface to the AWS FusionHub instance and configure it as a LAN network (private)? Or is there a better way to do this?


#2

Hi,

I haven’t try it but I hope following setup will work:

  1. Setup a new OpenVPN instance

  2. Disable “Sources/Dest. Check” of FusionHub AND OpenVPN instances
    (refer to page 66 of installation guide)

  3. Add 4 static routes to OpenVPN instance:
    network: the 4 remote sites’s networks
    gateway: FusionHub’s private IP address

    If your OpenVPN distribution does not allow setting static routes, you can set the static routes in AWS’s virtual gateway:
    network: the 4 remote sites’s networks
    gateway: FusionHub’s instance id


#3

This does not seem to be working. Is there a setting on the FusionHub I need to enable to route traffic arriving at it’s interface? NAT? IPForwarding?


#4

Hi,

Packets from OpenVPN client are forwarded to SpeedFusion peer (not NAT).
Can the OpenVPN client ping FusionHub?
Does OpenVPN client IP address same as FusionHub’s WAN network subnet? Or in different address range?

Please create a support ticket here so we can work with you to solve the issue.


#5

This is some sort of routing issue within FusionHub or the PepVPN links.

I have a server on the same network as the FusionHub that I’m using for testing. I’ve not built the OpenVPN server yet, but will soon.

From any of my remote sites running Balance One’s, MAX, etc. and connected to the FusionHub, I can connect to the server that is on the same network as the FusionHub.

From that server, I cannot connect back to anything on any of the other networks.

I have “SpeedFusion Peers Access Internal Network” enabled to allow the connectivity from the peers to the remote server. How do I enable that remote server to connect to devices downstream on the peers?


#6

Hi,

Please refer this thread.


#7

Thank you! That fixed it.