Greeting all!
Sorry if I have not seen this previously posted or on the peplink.com website.
We would like to be able to use some of our FusionHubs to accept OpenVPN clients. Is that supported?
Thank you,
Dana
2 Likes
Thanks WeiMing.
Certainly.
Enterprises need remote access for employees on the road, working from home, or in disaster recovery/BCP scenarios.
Any Enterprise hosting their IT infrastructure in Azure or AWS will need to establish a Point-2-Site VPN client VPN aggregator for this purpose.
If they are already using a FusionHub then it would be a perfect device to use for their Point-2-Site VPNs.
We would use it ourselves at Onwave for our BCP/DR scenario. We have numerous customers who would use it as well.
Cheers
Dana
1 Like
@DKonkin, thanks for sharing the deployment details with us. We have another post discussed on Remote User Access support at FusionHub.
Let me bridge the request to the relevant post below, to alert the team to be aware.
Update:
We have prepared a special firmware with the feature, as posted by @Kenny.
2 Likes
Awesome guys! I was just about to ask for the ability to remotely access a Fusion Hub. Similar use case with Peplink devices connecting to the Hub and then remote users/on the road able to connect into the Hub. Will have to test at some point soon. When will the next firmware v8 be released with this feature included? Thanks !
2 Likes
I was wondering how often will Peplink issue firmware upgrades in order to keep OpenVPN secure? With other router vendors it seems there are quite a lot of firmware fixes just for that purpose.
Thank you.
1 Like
I don’t think the Split Tunnel works as advertised. I’ve tried it on a couple of different PEPLink routers, and when selecting the Split Tunnel it still seems to route all traffic through the VPN. When connecting to a split tunnel it starts routing my internet traffic through the remote connection instead of just traffic for the remote subnet/vpn.
Split tunnel is implemented on the VPN client, not at the router. What kind of client device are you using? I can confirm that split tunnel works correctly on Windows 10 VPN client.
1 Like
I’m using OpenVPN GUI v11.13.0.0 on Windows 10. The routers in question (because I’ve tried it with multiple) are all Balance One’s. You setup the VPN on the router, and then click to download the split tunnel config. The VPN part works, but the split tunnel does not. Once connected to the VPN all of your internet traffic is also routed through the VPN.
What exactly needs to happen on the router or client to fix this?
1 Like
I looked into this further and here’s the deal. The only difference between the two OpenVPN config files that the PEPLink produces is this line is included in the “route all” and not in the “split tunnel”:
redirect-gateway def1 bypass-dhcp
However, what is actually required to send VPN traffic through the tunnel but keep internet traffic local is this:
route-nopull
route 192.168.40.0 255.255.255.0 vpn_gateway
(change the 192.168.40.0 and 255.255.255.0 to match the remote IP subnet on the remote network you are connecting to, and add additional route lines for any other traffic you want to send through the VPN).
Seems to me the PEPLink should include that automatically when it generates the config file for the split tunnel.
1 Like
@nsg, this is acknowledged and it sounds like a bug. Let me check with the team then provide feedback. Thanks.
1 Like
@nsg, we confirm this is a bug and target to fix it in 8.0.1 tentatively. You may consider using L2TP/IPSec for the time being.
Thanks for reporting this.
2 Likes
I also like option, mostly 1194 is blocked. Enabling 443 will be advantage. How can request this option.
Thanks.
I also like this option, it will added advantage.
I am able to connect to a Balance 20 using the OpenVPN client. Is there a way to disconnect after a period of inactivity? The client seems to stay connected until I manually disconnect.
1 Like
Thank you for the tutorial. This is surprisingly simple, ON WINDOWS, ironically. I have successfully gotten this to work on windows using the exact instructions. However, when trying to connect from Mac OS using Tunnelblick, I am getting the following error:
. I also have tried using openvpn connect agent on mac os and I am having similar problems. It seems like the client successfully connects, however, no data seems to tranmit to and from the router. I’m thinking this some sort of dns error.
Has anyone else had any success connecting to openvpn server from Mac OS Mojave? If so, could you please let me know what settings you altered from your openvpn client profile, and what software you are using? Thanks so much for any help or any ideas in debugging this not-so-simple Mac OS issue.
Perhaps we could get a Mac Specific tutorial?
Dan
We’ve successfully employed Shimo v.5 on MacOS/Mojave, importing the profile provided by the router without any modifications.
Z.
2 Likes
Well I figured it out thanks to opening a ticket with pepwave. Turns out, all I had to do was enable dns proxy in my surf soho. Thank you for letting me know that you got this working with shimo on mojave! This helped me figure out the solution through the process of elimination! Thanks!
1 Like
You’ll want to add a dns entry on the tunnel too. If you need multiple route statements, just add another one like nsg shared below the route-nopull.
dhcp-option DNS 192.168.40.1
1 Like
is there a way to set up the OpenVPN connection to limit a user to only one IP address on the network, or a group of IPs?
In short, are there VPN firewall rules that can be configured to limit access to devices on the network?