Configure Remote User Access using OpenVPN

Hi Bakker,

It seems a common error; the tips in this discussion might help :
Please also try downloading a recent OpenVPN client config from the status page of your router.
If the above doesn’t help, please open a support ticket.

1 Like

Hello Erik, Nice thought. I want to ask you how to change ports. Please suggest me.

@pepperhope

Please check the Erick reply as below :slight_smile:

1 Like

So just to confirm. It will not be possible to use a VPN service like NordVPN, ExpressVPN etc? This is using the router as a VPN client, correct?

1 Like

@Niek_V

As for now OpenVPN is only for Client devices (SmartPhone, PC, ETC) connect to Peplink router.

Please check on the forum post below:

1 Like

Greeting all!
Sorry if I have not seen this previously posted or on the peplink.com website.
We would like to be able to use some of our FusionHubs to accept OpenVPN clients. Is that supported?

Thank you,
Dana

@DKonkin, would you mind to share your use case that needs OpenVPN support on the FusionHub?

1 Like

Thanks WeiMing.

Certainly.

Enterprises need remote access for employees on the road, working from home, or in disaster recovery/BCP scenarios.

Any Enterprise hosting their IT infrastructure in Azure or AWS will need to establish a Point-2-Site VPN client VPN aggregator for this purpose.

If they are already using a FusionHub then it would be a perfect device to use for their Point-2-Site VPNs.

We would use it ourselves at Onwave for our BCP/DR scenario. We have numerous customers who would use it as well.

Cheers

Dana

@DKonkin, thanks for sharing the deployment details with us. We have another post discussed on Remote User Access support at FusionHub.

Let me bridge the request to the relevant post below, to alert the team to be aware.

Update:
We have prepared a special firmware with the feature, as posted by @Kenny.

2 Likes

Awesome guys! I was just about to ask for the ability to remotely access a Fusion Hub. Similar use case with Peplink devices connecting to the Hub and then remote users/on the road able to connect into the Hub. Will have to test at some point soon. When will the next firmware v8 be released with this feature included? Thanks !

I was wondering how often will Peplink issue firmware upgrades in order to keep OpenVPN secure? With other router vendors it seems there are quite a lot of firmware fixes just for that purpose.

Thank you.

1 Like

I don’t think the Split Tunnel works as advertised. I’ve tried it on a couple of different PEPLink routers, and when selecting the Split Tunnel it still seems to route all traffic through the VPN. When connecting to a split tunnel it starts routing my internet traffic through the remote connection instead of just traffic for the remote subnet/vpn.

Split tunnel is implemented on the VPN client, not at the router. What kind of client device are you using? I can confirm that split tunnel works correctly on Windows 10 VPN client.

1 Like

I’m using OpenVPN GUI v11.13.0.0 on Windows 10. The routers in question (because I’ve tried it with multiple) are all Balance One’s. You setup the VPN on the router, and then click to download the split tunnel config. The VPN part works, but the split tunnel does not. Once connected to the VPN all of your internet traffic is also routed through the VPN.

What exactly needs to happen on the router or client to fix this?

1 Like

I looked into this further and here’s the deal. The only difference between the two OpenVPN config files that the PEPLink produces is this line is included in the “route all” and not in the “split tunnel”:
redirect-gateway def1 bypass-dhcp

However, what is actually required to send VPN traffic through the tunnel but keep internet traffic local is this:

route-nopull
route 192.168.40.0 255.255.255.0 vpn_gateway

(change the 192.168.40.0 and 255.255.255.0 to match the remote IP subnet on the remote network you are connecting to, and add additional route lines for any other traffic you want to send through the VPN).

Seems to me the PEPLink should include that automatically when it generates the config file for the split tunnel.

1 Like

@nsg, this is acknowledged and it sounds like a bug. Let me check with the team then provide feedback. Thanks.

1 Like

@nsg, we confirm this is a bug and target to fix it in 8.0.1 tentatively. You may consider using L2TP/IPSec for the time being.

Thanks for reporting this.

2 Likes

I also like option, mostly 1194 is blocked. Enabling 443 will be advantage. How can request this option.

Thanks.

I also like this option, it will added advantage.

I am able to connect to a Balance 20 using the OpenVPN client. Is there a way to disconnect after a period of inactivity? The client seems to stay connected until I manually disconnect.

1 Like