Connecting Multiple Sites to FusionHub Solo using PepVPN and IPsec

I need help in setting this up… I have 2 sites (A + B), A is Balance One with 4x vSAT WANs + 1x 4G LTE as Ethernet via Max BR1 Mini in IP Passthrough mode. Site B is a Balance 20 with 1 Cable WAN. The goal is to allow Site B clients access to Site A local networks via Site C (not labeled on diagram) is a FusionHub Solo in AWS.

This diagram is not quite finished but I think you’ll see what’s going on. So Site A connects to Site C using PepVPN (uses its 1 license). Site B connects to Site C using IPsec (no more PepVPN peer licenses on FH), which is perfectly fine as there is only one WAN at Site B and IPsec works great.

My questions are the following:

  1. Should anything be configured on the Max BR1 Mini, or leave everything to the Balance One?
  2. What Local Networks should be listed in IPsec configuration of Site B (Balance 20)?
    • Should all of Site A’s local nets be included?
    • Should any subnets of FH be included (FH private WAN IP is 172.16.31.57 | subnet is 172.16.31.0/20)?
  3. What settings need to be configured on FH to allow Internetwork communication of Site A/B through FH?

To get this working I’ve decided to start without Speedfusion bandwidth bonding and just go with PepVPN to FH (Site A <-> C) and IPsec to FH (Site B <-> C). I’ve configured PepVPN via InControl2.

Thanks in advance for your help!

Do it on the Balance One - treat the BR1 as a dumb modem.

Yes - if you want to route to them from Site B - or just limit to those you want access to.

I would - then you can use OpenVPN to the Fusionhub for remote user access.

Nothing - OSPF should advertise all the routes from Site B to Site A.

2 Likes

@MartinLangmaid Thank you so much! I have implemented this and it is working wonderfully. The PepVPN from Balance to FH tunnel is created using the cellular WAN, which is behind CGNAT. Then the IPsec VPN from Site B to FH allows remote communication to Site A over the cellular WAN (behind CG NAT) at a much lower latency than the previous direct IPsec VPN to Site A allowed over vSAT links.

2 Likes