Creating a static route

thfraley · May 1, 2018, 10:14am

Good day guys.

Trying to understand the basics with the peplink

I have 2x Balance 20’s
Lets call one Bal10 and other Bal70

Bal10 dhcp is 192.168.10.0 network
Bal70 dhcp is 192.168.70.0 network

Bal10 Has cellular on Wan1
Bal10 Lan1 → Bal70 Wan2
Bal70 has Wan2 setup as DHCP

Just the basics here Computers on Bal10 can ping everything on itself and Bal70.
However computer on Bal70 can not ping computer on Bal10

Question:
How do I setup the static routes need for this. Or am I missing a basic option.

THanks

Steve.Taylor · May 1, 2018, 10:29am

Hi @thfraley,

I would probably use the Outbound Policy setting - something like this:-

Hope this helps,

Steve

Ron_Case · May 1, 2018, 10:37am

Bal70 is doing a NAT to 192.168.10.X on the WAN so BAL10 does not see the 192.168.70.0 network.

MartinLangmaid · May 1, 2018, 1:24pm

You Set up Static Routes in Network | LAN → Network Settings.

You also need to change the WAN on the Bal70 to IP Forwarding instead of NAT as Ron says in Network → WAN | Connection Settings | Routing Mode. Click on the little blue icon and then the link to enable IP forwarding:

Your set up will look like this:

(assumptions made about WAN/LAN Ip addressing for examples sake)

thfraley · May 2, 2018, 8:53am

Thanks, guys,

You hit the nail on the head… I was not aware of the IP addressing option another hidden link lol.

I’ve got things to work enabling that and a static route in the networking settings.

Question what would the benefit of using outbound policy? Would you use that in replace of the static route option?

MartinLangmaid · May 2, 2018, 9:14am

Glad you got it working.

No benefit in this specific case as the issue was the NAT on the WAN of the second Balance 20.

thfraley · May 2, 2018, 9:26am

@MartinLangmaid,

So if I was to leave it as NAT then I would use outbound policy and would get same results?

MartinLangmaid · May 2, 2018, 9:44am

No. NAT on the second balance 20 (BAL70) was blocking inbound connections. Outbound policies control outbound routing via the WANs - so in a mult-wan setup outbound policies set how traffic should flow across the WANs.

You needed to control routing on the LAN - which you did with a static route, then on BAL70 you needed to allow inbound traffic on the WAN (by default blocked by NAT for obvious reasons) - which you did by enabling IP Forwarding rather than NAT.

BrentD · March 28, 2019, 10:35am

I have the same setup, using a Balance 210 in place of Bal10 and a Pepwave SOHO in place of Bal70. Does IP forwarding and static routing need to be setup on SOHO? Or does the static route come from the 210?

MartinLangmaid · March 28, 2019, 12:08pm

Static route on the B210, IP forwarding on the SOHO.

BrentD · March 28, 2019, 2:43pm

Thank’s for the response.

I must be missing something then as I still cannot access any lan devices on the SOHO from the 210 subnet.

Have static routing set on the 210. Destination Network: 192.168.125.0/24 Gateway: 192.168.206.2

Rosalia%20Seed

MartinLangmaid · March 28, 2019, 3:26pm

that looks right to me. Assume your firewll rules on the SOHO are all any:any allow? If not explicitly add the 192.168.206.0/24 inbound as allowed.

Can you ping from the soho lan to the b210 lan? Whta happens if you try and ping a lan device on the soho from the ping tool on the web gui of the balance 210?

BrentD · March 28, 2019, 4:16pm

All firewall rules on the SOHO for inbound are set to any:any allow. Have added the exception, still no luck.

Cannot ping any device from the 210 to the SOHO lan, however, I can ping the LAN IP of the SOHO from the 210: 192.168.125.1.

Can ping multiple devices going from the SOHO to the 210 lan.

MartinLangmaid · March 28, 2019, 4:20pm

OK so that’s interesting. Static route is working.

What default gateway is set on the LAN devices on the SOHO? Any chance they are not using 192.168.125.1 as their default gateway?

BrentD · March 28, 2019, 4:35pm

All devices on the SOHO lan were statically set to that gateway of 192.168.125.1, with the exception of a workstation that gets its IP from DHCP.

MartinLangmaid · March 28, 2019, 4:42pm

Weird. OK/.
So can a device on the LAN of the SOHO ping the LAN IP of the B210 specifically? Any chance the devices on the LAN of the B210 aren’t using it as their default gateway?

So far we have proven that the static route is in and working (as the B210 can ping the LAN IP of the SOHO).

BrentD · March 28, 2019, 4:48pm

The workstation on the lan of the SOHO can ping the lan IP of the B210. The devices on the lan of the B210 are using the gateway of 192.168.206.1.

MartinLangmaid · March 29, 2019, 1:30am

For the sake of sanity screengrab the WAN port settings/config on the SOHO. Wondering f that is actually still in NAT mode.

Re reading this thread now. Can you ping from B210 Web Gui to LAN of SOHO?

BrentD · March 29, 2019, 6:56am

Am getting a good ping response going from the web gui of the B210 to the lan IP of the SOHO.
Can’t reach the locoM2 at 192.168.125.151 or any other device on that lan. Plus those devices on the SOHO lan lose internet access.

BrentD · April 2, 2019, 10:02am

Still no luck, worked on it over the weekend. Am still not able to ping any devices going from the SOHO to the Balance 210 and vice-versa. Can’t see what else I could be missing.

Also noticing, that even with IP Forwarding disabled on the SOHO, am still able to ping the LAN IP of the SOHO at 192.168.125.1 from the Balance 210.