Not so much a feature request as a general request. I keep finding small but important features that have been added tot he balance series, but not the max-br1. As I expect to install 2,000 to 4,000 of these over the next two years, this is a real issue.
One that I found today based on a response from engineering to a forum port I made, is the “expert mode” on the VPN screen. I really need that feature to correct a problem for a customer, and it “is not in the max series”.
Any unit that can do pepvpn and ipsec vpn connections should have the same routing features.
Expert Mode is available on the MAX routers that are not fail-over only. Reason being is that Expert Mode is not typically needed in fail-over only devices as there is only one connection active at a time and traffic is only going to go over that particular WAN. I do see what you mean in regards to PepVPN/IPsec. We will discuss and take this into consideration.
Thank you. Since you have to treat each speedfusion or ipsec vpn as a separate “wan” connection in terms of routing, it would help if all the features that currently target lan or wan also target vpn connections.
SF/PepVPN tunnels each have a unique “interface IP” assigned on the backend when link is established and are treated like a WAN interface. I am not 100% sure what you mean “it would help if all the features that currently target lan or wan also target vpn connections.”
Create an IPSEC VPN connection.
Go to system-.ping or tarceroute.
you can select WAN, LAN and if there are any PEPVPN connections. but you can NOT target the ipsec vpn. And since there is also no “default” selection to say “traceroute this following your routing table”, there is NO WAY that I could find to do a traceroute over the ipsec tunnel.
As far as IPsec is concerned you would need to perform ping/traceroute commands from a LAN client as we are not built around IPsec and our focus is PepVPN/SpeedFusion as it is a more robust and overall better VPN solution.
Hmmm. Not very helpful when we are working remotely with customers and WE do not have access to the devices on their LAN. And yes, pepvpn/speedfusion is great, when there is a peplink product at the other end.
I honestly do not care about *targeting *the IPsec VPNs, if you add the ability to do a traceroute or ping WITHOUT specifying a target. That is in many ways more helpful anyway, since it can expose issues where the routing is not going where we think it should be going. i.e. I think 10.25.30.15 should be across this ipsec vpn. I do a traceroute to default and see it hitting the LAN, then I know where to look for the problem.
I should mention here - the specific two cases where I just needed this had both pepvpn to my balance 710s AND ipsec tunnals to the customer’s data center, and I was having real trouble figuring out what the router was doing, because there is no general “show me the routing table” and no way to do this kind of general traceroute.