Suppose I have two physical locations, each with a Peplink dual-WAN router (the specific router model isn’t critical to my question, it’s sufficient that each of the two routers has WAN1 interface connected to a braodband cable provider (e.g., Comcast/Xfinity), while the (backup) WAN2 interface is connected to a wireless/cellular carrier (e.g., T-Mobile). It’s understood that each cable-based WAN1 interface could handle both outbound session requests and inbound requests, whereas each WAN2 interface’s cellular carrier utilizes CGNAT and thus the WAN2 interface can only initiate outbound requests but CAN’T handle any inbound requests.) Now, the two locations are connected using PepVPN: each location’s router’s PepVPN profile ‘Remote ID’ is configured with the other router’s ‘Local ID’, and router #1’s PepVPN profile specifies the hostname/IP address of router #2’s WAN1 interface. Each PepVPN profile specifies WAN1 as the Priority 1 interface, and WAN2 as Priority 2 interface for PepVPN traffic. This is all very standard: router #1 will initiate request to router #2 to establish the VPN tunnel between the devices. As long as router #2’s (non-cellular) WAN1 interface is up, the PepVPN will be established as expected. But if router #2’s WAN1 interface is down, the PepVPN can’t be established because router #2’s (cellular) WAN2 interface can’t receive/accept the incoming VPN-creation request initiated by router #1. Thus even though router #2 has dual WANs, the integrity of the PepVPN link between the 2 routers is dependent entirely on the stability of router #2’s WAN1 interface (since router #2’s cellular-based WAN2 interface can’t receive router #1’s incoming VPN-creation request). This makes the PepVPN linkage less reliable than desired.
MY QUESTION: Is there any way to configure router #2 such that if it doesn’t (or can’t) receive router #1’s VPN-creation request after a certain period of time, then router #2 would automatically initiate a request toward router #1 to establish the VPN? If router #2’s WAN1 interface were down but its WAN2 remains up, router #2 could use its (cellular-based) WAN2 interface to initiate the VPN-creation request to router #1 since WAN2. is quite capable of initiating outbound requests. Assuming router #1’s WAN1 interface remains up, router #1 would be able to accept router #2’s request to establish the VPN. Thus, so long as AT LEAST ONE of the two routers has a working (non-cellular) WAN1 interface (capable of receiving inbound requests), the PepVPN could be successfully established. Such an arrangement would make the PepVPN link much more durable.
If there isn’t any way to configure the above behavior, I suggest this is a significant shortcoming in the PepVPN
architecture, and I would like to suggest this as a new feature request.