I’ve never encountered a network that provides the DHCP response without the VLAN tag when the request was made in a specific VLAN. All ISP’s in the Netherlands that do use VLANs on their WAN supply the correct response with VLAN tag. So works just fine with all Peplinks we tried.
What kind of routers are you testing that do accept the DHCP response from a different VLAN, that seems to be an error on their end…
Maybe as a workaround, you could try to use the Virtual VWAN function, set that to the Uplink WAN port and set the correct VLAN on that. Keep the normal WAN enabled without VLAN and with DHCP on and the response that comes on the physical interface should arrive at the Physical WAN config.
No update yet to support Band Selection for RemoteSIM/FusionSIM? Before 8.3.0 it worked with the settings set for SIM A, now it’s just operating in Auto mode, which makes it quite useless for us sadly.
So still stuck on 8.2.1… Hopefully it will be addressed in one of the newer betas of 8.4.0 .
And any news on when ‘all’ Peplinks will be supported as Synnergized devices? It would be nice to have the Balance 20X and Balance 310-5G as Synnergized devices as well, not just as controller.
Rest of the updated features look promising and keep the development coming .
Its a fiber system, with a Huawei OLT that is accepting a DHCP on a VLAN tagged device, and issuing the DHCP response without VLAN tagging.
The ISP supplied ONT modem will accept the response without tagging. A replacement Ubiquti ONT also accepts the non tagged DHCP response.
Put either ONT into bridge mode, and plug in an old Cisco home router will sign up DHCP and VLAN and take the no tagged response. Same for an old Linksys router. All these request a DHCP with VLAN tagging, and accept the no tagged response.
But NOT the Peplink. What is it trying to prove here? It requested an address and one was issued, but it refuses to accept it… for no actual reason.
I’ve never done a packet trace on the WAN side now that I think of it. It just always worked for us when we set the VLAN tag in the Peplink WAN interface. This is on all kinds of networks, DSL, Fiber (AON) and Fiber (GPON).
Same with other brands that support VLANs, we just need to add the tag on the interface and it worked without issues, you sure it’s not a different setting causing the issue with your ISP? Some ISP’s don’t allow MAC address changes without their approval. And sometimes there is a longer timeout before they will provide a new address.
8.4 broke synergy mode for me. I have a BR2 Pro (SC) and Transit Duo Pro E (SD) and the SD can no longer detect any remote sim’s. (I have the “new” SIM Inj mini). Everything worked fine prior to upgrading to 8.4.0b01. I have opened a case w/ PL - but I will need to be rolling back to 8.3 so I can get the SD back online.
Few other feature enhancements and bug fixes I thought of that I wouldn’t mind seeing in this release if you get a chance:
RADIUS/LDAP/AD auth support in Remote User Access on the Balance 20X. It’s weird that it’s missing, and it prevents those units from integrating with SSO login providers.
[BUG] Active Sessions that are NAT’d over IPSEC are missing from Status>Active Sessions. Non-NAT’d sessions show up fine.
I’d also like to be able to add NAT rules in IPSEC connections with IP ranges to map, rather than single IP’s or whole subnets.
FusionHub VRF and InControl2 SpeedFusion configuration still conflict with each other
I love the Grouped Networks feature. Can we get a Grouped Services feature? That would really help keep firewall rules tidy, and is a common feature of other enterprise firewalls
Speaking of Grouped Networks/services, can they have an option to have comment/note per entry? For security lists I like just copy/paste the addresses, but for manually created lists I’d like to click a box and it adds a note/comment field so I can remember/find what each entry was later.
Certificate Manager needs LetEncrypt support
FIPS licensing needs to be available for more devices.
FIPS licensing/FIPS mode must also cover IPSEC tunnels so they can be used in applications with federal compliance requirements. Covering speedfusion only is insufficient.
Captive Portal needs configurable port setting
Need an option in Advanced>ContentBlocking to log blocked URL events from Web Blocking to the Event Log, and add an appropriate tab in Status>EventLog to view them. This would help make troubleshooting or simply viewing blocked sites very simple.
The Application Blocking and Web Blocking UI could use an overhaul, namely I’d also like to be able to create multiple policies that could be applied to different user groups. Maybe even be able to apply schedules to user groups for web/app blocking profiles. The application blocking drop downs also get pretty clumsy if you use more than a few items.
The connections under Status>IPsec VPN should show more detailed information, like current throughput, and a throughput graph, etc. More like with a speedfusion connection.
Under Advanced>OSPF&RIP2, I need to be able to advertise IPSEC routes under Network Advertising, but it only allows me to add LAN and WAN routes, and there is no manual entry option. I currently have to add them manually on the spoke devices.
In Network>NetworkSettings, Local DNS Records needs an option to be able to be applied on either a per-network or global basis, rather than global-only as is currently. For instance, I need to give clients on one network an IP on the other end of a Speedfusion tunnel, but clients on another network need to use the different IP because it uses a different route. I run into this quite a bit when using SpeedFusion with PBX’s.
Switching the BR1 Mini’s 3rd port between LAN and WAN mode should be less confusing.
the WAN Quality feature needs to have a customizable IP/Hostname to ping, or custom hop on traceroute to use, because especially with wired WAN’s, it will tend to improperly see the local NID, which results in WAN Quality showing a perfect connection no matter the actual condition. It can even be down and it still shows the quality as perfect.
General request for the UI: sections that have changes made that have not been applied should be highlighted in some way. Or when you hit “Apply Changes”, it give you a quick list of setting changes for visual confirmation. This will help avoid unintended config changes.
When using SpeedFusion VPN with Route Isolation, routes from other spokes in Star topology need to be rejected, or at least have the option to reject them. ie. I need a hub and spoke confnig, but I do not want the spokes subnets advertised to other spokes for security.
@Lai : I am facing significant internet connection instability and losses with 8.4.1 beta 1 on our Balance Two, which is connected to an AVM Fritz!Box 6660 cable modem. So we had to switch back to 8.3.0 again. Especially when our clients use online banking or VPN/Teams they get kicked due to „connection change“ or loss.
Has anyone confirmed Starlink mode works with SDX PRO routers? Just upgraded to 8.4, and enabled Starlink mode on the port my Starlink is connected to and I am not seeing anything yet.
Hi Michael,
It was developed for the high performance dish, but the grpc interface it uses is available on all Starlink dishes so it should work with every variant.
@ckirch, this sounds strange and serious. Do you think you can help us to run a test and capture a diagnostic report, then send it to the ticket for us to take a closer look? Do let us know if you have an existing ticket for it.
[Update]
We did a quick test with our Balance Two, on firmware 8.30GA and 8.4.0 Beta 1, running a continuous PING test and SpeedTest, and didn’t see any drop in performance or packet loss (checked in <support.cgi> too). Probably it is worth submitting a ticket for us to review the device.
I’m using it with a residential rectangular dish, residential circular dish, and a high performance in-motion square dish. Peplink hardware tested so far includes a BR1 Pro 5G, BR2 Pro 5G and an MBX Mini 5G.
Does this mean you can access individual starlinks and even though they all have the same management IP address? is there a way that you can now address each starlink form within a docker container?
Support confirmed that there is an issue with IPV6 session management on Balance Two. Their fix implemented on my device solved the issue, successfully. Hope they will include the fix in final GA version (not in 8.4.0 RC1, yet). Unclear to me, if this affects other hw router devices as well.