I retired my Balance 30 this weekend and installed a MAX BR2 as my primary router. I have a FusionHub instance on AWS that I am connected to and the Balance 30 was working well with it (thanks to help from this forum!). The BR2 continues to show a link down even though it is up on the dashboard (with DNS Health Check). I’m not sure where to start on trouble shooting this. I’ve rebooted the Fusion Hub client, but I’m not sure what else to try to do.
See pics below.
p.s. I bought the BR2 because I was having trouble getting Starlink speeds through the Balance 30. When I was just trying things over time (1 1/2 years) I stumbled on IPv6 as an answer to the Starlink issue a couple of days after I ordered the BR2… I turned IPv6 on the port and Starlink speeds trebled. I had already ordered the BR2 and wanted to keep it!
I have found very subtle issues with dual speedfusion tunnels on CGNAT providers.
#1 use a port other than 4500… since that is a default IPsec UDP tunneling port that sometimes gets special attention at a NAT/CGNAT layer. I start at 4501.
#2 Use different ports for each Speedfusion concentrator.
Without doing packet captures at each location you can’t figure out which part of the network is dropping the packet.
Also, be advised if you use IPv6 support on a peplink router, you have no firewall protection for that IP space. I use a PFSense FW for my IPv6 Starlink traffic.
I’m working my way from port 4501 to 4506 which are the ports open on AWS server. No joy yet. Rebuild of tunnels on apply changes brings up all wans but T-Mobile fails with in 10 minutes and doesn’t recover.
Do a network capture on wan2 on your BR2 (support.cgi). Capture for a while and then download, extract and open in wireshark. You should be able to see the traffic with AWS as the destination and confirm which port it is trying to access.
They are going to have to capture it at the Fusionhub WAN1 as well. To see in-bound and post NAT traffic. You need to know which direction of traffic is having the problem to start…
I don’t think it is needed to begin with on the fusionhub, WAN2 on the BR1 is nat’d so the traffic outbound is relevant to make sure it is going to the right IP and a port that is allowed on the AWS firewall…
Might be useful though if you see the port is one that should allowed so you can confirm traffic hitting the fusionhub.
