FusionHub AWS - routes to other subnets/availability zones


#1

In evaluating FusionHub running in an AWS VM running in my VPC-DEV (development VPC), I’m able to form a PepVPN connection from multiple PepWave devices. Yay!!!

I am, however, only able to reach private IP’s from my PepWave devices to a within VPC-DEV that are located ON THE SAME SUBNET as the FusionHub VM. This means I have to locate my AWS VM’s on the same subnet and AZ (availability zone) as the FusionHub VM. Now this sounds like a simple matter of setting up static routes somewhere or something similar.

Well this is taking me way too long to figure out on my own. Seems like FusionHub should, perhaps, interrogate the AWS VPC it’s running on to see the what the CIDR is. And then advertise and provide route(s) as needed to allow remote VPN’s reach all subnets associated with the VPC’s CIDR block.

Or at least give some manual options in FusionHub to address this.

Or maybe it’s something ridiculously simple that I’m overlooking.


#2

Hi,

We are working on Static Route feature in FusionHub. For the time being, you need to setup outbound policy rules in Balance/MAX routers to enforce VPCs traffic go through the PepVPN connection.



#3

There is a similar issue with the AWS internal DNS not being passed from FusionHub to its VPN remote(s). Note this would be a VPC internal DNS. I currently work around this by each host connected to a remote VPN to first point to the VPC internal DNS followed by the hosts default g/w DNS. I tried everything short of directing all traffic through the FusionHub VPN via a non-custom outbound policy. If you choose the option under outbound policy to direct all traffic, for example, to FusionHub than you are offered the choice of DNS server to use. Using Custom Outbound policy rules, I cannot see a way to set a rule-based DNS resolution nor can I see how this would be possible technically.


#4

Hi,

DNS information is not currently passing back to SpeedFusion peer.
If you want to specify DNS server over SpeedFusion connection, you need to configure DNS server in Balance/MAX router manually:

  1. Navigate to Network -> LAN page
  2. Click the “?” icon in “DNS Proxy Settings” title, enable “advanced settings for the DNS Resolvers selection”

  3. Enter the DNS server for the SpeedFusion connection


#5

Hi - any update? Do the recommended settings fix your problem?


#6

Hello,

I am having the same problem.

I have a star topology with a fusion hub and successfully can connect from endpoint to endpoint, but can touch any of the devices behind the FusionHub on AWS.

I can see all the routes in FusionHUB

Active: 10.34.0.0/16, 10.36.0.0/16, 10.52.0.0/16, 172.16.0.0/24 (172.16.0.0/24) is the /24 AWS network. I have two others 172.16.1.0 and 172.16.2.0 that should be reachable as well as the route table in AWS is active. Traffic should be going from FH (172.16.0.7) to 172.16.0.1 (AWS router) to other networks 172.16.1.0 and 172.16.2.0

I have enabled broadcasd SpeedFusion

I have also tried the outbound policy

The irony here is that it WAS working, but the instance on AWS had to be replaced and now I can’t figure out how to fix this.

Any ideas?


#7

Please refer to following thread for recommended settings:


#8

This fixed the problem…Thank you so much!!!