I am using a Balance 30 LTE and Balance One. I am debating setting up FusionHub in Vultr, and then routing my home internet through there in order to achieve an unbreakable internet connection. My current setup uses the Outbound internet traffic as enforcing certain MAC addresses to always go out over one of two internet connections. This setup has issues if said internet connection goes down.
Is FusionHub a good fit for me? And am I able to only selectively route certain traffic (via hostnames/IPs to use that tunnel to FusionHub), or must all traffic be routed that way? The last time I messed with VPNs, I ran into streaming services like Netflix and other providers blocking those IP ranges, which left it impractical to use as blanket coverage for all devices on the network.
I’m also considering adding an additional internet connection, so probably need to add another third Peplink device into the mix.
If you search around we talk about how to separate out Zoom and other priority traffic for the FH.
All of the selections you can make in Outbound policy can be used to route your traffic.
Your FH in VULTR will be blocked by Netflix and Amazon, etc, so I exempt my streaming devices from the FH tunnel. I also noticed I would get the Clouldflare bot detection more often.
Your directed “out certain interfaces” traffic should be Priority rather than Enforced. Therefore when the one WAN goes down the traffic will still flow via the other interface.
I’ve changed my policy (default FH, default WAN1, fastest response) depending on the stability of the two Wan systems. Right now Wan#1 is fast stable and unlimited, so it gets the priority traffic and all streaming, and just VPN, Zoom, and other priority traffic go via the FH. In addition the FH is the fixed IP for inbound services since the networks are CGNAT or random IP addresses.
Might need to look into what SpeedFusion features are also available to you on both of those, if I recall correctly on the Balance One they need an extra licence for anything beyond hot failover, and the Balance 30 I think is similar.
That also has a bearing on the FusionHub side. Most people deploy the FusionHub Solo which allows a single PepVPN peer (multple are possible if they are Priemcare devices, but neither of yours will be) so depending on how you are using the 30 and B1 together may need to deploy two hubs.
See my points above about the FusionHub peer count… you would also need to at that point consider paying for a FusionHub essentials licence, it might be better and simpler to just look at replacing the B30 and B1 with something that better suits your potential WAN connectivity options (this does ofcourse depend on how you are using those things in combination with each other).
That’s what I expected. Can I do the opposite? IE, just send certain traffic through the FH tunnel, such as my gaming traffic?
I tried this and it didn’t seem like it kept things locked to the Priority and things were moving around. My gaming traffic is sensitive to the IPs changing, and it would cause disconnects and other issues with the source randomly changing.
That’s an excellent point. Right now, the Balance One has a Spectrum cable modem connected as WAN1. The Balance 30 LTE has a Verizon LTE SIM card in it, and is connected to WAN2 on the Balance One. I manage all of the devices out of the Balance One.[quote=“WillJones, post:3, topic:39695”]
See my points above about the FusionHub peer count… you would also need to at that point consider paying for a FusionHub essentials licence, it might be better and simpler to just look at replacing the B30 and B1 with something that better suits your potential WAN connectivity options (this does ofcourse depend on how you are using those things in combination with each other).
[/quote]
That’s a consideration. I would want one that can do three WANs (one cable modem and two LTE SIM cards that are always active). Keeping in mind that 5G isn’t everywhere yet, and I’m using Verizon and will likely go with T-Mobile as the other provider, is there a good contender covers both provider’s bands (4G+5G) and won’t break the bank for a home router?
Yep, easiest way to do this is give your gaming machine a static IP or DCHP reserved IP so you know the source address and then just match that source address to any destination and direct it to the VPN tunnel.
You can then turn this rule on and off as necessary if you don’t need it to be used, matching by destination or application for gaming traffic is pretty hard and messy so this is probably the simplest way anyway.
Priority order of the WANs / tunnels within that rule should work for that just fine for that.
I have a friend doing just this for gaming via Starlink and a DSL line with good results.
Hmm, I think at the moment that is a hard one to fill for “sensible money for home use”
The MBX Mini is a great looking bit of kit, but I believe the list price on those is upwards of $6k USD, plus antennas and ongoing support contracts on top of that it is certainly not aimed as the typical home user!
If you’re not worried about 5G and just want 1 Ethernet WAN (can also use a USB-Eth dongle for a second low bandwidth one) and a couple of onboard LTE the Balance 20X could be worth a look - get it with Primecare and that gives you access to the full set of SpeedFusion features, but even then once you add in a second CAT6 or CAT12 LTE module (and the onboard one is only a CAT4) you’re still looking at probably pushing $1k USD.
The BR1 Pro 5G maybe also worth a look, 1 Ethernet WAN but only a single cellular on that and north the price of a 20X but it can do a fair bit more PepVPN throughput and is 5G so maybe a bit more future proof there. Again, I’d go for this with Primecare if it were me.
That sounds like a plan. Is there API access / access to devices via CLI yet? I’d like it to be a one click that I can run via a script on my desktop once set up.
I’ll have to try it again, but I didn’t have a good experience with Priority. It seemed like it would randomly switch and caused issues. Are there health checks to configure specifically for the Priority that would be used, so I can make them more fault tolerant? That might be the issue.
Yeah, $1k is doable but is really stretching things. I’d expect it to last me a fair bit of time for that price. I was previously looking at the 20X and the UBR. I think the UBR supported higher speeds/carrier aggregation, where the 20X did not. But the 20X allowed you to add the module you’re referring to.
I’m not familiar with this model. How does PepVPN play into the config? Is the FH appliance in the Cloud tunnel established via PepVPN on the Peplink devices?
Might be doable via the IC2 APIs - I’ve not really looked into what is possible here though.
Hmm, the UBR is 2x CAT4 LTE modems so would think they’d have the same features as the onboard CAT4 in the 20X… I really hope Peplink will do a hardware rev and sell a 20X with a CAT6 as default and an option to have a CAT12 on the internal modem as well as a CAT12 module.
Otherwise though the 20X is a decent router, if you are just using it straight up for NAT it can do nearly a gigabit of throughput so it is no slouch in that respect so would in theory last you if some kind of gigabit cable connection came along in the near / mid future.
PepVPN == SpeedFusion VPN - same thing to me, I’m bad at using those terms interchangeably, but yes basically it’s the tunnel from the BR to the FusionHub
The BR1 Pro 5G is pretty new, I had a play with one recently and it is a nice bit of kit, the big thing it has going for it for me over the 20X is the ~500Mbps of PepVPN/SF throughput vs the ~100Mbps of the 20X that makes it actually useful if you get a decent 5G connection plus a fast wired WAN into it.
Peplink are always releasing new boxes though, and the range of “X” series appliances I expect will expand in the future as they make more modern replacements for some of the long standing and popular models so could be worth just holding out and see what comes along.
It seems shortsighted to buy a CAT4 modem in 2022, does it not? I have looked at the various CAT4/6/12/18 etc. modems in the past, and it certainly doesn’t make it easy to choose one. The price seems to jump up exponentially…[quote=“WillJones, post:7, topic:39695”]
Otherwise though the 20X is a decent router, if you are just using it straight up for NAT it can do nearly a gigabit of throughput so it is no slouch in that respect so would in theory last you if some kind of gigabit cable connection came along in the near / mid future.
[/quote]
The Balance One seems to only support two WANs, which I’m using from my Cable modem, and the connection from the Balance 30 LTE. It doesn’t seem like I’d be able to buy the 20X and use it with my existing hardware, unless I’m missing something?
Agreed, they certainly don’t make it easy. Basic features are seemingly left out of some models for no reason, making it difficult to weigh the pros and cons over the different models.
With FW 8.3.0 you get up to three wired WANs on a B20x: The WAN port, one LAN port (as a Virtual WAN) and the USB port (with an ethernet adapter). The first two running at (or close to) 1Gbps, the USB port running at 2-300 Mbps (anecdotally).
