FusionHub + Remote User backwards routing issue

Product Discussion FusionHub
,
1

We currently have a FusionHub connected to multiple peplink SpeedFusion Engines over a non-natted pepVPN tunnel, along with an OpenVPN server running on the FusionHub to allow remote user access to the devices.

As a remote user I am able to ping and ssh into the peplink devices just fine. But on the device side they only observe the remote connection as coming from the public IP of the FusionHub. This would normally be fine, but we have some software running on the LAN of the PepLink devices which requires the IP address of the remote connection, which then fails when it only receives the public IP address of the FusionHub.

Maybe this is my limited networking knowledge showing, but shouldn’t it be possible for the devices to be able to ‘see’ the IP of the remote connection, just like the PepVPN peers are able to do?

Steps tried so far:

  1. In Connection Settings > Routing Mode, checked IP Forwarding and unchecked Apply NAT on Remote peers’ outgoing Internet traffic. But this did not fix it.

    screenshot-from-2022-07-05-17-20-09.png
    screenshot-from-2022-07-05-17-20-09.png1630×178 43.9 KB

  2. I added a static route to the FH which sends sends packets for the remote users via the FH’s local dhcp router. This allows the peplink to ping the remote users, but alas this still did not allow the peplink devices to see the source IP address.

    image.png
    image.png1634×148 26.2 KB

  3. Tried using L2TP with IPSec and PPTP for remote access, just in case openvpn was screwing up the routing table of the FH, but no difference.

  4. I noticed when I was sniffing the incoming packets from the remote user on the LAN of the peplink device that the source IP address uses the ‘reverse DNS’ of the server provider (in our case is public_ip.vultrusercontent.com) , which I thought was odd. We are able to modify this for our vultr server, but i’m not really sure to what if at all. In the image below the user kester@work is the remote access user with an IP address 172.20.0.1 (from the FH’s local DHCP server), and root@skynode is the device on the LAN of the peplink router (Ip =10.1.3.1) connected over pepvpn tunnel to the fusionHub.

    img-5682.jpg
    img-5682.jpg1186×712 70.5 KB

So far none of those steps above have had any luck.

Thanks to everyone in advance :slight_smile:

2

This behavior is known… L2TP VPN via fusionhub IP issue

You can open a ticket and ask peplink to handle your use case, but they gave me the above reply.

3

Hi Paul, thanks for your response. I have responded over there.