Thanks to Ron who helped solve the issue. This turned out to mostly be user error - I had neglected to forward port 443 on one of my servers for the main WAN IP, so naturally that was failing.
What was confusing is that in this case (LAN device tries to access WAN using main IP on port 443, with no other Inbound Access set for that port) the Peplink will answer the query, and deliver a 404 Not Found page, using the captive portal certificate.
I had turned off WAN administrative access (System / Admin Security / Web Admin Access: LAN only) and so this was unexpected behavior and led to confusion.
I’m not sure if that behavior is a “bug” per se, or just “undefined behavior”.
Some ideas:
- Perhaps in this case rather than a 404 error, the connection should just fail outright?
- The default SSL certificate used for the adminstrative access is called “captive-portal.peplink.com” which was confusing me (because I was not using the captive portal at all). Maybe the certificate should be named differently, or use a different cert for the admin access?