All Peplink and Pepwave devices are preconfigured to report to Peplink InControl 2 in the factory. They also attempt to communicate with the system at ac1.peplink.com
or ac2.peplink.com
over UDP port 5246. The communication traffic is AES 256 encrypted. The client and server mutually verify before a communication channel is established. The two systems may redirect the device to another system under peplink.com
domain.
When a user initiates a remote web admin session with a device, InControl will command the device to make a secure SSH tunnel to a system with a peplink.com
domain over TCP port 443 or 5246. The client and server also mutually verify before the connection is established. After the tunnel is established, web admin traffic will be tunneled to the web admin server on the device through the secure channel.