I’m struggling with a configuration with fusion hub in aws as follows
FH in AWS with 2 interfaces on different subnets. WAN and LAN
PBX in AWS with 1 interface on the LAN subnet shared with FH. PBX can ping FH
PBX with AWS LAN address 172.16.1.25/20
FH with AWS LAN address 172.16.1.10/20, ‘route pepvpn traffic to LAN’ enabled.
FH with AWS WAN address 172.16.100.10/20 with NAT
BR1-MINI conning to Elastic IP attached to FH WAN IP
BR1 outbound policy has 192.168.50.0/24 through Speedfusion tunnel.
in AWS I’ve set a route on the PBX subnet for 192.168.50.0/24 to go through the FH LAN interface.
I’ve also tried to set a static route on the PBX to FH’s LAN IP.
I’ve also tried adding ‘Send all traffic to’ and selected the speedfusion profile.
None of this works and I don’t see any way to add the route for 192.168.50.0/24 through the SF tunnel.
note that if I disable both ‘send all traffic to’ SF and ‘route pepvpn traffic to lan’ then I can ping google/public addresses over the tunnel as expected. The tunnel is up.
No matter what I try I can’t get this routed subnet to go over the SF tunnel.
If you just want to allow routing between 172.16.1.10/20 (AWS) and 192.168.1.50/24 (BR1-mini), “Send All Trafic To” is not required to set in BR1 unless you really want all traffic (including internet traffic) from BR1 are routed to AWS and then let AWS route the internet traffic.
AWS has security policy that not allow routing of foreign IP address (i.e. 192.168.50.0/24). You need to disable this checking for each AWS instance that need to access 192.168.50.0/24.
In your case, please Disable “Source/Dest. Check” in your FusionHub and PBX instances. You can refer to page 70/71 of FusionHub installation guide.
Here are the settings (assume BR1 is not required to send internet traffic to AWS):
Disable “Source/Dest. Check” in FusionHub and PBX AWS instances.
Add custom route “192.168.50.0/24 gateway 172.16.1.10” in PBX
DO NOT enable “Send All Traffic To” in BR1-mini
DO NOT enable “Route PepVPN tarffic to LAN” in FusionHub. SpeedFusion is intelligent enough to route all IP packets wilth destination 172.16.100.0/20 to its LAN interface
Establish SpeedFusion between FusionHub and BR1-mini.
After SpeedFusion esatablished, FusionHub’s Status>SpeedFusion page should show “192.168.50.0/24” in the SpeedFusion networks. BR1-mini Status>PepVPN page should show “172.16.0.0/20”.