Inbound Access from remote through SFC

HI there,

So have connected the balance two router to an SFC tunnel at HQ.

If a user is traveling, is there a way they can directly from their device connect back to the SFC location, which then connects back to HQ, thereby connecting to a single SFC vpn connection instead of only one of the HQ’s public Wans?

IE, the remote worker would just have a single internet connection, maybe on a public network, then connect to the SFC location, then from the SFC location the connection to HQ would be bonded, thus allowing any one of the several WANs at HQ to go down without issue?

The main issue is that HQ has unstable connections, yet hosts various things like VOIP (which is channelled directly through one WAN only to keep it clear of other traffic).

WE’re looking to allow connections from HQ to the SFC location to be “unbreakable” first.

How would a remote person connect back to HQ without using specific Public IPS of just one WAN at hq?

I feel this should be possible, but must be missing something.

Responses much appreciated!

Two ways to do this. Use SFC Relay mode. This lets SFC act as a Hub for your remote BR1s and your Balance 2 to connect to.

  1. Login to your Balance Two Navigate to SFC > Setup Relay Mode and pick the server local to you. Hit the green tick to connect and apply and then you’ll get a 16 digit Relay Sharing Code.

  2. Login to each BR1, navigate to SFC > Choose SFC Location.
    From the drop down choose [Relay Sharing] and in the box underneath paste the 16 digit code

    Then hit that green tick and click apply.
    ON your BR1 dashboard you will then see

    And your BR1 will have access to all the LAN networks behind the Balance Two

The other way to do this is to host your own FusionHub in the cloud, then you don’t have to maintain SFC data allowances.

OK, so there is no way for a remote person to connect to the relay without a router? I don’t really want to have to carry a router whenever I travel and the disadvantage of connecting from the remote client through Open VPN or PPTP, etc. is that if one of the connections at HQ goes down, the VPN breaks.

The other thing is that only one of the HQ Wans has a static IP, another can do it but has to do port forwarding to send in the traffic, the third is Starlink which you can;t remote access into anyway…

So I was hoping that while traveling, I could connect to the SFC via OpenVPN or something that my computer could connect to, and then, from the SFC, the connection would be bonded…

Sorry colin, I wasn’t paying attention to your question and thought you wanted to access the LAN networks of one peplink device from another.

If you want to give a remote user bonded access to your B Two, easiest way is to host a fusionhub in the cloud. create a Speedfusion vpn to it, then enable OpenVPN server on the fusionhub. That way you get static public IP to the Fusionhub for the remote user to connect to, and bonding from the fusionhub back to your Peplink device.

1 Like

Thanks. Can you give me an idea on price for the fusion hub? Pricing seems confusing…

Fusionhub solo licensing is free for one Peplink device to connect to it. Then there is an annual charge from year two to manage it in IC2 which is $30 I think.

If you want to connect more peplinks to a Solo then they need to be primecare devices with active subscription (as the primecare includes the speedfusion peer license) or you have to upgrade teh Fusionhub license.

Then you host that in a datacentre. I use for this and its about $6/month.

Thank you! Managed to get an evaluation license instance running on DigitalOcean.

I noticed in another post that the only way to migrate to the solo license away from the evaluation is to create a new instance and copy the config files over? Fusionhub replace my evaluation license

That was from 2020. Is this still the only way?

yes I think, so. You may be able to release the license in InControl warranty and license section though - then apply a new license, try that.