Inbound Client Traffic Failover

Hello! New Peplink product owner here, just bought an EPX :).

While I am waiting for my firewall to arrive I got to thinking about link redundancy and came across a problem that needs to be solved.

So in one of my applications, I have a VOIP-based intercom system that allows users to log in from their mobile phone or laptop without the need for a VPN connection. The latency with my current setup is perfectly fine and have had no issues with users connecting from all around the country. With the introduction of the EPX I know I can do WAN smoothing and hot failover for devices leaving the network and going to the internet. But I am wondering how do I do it on the reverse without using pep hardware?

Ideally, the client connects explicitly either via IP address or DNS name and they specify a port. So if a link fails and I need to failover my clients to a second connection the mobile clients will not be able to do that properly. The VOIP server has to live inside my facility and cannot be put in the cloud. I’ve thought about doing dynamic DNS but i don’t think it would propagate fast enough for what I would need in a link failure.

Does FusioHub help me? SpeedFusion Cloud?

Thank you for the help!

Hello,

Yes a FusionHub would let you do what you want, and if it is just the one EPX then you can use the FusionHub Solo licence which is free for a single VPN peer, you can get this licence from within InControl.

You can host this yourself if you have your own infrastructure available, or run it inside one of the big public cloud providers - plenty of guides on the forum on how to do that.

On the EPX you’d setup a Speed Fusion tunnel and then use an outbound policy rule to direct traffic from your PBX to the tunnel, traffic to/from the Internet for the PBX would now enter and exit via the hub.

For the inbound traffic you would setup a port forward from the hub towards the IP of your PBX, your remote users would point their clients at the public IP / port of the hub.

If one of the WANs connected to your EPX fails traffic continues to go in and out via the hub over whatever remaining connectivity you have at the EPX so at this point you are protected from a WAN failure at the site where the EPX is.

Further redundancy could be possible using a second hub in a different location, but at that point do you also have two EPXs, two PBXs, and on the client app how do you specify a backup server address for it to try if the primary is not reachable etc.

There are quite a few guides on the forums on how to setup all of the above, but frankly given the EPX is not a cheap bit of equipment I’m sure whatever partner sold it to you could also offer some advice on the configuration and may be more familiar with your network.

Inbound load balancing should help with this. It works by having the epx act as the nameservers for the DNS name. It will then reply to requests using the available WAN’s.