Hi all,
New here and not very familiar with Peplink devices (yet). I have a question regarding the flow of traffic when using the OpenVPN WAN interface option that my colleages and I can’t seem to answer permanently nor could we find a fitting answer for our situation in the forum so far. Maybe some of you here can help me find a solution.
Situation:
We have a dozen or so locations that are using a third-party systems localy which needs to communicate to a server hosted by the supplier. This connection is using an OpenVPN tunnel and therefore we are using the OpenVPN WAN Inteface option in our Balance 310X routers. Because all locations are using different VLANs and different subnets we created an Outbound policy in InControl that states the following:
ENFORCE ovpn_wan SOURCE any DEST ip.of.server.supplier PORT tcp104
If this rule isn’t triggered, traffic should take the default route over the PepVPN/SpeedFusion tunnel using WAN1 > WAN2 > SIM in that order. The OpenVPN WAN Interface isn’t part of this default rule.
The network on the other end of the OpenVPN tunnel doesn’t provide an internet connection. Overall, this setup works fine however at about 55% locations with this setup users encounter the “Network connected but no Internet” error. This happens to all users eventualy on all types of devices (Desktop (UTP), laptop (WiFi), Tablets/Smart Phones (WiFi and/or tethered). End users clear it by reconnecting to the network. If we deactivate the OpenVPN WAN Interface, this behaviour is completely eliminated. However, without the tunnel, the local third-party systems are not usable. They are for those locations part of the core/primary processes so I have to find a solution. At the other remaining locations this issues doesn’t seem to exist, at least the endusers do not complain about it or recognise this when asked.
- All routers are running firmware 8.5.0 build 5884
- Network capture doesn’t show me info I expected to see. When clients have no internet connection, traffic doesn’t show up at the OpenVPN WAN Interface.
- We asked the supplier for an IPsec tunnel possibility, response for this request lives in limbo…
Question:
How can we force traffic to use the OpenVPN tunnel interface if a device is trying to connect to ip.of.server.supplier over tcp104 and block all other traffic to that interface?