Kenny, this goes against what Rokas stated. Does this enable not just OpenVPN management to the FusionHub but also turns FHN into an OpenVPN Concentrator?
Rokas was talking about OpenVPN WAN (OpenVPN client mode), this is not supported in FusionHub.
OpenVPN Server is a sub-feature of “Remote User Access” (together with L2TP and PPTP server). OpenVPN Server is supported since firmware 8.0.1 and does not require license.
1 Like
Open VPN Client Mode enables Peplink hardware to connect to any OpenVPN server.
Peplink hardware already has the ability to be an OpenVPN Server for remote software client OpenVPNs to connect to it.
Use case for OpenVPN Client mode: home worker who needs to connect his tablet, laptop and smartphone to a data centre which has OpenVPN running. Using a Peplink (with the OpenVPN licence) as the LAN gateway will route all traffic to the OpenVPN server in the DC via the new virtual WAN interface.
1 Like
This looks like something I’ve been waiting for. Currently I have a Ubiquiti Edgerouter behind Cradlepoint modems to accomplish this and it would be great if I could get that down to one device.
However I’ve got some very specific settings on my OpenVPN servers below, with an example from the server config file so you know what I’m talking about. Will this present any problems for Peplink?
- TCP/IP connection: proto tcp4-server
- Destination Port must be configurable; each server is different
- Tunnel mode; dev tun
- Virtual tunnel is subnet; topology “subnet”
- Routing push to local VPN client (peplink) subnet; push “route 10.105.101.0 255.255.255.0”
- Server CCD route push to connecting client; iroute 10.105.101.0 255.255.255.0
- Clients get predictable virtual IP via CCD; ifconfig-push 10.8.0.11 255.255.255.0
This is an example client config file I would be loading into these Peplink routers as OpenVPN clients:
# This file compatible with topology SUBNET
# Intended for Ubiquiti ERX or similar
# Edit port setting for what server you want to connect to below.
# Example 10000=server0-0, 10008=server0-8
# Edit path and key file for client keys to use.
# VPN type
client
# Connection setup
proto tcp-client
remote site.example.com 10005
nobind
# Encryption
cipher AES-256-CBC
tls-client
remote-cert-eku "TLS Web Server Authentication"
# -Windows roadwarrior
;ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
;cert "C:\\Program Files\\OpenVPN\\config\\client#.crt"
;key "C:\\Program Files\\OpenVPN\\config\\client#.key"
# -Ubiquiti EdgeRouter
ca /config/auth/ca.crt
cert /config/auth/client1.crt
key /config/auth/client1.key
# Authentication
tls-auth /config/auth/ta.key 1
# Compression "compress" new standard, (not supported in edgerouter??)
# lz4 best performance, lzo backwards compatibility
;compress lz4
comp-lzo
# Network setup
dev tun
# Logging level
verb 3
1 Like
Hi,
I downloaded and installed the 8.1.0s024 build 4944 firmware that enabled OpenVPN client mode and I purchased an OpenVPN client license key. I was able to setup everything however I’m experiencing some issues with that firmware if I plug more than one WAN provider connection on my balance 20 router. I have 3 WAN internet connections doing load balancing between the 3 WAN connections. I configured my OpenVPN WAN to use WAN1 as master and WAN2 as failover. When doing that after 1 minutes of operation, the PepLink balance 20 becomes cpu goes to 100% and the device becomes unresponsive. I can still ping its ip address, but cannot access even Admin UI and I loose any internet connectivity. Only way to recover is to power off/power on the router and after power on the system gets back up, but 1 minutes later it returns into the same state. If I disable WAN2 and WAN3 connections (i.e unplug them from the router and operate only with WAN1), then the system remains stable and I’m able to send/receive traffic through my OpenVPN link. Same issue is happening with Speedfusion WAN, I cannot use it with more that one WAN cable plugged to the device.
This is really service affecting situation, I purchased both OpenVPN WAN and speedfusion WAN license keys ans I cannot use any of them because of this issue. Did any body run into similar issue? I opened a support tickey with peplink, but they’ve been unresponsive. No feedback at all provided to my ticket.
Thanks
Hi. You may want to try this …
If you continue to see stability issues you may wish to post your ticket number here.
2 Likes
Thanks @Rick-DC Your suggestion really helped. Upgrading to 8.1.0s083 build 4956 firmware worked and the system is a lot more stable. Thanks again for your help here.
2 Likes
Hi @Rick-DC,
Upgrading to firmware version 8.1.0s083 build 4956 helped a lot with my issues, however, I’m still running into some stability issues when speedfusion cloud is enabled. If I enable speedfusion cloud, my peplink balance 20 device operates normally for 7~8 hours. After 7~8 hours of normal operation, the device becomes unresponsive. I can still ping its ip address, but the Admin UI is inaccessible and I loose my internet connection. Only way for me to recover isi to power off/power on the device again .After that the devices continues operating normally for an other 7~8 hours and then the problem starts again. This looks like a memory leak happening on the device or something similar. If I disable speedfusion cloud, then no problem, everything works normally, so the problem is definitively with speedfusion cloud module.
I Created a ticket on peplink heldesk for this issues. here is my ticket link: Peplink Ticketing System
Any help is welcome here,
Thanks
1 Like
Hi. I think you did the correct thing in submitting a ticket. Please: Let us know what was found when the time comes.
What I suspect: The '20 has insufficient resources to do all you are asking of it. Let’s see if I am correct. 
1 Like
Hi Guys. Is it possible to set up a Wireguard VPN with this license or will it be possible in the future? I would like to upgrade my router to use as a VPN client, but my service currently uses Wireguard and I don’t want to switch to OpenVPN.
@billbobaggins Which VPN service you are referring to? We are aware of the Wireguard but this is not yet confirmed. Also, it would be helpful for us to know what model you are using to look further into this.
1 Like
Hi Eddy, I use IPredator and I’m on a Surf SOHO.
@billbobaggins Appreciated the information and we will look into Wireguard as part of the future development.
2 Likes
Using Surf Soho MK3 and having issues with only some devices connecting through openvpn and others connecting directly through WAN. This happens randomly.
Also, is there a way to make one vlan use openvpn and another vlan to use WAN directly?
Any tips on getting this to work with Mullvad?
1 Like
I got the openvpn license and tried to setup my balance 20x as a vpn client, but it says disconnected. Where can I find any log messages or any info to troubleshoot this?
Thanks,
Davis.
Hi, if ever you need customers to test Wireguard, I’m one of those.
Due to covid, I wrote this will few month ago: What we lack after 2 months of Corona confinement
Few days after, we decided to use GL-inet Mongo boxes connected to an home made internal Debian Buster Wireguard Server. We managed to achieved almost all our needs. We did create a kind of specific DNS server that permanently ping our Balance One WAN’s to balance users between active ones.
It would be great to have the Wireguard part directly on the peplink. But I have no idea about its CPU consumption.
Regards,
Hello all,
I have been using my MAX-BR1-MINI-LTEA-W for about a year and a half now and it has been great. I recently added the Open VPN license, and have noticed an issue. Let me first say that if I am using this wrong, please just say so…
If my WAN and OpenVPN connection are at the same priority, the VPN connects, and I can ping the local and remote IP addresses of the tunnel. However, when I ping external IP addresses, it seems to flip between sending traffic out the WAN and the OpenVPN and back every few seconds. I can tell this based on ping times.
If I lower the WAN connection to a lower priority, the VPN disconnects, goes to “Uplink Not Ready” then “Disconnected” and eventually tries again, but fails to connect. I have the WAN set as the only uplink in the VPN details.
I have also tried this with cellular, with similar results.
Unfortunately, I need ALL my traffic being sent over the NordVPN / OpenVPN connection, not just a random part of it.
Perhaps I have not configured something correctly???
Any help would be appreciated.
Firmware: 8.1.1 build 5002
1 Like
Kenny = awesome!
That was all it took. Thank you sir!
1 Like