Introducing the OpenVPN WAN License!

Is this supported on Fusion Hub? I dont seem to see it listed?

Hi @CodeBlue,

Currently, FusionHub does not support OpenVPN WAN. May I ask, what would be the use case for FusionHub to have this feature ?

Hi Rokas,

I have many customers that use Cellular Routers that use OpenVPN.

I lose sales in some parts of the country (USA) if I try to force my customers to use only PepVPN or IPSec.

I don’t want to build and maintain a separate OpenVPN server instance on AWS if I can just use my existing Fusion Hubs

We really like the idea of the Fusion Hub being a place to can connect multiple types of VPN connections too.

I would use this as well. Totally different use case. We are an IP phone/hosted PBX provider, with cellular backup. We use Yealink phones, which include an openVPN client. the vast majority of our customers have pepwaves, and we use redundant speedfusion connections to two of our data centers. We use balance routers and fusionhub in two physical data centers, and just fusionhub in two google cloud data centers.
Just hit 800 pepwaves connected.
BUT - when a customer needs people to work from home and cannot afford even a soho for each employee, we would like to be able to connect yealink phones directly to fusionhub, saving us from having to run a totally separate openvpn server instance.

You can enable FusionHub’s OpenVPN server under Network > Remote User Access, select “OpenVPN”.

when will 8.1.1 be released? thanks

Kenny, this goes against what Rokas stated. Does this enable not just OpenVPN management to the FusionHub but also turns FHN into an OpenVPN Concentrator?

Rokas was talking about OpenVPN WAN (OpenVPN client mode), this is not supported in FusionHub.

OpenVPN Server is a sub-feature of “Remote User Access” (together with L2TP and PPTP server). OpenVPN Server is supported since firmware 8.0.1 and does not require license.

Open VPN Client Mode enables Peplink hardware to connect to any OpenVPN server.
Peplink hardware already has the ability to be an OpenVPN Server for remote software client OpenVPNs to connect to it.

Use case for OpenVPN Client mode: home worker who needs to connect his tablet, laptop and smartphone to a data centre which has OpenVPN running. Using a Peplink (with the OpenVPN licence) as the LAN gateway will route all traffic to the OpenVPN server in the DC via the new virtual WAN interface.

This looks like something I’ve been waiting for. Currently I have a Ubiquiti Edgerouter behind Cradlepoint modems to accomplish this and it would be great if I could get that down to one device.

However I’ve got some very specific settings on my OpenVPN servers below, with an example from the server config file so you know what I’m talking about. Will this present any problems for Peplink?

• TCP/IP connection: proto tcp4-server
• Destination Port must be configurable; each server is different
• Tunnel mode; dev tun
• Virtual tunnel is subnet; topology “subnet”
• Routing push to local VPN client (peplink) subnet; push “route 10.105.101.0 255.255.255.0”
• Server CCD route push to connecting client; iroute 10.105.101.0 255.255.255.0
• Clients get predictable virtual IP via CCD; ifconfig-push 10.8.0.11 255.255.255.0

This is an example client config file I would be loading into these Peplink routers as OpenVPN clients:

# This file compatible with topology SUBNET
# Intended for Ubiquiti ERX or similar
# Edit port setting for what server you want to connect to below. 
# Example 10000=server0-0, 10008=server0-8
# Edit path and key file for client keys to use. 

# VPN type
client

# Connection setup
proto tcp-client
remote site.example.com 10005
nobind

# Encryption 
cipher AES-256-CBC
tls-client
remote-cert-eku "TLS Web Server Authentication"
# -Windows roadwarrior
;ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
;cert "C:\\Program Files\\OpenVPN\\config\\client#.crt"
;key "C:\\Program Files\\OpenVPN\\config\\client#.key"
# -Ubiquiti EdgeRouter
ca /config/auth/ca.crt
cert /config/auth/client1.crt
key /config/auth/client1.key

# Authentication
tls-auth /config/auth/ta.key 1

# Compression "compress" new standard, (not supported in edgerouter??)
# lz4 best performance, lzo backwards compatibility
;compress lz4
comp-lzo

# Network setup
dev tun

# Logging level
verb 3

Hi,

I downloaded and installed the 8.1.0s024 build 4944 firmware that enabled OpenVPN client mode and I purchased an OpenVPN client license key. I was able to setup everything however I’m experiencing some issues with that firmware if I plug more than one WAN provider connection on my balance 20 router. I have 3 WAN internet connections doing load balancing between the 3 WAN connections. I configured my OpenVPN WAN to use WAN1 as master and WAN2 as failover. When doing that after 1 minutes of operation, the PepLink balance 20 becomes cpu goes to 100% and the device becomes unresponsive. I can still ping its ip address, but cannot access even Admin UI and I loose any internet connectivity. Only way to recover is to power off/power on the router and after power on the system gets back up, but 1 minutes later it returns into the same state. If I disable WAN2 and WAN3 connections (i.e unplug them from the router and operate only with WAN1), then the system remains stable and I’m able to send/receive traffic through my OpenVPN link. Same issue is happening with Speedfusion WAN, I cannot use it with more that one WAN cable plugged to the device.

This is really service affecting situation, I purchased both OpenVPN WAN and speedfusion WAN license keys ans I cannot use any of them because of this issue. Did any body run into similar issue? I opened a support tickey with peplink, but they’ve been unresponsive. No feedback at all provided to my ticket.

Thanks

Hi. You may want to try this …

If you continue to see stability issues you may wish to post your ticket number here.

Thanks @Rick-DC Your suggestion really helped. Upgrading to 8.1.0s083 build 4956 firmware worked and the system is a lot more stable. Thanks again for your help here.

Hi @Rick-DC,

Upgrading to firmware version 8.1.0s083 build 4956 helped a lot with my issues, however, I’m still running into some stability issues when speedfusion cloud is enabled. If I enable speedfusion cloud, my peplink balance 20 device operates normally for 7~8 hours. After 7~8 hours of normal operation, the device becomes unresponsive. I can still ping its ip address, but the Admin UI is inaccessible and I loose my internet connection. Only way for me to recover isi to power off/power on the device again .After that the devices continues operating normally for an other 7~8 hours and then the problem starts again. This looks like a memory leak happening on the device or something similar. If I disable speedfusion cloud, then no problem, everything works normally, so the problem is definitively with speedfusion cloud module.

I Created a ticket on peplink heldesk for this issues. here is my ticket link: Peplink Ticketing System

Any help is welcome here,
Thanks

Hi. I think you did the correct thing in submitting a ticket. Please: Let us know what was found when the time comes.

What I suspect: The '20 has insufficient resources to do all you are asking of it. Let’s see if I am correct.

Hi Guys. Is it possible to set up a Wireguard VPN with this license or will it be possible in the future? I would like to upgrade my router to use as a VPN client, but my service currently uses Wireguard and I don’t want to switch to OpenVPN.

@billbobaggins Which VPN service you are referring to? We are aware of the Wireguard but this is not yet confirmed. Also, it would be helpful for us to know what model you are using to look further into this.

Hi Eddy, I use IPredator and I’m on a Surf SOHO.

@billbobaggins Appreciated the information and we will look into Wireguard as part of the future development.

Using Surf Soho MK3 and having issues with only some devices connecting through openvpn and others connecting directly through WAN. This happens randomly.

Also, is there a way to make one vlan use openvpn and another vlan to use WAN directly?