Hello,
From what I can tell for the router app to connect to a surf soho you point to the wan ip (public) and have to enable remote management on the wan port. The latter is a huge security risk. Is there any other way to provide the app connectivity other than enabling remote management on the wan port?
Thanks
yes, vpn into your surf soho and point the router app at the lan ip.
Thanks for the reply. You’re saying have a perminant vpn tunnel from my iPhone into the router?
yes. that way you only need management enabled on the LAN
There are some tradeoffs to the VPN method. The iPhone turns off wifi when it is asleep for more than about 10 minutes, to save power. When that happens the VPN connection is dropped, and does not automatically reconnect. When you wake the device it will have a warning about the disconnection. The VPN method works fine if you want to log into the device intermittently, but if you want to use the Router App to notify you of logged events, the VPN method will be unreliable.
You may wish to consider leaving the admin screen on the public IP, but 1) change the admin login to something other than “admin”, and 2) use a random port instead of the default. Combined with a good password, the bad guys would have to guess all three of port, username, and password. With this method the iPhone app works fine, mine runs in the backgrond all the time.
Thanks Don!
Hello @Lentash,
Do you use InControl2 with your devices, when setup you can use the InControl Peplink App, this require no opening of any ports on the WAN side and no need to setup a VPN. The data path is incredibly well secured by Peplink from the tests we have done.
Another good thing about using the InControl Peplink App is it will give you access to featurs and reports not available in the older “Router Utility” app.
Here is a guide on the setting up of InControl2 for use with Peplink/Pepwave equipment.
And here is the link to the forum article on the InControl App
Happy to Help,
Marcus 
Thanks Marcus! I’ll give that a try.