L2TP to FusionHub to NAT Mode VPN Client

Here is what I am trying to accomplish…

I want to L2TP from a Windows/Mac client, to a FusionHub. The FusionHub has a NAT Mode PepVPN connection to a BR1. I’d like to be able to hit the web admin of the BR1, or via a port forwarding rule, access a device behind the BR1.

I can L2TP to the FusionHub just fine, however I can not access the FusionHub by its local IP, nor can I access a connected NAT Mode client. Its like the FusionHub is not pushing the routes properly to the L2TP Client.

DHCP Server on the FusionHub is handing out 10.11.12.x addresses. The L2TP client gets The BR1 gets Shouldn’t the L2TP be able to access the BR1? And if there was a forwarding rule on the BR1 for say, 8888 to 80, shouldn’t I be able to hit a device by

@MartinLangmaid I know you’re an expert in these deployments, maybe I can call on you for an assist :wink:

Thanks to all in advance!

Yes and yes. Just ran this up in my lab and port forwarded through to remote BR1’s Web interface and it worked fine.

Post your screenshots or add me to IC2 for the fusionhub and BR1 and I’ll make it work for you :wink:

1 Like

Just sent you a private message :slight_smile:

1 Like

The issue is that you don’t have a LAN interface on the fusionhub in the same range as DHCP segment.
If you look at the status you’ll see that the entry shows the server IP as x.x.0.2 (the WAN IP) with the client as x.x.12.3

What this means is that the remote client device can route LAN to WAN fine (or LAN to PepVPN), but there is no Layer 2 segment between the remote clients and the remote user vpn.

Add a LAN interface to the fusionhub with an IP in the same DHCP range (x.x.12.0/24) and it will come right.

As an example here is my Fusionhub Status:

1 Like

AH, okay we are on the right path. Conversely, what if i was to change the DHCP range the FusionHub is handing out to be in the same range, so have it hand out 10.0.0.x addresses as well?

1 Like

Good question. I would expect it not to work, since WAN interfaces don’t support ARP broadcast from ‘LAN’ side interfaces. But then this is Peplink,and they can use obscure interface approaches sometimes…


Thank you VERY much for the assistance on this! I’ll go ahead and make these changes and do some testing!

1 Like

No worries - good luck! :slight_smile: And shout if I can help further.

1 Like