We got our Peplink, a B One, two week ago and had an approved vendor from Peplink set up a site to site VPN. From what I see it is through the SpeedFusion option. It works roughly. Both sites have a 500mb connection and on the VPN they get sub 50mbps. One of the other issue is the VOIP phones keep randomly going down and have to be rebooted. There is also a server with various VMs running on it that provide services to those in both locations as well as technicians in the field through a mobile phone app that is now connected but times out. The last issue is all the users with the Peplink B One router, they can not see any device on their network but can see all the devices on the main network. The main network can see their devices no issue. Any ideas?
With that list of issues the first idea would be to get that approved vendor back and tell them to fix it.
No obvious fix for this, needs analysis to understand where the performance is going. Is it just a single internet link per site? Are you using cellular too?
Rebooted? Sounds like a local LAN issue, maybe a loop. Can you access the webadmin page on the handsets when they stop working for voip calls?
Time outs could be caused by a network loop and broadcast storms, but analysis is needed. Do the peplink device logs indicate any health check failures?
You have two B One routers right? With a speedfusion vpn between them?
Think we need a network diagram with example addressing to help here.
-
Ideas, no. I am currently looking through manuals and forums and YouTube Peplink support videos and others.
-
I am avoiding the approved vendor because his attitude previously was nonchalant and through it at the ISPs as their issue for the packet loss and stated the next call would be billable even though the system isn’t working properly.
3)Only our main site has a cellular backup but it hasn’t been configured yet (in process, had to wait for a box as the previous one got fried).
4)Yeah, if you hold down a X button on the panel, the phone will ask if you want to reboot the phone. It basically shuts down the phone and reconnects it to the network (this is what the vendor recommended in the past to do). I was not aware they had a webadmin page. I will have to look into that tomorrow.
5)My analysis of the logs show no health issues that I can see of. Though they are pretty barren.
6)The model of the one where the user are having issues is with the B One router. The other router is a Balance One. It is different.
I would love to make a diagram for you. What app can I use for that?
Stephen,
I’m sorry you had a frustrating experience with us.
I want to outline the details of the situation to see if @MartinLangmaid or other forum members have additional advice.
Neither router was purchased from us and the environment is new to us.
We were asked to setup the site to site vpn as a billable item, but we don’t have any knowledge on the setup of the environment.
On the second call I provided additional time as I wanted to try to understand if there was anything related to the peplink going on.
We have no support contract or monthly arrangements so I feel that it is reasonable to expect consultation charges to assist.
During this call I determined that there was a lot of packet loss between the two sites.
We also upgraded the Balance one firmware to 8.4.1 the latest to try to assist with the issues.
This is what I know about the network , I setup a Speedfusion tunnel between the two.
There are no Outbound polices or firewalls setup on either device.
Orlando B one LAN 10.109.243.0/24
Miami Balance one LAN 10.109.242.0/24
The vpn throughput of the Balance one is limited to 30Mbps.
My ticket notes:
Update on phone call.
I see packet loss on Spectrum.
Please call spectrum to investigate.
I also showed Stephen how to do his own speedfusion tests.
Stephen uses ringbyname phone service and having trouble with phone service.
I recommend he check with them to see if there are adjustments to make in the peplink sip settings.
I also sent a seperate e-mail about our phone/cellular backup internet service.
With regards to the printer we are able to ping the ip and see that it’s on the network.
If the client device can’t connect please try to disable the windows firewall on that client device and try to install the driver software again
I noticed this evening that Orlando shows:
I would recommend removing the 10.109.243.1 IP from the dns settings of the WAN.
I’m not sure why this was added?
Stephen or @MartinLangmaid Let me know what else you need.
Additionally you can also open a ticket direct with peplink as well if you feel that there is a hardware issue or software bug with the peplink.
I do try in ernest to support all clients big or small and I am sorry if you were frustrated by the experience.
Let me know how I can help further.
VPN Throughput:
When you say “on VPN users get sub 50Mbps” do you mean when a user at one site tries to access resources from the other?
If so, this one is reasonably easy as Jonathan has pointed out the router at the second site is a Balance One is quite an old piece of equipment that is limited to around 30Mbps of encrypted VPN throughput.
Bear in mind also that if you are maxing out the VPN capacity of the older Balance One at ~30Mbps that would also mean the CPU on that router is going to likely be pegged nearly to 100% utilisation which will likely start to introduce other issues to users at that site.
I’m curious what the previous setup was as if the Balance One is not new this limit has always been present, what method was used before you got the new B-One remotely access resources between the two sites?
ISP Packet Loss:
If there is packet loss on the ISP connections they are certainly who you’d need to speak with to resolve that, and whether or not you will get much traction there will likely depend on what type of service this is - i.e. a real 500Mbps leased line or a “500Mbps” cable modem type service.
From the graphs Jonathan shared of your VPN though it does seem the loss is only present when the Balance One is being maxed out (the red and blue markers coincide with the ~30Mbps up and down traffic) although that is on a short time window so it is hard to say just from that whether there is a constant level of packet loss.
Peplink has some useful monitoring for this in InControl2 for WAN Quality, you could also set up some tests in Ic2 to run between the two sites to identify if the loss is constant or intermittent and if it is only present at certain times of the day (that could be an indicator of congestion if it say follows office hours or peak times).
VM Remote Access:
How do the technicians in the field connect to that server, you say “this now times out” how does that traffic make it from their phohes across the public internet to the server?
Was there perhaps some previous port-forwarding rule configured in the old router that might now be absent?
VoIP Issues:
VoIP can be tricky to debug and are often time consuming.
Questions I would also be asking though are -
If the B-One is new, what was the router/firewall setup used previously at that site?
Is there any specific configuration that might have been performed on it to make your phone system work?
Are the issues you experience actually new since the B-One was installed, as you mention being told to reboot phones in the past - frankly that should not be required if things are working as expected so have you previously been having issues with VoIP and they are perhaps now more common / frequent?
Diagrams etc:
Draw.io is a free drawing tool that is worth a look here.
It sounds like you probably do not have this, but is there any documentation of your previous setup before the B-One was installed that could be used as a reference to check there is not some specific configuration missing in the new B-One?
After dealing with Spectrum at the location with B One, the modem is fine a giving what they call very good performance with a 1% packet loss (whatever that means). After having them test it, there was nothing on their end they could recommend. I called AT&T and had the them run test and had no issues.
I apologize, I get what you are saying about the one Peplink Balance One being old. If we were to upgrade that one, would we also need to upgrade the other Peplink or will that suffice?
The initial change in the DNS setting was a recommendation from an IT we work with that used Peplink for 7 years before their new boss replaced them with Cisco units. I set it up to change as it didnt make a difference but for whatever reason it broke WAN 1 and is now not usable. So they are connected to WAN 2 for now and working fine.
As for the copier, that was part of the DNS ip change. For whatever reason after investigating it further, it seems that any device on there can ping another device but get a host unreachable response form the ping or a fail. However, on the Balance One, all devices on their end can be reached normally.
VPN Throughput - before the purchase of the other B-one, users when they needed to connect would use the Remote User Access feature of the router. That would be created as a VPN on their computer and they would connect whenever they needed to connect to our server or anything else.
Packet Loss - I had both of our ISPs test their connectivity at the modem for Specturm and at the router/modem by ATT. Both sides, after forcing them to perform multiple test and have a tech come out found that in their words their connections were performing better than optimal.
VM Remote Access - We utilize E-automate in our office and have RemoteTech as an app that runs on one of the VMs and uses a wildcard SSL cert to allow users to remotely connect using the MobileTech app either on android or apple. For whatever reason, it went from being able to connect no issues to now it just shows the syncing circle and then nothing happens. Looking at the logs on the server shows no connection issue oddly enough. I am working today with them on that to see if it is anything on their side. However, in the past they have been very quick to use the “it isnt our fault, you use a VPN” card. As well as ever morning this week, when the lady in that office gets in, her E-auto app on her computer refuses to connect to the server here until after 5-10 mins of the computer being on. It wasn’t doing that before. If you have any ideas, i will work on that.
VOIP Issues - when i contacted Ring by name they looked at their system and said it was working remotely. I just found out they had a web portal last night and intend to work on that today to see settings. Now that i know more, i can ask them more questions and work on that.
Diagram - I will have to work on that when i get a chance.
Did they make changes, or did it clear up on it’s own?
Did you ask them what your SNR looks like?
Here is an article you could check yourself.
https://arris.my.salesforce-sites.com/consumers/articles/General_FAQs/SB6141-Cable-Signal-Level#:~:text=Downstream%20SNR%20(Signal%20to%20Noise,back%20to%20the%20cable%20provider.
The b one, supports:
Keep in mind however in one direction you will be limited to the available upload speed.
What is the up/down speed on ATT in Miami?
What is the up/down speed on Spectrum in Orlando?
Let us know if you decided to purchase one we can do a sales order for you.
I would remove the LAN DNS ip from the WAN it doesn’t make any sense for it to be there.
Once you do this it will fix the WAN connection tests.
From the B one Peplink it can ping the local printer 10.109.243.24.
What LAN IP are you trying to ping from what LAN IP that fails?
Did you check if that device has a windows firewall turned on?
Other then the addition of the speedfusion vpn tunnel, nothing was changed in Miami, this was setup prior to us. It does look lile you have port forwarding rules in Miami, do you know if this is setup correctly?
Also how did they connect prior , direct across the internet or establishing a vpn client connection first?
This sounds like either a local lan issue, client issue, or server issue. I usually start with networking and check the cables, also check for any network loops. Check for any extremely fast blinking lights for possible loop. Do you have managed switches that you can check port errors , or STP blocking? Possible to include some pictures of the environment, or diagram with the equipment names/models?
Voip issues are very hard to troubleshoot when running straight over the internet, this is why for our service we deliver voip over sd-wan tunnels direct over the peplinks.
If you feel that the voip issues started with the addition of the peplink you can always look at the settings in your tplink router , or put it back in place.
I will call back and ask.
ATT has the better up and down its roughtly 400 each way as it is fiber. Spectrum is 400 down and 30-60 up… I cant get exact numbers at this moment.
But back to my question. If we upgrade the Balance One to a better/newer unit can we still keep the B-one for the other loaction? There will only be a max right now of 2 - 4 people in the near future. Two of which will be in and out of the office all day and not need as much resources.
I did this and worked with the guy there at the office today and no matter what it wouldn’t kick back on even after a few minutes. Right now they are fine. I changed the priority of the WANS for now.
that would be from 10.109.243.15 and 10.109.242.13 . See the picture from her desktop. I get the same results regardless if the firewall is up or off completely.
Origianlly it was WAN1 but it is the same with WAN2.
Yeah, from what I know it is. I could be wrong of course.
I will be working on a diagram later for this.
As for the VOIP I am going to try and work on that today
Yes you can upgrade the older unit in Miami , Balance one to B one and keep the B one in Orlando.
Also I recommend using public dns like 8.8.8.8 , 8.8.4.4 or 8.8.8.8 , 1.1.1.1 as ISP provider dns tends to be flaky in my opinion.
Can you ping 8.8.8.8 from that client, the local lan gateway , other lan clients?
Update, Ring-By-Name, i was able to have him remote into the phones and change their settings and on the routers disabled H323 and also put SIP into compatibility mode
Ok I found what I think the issue is , please try pings again.
Apparently by default later 2 isolation is on.
To further make it more frustrating it’s a hidden option.
See screenshots.
@sitloongs , can you file this behavior as a bug.
That is a bit infurating that it was hidden. It was a recommendation I found surfing through the Pepforums but they were so old i figured it was outdated info.
Ok… so the printer seems better connected. Phones, I will find out in a few hours if they got fixed or no because we have to test them out for a few hours.
If the phones are still on wifi I would put a few on wired to check the difference.
Layer 2 isolation wouldn’t effect outbound traffic.
Are you referring to the default behavior the L2 isolation option is enabled condition ? If I remember correctly, this is the old issue which have been fix. Potential it can be config that migrate from the old version.
Can you help to confirm this by create a new SSID and verify whether the option is enabled default ? We can sure improve this if the issue persisted.
New B one , New SSID , New config.
Did you find any details on this?