I have built simultaneous Layer 3 and Layer 2 (L2 as a sub tunnel in the same profile) between physical devices before with no issues.
Am now trying to do the same thing with Fusionhub but as soon as I add a sub tunnel to a VPN profile It can no longer be selected in the “Layer 2 PepVPN Bridging” section. Does Fusionhub not support simultaneous L3+L2 on a single profile?
Master @Kenny will know for sure…
Funnily enough I was trying to set this up last week too but ran out of time to debug if it was my config or a limitation / bug.
Worked around it in the end with some VRFs on the FH putting the L2 tunnel in one profile to the default VRF and making a separate one for L3 to terminate into.
I went to do that too, but the remote peer id couldn’t be used in one VRF for layer 3 and another for Layer 2?
We’ve ended up spinning up a FusionHub for layer 2 and another for layer3 now…
Ah derp on my part - profile in one VRF is disabled which does let you configure it but not enable it!
Was only used over the weekend for a few hours as a bodge around some kit that didnt like being routed, looking at it now we did L2 only and dropped traffic onto a firewall attached to the LAN at the hub to breakout what L3 was needed.
To establish L2 + L3 sub-tunnels simultaneously to the same SpeedFusion peer, the L2 tunnel must be bridged to one of the VLAN interface. Since FusionHub supports untagged LAN (trunk) only, it’s currently not possible to create L2 + L3 sub-tunnels on FusionHub like you did on Balance / MAX.
Look ! Look ! Another use case for the Virtual Balance! 
the DCX ?
Just banging into this requirement again… forgot about this thread, @Erik_B found me in a figurative cupboard punching myself in the face at 2.30am trying to get a PoC working.
Please can we consider adding the capability?
What was it you needed to accomplish and what was your work around?
I’ve solved this on local pepwave/peplinks with a second ethernet cable and access mode vlan on port two.
@Steve
I guess I still don’t understand why it not possible to have both a unbridged L2 and a vlan in multiple tunnels or a special way to establish two profiles to the same unit device s/n.
In my case I had one for vlans , phones and one for discovering , reseting clients default ip network switches. It was a little annoying to have to connect a second network cable to accomplish this.
I’m not entirely sure how I would solve my same problem if the clients network used a fusionhub.
unbridged L2 and a vlan in multiple tunnels
Are you still referring to simultaneous L2+L3 PepVPN to FusionHub?
When FusionHub establish a L2 PepVPN connection, it means all the traffics (it’s the untagged lan, which is a trunk to include all the VLAN packets, if any) will be bridged to the remote peer, so another L3 sub-tunnel to route packets to the same remote peer doesn’t make sense.
If it is a Balance / MAX, which supports multiple VLANs, to establish L2+L3 tunnels, L3 tunnel will be the default, and L2 as a sub-tunnel and bridge to a VLAN interface.
Which is why what I really need (and will keep on asking for) is a virtual Balance Appliance. 
The need to bridge L2 + L3 via a cloud appliance will not go away as the projects I work on often have legacy Layer 2 networks that need modernisation with staged changes to topologies (ie L2 to L3).
Plus, the idea of hosting my own physical appliances in a co-located datacenter is so last decade
Well, like in 2016, 2017,2018,2019, 2020… I also ask for a virtual Balance in 2021. The potential is huge, especially in hybrid cloud environments and multiple cloud routes.
This tool is needed in the SDWAN architect perfect toolset.
I understand Peplink’s reluctance to this in order to protect the balance hardware serie against uCPE but it is a matter of coherence with the market too.
A virtual Balance is also needed if you have lines with a lot of bandwith.
I’m working on a project where the costumer has a few 10 and 40 Gig internet connections in the Datacenters and will connect up to 150 MBX/SDX/MBX. There is no other soloution than a FusionHub.
I think the most would pay a licence fee to get that feature.
Thanks
Dennis
I’m a bit jealous of that project Dennis… What sort of customer is that?
Totally 
Moved the thread to “Feature Requests”
+1 for this feature also as our MSP business grows.
Happy to Help,
Marcus
@steve on a balance/max I was referring to having a l3 vlan and l2 unbridged as two seperate tunnels in the same profile.
Martin,
you may remember the transport project, where a lot of trams and busses want to realise passenger wifi with single sign on and seamless roaming between any bus or tram line. This was layer2 as well and we found out that a fusionhub could not serve DHCP for the connected Transits and L2 will not work in combination with L3 when using a fusionhub.
This was only working with a balance because we can use the DHCP capabilities like reservations and the option to choose the VLAN for the L2-Bridging.
++ for a fully virtualized Balance !
Theo