I have a bit of a weird user case, I have 4x Peplink BR-1 Pro 5g modems, i need essentially, ideally, one network across all devices, or at least open access to the entire subnet of each across the network.
I understand the obvious security implications of this, as I say its a neigh user case, all offline, and the WAN is an IP Mesh network using COFDM wireless nodes.
In terms of the WAN, the IP MESH has no DNS server, the peplink wont seem to connect to it becuase the DNS fails, is there a way round this? I can connect one newtork to another connecting one node to the LAN of one network then into the WAN of another, but ideally i want to keep them all WAN side.
Is there a way to allow all traffic of any kind both ways WAN to LAN and LAN to WAN? its straightforwad enough to do dedicated single IP’s, ideally i want to keep the system DHCP though.
Any thoughts how i could, and best practive for the best way I should implement this?
Would a VPN tunnel through the IP Mesh network to each peplink router be a good option, or even possible?
Ideally I would use the 5g interface on each device to get incontrol2 access, can you limit this to only allow internet for that service?
You want to make a single flat bridged Layer 2 network across all the LANs of the BR1s yes?
That’s fine - done this before.
This is expected as the default healthcheck is DNS and the mesh network has no DNS ,servers but you can either disable the healthcheck or change it to ping then ping the mesh nodes on the WAN to verify connectivity.
If you want to do a layer 2 network then you don’t need to worry about this but you will need 5 peer licenses for the BR1 Pro 5Gs as you will want a mesh Spedfusion Layer2 config I expect between the routers.
If you don’t buy the extra licenses then you can use IP forwarding instead of NAT on the WAN but then each LAN will need to have its own ip range and subnet (so layer 3 and not bridged layer2).
This is what you would want but a BR1 Pro 5G is limited to 2 VPNs between it and other peplink products unless you buy the 5 peer license upgrade.
Yes you can set a non management traffic bandwidth limit on the cellular connection to 0Mbps (so no user traffic flows over it) then it will just be used for IC2 traffic (there is a check box to tick that appears when you enable bandwidth monitor).
Or you could also use the 5G as hotfailover for the IP mesh network too of course.
Thanks so much for your reply, and it sounds good, I thought that speedfusion required the Internet or a hosted version on a VM to function? I presume this is not the case then?
It’s for video production, not streaming video, but controlling camera equipment in 3 remote locations from a 4th
Easy to assume it does as that’s how it gets used most often now, but Speedfusion was designed from the beginning to work between two Peplink appliances.
In the old days that was Peplink tin to peplink tin over private MPLS links.
Today its normally peplink tin to public cloud over public internet links, but tin to tin over private networks still works fine.
I assume you don’t want to use cellular and a hub spoke setup because of cellular coverage issues and because you’ll get lower latency over your local CoFDM mesh?
You’ll find your local link only config a bit tricky though because of the licensing aspect. I suggest you start with three BR1s and then fully mesh them (you can do that within the 2 peer limit per BR1 fine) and then give me a shout here if you need any help.
My only concern with a vpn route is the time it takes to establish, I’m using cofdm ip mesh because each node in the network is in a moving vehicle, so will go in and out of range inevitably, those links rebond very quickly, if I have vpn over those links how long should it take to establish a vpn tunnel each time it reconnects?
The individual sub tunnels take time to re-establish for sure. That’s why you want bonding otherwise why no just use the mesh itself for connectivity?
You can do hot failover between 5G and the mesh, issue will be whether you have cellular coverage or not I guess and whether your control tech can cope with latency variation.
Next option is adding another mesh network on a different set of frequencies and bonding that with the CoFDM mesh and/or starlink on the vehicle roof as another connection.
I have a slightly different use case, and i am having the damnest time, though I am not trying to isolate to Layer 2, but rather keep the Layer 3 open with cellular wan links. Also i am only using 3 BR2 Pro. I was trying to do this using the IP forwarding method you mentioned rather than create a Speedfusion process for it. However, what i was running into, was duplicate IP’s when users roamed from one BR2 Pro to the other. I am by no means an expert in networking, so learning a lot of this as i go. I sent you a DM Martin, would love an opportunity to speak with you as we are also having major issues video streaming with one of our BR2 pro, and the US distributor support for peplink is awful. I have tried dozens of possible combos in speedfusion to no avail. Thanks in advance for any advice.