What I need:
A tunnel created between peplink routers through the cellular network, a MAX Transit Duo Pro and a MAX Transit mini. All items on both side have statics on the same subnet of 10.10.11.*. Don’t want the routers handing out any IPs on either side, just creating a tunnel so one side can talk to the other.
What I’ve done:
Worked on this for a while yesterday and couldn’t get it to work. Tried a Speedfusion VPN and thought I had it all set up correctly. I could ping one router from the other using the ping tool in the pepwave login (using their LAN IP not their cellular IP). But a computer hooked to one router couldn’t ping something hooked to the other router. The fact that they had to be on separate subnets may have been the issue here, I don’t really know. I put one on the subnet of 10.10.11 and the other on 10.10.21 so that the tunnel would connect, but as I said earlier all objects on both sides are in the 10.10.11 range.
The load balancing of speedfusion would be nice if I could use this to accomplish what I want, but if another form of vpn tunnel would be easier to set up I’m up for that as well. Any great guides on this or anyone have some assistance of what I’m probably missing for this to work?
Did your tunnel come up - was it visible in Status Speedfusion at both ends?
The test woul dbe to ping the LAN IP of one from the other selecting VPN as the path
on the drop down.
Normally direct Cellular to cellular traffic is blocked by CGNAT from the mobile operator, so we would typically host a FusionHub appliance to facilitate that.
Yes, the tunnel came up, I could ping one from another using the Ping tool under system, selecting the Speedfusion VPN under the drop down. But a computer hooked to one couldn’t ping a computer hooked to the other. This may have to do with my subnet issue, or maybe it’s something completely different.
Computer A is hooked to Router A via lan port.
Computer B is hooked to Router B via lan port
Computer A and Computer B both have static ip addresses on 10.10.11.*
Router A and Router B both use cellular for their WAN
Router A and Router B can ping each other via Speedfusion VPN
Computer A can’t ping Computer B
Router A is set with untagged lan as 10.10.11.240
Router B is set with untagged lan as 10.10.21.240 (because it wouldn’t connect if 10.10.11.241)
Both have DHCP turned off
Computer A nor Computer B need internet, only need to be able to talk to each other.
Ah ok. so you have created a layer 3 VPN (which has different subnets at either end). If you go to computer B and change its IP to 10.10.21.x with a gateway of 10.10.21.240 you should be able to ping the LAN IP of router a (10.10.11.240).
If you want to extend 10.10.11.x subnet from router A to router B you need to configure a Layer 2 VPN tunnel.
I think you’re on the right track for me with the layer 2 Bridging. But when I have the layer 3 bridging work, and I go to my untagged LAN and change it to the layer 2 bridging. It seems to break it. After that when I go to status and try to run the Speedfusion VPN test it fails to establish a connection.
Is a VLAN required to do the layer 2, or should I be able to use just the normal “untagged LAN”?
Thanks for the help! I actually seen both of those previously, but when I tried it I was still just taking shots in the dark. My main issue was I had it right at one point but I was testing it in a bad way. The layer 3 test I needed to use the Speedfusion VPN ping, and for the bridged layer 2 I needed to use the LAN style of ping. Also the speedfusion VPN test on the Status page fails with a layer 2 bridge. So while i had it correctly at some point like 6 hours ago, my way to test it was bad and I didn’t know it because I was working on it remotely today and there was nothing actually hooked to either side to test it on until I went on site.
I really won’t know 100% until next week if this does as they want it to, because I only have access to this small part of the network. So until then, I say it’s a job well done!
