Hi,
I want to connect via OpenVPN over Fusion Hub → internal Peplink → Firewall internal → internal Network 192.168.2.0.
I’ve tried multiple routes, access rules, different settings on FusionHub, internal peplink (IP forwarding too) and many other things, but it doesn’t want to work.
What I can ping:
- VPN Notebook to 192.168.2.10
- Fusoin Hub to 192.168.2.10
- Fusoin Hub to 192.168.2.5
- internal Peplink to 172.27.1.1
- LAN Notebook to 172.27.1.1
What I can NOT ping:
- VPN Notebook to 192.168.2.1
- VPN Notebook to 192.168.2.5
- Fusoin Hub to 192.168.2.1
- internal Peplink to 172.27.1.12
- LAN Notebook to 172.27.1.12
Which route, setting can I try?
Any idea?
Greetings
You have one key flaw in the design that I can see, and probably too much NAT translation to complicate matters.
If you search around for FusionHub problems, we see repeatedly that you can’t mix access (PC) networks with router to router networks. Workstations and other items with only a default route expect to talk to one router only, and will generally refuse to work well with a second router on the network, without copious amounts of static routes. Routers can talk to routers as they expect to have reasonable route tables.
So, I would change the networking on the internal side between 192.168.2.1 and 192.168.2.10. Assign another VLAN on your main firewall for 192.168.3.1 and 192.168.3.2 Add a static route on the FW for 172.27.1.0/24 toward 192.168.3.2. On the peplink add a static route for 192.168.2.0/24 to 192.168.3.1. Make sure there is no NAT translation on either side of the pepVpn (all forwarding) and view the advertised networks on both peplink devices (Status → SpeedFusion) . You should see the remote networks on each side of the connection. Send pictures of the SpeedFusion Status page if you have further issues
Thank you for your post.
The pepVPN between Balance 310 and FusionHub is no NAT translation (IP Forwarding enabled).
I have applied all your suggestions. Unfortunately same issues.
Here the Speedfusion Status on Peplink Router:
And here from FusionHub:
Whenever I get interesting routing, I break out the Packet captures. It just saves time, (support.cgi)
Somewhere we will see the packets either get changed, or dropped.
Also the X0:V10 thing looks more like a firewall rule rather than a route. Does there need to be a matching inbound traffic rule?. and can you run TCPDUMP on that firewall as well?..
there seems to be a bunch of networks connected to the B310-5G (or it is advertising them) . Can you run tests from an access vlan connected to the Balance to see if the issue is only when we extend the network to the other Firewall?
1 Like
It works now. I think I have an error with the route on my Firewall.
Thank you very much.
The Problem was the Interface. The correct one is X0:V20 which is the new Net 192.168.3.0/24. The wrong one was X1 which is my WAN.
By the way: “FusionHub_LAN” is the same as “Peplink VPN 172.27.1.0”
1 Like
Glad you found it. Any why I say, pcap early… you very quickly would have seen that the packets were not transiting the FW – Balance interfaces.
