OpenVPN Support


#54

Hello Peplink Team,
Although I was an early advocate for OpenVPN, we have after the recent changes in the legal climate here in Australia having to officially change our stance.

We are no longer interested in an OpenVPN Client within any Peplink/Pepwave models.
We do though believe there may still be good commercial reasons for the higher end Peplink Balance Series routers as the 380 and above to offer an OpenVPN Server, there are many current customers requiring to use a third party OpenVPN Server appliance and we wish to simplify this and improve the management and monitoring of this.

In our professional opinion, Peplink are on track to be sticking with the PepVPN for professional VPN connections between Peplink devices and for businesses as it is a superior product and we see Peplink more as a professional grade solution than a consumer grade solution.

If Peplink was to introduce a OpenVPN Client then in several countries (including Australia) suppliers will potentially face problems with getting the product approved with many carriers that are attempting to stamp out the use of bit torrents and avoid receiving and issuing fines (as is now done in Australia) for breaches of copyright (Details available here at Copyright Amendment (Online Infringement) Bill 2015 or in your favourite search engine put in “Australian ISP issue fines for copyright”). In Australia it is possible for the supplier of equipment that allow for the breaching of copyrights laws to also be penalized (there has been no financial limit set on these penalties as yet).

By all means a OpenVPN Server would be good in the Balance 380 and above, though we highly recommend leaving the OpenVPN Client out of the entire range for legal protection of your Peplink Partners or finding a way to ensure they can opt out of OpenVPN for equipment in their region.

The professional equipment we use, such as Mobotix Cameras, already have the OpenVPN Client built in and as such only need the OpenVPN Server to match in the Balance Routers.

We release this post will upset many here in this thread, though at potentially over $10k fine per router supplied supporting OpenVPN here in Australia, we cannot take the risk (for distributors & partners we recommend you get independent legal advice and also check your insurance, premiums alone could ruin most businesses).
Happy to Help,
Marcus :slight_smile:


#55

Spangled - Hard to understand your post, but I think you want to use your computer to browse the internet from remote sites, but be anonymous. You can do that with any Peplink router using an L2TP VPN. Most modern devices have L2TP support built in, including Windows, Android, and Apple. L2TP is already in your Peplink router. The VPN connection from the remote site back to your home office is encrypted so the remote internet provider (business, hotel, etc) won’t see your browsing. Web sites that you browse will see the IP of your home office, not the IP of your actual location…

Is that what you are trying to do?


#56

Hi Marcus

I have searched for this and can’t see mention of openvpn being specifically mentioned other than in posts where it talks about ISP’s throttling openvpn (and other vpn traffic)

I struggle to understand why openvpn would be any different as far as the law is concerned when compared to the support of pptp and l2tp client protocols, is there a particular article you could link to better explain why you think openvpn would cause more legal issues.

thanks
James


#57

I could use it for travel but I’m not quite sure what you mean when you say construct a tunnel back to the mother ship. Do you mean a PC acting as a server?

No. Read up on “PepVPN.” Even the low-end-ish PEplink routers have the ability to communicate with each other via Peplink’s proprietary secure tunneling protocol - PepVPN. So, when I’m away from home I almost always take a Surf-on-the-go or Surf SOHO with me. It’s “pre-programed” to make a secure connection to the Balance router in my home office. So, I have an encrypted tunnel from end-to-end.

Teamviewer I don’t like the look of because anything that says Remote Control makes me nervous about security heheh.

Teamviewer is an enterprise-grade product. I’m not nervous. It’s free for personal use.

I mean is there a way to connect to the Internet without showing your real IP?

Sure. If that’s your concern proxy servers are big business these days . You can have an appearance on the internet in just about any place you want! Toronto? Washington DC? London? Pick one.

I’ll need to look up making a server with a Raspberry Pi, it would be nice to keep the router.

“Apples and oranges.” If you must VPN into your network and do not want to use PepVPN you can keep your existing router and set up an inexpensive VPN server on your network – e.g., with a RPi. Search engines are your friend here. :grinning: Not sure, but I’m wondering if you may have fallen victim of one of the “techno-pundits” who spread alarm and panic among users. If you can precisely define what you want to do and explain the reasons therefor there are folks here who will help you.

Finally, check out @Don_Ferrario 's post above. L2TP is “built-in” to all Peplink routers and that may get you were you need to go at zero cost. Virtually all clients support it.


#58

Hi @mldowling, do you have more information about the use of OpenVPN in Australia?

From your link, in “Revised explanatory memorandum”, I found this statement regarding VPN but doesn’t sounds like OpenVPN is prohibited:

  1. The primary purpose test would also prevent an injunction to block an online location operated overseas that provides legitimate copyright material to individuals within another geographic location, but are not licensed to distribute that copyright material in Australia. For example, the United States iTunes store does not operate with the primary purpose of infringing copyright or facilitating the infringement of copyright and therefore access to this online location would not be disabled under an injunction. The test is also not intended to capture Virtual Private Networks (VPNs) that are promoted and used for legitimate purposes, or merely used to access legitimate copyright material distributed in a foreign geographic market. VPNs have a wide range of legitimate purposes and have no oversight, influence or control over their customers’ activities.

#59

We had a good discussion on this topic at our Partner Summit 2018! The conclusion is that, among the three modes of operations of OpenVPN, Peplink will work on the support for Remote User Access (OpenVPN server mode) and WAN connection (OpenVPN client mode on the WAN).

OpenVPN site-to-site mode is not a priority and will not be supported. Thanks for everyone who contributed to the discussion. :slight_smile:


Outbound client limitations
#60

I work under Morgan Stanley in their Educational Business holdings portfolio directly with corporate franchise locations they own, Unfortunately I will not be able to use your solution going forward since site to site OpenVPN will not be supported.

IT Administrator
Scottsdale AZ


#61

Can you please elaborate why this prohibits using Peplink?

Peplink already has a Site-Site VPN that is well proven, and also can be licensed to support FIPS 140-2 security.


#63

Any update on a timeline for when OpenVPN support will be made available for the Balance routers? I have a Balance 30 LTE and would really like to use an online paid VPN like VyprVPN or IPVanish like I’m doing already with a consumer ASUS router that supports OpenVPN. It eliminates the need to have their app installed on each device and I’m really liking the service so hope to be able to use it on a Peplink in the near future.


#64

If you want to use OpenVPN for site to site then you’re missing the whole point of Peplink devices and their PepVPN/SpeedFusion VPN technology. It would be like using a Tesla to tow a cart. .


#65

Major consideration would be our Communications Array Servers platforms and Grandstream VoIP equipment all run on OpenVPN. If we go with replacing all sites with Peplink routers, not sure they will mesh. Already planning on setting up a test site this week in Houston. Will keep you posted.

Thanks…


#67

Hello @sotonet,
Speedfusion is very capable of creating secure VPN meshed networks, have a look at the video example of the configuration under the heading “Quick and Easy Configuration on InControl 2” at https://www.peplink.com/technology/speedfusion/
Happy to Help,
Marcus :slight_smile:


#68

@sotonet - I have just reread my last post and must apologise. It was far from constructive. Moving between vendor technologies is always a headache - nothing is ever as easy as you want it to be and there are always unforeseen gotchas.

Can I suggest that you consider posting a sample network diagram on the forum and we’ll all help you plan for a PoC / migration so you can test out SpeedFusion for Site to site VPN and see how you get on?

I’d happily work with you on that new thread and share my experiences of similar migrations. Also take a look at the Pluss deep dive doc from their case study. They moved from Draytek and IPSec to SpeedFusion (running both site to site technologies side by side during the migration) and the doc explains the steps they took to migrate in a low risk manner.

Good luck!

EDIT: Just saw your withdrawn post - agree completely that my previous response above wasn’t constructive.
It came from frustration - which is no excuse, but there is so much more that you can do with SpeedFusion/PepVPN (when you need site to site VPN) compared to traditional IPSEC & SSL/VPN technologies like OpenVPN and I get frustrated when we fail to get that message across successfully. I will work harder to keep that frustration in check in the future and to provide more helpful responses :wink:


#69

I’d like to see OpenVPN supported as well.


#70

Support for OpenVPN is in the works. It is expected some time by mid year.


#71

Hello,
Do you have a Beta (or any other) firmware with OpenVPN support?

Thank you,
Dana


#72

no support in firmware 7.1

yet there are lots of good things in the release notes!

firmware_7.1_release_notes.pdf

Keep us in touch Peplink :grinning:


#74

Hello Peplink Team,
Which MAX models will support OPENVPN?
Thanks,


#75

Add one more vote for OpenVPN support. Really need it. Thank you


#76

Do you have a release date of Beta firmware with OpenVPN ?