OpenVPN Support


#41

In our clients’ case we would like the ability to open an OpenVPN connection (as a client) to an OpenVPN server (e.g., one offered by the ISP), i.e., as a connection across a WAN and available as a WAN connection for configuration purposes.


#42

@Keith

You are correct. I would like to setup my Peplink as a “OpenVPN client” to a cloud VPN provider.

I do not have customers/clients who demand this functionality. My motivation is to have the option to establish a private connection to a VPN cloud service and offload the encryption of outgoing traffic to the Peplink hardware as opposed to establishing the connection each LAN connected device; this way outgoing WAN traffic is encrypted and LAN clients do not have to authenticate to the cloud VPN provider or manage VPN encryption overhead.

It should be noted that cloud VPN services are blocked on some web hosted video services like Netflix so it would be helpful, for my purposes, to be able to selectively rout outgoing traffic through OpenVPN OR through regular WAN based on LAN IP address or device ‘alias’ defined on the Peplink hardware. (i.e. Television on LAN could be routed through normal WAN and LAN PC routed through OpenVPN connection)

Thank you in advance for you consideration and support (…)

Gerald


#43

We are using a new MVNO here in the UK and they offer an OpenVPN service in their core for remote non SD-WAN devices to connect to over dynamic cellular IPs so that their customers can manage their devices securely. We’re trying to sell MAX devices into this MVNO.

A barrier to migrating some of their existing customer base away from their current hardware to MAX devices -even on a trial basis, is the lack of OpenVPN support we need to connect to their OpebVPN server so that their existing customers can manage both the new MAX.devices and their existing estate of 3rd party devices using the same tools initially (before we can migrate them to IC2 completely for remote management).

It does seem that OpebVPN on the WAN like this is becoming a popular configuration.


#44

And I was wondering was it didn’t worked… i forgot that 6.2 is not supporting!


#45

I also would like openVPN. Please!!
thanks


#46

We are getting more and more request for OpenVPN. There is alot of demand for it.
Client’s wants to connect mobile devices ect to their peplink routers and cant do this with Pepvpn.
getting this feature would give us a lot of attention and we can push Peplink solution’s to places we cant go at the moment due to lack of the openVPN.


#47

OpenVPN support would be highly useful. I am currently running the server on a dedicated Linux machine – obviously it would be nice to just use the router.

Thanks for the lovely routers, btw.


#48

PLEASE Bring Openvpn support!


#49

Any Update on this ?


#50

Hello PepLink Team! Another request for OpenVPN (VPN Client) functionality.
I’m living in a 3rd World country with an oppressive regime, OpenVPN for my Balance 50 would be really appreciate, matter of life in fact.

Thank you in advance for you consideration and support!


#51

Oh no, I would have purchased a different router as I just assumed using VPN software would be part of the security protocols of any advanced router.
I thought third party software would only be affected by the OS and the router wouldn’t see it just like a basic ISP Gateway modem.
I doubt I could return it now. Guess I’ll have to take a hit and sell it on eBay.


#52

It is. Have you tried PepVPN? Works excellently. (When I travel I take a SOTG or SOHO with me and it automatically constructs a tunnel back to the “mother ship.”)
Or, L2TP?
Or, have you considered setting up a VPN server with a RaspberryPi? Almost trivial to do – and cheap.
Or, ever tried TeamViewer?
I have to say: While it would be nice if VPN was included, there are soooo many alternatives we’ve not found it’s absence limiting at all.


#53

Hi Rick, thanks for the suggestions.
I’m afraid I’m not very technically aware.
I only want a basic VPN like Private Internet Access to use for browsing and security.
I could use it for travel but I’m not quite sure what you mean when you say construct a tunnel back to the mother ship. Do you mean a PC acting as a server?
Teamviewer I don’t like the look of because anything that says Remote Control makes me nervous about security heheh.
I tried to input a static VPN IP Address with the PIA DNS servers but that didn’t work.
I mean is there a way to connect to the Internet without showing your real IP?
I don’t even want OpenVPN (I think that gets installed into the OS with PIA), I just want the software to work on the OS. I don’t understand why it would cause a lot of hassle because the cheapest routers allow VPN software.
However, this is my first experience of a business class router so I guess VPN creates a security problem if it’s meant for business.
I’ll need to look up making a server with a Raspberry Pi, it would be nice to keep the router.


#54

Hello Peplink Team,
Although I was an early advocate for OpenVPN, we have after the recent changes in the legal climate here in Australia having to officially change our stance.

We are no longer interested in an OpenVPN Client within any Peplink/Pepwave models.
We do though believe there may still be good commercial reasons for the higher end Peplink Balance Series routers as the 380 and above to offer an OpenVPN Server, there are many current customers requiring to use a third party OpenVPN Server appliance and we wish to simplify this and improve the management and monitoring of this.

In our professional opinion, Peplink are on track to be sticking with the PepVPN for professional VPN connections between Peplink devices and for businesses as it is a superior product and we see Peplink more as a professional grade solution than a consumer grade solution.

If Peplink was to introduce a OpenVPN Client then in several countries (including Australia) suppliers will potentially face problems with getting the product approved with many carriers that are attempting to stamp out the use of bit torrents and avoid receiving and issuing fines (as is now done in Australia) for breaches of copyright (Details available here at Copyright Amendment (Online Infringement) Bill 2015 or in your favourite search engine put in “Australian ISP issue fines for copyright”). In Australia it is possible for the supplier of equipment that allow for the breaching of copyrights laws to also be penalized (there has been no financial limit set on these penalties as yet).

By all means a OpenVPN Server would be good in the Balance 380 and above, though we highly recommend leaving the OpenVPN Client out of the entire range for legal protection of your Peplink Partners or finding a way to ensure they can opt out of OpenVPN for equipment in their region.

The professional equipment we use, such as Mobotix Cameras, already have the OpenVPN Client built in and as such only need the OpenVPN Server to match in the Balance Routers.

We release this post will upset many here in this thread, though at potentially over $10k fine per router supplied supporting OpenVPN here in Australia, we cannot take the risk (for distributors & partners we recommend you get independent legal advice and also check your insurance, premiums alone could ruin most businesses).
Happy to Help,
Marcus :slight_smile:


#55

Spangled - Hard to understand your post, but I think you want to use your computer to browse the internet from remote sites, but be anonymous. You can do that with any Peplink router using an L2TP VPN. Most modern devices have L2TP support built in, including Windows, Android, and Apple. L2TP is already in your Peplink router. The VPN connection from the remote site back to your home office is encrypted so the remote internet provider (business, hotel, etc) won’t see your browsing. Web sites that you browse will see the IP of your home office, not the IP of your actual location…

Is that what you are trying to do?


#56

Hi Marcus

I have searched for this and can’t see mention of openvpn being specifically mentioned other than in posts where it talks about ISP’s throttling openvpn (and other vpn traffic)

I struggle to understand why openvpn would be any different as far as the law is concerned when compared to the support of pptp and l2tp client protocols, is there a particular article you could link to better explain why you think openvpn would cause more legal issues.

thanks
James


#57

I could use it for travel but I’m not quite sure what you mean when you say construct a tunnel back to the mother ship. Do you mean a PC acting as a server?

No. Read up on “PepVPN.” Even the low-end-ish PEplink routers have the ability to communicate with each other via Peplink’s proprietary secure tunneling protocol - PepVPN. So, when I’m away from home I almost always take a Surf-on-the-go or Surf SOHO with me. It’s “pre-programed” to make a secure connection to the Balance router in my home office. So, I have an encrypted tunnel from end-to-end.

Teamviewer I don’t like the look of because anything that says Remote Control makes me nervous about security heheh.

Teamviewer is an enterprise-grade product. I’m not nervous. It’s free for personal use.

I mean is there a way to connect to the Internet without showing your real IP?

Sure. If that’s your concern proxy servers are big business these days . You can have an appearance on the internet in just about any place you want! Toronto? Washington DC? London? Pick one.

I’ll need to look up making a server with a Raspberry Pi, it would be nice to keep the router.

“Apples and oranges.” If you must VPN into your network and do not want to use PepVPN you can keep your existing router and set up an inexpensive VPN server on your network – e.g., with a RPi. Search engines are your friend here. :grinning: Not sure, but I’m wondering if you may have fallen victim of one of the “techno-pundits” who spread alarm and panic among users. If you can precisely define what you want to do and explain the reasons therefor there are folks here who will help you.

Finally, check out @Don_Ferrario 's post above. L2TP is “built-in” to all Peplink routers and that may get you were you need to go at zero cost. Virtually all clients support it.


#58

Hi @mldowling, do you have more information about the use of OpenVPN in Australia?

From your link, in “Revised explanatory memorandum”, I found this statement regarding VPN but doesn’t sounds like OpenVPN is prohibited:

  1. The primary purpose test would also prevent an injunction to block an online location operated overseas that provides legitimate copyright material to individuals within another geographic location, but are not licensed to distribute that copyright material in Australia. For example, the United States iTunes store does not operate with the primary purpose of infringing copyright or facilitating the infringement of copyright and therefore access to this online location would not be disabled under an injunction. The test is also not intended to capture Virtual Private Networks (VPNs) that are promoted and used for legitimate purposes, or merely used to access legitimate copyright material distributed in a foreign geographic market. VPNs have a wide range of legitimate purposes and have no oversight, influence or control over their customers’ activities.

#59

We had a good discussion on this topic at our Partner Summit 2018! The conclusion is that, among the three modes of operations of OpenVPN, Peplink will work on the support for Remote User Access (OpenVPN server mode) and WAN connection (OpenVPN client mode on the WAN).

OpenVPN site-to-site mode is not a priority and will not be supported. Thanks for everyone who contributed to the discussion. :slight_smile:


Outbound client limitations
#60

I work under Morgan Stanley in their Educational Business holdings portfolio directly with corporate franchise locations they own, Unfortunately I will not be able to use your solution going forward since site to site OpenVPN will not be supported.

IT Administrator
Scottsdale AZ