Outbound PepVPN Rules

Dear sirs,

I’ve an issue regarding this feature, Outbound PepVPN rules on peplink balance running 6.2.0 firmware version. The idea is this rules rewrite the routing table and route the traffic for specific speedfusion tunnel instead the one which the routes are advertised. I’ve configured this rules on outbound polices after enable this PepVPN setting rules, and base on destination network address i enforce the traffic goes over a differente tunnel, but PepLink didn’t apply this rules. Any one have this special setting working on this firmware version?

Best regards,

Adelio Moreira

Routing over SpeedFusion is automatic. To control this click on the “?” in the upper-right hand corner of the rules table to turn on expert mode. From there you can place these rules above the automatic PepVPN routes and they should work as expected.

Hello,

If using this feature or configuring in the outbound policy section with expert mode enabled, which will enable PepVPN Routes. As long as the rules are placed there it should follow your created rules.

Also, how are you testing this? If you could provide a simple network diagram of the different locations; I.E. Is this a point to point tunnel or is there a intermediary Balance in between the local and remote Balance?

Hi Jarid,

Thank for your reply, yes i’m using this feature on Outbound Policy, PepVPN routes, and it’s working as expected to be. Sorry, but the first test i’ve done was not so clear and i was suspecting this PepVPN routes were not rewriting the routing table.

I’ve fixed my problem changing a metric on my routing process.

Do you know how to enable the replies of a traceroute command,when the traffic is routed to a SpeedFusion tunnel, i don’t receive any reply from this hop.

Best regards,

Adelio Moreira

Hello,

You will need to use the ping command as trace routes don’t really work in a encrypted SF tunnel.

Note: When using the PepVPN routes it will not update on the Status>SpeedFusion page (as these are learned routes, not actually which path they are taking).

The best way to test is to:

  1. Initiate a constant ping from Local to Remote host.
  2. Then go to Status>Active Sessions on the Balance it is directed to go through to get to the remote end
  3. Search and filter for IP1 (ICMP packets)
  4. You should see the ICMP packets coming in

Example:

Reference the below diagram.

You have a PepVPN route that states Site 1 use Site 3 to get to Site 4

  1. Initiate a constant ping from client on Site 1 to client on Site 4
  2. Go to Active Sessions on Site 3 and you should see the ICMP packets coming in confirming it is using the correct tunnel.
    2a. Logging into Site 2, you should not see the ICMP packets.