I have a Balance 210 with two WANs connected to a solo SpeedFusion Hub server (bonded) and can’t figure out how to route traffic over the speedfusion vpn with an outbound policy
the the admin dashboard on the balance and fusion hub server show the PepVPN with SpeedFusion is “established”. but, when looking at the status pages on both the balance and the server for the SpeedFusion VPN, no traffic is going out over either WAN to the SpeedFusion VPN (screenshot below was taken while my machine on the LAN was running a speed test; the speed test doesn’t go above the Mbps of a single wan, and the status pages show only a few kbps - it isn’t using the vpn)
so, I tried to setup and outbound policy (see screenshot) but again no traffic shown on the dashboard status pages when this is in place - nothing appears to be using the vpn when this rule is in place:
it is working:
- when i use the “PepVPN Test Configuration” i can see traffic going out across the VPN using booth wans
- when i go to the network → vpn → speedfusion page and select, “Send All Traffic To” then all the traffic goes out over the VPN, but i want to do this via outbound policies, not this way
any insight / thoughts on what i’m doing wrong? thanks!
here are my other rules:
Change your destination in the outbound rule to be “any”, rather than “PepVPN Profile”.
That will basically do the same for you as ticking the “send all traffic to” box.
You can obviously use more specific destination addresses if that is what you wanted to do.
2 Likes
thanks @WillJones that did the trick
i think i get it now… any traffic, from any source going to any destination will get put thru the vpn with that change, and then based on priority fall back to the individual wans if the vpn is down (which the “send to all” doesn’t do; when the vpn isn’t established all traffic was dropped w/ send to all)
i’m curious though, based on how i had it configured originally, under what circumstances would the destination ever be the PepVPN profile?
You know I’m not sure either, the wording of the documenation for it is a little unclear to me on the subject.
I mostly use outbound policies when I want to steer certain traffic types down a specific VPN tunnel or sub tunnel, for instance send VoIP down a sub tunnel that has WAN smoothing enabled, but keep regular traffic on the main tunnel which does not do smoothing.
One difference I do notice though is that if you select PepVPN as the destination you can then select traffic based on matching application signatures which you cannot do when using src/dst as “any”.
