PepVPN across 2 different ISP

I have a couple of Pepwave MAX routers (BR1 Pro) where I need to establish connection between my server and clients. The clients are running on moving vehicles via LTE provided by service provider A, while the server sits in our lab and is connected to the internet via service provider B through optical fibre.

No matter how I try to configure, I am not able to establish connection between my server and clients this way. However, if I connect my server via LTE provided by the same service provider A as my clients, I am able to setup the VPN successfully.

But this is not an ideal solution as I want my server to be able to handle a bigger bandwidth as there can be multiple clients communicating with my server simultaneously, hence I want the VPN to work between LTE connection of service provider A and the optical fibre connection from service provider B.

On the server side, there is another (non Pepwave) router/gateway that connects to the service provider B (because we are sharing the internet with other machines via this connection), and the Pepwave VPN router is then connected to this router/gateway using static IP. I have already forwarded TCP port 32015 and UDP port 4500 from the router/gateway to the Pepwave VPN router and it still does not work.

Appreciate any suggestion on how I should configure my VPN, or is it even possible to connect the VPN across different ISPS? (because I have no control of any NATs in either ISP)

Thank you.

I suspect you put your finger on the issue with your last sentence. VPN between/across carriers is absolutely not an issue in principle. And, it’s not a Pepwave/Peplink hardware/firmware issue. However, if you are trying to connect through carrier-grade NAT you’re going to have change your game a bit. In our experience there are three basic alternatives with perhaps some permutations of each:

  1. Use DDNS
  2. Get a static IP address on the side to which is to receive the VPN connection
  3. Talk to the carriers’ technical folks (if you can get to them) and ask for their solutions.
    In one case, we used a combination of #2 and #3 – where the carrier assigned a static address at a nominal cost but we also had to get them to poke a hole in their firewall for the magic PepVPN port.

You’ll find considerable discussions on this forum regarding this issue. There have been several members who have discussed this issue very thoroughly.

Rick

1 Like

Thanks for the quick response! Yes I am currently assigned dynamic IP for both ISPs, and I use NoIP for updating and getting new IP addresses via NoIP hostname. The issue I have is not because of dynamic IP, because even when the IP is correct, the PepVPN port is not accessible from either direction (ISP A->ISP B or ISP B->ISP A).

Other than getting the ISP to obtain static IP and/or getting them to allow PepVPN port access, I am trying to explore any other possible workaround solutions for the current setup I have. (e.g is it possible to establish VPN through SSH tunnels via a 3rd server hosted on some public cloud)

OK, so you can “find” the target address but it sounds like you can’t get through the carriers’ NAT FW. Personally? I’d try to avoid a “clunky” solution and try option 2 and 3 I suggested. The issue is well known and, as I said, has received a lot of discussion here and elsewhere.

Now, having said all of that, one could certainly use a “cloud approach” – e.g., PepVPN or SpeedFusion in the cloud. You didn’t suggest that as a possibility in your first message but that will certainly work. Again, there has been a lot of discussion about this here on the forum and I won’t rehash it.

Ultimately, the main consideration – and the issue that is frustrating your efforts right now – is that the target address must be accessible by the device that sets up the connection – PepVPN or SpeedFusion.

1 Like

Thanks for the reply. In a nutshell, in order for PepVPN to work, the PepVPN ports (TCP 32015, UDP 4500) must be accessible from the client.

Yes this is the main frustration now. Because I was looking at the product sheet: https://www.peplink.com/technology/speedfusion-bonding-technology/ about the technology, clearly it is possible to connect VPN accross different carriers (which is why we purchased the routers). What isn’t that clear to me was the port requirements for it to work. The reason I brought up about SSH tunnelling via a public cloud is that I know this is one technique to connect 2 clients who are both behind NAT FW (I’ve tried it and it works) and may not have its own public IP address. Without knowing how PepVPN works, I don’t want to jump to conclusion that I needed my carrier for solution since SSH tunnelling is a way to get around the carrer’s network restrictions (and maybe PepVPN uses similar techniques?)

And yes I agree that I would want to avoid a “clunky” solution as well. I would not want to use solutions that Peplink does not support “out of the box”, since this is likely require hacks and there will be other kinds of problems associated with these solutions.