I have a Balance One (M1) at our main campus which is connected to the internet via two WANs from the same ISP. At that same location there is another building (M2) which is not on the local network of the Balance One due to distance limitations. We have a third WAN for internet at that isolated building. In the past, I had been able to setup a VPN between the main building and the isolated building to share a file server because the endpoints were not on the same subnet (didn’t have the same internet gateway for M1 and M2).
However our ISP recently consolidated their network upstream of us, placing all three of our WAN terminations on the same subnet. This has broken the previously working VPN at Layer 2, as they filter any traffic between endpoints on the same subnet. I could resolve this with static IPs. However we have 3 business lines of service and are provided 0 static IPs – even Comcast isn’t that evil. Furthermore the monthly cost for the 2 static IPs need to setup a VPN would double the cost of our least expensive line of service.
I can still connect between the buildings using Chrome Remote Desktop. However any direct connection (ping, telnet, etc) fail regardless of direction. I believe this works because the connection is routed (initially) through Google servers, inserting a hop outside of our ISP’s network and thus bypassing Layer 2 filtering on their network.
Would PepVPN do something similar when setting up the tunnel? How does PepVPN establish a connection between peers? Would this involve polling a Peplink server to start the connection, creating a hop outside of our ISP’s subnet? The isolated building has a Ubiquiti EdgeRouterX which I’m considering replacing with a Surf SOHO for PepVPN if this will work.
Also – would all VLAN traffic at the isolated building be sent over the PepVPN tunnel to the main building? Or could I restrict traffic to a single or several VLANs, leaving bulk internet traffic to use the local WAN rather than the PepVPN connection?