PepVPN on Balance One

I have a Balance One (M1) at our main campus which is connected to the internet via two WANs from the same ISP. At that same location there is another building (M2) which is not on the local network of the Balance One due to distance limitations. We have a third WAN for internet at that isolated building. In the past, I had been able to setup a VPN between the main building and the isolated building to share a file server because the endpoints were not on the same subnet (didn’t have the same internet gateway for M1 and M2).

However our ISP recently consolidated their network upstream of us, placing all three of our WAN terminations on the same subnet. This has broken the previously working VPN at Layer 2, as they filter any traffic between endpoints on the same subnet. I could resolve this with static IPs. However we have 3 business lines of service and are provided 0 static IPs – even Comcast isn’t that evil. Furthermore the monthly cost for the 2 static IPs need to setup a VPN would double the cost of our least expensive line of service.

I can still connect between the buildings using Chrome Remote Desktop. However any direct connection (ping, telnet, etc) fail regardless of direction. I believe this works because the connection is routed (initially) through Google servers, inserting a hop outside of our ISP’s network and thus bypassing Layer 2 filtering on their network.

Would PepVPN do something similar when setting up the tunnel? How does PepVPN establish a connection between peers? Would this involve polling a Peplink server to start the connection, creating a hop outside of our ISP’s subnet? The isolated building has a Ubiquiti EdgeRouterX which I’m considering replacing with a Surf SOHO for PepVPN if this will work.

Also – would all VLAN traffic at the isolated building be sent over the PepVPN tunnel to the main building? Or could I restrict traffic to a single or several VLANs, leaving bulk internet traffic to use the local WAN rather than the PepVPN connection?

You can easily build a PepVPN between these locations even with the WANs all in the same subnet. Multiple VLANs can be routed across the VPN and you can restrict access as well. By default internet traffic would go out the local WAN connection.

Awesome! Thanks for the quick reply Ron! Looks like I will be getting my feet wet with PepVPN in the near future.

Received a new Surf SOHO. I configured and deployed with PepVPN profiles on both devices. The status reads “Starting…” on both devices and never progresses further. I have a basic PepVPN profile setup on each device, with the Surf SOHO containing the remote IP address.

I have diagnostic reports and current configs I can send for troubleshooting. Both devices have remote assistance enabled. Should I open a support ticket?

We will need the S/Ns if you have remote assistance enabled. You can open a support ticket with us if you want to keep this information private.


Support ticket #761668 has been opened with the serial numbers.