Pepvpn profile in ICA

DSF12 · June 8, 2018, 3:57am

Hi,

working on ICA 2.6.2 hardware appliance

We used to configure our pepvpn with bulk configurator, loading a pepvpn profile with the address and ID of the balance. Since we have upgraded to 2.6.2, everytime the config is applied by bulk configurator, the local ID is reset and must be validate on the web ui, so the vpn profiles aren’t loaded.
Is there a workaround to this behavior which prevent a full auto deployment ?
N.B. : As now, we don’t want to use the pepvpn configuration feature of incontrol, unless it’s the only way.

David

Michael · June 8, 2018, 4:16am

Please DM me your ICA s/n and enable remote assistance. We have a patch which could re-enable the ability to configure PepVPN with the bulk configurator. We could remotely patch it for you.

DSF12 · June 8, 2018, 4:37am

Hi,

ICA S/N is 1825-3AE3-12C4

The remore assistance is enable

-------- Message original --------

**Sujet:**     [INTERNET] [Peplink Community] [Product Discussion/InControl & FusionHub] Pepvpn profile in ICA

**De :**
Michael Chan 08/06/2018 14:26

Michael · June 8, 2018, 5:14am

We received your support ticket. Actually we have applied a patch to your ICA already. Please check if it works now.

DSF12 · June 8, 2018, 5:52am

No, it don’t works, always the local ID to validate and no profil loaded. No restart needed ?

Michael · June 8, 2018, 6:00am

No restart needed. We restarted in the background for you. Please re-upload the config again if you haven’t.

DSF12 · June 8, 2018, 6:18am

ok ,i understand, I must re-upload config and select preserve pepvpn, and it works. Correct ?
If so, it’s good for me.

Thanks

DSF12 · June 8, 2018, 6:20am

Can we put the same local id to all peplink in the config, if we use serial number for remote ID in VPN ?

JamesPep · June 8, 2018, 6:26am

You need to use the site ids of both the local and remote devices for each link. Generally bulk configuration is hard to use for pepvn configuration outside of some very specific use cases. For the links to work, you’ll additionally have to have the IP addresses of at least one end of each link configured.

DSF12 · June 8, 2018, 7:01am

that our case, balance in star deployment and max router. Each have the other’s serial number for remote ID, and the Max router have the ip of the balance. we don’t use the local ID in vpn config, but until now, we have indivualize each localID with unique string. To simplify deployment, the model having the string “LocalID”, can we keep it for every Max router without having some kind of conflict ?

DSF12 · June 8, 2018, 7:11am

another question, can we make a cluster with a balance 1350 HW1 and a HW2 ?

Thanks

Zach_Tangen · June 8, 2018, 11:17am

Hello DSF12,

We do recommend using the same hardware revision to ensure that all functionally works between the Master and Slave. If you would like to try and setup HA between different hardware versions you can, but this isn’t fully supported.

JamesPep · June 10, 2018, 5:46pm

If you want to establish a connection between two devices (A & B)
For device A: the configuration needs to have Local ID A and Remote ID B
For device B: the configuration needs to have Local ID B and Remote ID A
If you have a preshared key configured, the PSK values must match

For simplicity, consider the LocalID/PSK values as a username/password pair
The LocalID is the username that it will accept on incoming connections
The RemoteID is the username it will use to try to login for outgoing connections.

If you’re configuring the RemoteID’s on the balance to the SN of the Max devices, you will need to configure the localID of the Max devices to be their serial numbers

If you’re using a star topology and are using a balance 1350 as the hub, you can set the 1350 to use ‘aggressive mode’, which will allow multiple logins from the same RemoteID/PSK, and then use bulk configurator to push identical configs to all your Max devices.