PepVPN Speedfusion tunnel between 3 sites

Hi Guys
hi guys, please i want to build a pepvpn speedfusion tunnel between 3 sites; do I have to create three tunnels between each of the sites and the other two or build a single tunnel that integrates the three sites?

I’d say “it depends”.

You can build any topology you want really, the question is which one is most appropriate / easiest to configure and maintain.

Do all of the sites have resources that need to be accesed by each other, even if one of them is offline? For example is there a server on each site, and if Site A were offline would Site B and C still need to exchange information?

If so then a fully meshed VPN config may be best. In this case you’d build a tunnel from each site to each other site, e.g. Site A has tunnels to B and C, Site B has tunnels to A and C and Site C has tunnels to A and B.

That requires a fair bit of configuration and network planning, it would probably be simpler to deploy and maintain that kind of topology using InControl.

Is there an obvious “main” site out of the three where resources are located? If so then a hub and spoke type arrangement would maybe be easier to deploy, where for example sites B and C connect to site A but not directly to each other. B and C could also exchange traffic via their tunnels to Site A but this may not be appropriate if you have limited bandwidth or high latency between the those sites vs building direct tunnels as above.

How viable each topology is to deploy is going to depend on a few other factors such as what connectivity you have at each site, do they all have suitable bandwidth and public IPs on at least 1 WAN interface that can accept the incoming VPN connections?

You could also build a FusionHub in the cloud and connect all the sites to that (again, traditional hub and spoke type config), this may be an option if for example you have sites behind NAT or want to make use a hub and spoke configuration but with no reliance on one of your existing sites connectivity.

I think for us to help you here you might need to provide a bit more information about what you are trying to achieve, along with possibly some basic diagrams showing what subnets would need routing where, what resources you want accessible via the VPN and also details of what Peplink equipment and connectivity you have at each site.

1 Like

One other point to consider is future growth - if you add more sites down the line a fully meshed setup grows the number of tunnels on each endpoint exponentially, and that may not be sustainable if you factor in limits on number of PepVPN peers, performance of the endpoints and so on.

Peplink doesn’t really have a direct equivalent to DMVPN / NHRP as far as I know, so if you plan to grow the deployment in the future that could add weigh to a hub/spoke type topology (you can always deploy two hubs for resilience).