pepvpn traffic through non static ip

i have 2 br1 max mini’s that i’d like to connect vpn. one has 2 wans, 1 static ip. the other only has 1 wan(non-static). can they be set up to tunnel pepvpn and have 90% of data go through the wan that is not static. my static ip provider has data caps(sucks)

Are the non-static IPs still public IPs, just assigned dynamically?

If so I’d look at using a dynamic dns service and build the PepVPN tunnels using the dynamic dns addresses rather than the literal IPs.

As for the traffic distribution, I think the only way to do that is configure the PepVPN profile for weighted round-robin and configure appropriate upload / download bandwidths for those WANs to get the right distribution. Not sure that will be 100% what you are looking for but I don’t think there is another way to do it.

pretty sure the WAN thats not static is behind a NAT therefor no public IP. and I’m pretty sure that screws my idea

Thanks

spin up a fusion hub? have all devices vpn connect to the fusion hub?

A FusionHub to act as a meeting point would be one way to do it, but the BR1 Mini is not a PrimeCare part so that option would certainly have cost implications in the form of a FusionHub Essentials licence on top of the hosting of the hub.

Hello There, I am Primdas from Indonesia.

I have same question with @Joe_Patterson, our customer request to do POC at three site ( different city) with fail over and bonding capability. we offer Balance310X at HQ and 305 for two branches. Each site connect to 2 different ISP and there are ISP with static and dynamic IP. I am not sure yet the dynamic is public or private but we need to prepare some configuration to meet their requirement. Any suggestion or proven configuration for this POC ?

If you have static and/or public IPs at the HQ site I would build your tunnels from the branches to the HQ. Would it be necessary also for the two branches to have tunnels directly to each other if they must comunicate directly, or can they send data via the HQ site?

Ideally you need to know some of these details before you can start to build the actual configuration, and if you know the details in advance you can make the best decision for how to design the network.

Also if you plan to use Ic2 to manage the configuration or are preparing them manually directly with the devices, both methods are valid but if you have a complex topology then Ic2 is maybe better.

Another approach is to deploy FusionHubs that all the sites connect to and build traditional hub/spoke topology with the FusionHub in the centre of the network. This can also be a good option if for example you have a lot of traffic going between Branch A and Branch B and you wish to avoid sending it via the HQ as well as reducing the complexity of the VPN configuration vs building a full mesh topology.

1 Like