Possible to have more than 1 public IP on fusionhub?

It is possible to configure fusionhub with more than one public IP on the WAN interface?

None of the cellular ISP connected routers have public IPs, and I have an app that uses the same UDP port numbers (not relocatable) that I need running in more than one place behind the FusionHub.

Thanks,
Jim

Hi, FusionHub does not support multiple WAN IP address.

2 Likes

Thanks for the reply Kenny.

I have an application (Yaesu’s Wires-X amateur radio VoIP app) that uses 6 hardcoded UDP ports for the “server” side of it, hence needing more than one public IP for mapping back to the originating devices. Since the ISPs don’t like to give real public IPs, I’ve been using my fusionhub as my main gateway to the world for all my MAX routers.

I need a better solution now. Back to the drawing board.
jim

I support a bunch of RoIP services using a combination of Fusionhub and Opnsense VMs. I can recommend OPNsense for the firewall piece - you can use as many IPs as you need on that and forward to FusionHub LAN.

1 Like

Thanks Martin.

So basically, I’d set up an Opnsense VM as my “primary gateway” device for everything, with multiple unique public IPs on it? The Fusionhub VM would have its own public address as well outside the Opnsense, and all the peplink routers would pepvpn into the hub, and send all traffic via the tunnel? How would I tell the fusionhub to take that traffic and send it to the Opnsense for routing? I’m assuming I’d also want the Opnsense to handle all the NAT for me, right?

I’m at a transition point where (in August) I’ll be setting up a new site with a new router, and operating it concurrently with the old sites for several months and slowly transition things from the old sites to the new site. But in the end, I’ll have 4 routers, 3 of them attached via cellular, and the 4th via a fixed wireless provider most likely (still exploring providers at the new location), so whatever I build I would like it to handle the transition and the post-transition equally well.

Thanks,
Jim

  1. The FusionHub would have its own Public IP on its WAN interface, the remote Peplink devices would build tunnels to that IP. It would also have a LAN interface - a private segment between it and the opnsense vm.
  2. The Opnsense VM would have Public IPs on its WAN interface and then a private LAN interface in the same subnet as teh Fusionhub LAN.
  3. The Fusionhub would have the ‘send all traffic via LAN’ option ticked with the OpnSense LAN IP as the next hop. Any traffic from the remote peers (be that traffic destined for the internet or for other peers over VPN) is sent via the Opnsense.
  4. The Opnsense has static routes for all the remote peplink peer subnets with the LAN IP of the Fusionhub as the next hop.
  5. Opnsense therefore acts as the perimeter firewall for port forwarding and outbound wen filtering / routing as well as the inter site firewall.

We use this configuration regularly as part of our NetReach SD-WAN service offering. Its an extremely powerful combination of traditional routing and remote access capabilities found in Opnsense (OpenVPN, SSL & TINC VPN, traffic shaping, netflow etc) and the insanely powerful Speedfusion SD-WAN features.

But of course you could always use pfsense or NG firewall / Untangle too - whatever you prefer.

5 Likes

Martin,

That really helps a lot.

I think my thinking has been hampered by using Linode for so long. While they let you set up private addresses for direct server to server communications (at no extra cost for the IP or the traffic), they don’t do it as a new interface, but as an alias on the WAN interface.

Deploying Fusionhub on Linode is sufficiently quirky that I’ve been considering switching for a while now.

Thank you,
Jim

Give Vultr a go. I manage loads of fusionhubs (my own and for other Peplink partners) on vultr in the US and across Europe and they have been great. Private networking just works and they are great value for money.

2 Likes

My fusionhub is the essential license (5 peers, 100Mbps max bandwidth). It looks like the $5/month plan (edit: on vultr, I forgot to put that part) meets the minimum specs for that installation (1CPU, 1GB RAM, 1000GB transfer, 25GB storage). Can you think of a good reason I would want to pick a higher plan for the fusionhub? I would hate to undersize it and regret it later.

Any recommendation for minimal size for the opnsense box?

Start with the $5/plan for both, upgrading it is easy if you discover you need to and just requires a plan change and reboot from the Vultr control panel.

1 Like

Martin, you’ve been extremely helpful.

I’m sorry that I had signed up at vultr before seeing your referral link, I would have used it.

Since so much of my network design that has built up piecemeal over the years is having to be touched/modified, I’ve taken the time to sit down and design something from scratch rather than just letting it morph like it has in the past. On top of that, I’m learning opnsense. While it’s a descendant of m0n0wall, I’ve not used a packaged firewall system since a few years before m0n0wall stoppped developlment, and pfsense was still very new software. lol Mostly I’ve used my peplinks and at work cisco firewalls.

The process is definitely taking a lot longer than “add a second IP”, but I think this is building the foundation for a better (and arguably more secure) network long term.

Thanks again for everything,
Jim

1 Like

Hey Jim - glad its all coming right. Opnsense is a bit of a beast to be honest, but its well worth the effort.

Best of luck!