Hello,
I am trying to setup a SpeedFusion VPN which combines a private and a public LTE network. The SIM cards beloning to the private network cannot reach the public SIM’s and vice versa. Because the SpeedFusion VPN allows only 1 WAN IP address to be configured for the Remote IP setting, the tunnels fails when the connection which was used to set up the tunnel fails. Is there any way of providing the tunnel with 2 remote IP’s from the same remote Peplink? So that if 1 network fails, the other can always act as a failover.
For now, the only solution I have in mind is to add a central FusionHub which can reach both networks, but for this I would have to create a way into the private network from the public network, which I would like to avoid.
Thanks!
That’s not the case you can add as many as you like, just seperate them with a space or carriage return.
In this situation where public can’t route to private (assuming public LTE can route to each other) you can build a segregated speedfusion tunnel where all WANs have a 1:1 relationship rather than the usual 1:n configuration.
You can just add all the remote peer IPs in as a list and this will work, although the handshake process does this itself with an autodiscovery process that detects the active WANs (and share IPs between peers) so if this is not currently working you might have a routing / firewall issue.
It’s worth noting though that the autodiscovery process can introduce inefficiencies here since it will advertise all WAN link IPs on one peer to the other. The other peer will then attempt to build tunnels from all of its own WANs to each remote peer WAN IP and this can add extra time to the VPN build process since not all WANs can communicate with each other.
This is when you should use WAN connection mapping if possible to identify which WANs can talk to each other. This will speed up VPN build and recovery times.
2 Likes
Thanks for you answer.
Could you point me to where I can map the WAN connections please?
There is a user manual here: WAN Connection Priority – Peplink Documentation
If you are creating the tunnels on the device you can set it in the local profile.
If you are using incontrol to push the tunnels then you need to click advanced and edit the WAN settings.