Remote access to server behind Peplink Transit router

I’m using the Peplink CAT18 router inside my RV, connected to Verizon Wireless. I have a local WIFI network set up. One of the devices on the WIFI LAN is a Raspberry Pi, running Home Assistant and Mosquitto (for automation).

I would like to enable remote access to my Raspberry Pi from outside the RV. I would like to ssh into the Pi, as well as connect to the Home Assistant dashboard on port 8123. I set up a dynamic DNS account with and entered the details in Peplink. I also set up port forwarding in Peplink.

However, this solution doesn’t seem to work because Verizon is not assigning public IP addresses, and hence there is no way for me to connect to my local network.

I’m thinking that the best solution would be to set up a VPN so that I can get access to a true public IP address. I have an expressVPN account but I haven’t figured out how to set this up with Peplink. I’ve also tried to set up PepVPN and Speedfusion cloud, but I’m not sure that this helps either. PepVPN requires a ‘remote id’, and obviously I don’t have that (since I don’t have a second peplink hardware). I thought that I wouldn’t need a second piece of hardware with Speedfusion Cloud, but maybe I’m wrong.

Any recommendations on what to do/how to solve?

Welcome to the forum!
Two ways. You can get the Transit to build a Speedfusion tunnel to a free Fusionhub virtual appliance you host in the cloud (costs $5/month) video here

Or you could setup your raspberry PI to run something like Zerotier. Accessing your Raspberry Pi securely from the Internet using ZeroTier - Kelvin Zhang

Fabulous. Thank you for the super-fast reply. I will try ZeroTier first. BTW, this CAT18 modem is crazy fast. I’m getting >100Mbps speeds on Tmobile and >50Mbps on Verizon.

1 Like

Bravo! The CAT18 modems certainly rock :slight_smile: Glad its going well.

Is there anything that needs to be configured on the router to make ZeroTier work? I’ve set up the network. Everything seems to work fine. All members (Pi, my iPhone, my Mac Pro) are authorized and online, but I still can’t reach Pi. I tried ping and ssh. Times out.

No idea - never done it, but it should by all accounts just work. What about your PI? Are you using UFW have you allowed traffic to and from your Raspberry PI IP from anywhere?

Hmm strange. I don’t have UFW installed. And yes, I can ssh into Pi, as well as access port 8123 (Home Assistant) as long as I’m on the same local network.

And this is why we use Fusionhub :slight_smile:

So, if I set up FusionHub for the purpose I explained, I should probably not direct all traffic through the VPN because the license is only good for 500MB, something we’ll hit in no time with Netflix… Since I want to use it primarily for inbound traffic, I would just configure port forwarding on the Transit router and that should pretty much do it, correct?

I’m also confused about the difference between Fusionhub and Speedfusion cloud. Shouldn’t the Speedfusion cloud give me what I need?

SpeedFusion Cloud doesn’t provide you with a routable IP address that you can redirect to the appropriate host on your internal network. Spinning up a SpeedFusion Solo hub on (say) vultr or UpCloud does provide you with that option, as well as more general configuration options since you will be the manager of your SpeedFusion host (e.g., establishing a VPN server on the hub).

Btw., Verizon allows you to get static IP addresses for your cellular connections ($500 one-time fee for however many lines you have on your account). @MartinLangmaid does not recommend that you do that, I have a slightly less jaundiced view of that approach :slight_smile:



500MB? Where did you see that?

The only speed limitations on a Fusionhub Solo setup are those of the connections your virtual server has and your physical router has. The only bandwidth allowance limit is that of your SIMs (if you are using cellular) and of the hosting companies package.

A $5 vultr virtual machine has a 1000GB (1TB) monthly bandwidth allowance. This is only measured download from their datacentres. Need more? The $10 server has 2TB of bandwidth allowance.

as @zegor_mjol says on Speedfusion Cloud you share a public IP with others - custom inbound configurations are not permissable.
On Fusionhub and Vultr you get a dedicated IP an can do with it as you please since you have full control.

Thanks Martin and Zegor. My bad on the speed limitation mistake. I don’t know where I got this.

I got Fusionhub up and running (brilliant video Martin!) and configured port forwarding on the hub and my router. Ping, ssh, and home assistant all work. Awesome!! Just out of curiosity, do i need to enable port forwarding on both devices, or just the hub? I did it on both.

Thanks for your help!

1 Like

Glad it has all come right - well done!

Just the hub device as you are forwarding from its WAN IP to the LAN of your Transit over VPN and VPN traffic between locations is not firewalled by default.

I’m quite a beginner at this but I was able to follow Martin’s instructions to set up a successful tunnel between Fusionhub hosted on Vultr and my Balance One. Using InControl and the web admin pages from both, PepVPN shows connected.

My problem is that I’ve been trying for the last couple hours to get Port Forwarding working. I’d like to forward a port to access the admin login (It’s a reserved IP of assigned by my Balance One) for an outdoor router connected via ethernet to my Balance One. My attempts at this only end up with the the connection refused. When logged into the Fusionhub web admin page, and under Network => Port Forwarding, I completed the following entries:

Enable is checked
Protocol: TCP (did not select a specific type)
Port: Single Port; Port number: 8200
I selected “All” which was: WAN with the Vultr provided Interface ID and the PepVPN with the NAT Mode also checked)
Server IP Address: I put the reserved IP of
Apply Changes

From here, what I’ve done (right or wrong) is to go the the Vultr provided interface IP in my browser with the port 8200 appended at the end. And I get connection refused. So, for example, if the hypothetical interface IP was:, I entered in the browser. And every time, it is refused.

I apologize in advance if I’m missing information needed to help me troubleshoot this or if I’m completely ignorant in some areas. Please don’t feel badly about educating and schooling me here. I’ve been trying different ports and settings…and have set up the VPN both manually and with InControl just in case. I need to do my day job which is not this and I decided I needed to ask for help.

Thank you in advance,

First check routing is working as expected.
In Fusionhub use the ping tool and make sure you can ping the target IP (

Then make sure the device with the IP of has its default gateway set to the LAN IP of the Balance One.

Then as a final test create an outbound policy on the Balance One with source set to destination any type enforced and choose the VPN connection to the fusionhub.

Also - there is a brand new InControl feature called InTouch for this kind of thing. You can learn about it here:

1 Like

Wow! The InTouch is so simple and easy. I used that and it worked perfectly. Thank you Martin!



I am now trying to get port forwarding to work because I want to learn. I believe I’ve followed your troubleshooting steps. To clarify, the device IP reservation is actually not 12 as previously noted):

  1. Ping from speedfusion to the on the Balance One is fine (0% packet loss)
  2. The LAN IP is set as on the balance one ap device (that’s the device)
  3. Outbound policy is set as noted:

I wasn’t sure of the next steps, but I tried to go to the WAN IP Address for Speedfusion device again in my browser, I received the same issue with the port 8200:

Here are my port forward settings as well:

The fusionhub WAN IP works fine otherwise and immediately opens the fusionhub device management page

I appreciate your help and patience with me. I’ve been learning as I go.

Edit: The fusionhub WAN address provided by vultr stopped directing to the fusionhub device management page. The pepvpn tunnel still shows green. What did I do wrong?

I did have to destroy the server on vultr and redo the entire process to get the public IP working. Still not sure what I’m doing wrong on the port Forward.

Just a quick note to say that we took a closer look at this and got it working.
We changed the port forwarding rule on the fusionhub to a port mapping type and used a port other than 443 which is what the FusionHub Web Interface was sat on and mapped it to 443 on the test device ( a AP on the LAN).