Remote access VPN to a Pepwave device behind ISP NAT

A common use case is to want to connect to a Pepwave device (like a MAX BR1) – or to the LAN devices sitting behind it – remotely over the internet.

  • If you have a static IP, this is easy.
  • If you have a dynamic IP without Carrier-grade NAT (CGN or CGNAT), you can use Dynamic DNS (DDNS).
  • But if you have a dynamic IP and the carrier is using Carrier-grade NAT, what is the solution? Unfortunately, this is commonly used by cellular providers and even wired ISPs.

Obviously InControl2 allows you to access the Pepwave device itself, but if you want to do thinks like connect to the Pepwave via a Remote Access VPN connection, it seems you are out of luck.

Synology has an elegant solution for this called QuickConnect. Their server acts as an intermediary between the end user and the Peplink device. It uses hole punching to allow the end user to traverse the NAT, and if that doesn’t work, it acts as a relay. There is a whitepaper about it here.

Does Peplink offer, or plan to offer, something similar? It could either be free (as is Synology QuickConnect), or it could even be a paid service or offered as part of InControl 2.

Note a similar request from several years ago on the forums here.

I use a FusionHub Solo hosted on Vultr ($5/month) for this. It gives me port forwarding over VPN to LAN devices from a public IP that never changes that I can control. It also includes 1TB of bandwidth so I can stream video too.

That combined with RWA is all I need generally.

However I do see how this would potentially be of value as something baked into IC2 the trick will be managing abuse.