Remote User VPN using Find My Peplink for WAN IP's

woodie · November 29, 2020, 8:40am

My apologies if I missed the solution, but I need remote access for my Balance One which has WAN IP’s that frequently change (DHCP) I enabled Find My Peplink and that allows me to ping the Balance One, but how do you setup a VPN to utilize it? Many Thanks! Woodie

MartinLangmaid · November 29, 2020, 3:47pm

See this: Setting up L2TP With IPsec

Use the mypep.link dns name instead of the IP address when you set up the remote client.

Don_Ferrario · November 29, 2020, 5:07pm

This can be handled by using a dynamic dns service, such as dyndns.org. Peplink made it very easy to set up on your WAN page.

woodie · November 30, 2020, 4:14am

Thanks Martin & Don, do I also use the mypep.link dns name when setting up remote access on the Balance One? I had previously read the post you mentioned, Martin, but it wasn’t clear I could use that dns name in the WAN setup area.

Thanks again, Woodie

MartinLangmaid · November 30, 2020, 11:50am

You use it on the clients you want to connect to the balance one:
ie on windows where it says server name or address instead of using the IP you would use devicename.mypep.link (where devicename is the dynamic name you chose when you turned on the mypep.link dns service).

woodie · November 30, 2020, 12:07pm

Thanks Martin, I understand the client setting and it makes total sense. What about the IP for the WAN on the Balance One Remote User screen attached? Same my pep.link address? Screen Shot 2020-11-30 at 3.05.32 PM

MartinLangmaid · November 30, 2020, 12:32pm

Ah yes I see. So you will likely have one link that you would prefer to use for remote user access normally - perhaps the highest bandwidth one, or the link you don’t use for other things (etc). Then if you are like me, you’ll want to be able to access the Balance using whichever WAN is available if you need to. So I would suggest you tick all your active WANs.

When you enable mypep.link DNS you actually get assigned multiple DNS entries.
If I set mine to ‘mydevice’ I would have the following:

wan1.mydevice.mypep.link (wan1 IP - assuming WAN1 is still called wan1 on the dashboard and has a public IP)
wan2.mydevice.mypep.link (wan 2 IP - as above)
mydevice.mypep.link (a single dns entry that lists all the available WAN IPs)
ic2-detected.mydevice.mypep.link (the IP currently being used by Peplink)

What I tend to do is select all WANs for remote access and then pick the one I want to use most and create two VPN profiles Primary and Backup on the remote devices. the primary uses wan1.mydevice.mypep.link and the backup uses wan2.mydevice.mypep.link

Or if the links are the same I would use mydevice.mypep.link which would round robin load balance (a the dns level) new inbound vpn sessions.

woodie · November 30, 2020, 12:48pm

Thanks Martin, my only concern is that I do not have any static IP’s - Comcast and AT&T change them periodically. If that would be Okay, I think I’m all set to try this out. If I can ping wan1.“mydevice”.mypep.link, it seems that will work?

Thanks again!

zegor_mjol · November 30, 2020, 1:50pm

As long as the IP addresses assigned to the WANs by Comcast and AT&T are routable (e.g., not 100.xxx.xxx.xxx) you should be fine - the mypep.link DNS entry will update automatically.

Cheers,

Z

woodie · November 30, 2020, 1:56pm

Wonderful, thanks so much Martin & Zegor.