In addition to the current built-in VPN options, requesting an option to add Tailscale as a native option, or provide CLI functionality to add it manually.
Case use: For those of us who only have CGNAT as our home Internet connections - When traveling, instead of requiring each device to connect to the Tailscale VPN manually, the router automatically provides a Tailscale VPN connection, transparently offering that connection to all devices.
In particular:
AppleTV - (no VPN options available natively)
Remote System Monitoring/Administration
Remote Camera access
Tailscale installation on a router level can be accomplished quite easily with Open Source solutions (e.g. OpenWRT) - would prefer to reduce adding yet another router in the mix for this solution.
i do this today with their OpenVPN license, and route all media players over it’s connection (I use torguard with streaming option fwiw), I can forward ports too, but I don’t now that i have static IP with t-mobile business internet unlimited, I use their inseego 3000 5g. No SA with static ip, but my ping is sub ~23ms
“ It aims to be lighter and better performing than IPsec and OpenVPN, two common tunneling protocols.”
It’s what I meant by more efficient.
I have tested numerous routers with tiny SoCs running WireGuard and OpenVPN, and every time, I achieved significantly higher throughput with WireGuard.
Wireguard-backed VPN environments (such as Tailscale, Headscale, etc.) are rapidly becoming commonplace in both homelab-style environments and enterprise environments. It’s lightweight, faster (mainly by less overhead), and native to linux kernels. IPSec has high overhead and requires significant CPU resources to use. OpenVPN is great, but it’s not near as lightweight (re: codebase), only slightly slower, and supports additional cryptography protocols (both good and bad). There’s no reason to argue against something that’s newer because there’s “other things that will do the same thing” as this is the same argument IPv6 deniers use to delay migrations of their IP space
If Peplink wants to continue being ahead of the curve against direct competitors, it needs to maintain a competitive advantage by offering features that users want and/or need. I feel that we’re already just slightly behind the curve in some respects (wifi 6e, though not a big deal, and full IPv6 support, a pretty big deal).
@Captain_Nik asked why we would use it over the existing infrastructure and for me personally, we use Tailscale quite a bit across dozens of customer environments. So much so that we actually use a Raspberry Pi at a lot of locations to build the tunnels since the Peplinks cannot support. As I said, wireguard is already a part of linux and, while I’m not writing Peplink’s software, it’s not going to require a complete rewrite of the device firmware to support. Due to Wireguard’s nature we could already support it on docker-capable devices today if host networking was permitted by Peplink for those containers.
At the Peplink summit in Savannah the Wireguard conversation came up to what I felt was a pretty dismissive set of responses, despite several of the attendees genuinely interested in Wireguard support. While I can respect everyone has use cases and needs and, as network engineers, we ALL have biases and think “product X is garbage,” just remember that we all have to deal with this when we pitch Peplink products to engineers who haven’t heard of it before, or who just assume “it’s some random brand that doesn’t do anything different than my Cisco/Juniper/Aruba kit.” It’s hard as Peplink sellers to have to fight against an ingrained set of opinions when you know that your product (Peplink, in this case) can solve the client’s needs better at a lower price point.
There are various VPN protocols, each with its pros and cons. Among them, WireGuard is probably my favourite, aside from Peplink’s own implementation
At Peplink, our primary focus is on reliability. Peplink’s VPN implementation, which operates in the Linux kernel, offers advanced packet handling capabilities to create a more stable and robust connection. Therefore, comparing Peplink VPN to WireGuard is somewhat like comparing apples to oranges.
However, there are cases where our partners and clients require 3rd party VPN solutions. For example, we developed a special build that allowed OpenVPN to run as a docker on the BR2 Pro 5G, with all traffic routed through SpeedFusion. This was for a public safety application where an open-source VPN protocol was required by government regulations, while SpeedFusion was needed for bonding multiple WAN connections to ensure reliable connectivity.
We are always open to discussions on how we can further enhance and improve SpeedFusion which we continsiouly do for almost 20 years