[Resolved] SpeedFusion Problem

Product Discussion Peplink Balance
1

Hi all,

I am having a rather specific problem with SpeedFusion VPN.
On one side I have 580 with 3wan links and on the other 380 with 2 wan links.
I am able to establish a SpeedFusion tunnel and from 580 side I am able to see hosth behind 380 but not vice versa.
From 380 I can’t see anything behind 580 or 580 itself.
I checked firewall and it’s all all allow on both devices and no static routes assigned.
Also if I establish a Layer 2 VPN via SpeedFusion all works good .
Only when I setup L3 VPN I am having theses problems.
Please help.

580 side 192.168.1.0/24
380 side 192.168.2.0/24

2

Can you ping the 580 or hosts behind it from the 380?

3

Thanks for a quick reply Tim,

no, I can not, just the other way around from 580 to 380 and behind it.

4

Are you pinging directly from the 380 web admin or a client device? Please use the 380 itself to do the pinging.

5

I was pinging from a host behind 380, which is the communication I need in this scenario.
Just tried it from 380 using speedfusion and it works. Pings are working with 580 and hosts behind it.
What can be blocking it on LAN side of 380? There are no firewalls in the equation.
When pinging from LAN side of 380 I get destination host unreachable.

6

What is the default gateway on the 380 LAN side?

7

dafault gateway on 380 LAN side is the 380 ip.
580 side 192.168.1.243 LAN address, and it is the gateway and DNS for LAN hosts
380 side 192.168.2.243 LAN address, and it is the gateway and DNS for LAN hosts

8

On the 580 side, please confirm none of the WAN IP addresses are 192.168.1.x

9

yes on the 580 side none of the WAN ip’s are in 192.168.1.x on they are 192.168.0.x, 192.168.12.x and 192.168.13.x
on the 380 side WAN ip’s are in ranges of 192.168.10.x and 192.168.11.x

10

Hello,

Thank you for all of the information that you have provided thus far. To better resolve this issue I would recommend creating a support ticket here: http://cs.peplink.com/contact/support/. Once created a technical support member will be able to take a closer look at the issue.

11

http://www.peplink.com/knowledgebase/system-requirement-for-speedfusion-configuration/
http://www.peplink.com/knowledgebase/configuring-speedfusion-behind-a-firewall/

I assume you have at least one modem using Dynamic DNS and are forwarding the correct ports to the Balance?

12

the situation with wan links is as follows

580 side

wan1 cable modem/router with static ip with NATed peplink in DMZ 10/1mbit
wan2 adsl router with dynamic ip and NATed peplink in DMZ 10/1mbit
wan3 wimax router with dynamic ip and NATed peplink in DMZ 5/2mbit

380 side

wan1 wiomax router with dynamic ip and NATed peplink in DMZ 5/2mbit
wan2 wimax router with dynamic ip and NATed peplink in DMZ 5/2mbit

no firewals are in place at the moment this is for demo and test.
also i was using links from knowledge base as a guide. I have opened a ticket.
I also noticed while troubleshooting that when i use iphone app to check the routers on 580 speedfusion i can see all the networks form 380 lan and wan and can access them
but on 380 side all i see in networks list is 192.168.1.137/32 and 192.168.138/32 from 580 side??!
it looks like 580 is advertising routes incorrectly via vpn.

13

After some more troubleshooting I was able to fix the problem and want to post it for the community.

After looking closely at all the settings I noticed I have wrong subnet mask on 580 LAN side.
It was 192.168.1.0/16 and since I changed it to /24 all problems went away and it works perfectly.
The 380 side was 192.168.2.0/24 and it was creating/advertising a weird routes and no connectivity from 380 side LAN.
It was left after Layer 2 VPN test and I didn’t correct it.
Thanks for the quick response.

14

Thanks for sharing the update, glad you got it working.