Route SpeedFusion Cloud connection to OpenVPN

Hi, I’m trying to accomplish the following in order to have the best of both worlds when streaming video using my Max Transit Duo.

  1. Use the bonding capability of SpeedFusion Cloud to create a robust and fast connection to the internet and to streaming providers.

  2. Route that connection to a VPN provider like ExpressVPN that can hide the IP of the Fusion Cloud server

Basically the connection should be:

My LAN > SpeedFusion Cloud > OpenVPN > Streaming Service

I’ve been scratching my head trying to set this up but it’s obviously out of my league here. I don’t even know if this is even possible. Any help will be appreciated.


You could do this:

Streaming PC [OpenVPN Software Client] > (Via SFC) > OpenVPN Service > Streaming Service.

But any device that needs to use OpenVPN would need to have an OpenVPN client running.

The other way to do this is to host your own FusionHub in the Cloud to provide SpeedFusion, then host a virtual firewall appliance (that connects to the OpenVPN service) beside that FusionHub and route all internet traffic via SpeedFusion then via the Firewall.

so: LAN > SpeedFusion > Fusionhub > Firewall > OpenVPN Service > Streaming server.

Hi Martin. Thanks for the suggestion. Having a client on each device is a no-go as I want to to be able to route all traffic through the OpenVPN tunnel. Most of the streaming clients are not PC’s, they are Apple TV, Roku, and some other. None of which can natively run a VPN client.

The second solution is an interesting one and is the one I was trying to avoid. I did play with hosting my own SpeedFusion server and although it worked, I find that using SpeedFusion Cloud would make my life easier moving forward. Also, the virtual firewall appliance and routing sounds intimidating to me.

But this is a great idea and I guess I’ll take a whole 8-hours to test and troubleshoot. So there goes my Sunday!

Anyway, thanks for the suggestion and I’ll come back after I finish and report my results.

Ha! Let me know if I can help. I really ought to put together a tutorial for this as it keeps on coming up.

From a firewall perspective I would recommend or untangle (the free edition) Video tutorial here about setting up a tunnel vpn


Hi @MartinLangmaid. I’m looking to do something similar and am in the process of getting things setup. Before I get too far along in getting this off the ground, I was wondering if you could help explain the FusionHub → Firewall piece.

When I’m in FusionHub (FusionHub Solo specifically), which is running on Vultr, I can’t find any option where I’d be able to forward all traffic with “FusionHub > Firewall” in your example (LAN > SpeedFusion > Fusionhub > Firewall > OpenVPN Service > Streaming server).

What am I missing here?

I do already of Relay Mode and a private PepVPN tunnel setup between a BR2 Pro and Balance 20x, just looking for other other options where Public IPs on both sides are limited. So, I have working solutions, but this one would give me more granular control with outbound policies on the remote side where I can’t access certain WANs with the private PepVPN tunnel.

Hi Keith, you will need to make sure you have added the private network interface to your vultr VM. The firewall vm will also need its WAN and the same private network added. Then you give the private LAN interfaces IPs so they can talk to each other and you will be able to tick the send all vpn to LAN checkbox and put in the firewall LAN IP ( in this case below…)

Thanks, @MartinLangmaid. Unfortunately I don’t have a “Lan” section under interfaces. I only see Wan, Static Route and DHCP Server. Is that a screenshot of a FusionHub Solo instance or enterprise? Perhaps Solo doesn’t allow this.

You’ll need to add the private network in vultr control panel, then reboot FusionHub and the LAN virtual interface will pop up.

That did it! I created the VPC but didn’t go through the steps to tie it to the machine specifically. Still learning Vultr and Peplink. Thank you!

1 Like

Hi @MartinLangmaid, I’ve made a lot of progress so far, but seem to be stuck at a point where I can’t import the opvn file generated by Peplink. I went with NG Firewall to start. After getting it running, I tried to import the ovpn file only to encounter a java exception.

After further research and testing, I see that NG Firewall wants a zip file with the ovpn file, config file, two crt files and a key file. I found a forum that helps explain how to separate it into the required files, but it doesn’t seem all the pieces I need are included in the Peplinks ovpn file.

Do you have any advice on this? I’ll keep trying different combinations, but you’ve been quite helpful thus far so hope you don’t mind me reaching out again.

The OpenVPN App wasn’t what I needed on the NG Firewall appliance. Looks like I needed to use TunnelVPN App which accepted the ovpn file and was able to establish the tunnel. I have connectivity between both sites, but still working through some kinks which seem to be related to subnet masking. Thanks again for your help!

Hi @MartinLangmaid , unfortunately I’m stuck once again. I had to put this project aside since my last post in July so haven’t had a chance to really keep plugging away at this until recently.

I am seeing traffic making it all the way to the remote endpoint after applying all the settings you’ve been kind enough to help me with. When I look at “Active Sessions” on the remote Balance, I can see traffic from my BR2 on the 20X.

To recap, the route is Device → BR2 → Outbound Policy to FusionHub Solo → NG Firewall → OpenVPN (Via their Tunnel VPN App) → Balance 20X.

What I can’t figure out is why the connections get stuck on “DNS” and the local device isn’t getting traffic back from the remote site.

Any ideas?