Is the connection between my Balance 20X and the Speedfusion Cloud server encrypted?
No it is not as it’s a public internet connection and the focus of the SpeedFusion connection is speed.
Naturally your traffic over that SpeedFusion Cloud routed public internet connection can be encrypted (VPN / SSL / TLS etc)
My interpretation of Page 3 of http://download.peplink.com/resources/whitepaper-speedfusion-and-best-practices-2019.pdf is that the SyncFusion traffic is encrypted using a mix of public key (for key exhange) and symmetric key (for data) cryptography.
Is there a link that shows no encryption is in fact done?
That is correct when encryption is enabled on SpeedFusion VPN (but is in fact optional also).
The OP was asking about SpeedFusion Cloud. I don’t believe this has encryption enabled.
Yes, my question was about SpeedFusion Cloud, not SpeedFusion VPN, and I was asking if the traffic between the router and the cloud server was encrypted.
@MartinLangmaid is correct. The purpose of SpeedFusion Cloud is to provide an unbreaking connection and bonding the existing WAN links. No encryption for SpeedFusion Cloud at the moment. We are looking into the encryption in the future firmware release.
@TK_Liew If I may make a suggestion, perhaps this aspect can be highlighted in the SFC documentation?
My understanding was that SFC is simply the fully-managed version of SF which is hosted by Peplink (thus eliminating the self-hosting requirement). My assumption, incorrect as it turns out, was that the features of the 2 variants are on-par.
@TK_Liew Further to my previous message, what do the log entries below mean? Is this encryption for SFC control channel negotiation?
@Vitaly this is a SpeedFusion handshake security information (TCP 32015). SpeedFusion handshake is using TLS v1.3 now.