Is the connection between my Balance 20X and the Speedfusion Cloud server encrypted?
2 Likes
No it is not as it’s a public internet connection and the focus of the SpeedFusion connection is speed.
Naturally your traffic over that SpeedFusion Cloud routed public internet connection can be encrypted (VPN / SSL / TLS etc)
1 Like
That’s interesting.
My interpretation of Page 3 of http://download.peplink.com/resources/whitepaper-speedfusion-and-best-practices-2019.pdf is that the SyncFusion traffic is encrypted using a mix of public key (for key exhange) and symmetric key (for data) cryptography.
Is there a link that shows no encryption is in fact done?
That is correct when encryption is enabled on SpeedFusion VPN (but is in fact optional also).
The OP was asking about SpeedFusion Cloud. I don’t believe this has encryption enabled.
1 Like
Yes, my question was about SpeedFusion Cloud, not SpeedFusion VPN, and I was asking if the traffic between the router and the cloud server was encrypted.
@MartinLangmaid is correct. The purpose of SpeedFusion Cloud is to provide an unbreaking connection and bonding the existing WAN links. No encryption for SpeedFusion Cloud at the moment. We are looking into the encryption in the future firmware release.
1 Like
@TK_Liew If I may make a suggestion, perhaps this aspect can be highlighted in the SFC documentation?
My understanding was that SFC is simply the fully-managed version of SF which is hosted by Peplink (thus eliminating the self-hosting requirement). My assumption, incorrect as it turns out, was that the features of the 2 variants are on-par.
1 Like
@TK_Liew Further to my previous message, what do the log entries below mean? Is this encryption for SFC control channel negotiation?
@Vitaly this is a SpeedFusion handshake security information (TCP 32015). SpeedFusion handshake is using TLS v1.3 now.
2 Likes
Could you please tell us when the encryption feature would be supported in the future firmware?? Thank you.
Its not a firmware issue - encryption is available when using SpeedFusion with your own devices / FusionHub. Its a service decision not to encrypt SpeedFusion Cloud connections to improve speed to that (public) service.
I doubt there are plans to support encryption on the SpeedFusion Cloud service as there are no immediately obvious benefits for doing so.
2 Likes
I’d add on to Martin’s comment that the very nature of using a public cloud like speedfusion cloud , you are already going through a public endpoint. If you want to encrypt it I would setup your own fusionhub solo or work with a peplink partner that has capacity in one of their datacenters to host a speedfusion tunnel.
3 Likes
I am using Speedfusion cloud with a Balance one (no bonding licence needed as written above).
When I would upgrade to Balance Two, do I need a bonding licence then to continue using SFC?
Do I then need a bonding licence for a Balance one or Balance Two, when I attach to a Peplink partner’s data center instead of Speedfusion cloud?
No. SFC does require a license, as you know, but the SFC “connection” made be made via single WAN at a time e.g., PerpVPN. One WAN can fail-over to the other.
Not necessarily. If you want to use SpeedFusion a license is required but all of these devices are capable of PepVPN – right out of the box. You could go either way on this – depends on your requirements. Also see @mldowling’s recent post regarding the latter – Peplink | Pepwave - Forum .
1 Like
Hello Rick-DC,
thanks! Yes we have the SFC volume licence on our Balance One and are using Hot-Failover as well as FEC to SFC.
So you mean, I can use Speefusion bonding to my Peplink Partners Datacenter (Fusion HUb or Peplink Partner’s Peplink Devices) without extra bonding licence?
Or is then only a standard PepVPN-line possible (no Speedfusion improvements)?
Not exactly. Between a Balance One or Two and a Partner’s data center you will need a SF license if you want to use SF. It will do PepVPN “out of the box” with no additional licenses.