Soho VPN newbie question

I recently updated my Surf-Soho to the B-One. Since I spend almost half the year in Indonesia, with my residence having broadband fiber internet service, I have the idea to take the Surf to Bali and VPN it to my B-One at my USA residence so I can access my devices.

I see with interest that SpeedFusion is advertised to be a “Long-Distance Ethernet Cable” and "allows a secure and seamless Ethernet tunnel over any IP connection (Layer 2 over Layer 3). It virtually provides a long-distance Ethernet cable over any WAN link.”

But it is not exactly clear what I need to do to set this up. Am I correct that I need a static IP on one of my Soho hosts? If so, i assume the USA residence would be the best one for that. I see what your device and the InControl makes you do to create one, but after that, what do you do with the clients and devices. There is no documentation on routing tables or gateway addresses that gets offered by the Peplink devices. Or do I just configure the SpeedFusion devices and let them bridge away like the bridges from the olden days. I have a lot of experience with setting up routes and other network credentials ( /etc/network on linux ) but just want some guides as to whether they are necessary, and where you find the network credentials in the SpeedFusion configuration.

I know you have a lot of services with SpeedFusion. But I just need the long-distance ethernet cable.

If your US device can have a public IP (or ports forwarded to it from a device in front of it with a public IP), then you can set up a PepVPN connection between the two locations.

Once the pepVPN is up, you can set an outbound policy on your indonesia router to forward some devices / traffic types via the tunnel so they break out in the US.

If you can’t get a public IP, you can use Speedfusion Cloud Relay to relay traffic from indonesia to the US.

I understand that internet traffic leaving indonesia is shaped / metered, so it will be interesting to see how well it works for you. I suspect you will want most traffic to break out locally and only some to go via the US which is why I am suggesting this approach rather than a Layer 2 approach which would see a port on your Indonesia router behave and act like a port on your US router just as if there was a long distance ethernet cable connecting then both together.

I have an old video here that explains the L2 bit

SpeedFusion Relay demo video here:

PepVPN Video here:


Thanks Martin, that will give me a lot to go on. I think I will try the FusionHub Solo with Vultr to get the static public IP and see you already have a video on that too.

I had been considering the Speedfusion Cloud Relay. I would have had the Peplink device stay in the USA and my non-Peplink router, and Relay would be in Indonesia. This was opposite from where Peplink’s diagrams placed them. While I would assume that wouldn’t matter, without seeing it work the that way, I was not 100% sure it would work. I also felt my money was better spent on the new B-One router for my main residence.

As for the Indonesian internet traffic, I had already been sending large audio files via SSH with Tailscale back and forth, that seemed to go ok. One problem, when my American cell carrier sends SMS short code texts, they don’t always make it in a timely fashion, which makes a lot of 2FA authentication with my banks inoperative, or at least requiring me to use their desktop access and not their mobile apps. T-mobile blamed it on Indonesia’s internet policies. Could be, but could be something else.

Thanks again for your help

Ok, I was trying to get the SpeedFusion Connect Relay Mode / Home Sharing going. For the Server router, there was no problem following the configuration guide. But for the Client side, the tab is called SpeedFusion Connect Protect but there is no option for Choose Cloud Location. There is one to Get your activation key now. The other options are empty or not relevant.

On the Server router, since the hardware is new I got the introductory 500GB quota. The other router is a old SURF SOHO and has none. It is not clear what SFC quota is required to set up this service.