Speed Fusion AES-256 Parameters?

#1

I am setting up two point to point Peplink Balance 380’s that use two WAN links teamed together. I want the AES 256 encryption and have that enabled but to what parameters? I see the Separate IPSec point to point settings configuration where I can specify IKEV-2, SHA256, AES256, PFS, Group21 etc Are those IPSec settings applied to the Speed Fusion link? I ask because we have a requirement for AES-256 but configured in a specific way that I can document with specific values as implied above.

G-admin

#2

Hello G-admin,

Welcome to the forums!

SpeedFusion does use AES-256 encryption out of the box and can allow for bonding the two WAN connections together. If one WAN goes down, you’ll only lose that single WAN connection but traffic can still be sent through the tunnel without interruption. If it’s possible, I would recommend using SpeedFusion between the two 380s.

1 Like
#3

Yes I currently have the two 380’s connected through a Linktropy 8500 to simulate the WAN links with AES 256 which I see when I Wireshark the data. But how is that AES 256 configured? I want to use IKEV-2, SHA 256 or higher, Group 20 or 21 and Perfect Forward Secrecy are those values from the IPsec configuration applied to the SpeedFusion link or do I have to create an IPsec tunnel using those values that is then tunneled into the SpeedFusion AES 256 tunnel?

#4

@G-admin

PepVPN/SpeedFusion is the patented enterprise VPNs technology for Peplink. The VPN communication flow is different compare to traditional IPSEC VPN solutions.

To better answer your question, would you able to share us the intention for the test ? Are you trying to verifying the security for PepVPN/SpeedFusion ?

1 Like
#6

No the IPSEC profile settings are not applied to the SpeedFusion VPN profile. with SpeedFusion VPN encryption is either enabled (at 256bit AES) or it isn’t. @psung might have more to say about this.

#7

We intentionally make crypto simple for PepVPN as we don’t need to provide cross vendor compatibility like we need for IPsec. The things you mentioned are already baked into our protocols as long as you have a profile with encryption enabled with a PSK provided.

Now that’s not to say that there won’t be other choice in the future as we are constantly evaluating new or improved algorithms and implementations that could provide more security and even better, improve performance.

5 Likes
#8

Thank you for your answers they have been very helpful! So I take it that the IPsec option is for connections to 3rd party devices or “Non-SpeedFusion” links.