Peplink MAX BR2 Pro
4 WAN connections.
I have a work/home laptop that I want work stuff like Outlook, Teams, and slack to go over the SpeedFusion Connect VPN tunnel but not things like Youtube, Facebook, and Steam.
I have created some outbound policies for Facebook and so on but they are not working as expected. I still have some traffic going over the VPN when it shouldn’t.
TCP 192.168.50.55:59695 31.13.93.11:443 SSL/Facebook SFC 00:00:03
Also some youtube and Steam stuff too.
I have the policies above the VPN, but some still make it though??
How do I get some traffic not to go to the VPN?
I haven’t had much success with the domain name routing personally. ymmv. I have had much better luck with ports and port ranges. It is a cumbersome process of trial and error sometimes - but, it is definitely possible to do.
I think you want your routes below the PepVPN/OSPF/BGP/RipV2, but it may not matter. I honestly don’t know what the use case of the “Expert Mode” is. I was going to post a forum question at one time, but I never got around to it.
I don’t know that anyone will provide you the exact rules you need, but here are some pointers I have learned. I mean no offense to your level of expertise with networking protocols. I am not an expert, but I have fumbled in the dark enough to know a few things that may help ya.
First, be patient. Peplink does not move established connections because of a route change. Many connections use keep-alive packets - which keep sessions alive. Once a session is created, Peplink will keep it on the link it was created on. The only thing you are routing is the first packet in the conversation, the subsequent packets all follow where the first was sent. Some services and sites do not properly close TCP sessions – so, you have to wait for them to timeout.
I have found that you can use the Active Sessions page to determine when your session is really done. Any new session created will follow the new route from your change.
Close facebook, Outlook, Teams, etc.
Start facebook, Outlook, Teams, etc - verify it goes out the right path. Active Sessions pages
Wait for your session to be removed due to 60 seconds of inactivity (verify with Active Sessions)
Start facebook, Outlook, Teams, etc - verify it goes out the right path (with Active Sessions)
As a long shot option…On the speedFusion Connect page, there is the option to “Optimize Cloud Application” - if you click on it, you can select from a list of “known” services. 50/50 shot if the flavor of Teams and Outlook you use are in the list. I think this is using a local “Deep Packet Inspection” for the things Peplink feels most confident it can identify reliably for everyone.
Good luck buddy!
Your setup is correct. Open a ticket. I have the same problem. I opened a ticket and moved the order of the rules which seemed to solve it - however next day problem returned. Now that I have time again I intend to reopen my ticket.
