SpeedFusion VPN - Can't see devices either direction


#1

First off I just want to say, in no way am I an network “guru”. But, after days of searching the internet, I still can’t find an answer.
We have an established Speedfusion VPN with our branch office and I can reach the PEPLINK from our HQ. But, that’s it. I can’t see or ping any devices from either direction besides the peplinks. Is there something I’m missing? All the tutorials I’ve been seeing don’t go into any detail after the VPN has been established. Are there access rules or static routes that need to be set to be able to reach the devices on each others networks?

Any help is GREATLY appreciated.

SETUP:

Headquarters: Balance 380 192.168.100.X /24
Branch Office: Balance 210 192.168.0.X /24
No firewalls in place at this time.
Both offices have 2 static WANs


#2

Is the Balance 210 the only internet router at the remote site? Is it assigning the remote devices at that location DHCP IP addresses?

Normally when I hear about this kind of situation, the remote devices aren’t using the remote peplink as their gateway so traffic can’t route back to the HQ location.


#3

Hey Martin,
Thanks for the reply. Last night when I was working on it, I turned off DHCP on the 210 hoping that the devices would see the 380 handing out the DHCP leases. But, it wasn’t happening. So, I turned the DHCP on for now so the people could work over there. Should I try setting a static over there to use the 380 as the default gateway to see if it works?


#4

So if you have this:

HQ LAN (clients 192.168.100.x/24) -> B380(192.168.100.1) -> Internet <- B210(192.168.1.1) <- Remote LAN ( Clients 192.168.1.x/24)

And you have set up a typical Layer 3 SpeedFusion VPN (so no NAT checked in the profile and no layer 2 configured), then each Balance learns about the LAN subnets at the other location automatically using OSPF (the B380 tells the B210 what LAN IP range it has and vice versa).

That means that network settings of the LAN clients at either location stay the same and when they want to route traffic to the other site, they pass that to their default gateway (the Balance in each case) and it forwards traffic for the remote site over SpeedFusion VPN (since it knows the IP address range that exists at the remote site from OSPF).

In short - it should just work.

Do an IPconfig on a device at both locations and check that in each instance the default gateway is set to be the Balance local to that device at the same site.


#5

Thank you! I turned off NAT mode and I can now at least ping a few addresses over there. Should I set their DNS to come to our domain controller? Is there a setting in the Peplink to do this? Or what is the recommendation with this? They originally weren’t on our domain, but, I would LOVE to add them to it.


#6

Glad you worked it out!

Now that you’ve got routing working you can evaluate your options for active directory. Nothing to stop you from authenticating your remote PCs over VPN to your HQ AD. Withour knowing your AD topology / user profile storage setup I would suggest you try it on one or two machines and monitor bandwidth use and user experience before rolling them all out.

No much you can do on the remote balance to assist apart from setting the DNS servers assigned in DHCP to be your AD DNS perhaps.