I recently worked with a customer and Peplink support on a case where remote access was required, but rather than just using port forwarding to access the devices using the AWS public IP, the user wanted to connect over L2TP VPN. We accomplished this by adding a DHCP range to the router, port forwarding on both the FusionHub and our Balance router, as well as adding the necessary ports on AWS to allow communication to pass through to our local devices.
Here are the steps:
- Go through the same SpeedFusion with FusionHub on AWS (Amazon Web Services) setup as normal (refer to the guide: https://forum.peplink.com/t/deploying-peplink-fusionhub-at-aws-marketplace/28571/1).
- When at the Security Groups section: Add ports to the security group that are needing to be passed through the VPN connection. NOTE: UDP port 32015 can be used when the remote access server is already using UDP 4500 for L2TP with IPsec. We have also seen it used when FusionHub is behind a NAT. We also needed to open ports ESP 50 and TCP 2222 for additional access, but this may NOT be necessary for all users.
THE NEXT STEPS, 3-5 ARE OPTIONAL – Creating a LAN is NOT necessary at this time.
- Go into the VPC section
- click Action at the top. Select Edit CIDRs to add a new one. This is needed for creating your subnet.
- Create the subnet using the CIDR you created
-
Create a Network Interface, using the subnet you created, and Attach to the instance
-
Log into the FusionHub web admin
-
Confirm the following configuration for your LAN and WAN: see screenshots below
-
LAN set to DHCP
-
WAN set to DHCP with Routing Mode at NAT (leave other settings default)
-
-
Go to DHCP server and** **configure it to match the subnet/ LAN you created on AWS - OR - if you did not create a LAN, you can create a range to use here.
-
Set up port forwarding as needed_ _
-
If desired, set up the Remote User Access for VPN using the public IP from AWS as your connection IP. See VPN configuration example below.