Troubleshooting peplink connectivity

Ken_Langley · October 18, 2017, 6:08am

My devices are a max hd2 and a 1350. I have them on a bench connected via their wan ports. All other connections are disabled.

I have a router with one interface on 10.10.100.1 and max hd at 10.10.100.2. the 1350 is on another interface as 172.16.1.1 for the router and 172.16.1.2 for the 1350. all /24

Router has no other config other than interfaces

I can ping the devices from each other from the WAN. I have set up tunnels both ipsec and speed fusion and neither one will connect.
I have gone over every video and config guide I can find. How do I troubleshoot where the problem is?

I never get to authenticate

There is no info in logs on either device

Tim_S · October 18, 2017, 8:49am

Can you provide some kind of diagram showing how everything is connected?

Ken_Langley · October 18, 2017, 9:31am

peplinktestbed drawing.pdf (185.9 KB)

do you want the configs? If so do I need to change the file extension?

Tim_S · October 18, 2017, 9:54am

I suspect it is something to do with the Cisco router in between. TCP 32015 and UDP 4500 need to get through…

Ken_Langley · October 18, 2017, 10:08am

all ports are open any way you know to query the peplinks to see that

MartinLangmaid · October 18, 2017, 1:26pm

Simplify it - directly connect the b1350 and Hd2 WAN ports. Set static IPs on the WANs of both devices (from within the same arbitrary subnet), set healthcheck to ‘ping’ with a target of the other devices WAN IP.

Ken_Langley · October 19, 2017, 5:59am

So I set the health check to ping and pinged the other device as you said and it came up with router in place. So the does that make the ping the interesting traffic?

Or does the WAN have to pass a health check to attempt a connection

MartinLangmaid · October 19, 2017, 6:41am

For SpeedFusion/PepVPN to come up traffic needs to be routable on a healthy WAN so at least one WAN has to be green in the dashboard on both devices (therefore having successfully completed a health-check).

By directly connecting the WAN ports with a Ethernet cable you are removing all other variables. Once the VPN comes up when directly connected you know the VPN profile is configured properly. Then you can add in the CISCO router in between, change WAN IP addressing and see if it comes up then. If not it suggests the PepVPN traffic is being blocked.

If this is a test environment you could post some screenshots of your WAN and PepVPn profile settings from both devices in case there is anything obvious amiss we can spot in the config.

Ken_Langley · October 19, 2017, 5:08pm

the problem went away as soon as I pinged the distant end with the health check.

After that depoyed it it worked fine so I want to make a mgmt interface away from user traffic so I messed it up and couldn’t get in. I told it to only accept traffic from mgmt vlan but left the production ip in in it on the lan vlan . Anyways had to factory reset and no its broke again. Very frustrating clicking till it works not knowing if your changes are working. I wish there was a way to monitor the vpn negotiations like real routers. I can see my HD-max hitting the 1350 on port 32015 and then the FW says TCP fin meaning the 1350 isn’t doing anything. So now I pull it out and start over from the bench.