Troubleshooting Speedfusion connectivity


#1

Dear Support,

Can you please advice us on how to troubleshoot Speedfusion connectivity problems?

Thanks,

Charris Lappas


#2

Hi Charris,

Could you please elaborate more specific on your request, as in which area of connectivity problems? Is it related to SpeedFusion Link Failure Detection, or other layer 1 or layer 2 issues?

We would need more details in order to provide the appropriate response.

Thanks and regard.


#3

Hi WeiMing,

We are interested to troubleshoot issues during the creation of the speedfusion, problems like a) Incorrect Remote IP address of the other site, B) Incorrect Remote ID or pre-shared key.

Thanks,

Charris Lappas


#4

Hi Charris,

Before deployment

  • Ensure either site has public IP.
  • Ensure port Tcp32015 and Udp4500 are open.
  • Please ensure WAN IPs for both units are reachable. You my go System > Ping to confirm this.

After SpeedFusion/PepVPN was configured
You will noticed stages below once you have configured SpeedFusion/PepVPN profile:

  1. Starting… - VPN engine knows about this profile, and either waiting for client to connect, or trying to connect to the remote peer.
  2. Authenticating… - You might not be able to see this state because it should normally be short-lived. However, if you are stuck at this state, that means you have some authentication error, check PSK/X.509/ Remote ID setting settings. TCP 32015 is used on this state.
  3. Creating Tunnel… - This is after authentication is successful. VPN tunnel is creating in this stage. If you are stuck at this state, that means no tunnels are connected (L3 speedfusion) or there is something wrong with bridging the VPN interface (for Layer 2 Speedfusion).
  4. Updating Routes… - (Layer 3 only) Once one or more tunnel is health check OK, we can proceeds to exchange routes. If you are stuck at this state, you most likely need to first check for route conflicts between peers, including WAN IPs.
  5. Established. - Speedfusion is connected.

#5

I am running V6.3.0 and was using a guide on setting up L2 Speedfusion. It has been stuck at starting… and refuses to go to the next step. I can ping IPs on the internet but can not ping each other. I can also ping these modems from my office corporate connection. Could this be a carrier issue?


#6

Hello @jruiz,
You may have already checked though it is worth another look at your connections between your Peplink/MAX routers and the outward bound network connections that they are not blocking the required Port#s, this includes checking with your ISP/Carrier, many ISPs/Carriers block higher level ports now in an attempt reduce the usage of P2P transfers (such as bit torrent transfers).

Also we highly recomed that you upgrade the Peplink/MAX devices to the latest firmware also.

In addition please let us know if you are using InControl2 to build & manage your SpeedFusion or settiing it up directly on your devices, we recommend building SpeedFusion using InControl2 over doing it directly within the devices especially for first timers

See how you go with this and let us know.
Happy to Help,
Marcus :slight_smile:


#7

@mldowling
My devices had sequential static IP’s and one had the other’s IP as a gateway. I could ping any public IP but could not ping one another. I ran a quick trace route (from one to the other) and saw that only one modem was actually getting out to the internet. The other one was not even getting to the first router - this is the one that had the other’s IP set as its gateway. Apparently these devices calculate their own network and gateway from the provided carrier IP address. The fix for this is to change the Subnet Selection to Force/31 Subnet in the WAN connection Settings tab. I had help from our vendor on this issue, and he said it was fairly common when getting sequential IP’s. Hope this make sense.


#8

Hello @jruiz,
That’s great news and good to know about too.
You are welcome to give credit to your vendor here for getting you sorted, who are they?
Happy to Help,
Marcus :slight_smile:


#9

@mldowling
Our wirelss modem vendor is Industrial Networking Solutions form Addison, TX. They were the ones that actually recommended this modem for this purpose.

I’m having another weird issues with the L2 tunnel, that I just emailed them about. I was running the VPN in untagged mode and some devices were just not wanting to work. After some Wireshark captures I saw that the tunnel was adding a VLAN 0 tag with a priority of 0 to the packets. Some devices do not like that and will not acknowledge the ARP request/reply or pings. I searched this site and could not find anyone with a similiar problem, or maybe I just wasn’t searching for the right key words.

Thanks,
Juan


#10

@jruiz Found you had opened a support ticket for the same issue.

I would suggest the following:

  1. Make sure the VLAN0 is not added by the switch that direct connect to the Peplink/MAX devices (If there is a switch involved for the deployment)

  2. Please upgrade the device using the latest firmware to isolate the old firmware 6.3.0 issue.

You can download the latest firmware by using the following URL:

After upgrade the device using latest firmware and you still found the issue, please continue work on the created ticket.


#11

My devices are a max hd2 and a 1350. I have them on a bench connected via their wan ports. All other connections are disabled.

I have a router with one interface on 10.10.100.1 and max hd at 10.10.100.2. the 1350 is on another interface as 172.16.1.1 for the router and 172.16.1.2 for the 1350. all /24

Router has no other config other than interfaces

I can ping the devices from each other from the WAN. I have set up tunnels both ipsec and speed fusion and neither one will connect.
I have gone over every video and config guide I can find. How do I troubleshoot where the problem is?

I never get to authenticate

There is no info in logs on either device