Try to understand PepVPN encryption - Is it always needed?

Hi,

in a scenario where you have connections in a star-topology with a FusionHub between different peers, i understand that it is important to encrypt the PepVPN so non unencrypted connection like a normal HTTP or so between the peers is exploid on the internet to others.

But, on start-topology with a FusionHub without traffic between the peers - just using the FusionHub for the internet breakout, is there a need to activate the PepVPN encryption?
Client connections via HTTPS for example, these are end-to-end encrypted connections right? So, even if they travel over a Multi-WAN PepVPN unencrypted connection, the content is still encrypted right? It sticks together on the FusionHub site and travels to the end destination of the link via the internet.
Non encrypted connections from clients like normal HTTP requests or so are not encrypted and so also the packets on a Multi-WAN PepVPN are not encrypted.

But if you just wanna use a scenario with a FusionHub to get all the SpeedFusion benefits, an encrypted VPN is not really needed? Unless you wanna encrypt unencrypted traffic from office2office for example.

Am i right? Or do i miss something here?

Thank you, best regards Martin.

No. No need at all.

You’re right.

There are occasions where I might turn on encryption even for ‘just internet’ access, but this is usually just for enhanced privacy.

I did a job a while ago for a military unit that wanted to operate covertly in one country have an encrypted VPN back to a another neutral country - then do a final hop back to their home country all so the host country they were in wouldn’t guess that they were there and doing whatever they were doing.

Internet access to facebook and twitter that is already end to end encrypted doesn’t benefit from additional encryption in general.

2 Likes

Thanks for your answer!

Do we know when the “8.1.1” fw for FusionHub will be available to overcome the packet fragmentation bug when using unencrypted VPN connections?

Although it is not required, you must then understand that the unencrypted PEPvpn system is not part of your security perimeter.

If you use a B20->FusionHub->internet
--------------- B20----^

You can’t trust the traffic between your PEPlink routers relayed via the Fusionhub, and that you would have to implement Firewall rules on the “Internal” network rules to block rogue traffic from the person who has compromised your pepVPN.

So just like Inbound firewall rules should be set to Deny by default, the Internal Firewall rules should also be default “deny”, with only rules for your outbound Pepvpn traffic.

1 Like

Thx, haven’t thought about that!