Two SpeedFusions in one site

Hi, Guys,

We are using B-380,

Just would like to know if I can create two separated PepVPN in a site, for example one PepVPN for internet lines, another PepVPN for leased lines in the same site ?

Thanks

Have a look at Sub Tunnels - would that work for your requirement?
[Edited to use correct link]

1 Like

Hi, Martin,

Our scenario is below:

2 internet links and 2 leased lines in Site A; and same links setup in Site B, so we want to set up a PepVPN for internet links ( for internet access and some non-mission traffic ); another PepVPN for mission critical traffic ( leased lines aggregation ); is that ok possible ?

Thanks

Yes, you can use sub-tunnels for this.

Sure. How do you want that to work? Is that Site B sending internet traffic over Speedfusion and out via Site A?

1 Like

Hi, Martin,

We just want to keep one Peplink SpeedFusion for the hot link failover of these leased lines aggregation, and the other SpeedFusion for internet links aggregation ( internet access, VPN, hot failover, etc ).

For example :

  1. SpeedfusionA-internet lines
  2. SpeedfusionB-leased lines

They are separate VPNs and carry different kinds of dedicated network traffic.

Any example configuration, thanks

  1. Create a new Speedfusion profile.
  2. Show the sub tunnel configuration
  3. set main tunnel to just use the WANs with the leased lines connected
  4. Add a sub tunnel, set it to use the WANs for internet access only
  5. Use outbound policies to set which traffic should use which tunnel.
1 Like

Hi, Martin,

Based on the updated firmware v8.0, B-380 could not create two separated Speedfusions ( due to the unique Remote ID) between two sites, is that correct ?

Yes.

You’re not creating two separate speedfusion Tunnels. You are creating one tunnel and then adding sub tunnels inside of the main tunnel.
Follow the sub tunnel link above to see how.

1 Like

For your suggestion, where to find the FusionHub configuration in B-380, thx ?

One of the ways to solve this scenario, is to configure both SpeedFusion and IPsecVPN for two separated Tunnels, and also defined the dedicated LAN subnets traffic in IPsecVPN.

But IPsecVPN does not support Multilinks bonding ( though it has such configuration ) ?

Apologies I used the wrong link above. Look at this link instead.

Personally I find this idea very messy and Speedfusion / PepVPN is superior to IPSEC in every way. You can do this with sub-tunnels - that is still my recommendation.

1 Like

Martin,

The new link may be helpful, let me check and study more, and update you, thx a lot.

Hi, Martin

This is what exactly I am seeking for, thx a lot.

But for this configuration, a default SpeedFusion tunnel must be established and include all available WAN links… correct ?

If yes, which configuration to control the traffic through this default SpeedFusion ?

1 Like

Hi Benson,

you can choose the WAN links in every Sub-Tunnel. Try it, it’s easy :wink:
You can use Outbound-Policies to control the Sub-Tunnels

Regards
Dennis

1 Like

Hi, Martin & Dennis,

Thanks so much for both you guys’ kind advice.

My last question is:

  1. PepVPN traffic can not be controlled by destination IP ? or how to achieve this configuration ?

    PepVPN: Source IP -----> PepVPN traffic → Destination IP
    ( SiteA: 192.168.1.0/24 ) ----- > (SiteB: 172.168.10.0 /24 )

Many thanks

Yes it can.
Have a look at this: Understanding and Configuring Outbound Policy

When a PepVPN tunnel is up, each end advertises known subnets to the other, so you typically don’t need to add destination routes (because they have been learnt already). If however you want to get to a distant hop then you might so in the case of:

SiteA 192.168.50.0/24 Site B 192.168.1.0/24 WAN <3rd party Layer 3 network with its own dynamic routing table> Site C 10.10.1.0/24

You would add an outbound policy to Site A sending all traffic for 10.10.1.0/24 via the PepVPN.

1 Like

Hi, Martin,

For my case ( no Site C ):

SiteA (learned by SpeedFusion)::
192.168.1.0 /24
192.168.10.0 /24

SiteB ( learned by SpeedFusion):
172.168.2.0 /24
172.168.20.0 /24

It works only for the following configuration:
Source: Any
Destination: PepVPN Profile, Tunnel2
Protocol: ……
Algorithm: Enforced
Enforced Connection: VPN: Tunnel 2

My configuration is as below:
Source: Any
Destination: IP network, 172.168.20.0 /24
Protocol: Any
Algorithm: Enforced,
Enforced Connection: VPN: Tunnel 2

It does not work, any issue ?

Thx

And is the aim to send all traffic down one of the tunnels in a multi tunnel config between site a and site b?
Since you’re manipulating pepvpn traffic you need to have the outbound policy above the expert mode bar:

You’d need outbound policies on both ends so that traffic being sent in either direction between the routers uses the correct sub tunnel.

1 Like

Hi, Martin & Dennis,

Great, it is definitely the answer we found.

1 Like