Unable to use star topology to create PepVPN between 3 routers

I am trying to setup a SpeedFusion PepVPN between 3 routers. I have done this with FusionHub as a hub, but I am having trouble when using 3 physical PepLink devices. And I am not sure if this is possible.

My use case is the following:

1x Max Transit (Site A)
1x Balance 20x (Site A)
1x SurfSoho (Site B)

The Balance and the Transit are both reachable under the same subnet of Site A and I can create a P2P VPN without trouble directly from InControl2
I can also create a P2P from the SurfSoho and the Balance 20x across sites without any problems.

Now I want to have all 3 devices in a star VPN topology where the Balance 20x is the hub.
Again setting up is straight forward from Incontrol2. In that configuration, the routers on Site A connects successfully.
But the Soho on Site B fails to connect (the handshake is successful) but I get the following error log from the SOHO.

conn_to_Balance20x failed to establish connection (remote ID or pre-shared key incorrect)

I am a bit at loss as to how I can fix this. I do not see anywhere I can set/change the remote ID or pre-shared key when using setting the VPN from Incontrol2.
All 3 routers are known to Incontrol2.

Thank you in advance for your help,

Hi Amir,

The site ID of the individual devices can be changed from the device details page. It shouldn’t be necessary except in very odd cases.

You can rekey the connections using the pepvpn management page as follows:

If you’re seeing issues still, raise a support ticket

1 Like

Hi James,
Thanks for the reply. I ended up creating a mesh network which didn’t have this problem, but after a closer look I think what happened is I had a IP address / subnet conflict with the router I used as hub.
So I will try reverting back to a star topology. If the problem happens again, I will rekey the connection as you describe.


Hi @JamesPep

I am still seeing the issue on the mesh topology also.
The SOHO router was connected to the other two just fine, then it lost connections and now it is stuck on starting...
I reset the PSKs, the other two routers re-cpnnected, but not the SOHO.
This appears to be the last trace I see from the SOHO

conn_to_MAX_TST: Initiated TLSv1.3 connection to [...] using cipher suite TLS_AES_256_GCM_SHA384

And there is not response from the MAX router.

I’d suggest you create a support ticket. There’s likely something unusual about your config/setup that is causing issues.

I just did.

Some more info on this. Instead of creating the VPN using IC2, I created the connection profile individually from the routers admin page and then linked them in a start topology. Again, all devices except the SOHO connected to the hub successfully. There is really nothing unusual about this setting.
The error is the same I initially reported failed to establish connection (remote ID or pre-shared key incorrect).

I triple check the remote ID (since I have created the profile from the routers) and everything is correct there.

Hopefully support will be able to look into this.

So I finally solved this issue. It turns out the SOHO IP address was changed and my port forwarding rules didn’t work anymore, so the router wasn’t able to initialize the PepVPN connection.
I also had to make sure the Local ID we exactly the same as the device Serial Number. Not sure why this is. I thought the Local ID could be any unique strings.

The fixes I mentioned only seems to work when I create the tunnels manually. I am unable to create them through IC2.
Tried pretty much everything I could think off, the only thing that works is creating tunnels one by one and using Serial number as the Local PepVPN ID. Nothing else seems to work.

PM me the ticket number