Understanding FusionHub Solo remote user access as VPN

rvcoders · June 26, 2021, 1:27pm

Hi everyone,

I’m trying to understand if my use case is possible. I’m hoping to bond two Internet connections using Speedfusion to a FusionHub Solo server. I’d then like to be able to VPN into the FusionHub Solo server, and be able to access servers and devices behind the Speedfusion tunnel. That way, if one of the two links is down, I don’t need to “guess” which IP address to VPN into. Here is a sketch of what I want:

So thus far, I’ve successfully set up FusionHub Solo, the “remote user access” VPN on the FusionHub, and the Speedfusion tunnel. But, when I connect to the VPN, I’m not able to access the devices on the LAN (aka Devices A/B/C in my sketch).

Are there any resources or documentation on how to finish the set up?

Thanks very much,
Jake

MartinLangmaid · June 26, 2021, 3:00pm

Yes it is.

Some things to check.

Do Devices A-C have their default gateway set to the LAN IP of the Peplink device they are connected to?
If you connect to the Fusionhub using client VPN then look at the status > SpeedFusion screen on the remote Peplink device, can you see the IP / range that has been assigned to the dial in user?
When connected via dial in VPN and you browse to whatismyip.com does that show the public IP of the Fusionhub?

rvcoders · June 26, 2021, 3:33pm

Hi Martin,

Thanks for your time. Before I answer your questions, a quick update, it may have been a setting on the remote VPN client. I’m dialing in from a Mac, and when I activate the “Send all traffic over VPN connection” option, that seems to correct the issue. I’d obviously rather not send all traffic over the VPN, though. Any advice here?

To answer your questions:

Yes.
No, the only connection I see on this screen is between the Peplink device and the Fusionhub appliance.
Yes, but only if I direct all traffic through VPN as mentioned above.

Thanks,
Jake

MartinLangmaid · June 26, 2021, 4:35pm

Yes it should. Without sending all traffic via the VPN, your Mac doesn’t know that it can find the remote LAN network at the end of the tunnel. If your FusionHub is hosted somewhere that supports the idea of WAN and LAN ports (like Vultr or Upcloud) then you can add a LAN to the Fusionhub and then create a static route on your mac for just the remote network with the LAN IP of the Fusionhub as the next hop.

Without a LAN IP I think you’re limited to just enabling send all traffic over VPN, unless you can add a static route without gateway IP and instead uses the interface as the path. I haven’t checked this.

Paul_Mossip · June 28, 2021, 6:06am

On MacOS you can add the static network statements to

/etc/ppp/ip-up

#!/bin/sh

/sbin/route add -net 192.168.0.0/24 -interface $1
/sbin/route add -net 192.168.100.0/24 -interface $1
/sbin/route add -net 192.168.123.0/24 -interface $1

You can also set your service order via the GUI.

rvcoders · June 28, 2021, 8:22pm

Awesome. Thank you both very much for the information!