I have set up a Star-Topology in Incontrol2 with Disaster Recovery, but I could not answer two questions:
I just do not understand, what the setting “Use Them Primarily” in InControl (PepVPN) means.
I can set up “Use Them Primarily” and “Path costs”.
Shouldn’t always the connection with lower path costs be used "primarily?
I can setup “Send all Traffic to”, but the peer device does only show one of the peers. Shouldn’t there be both links (to Hub and DR-Hub)?
1: “Use them primarily” refers to the DNS resolver settings. It bascially prioritizes those resolver settings over any others configured on the device.
2: “Send all traffic to”: under normal circumstances, you would only use the pepvpn link for those networks advertised on the hub (eg, the office LAN). With this enabled, ALL traffic from the endpoint is routed through the hub device. This can be used to force all connections to go through, say, your office firewall.
When you setup a DR configuration, yes, both links should appear on the device. The backup link should merely have a higher cost metric assigned to it.
@JamesPep
Thank you for your answer. I think, i was not 100% clear with question 2:
I know, what “Send all traffic to” does, BUT:
If you setup a VPN-Star-Topology in InControl2 with 2 hubs AND “Send all traffic” to - only the first hub is set up as “send all traffic to”.
→ If the first hub fails, the “internet traffic” changes to local breakout and das not reach the Disaster-Recovery-Hub
@KPS
I checked, and yes, you’re right. It appears that DR failover isn’t properly configuring the vpn forwarding settings properly, so you’ll get local breakout when running against your backup hub.
I’ve got an update ready, and once it’s been properly tested we’ll push it up to production.