Hi All,
I’ve bought a pair of UBR recently , the pepvpn site to site is working perfectly, now I would like to use one of them as a server for an L2TP IPSEC VPN, to be able to connect to a remote network with a single computer as client …
The Wan connected to this UBR will be the 2 internal WAN Cells , I’ve tried several times but the handshake fails and I never succed to establish any tunnel, even with a noip account pointing my cellular ip and so on… I’ve setted up the Radius server with a secret phrase , everything seems to be ok…
Is there a specific firewall rule to use or port redirection to do for that ??? I know that IP SEC will use UDP 1701 but from where to where doing this redirections if the Wan port is the internal sim card of the ubr ???
Thanks for your help… BEN
the topology is confusing - perhaps a quick drawing might explain what you are looking to achieve?
First comment is inbound routing to cellular WANs is normally blocked by CGNAT. Make a note of the Ip address you are pointing your vpn client to - is it between 100.64.0.0 and 100.127.255.255?
Sorry Martin , yes its may be not so clear , what I want to do is quite simple but I’m learning step by step and get some problems each time ;-).
I just want to be able to send one of my UBR LTE in a flight case connected to several machines in a simple lan , and to be able to reach this lan remotely with my computer through an internet connection.
For that I was thinking establishing a VPN L2TP IPSEC with the UBR as server and my laptop as a client and because most of the time I will not get a proper wired wan and or without possibility to manage the ports redirections in the box behind, I would like to use Cellular sim cards as main WAN sources for the ubr …
The ips for my 2 cellular cards shown by incontrol are : 10.135.250.XXX and 10.37.33.XXX (Just one is active for the tests)
But the public IP pointed by my ddns server and shown if I do a “Whats my IP ?” is 92.184.98.XXX…
I hope it’s more clear …
To resume in the best case I would like that when I switch power on my Flight case , I can join my remoted lan without anything to do locally.
Thanks again.
Ben
Ok perfect. So in my opinion the best way to do this is to use Speedfusion VPN between your UBR and a cloud hosted FusionHub. Your Fusionhub will have a static IP address. You can then create a L2TP/IPSEC client VPN to the FusionHub and securely route to all the LAN devices behind the UBR over the SpeedFusion VPN.
That way you don’t need to care about the UBR IPs at all, and you get super reliability for your traffic to and from the UBR (session persistence when a WAN link fails - even bandwidth aggregation across all available links).
I made a video about Fusionhub here that might help.