Hello there,
I’ve been asked to dig into Peplink for a potential customer. The client needs to reach their fleet anytime trhough WAN-WiFi, WAN or 4G (in that specific order with hot-failover) with a L2VPN. I already tested it with a BPL350 plus a MAX-BR1 and it works dandy.
Now, a new request just came in. They want to tunnel traffic just when WiFi-WAN/WAN is unavailable and only 4G is an option. When WiFi-WAN/WAN is available it should just bridge it locally from LAN to any of those WANs.
This is because they need a huge amount of bandwidth do be delivered from the CCTV on their fleet when they arrive to the central station. The Balance Routers have a limited bandwidth when traffic is being tunneled, so avoiding the tunnel when WiFi-WAN/WAN is available would avoid upgrading the BPL to a higher end model.
Is this doable? I haven’t been able to configure it with the gear I’m tinkering with.
Cheers,
Aarón
Hello @AaronFuentes,
There are several ways you may be able to accomplish this requirement.
The most robust and flexible would be to use the Peplink Speedfusion with a combination of outbound policies within the Speedfusion makeup and also the router’s networking.
A good discussion point would be to put up a diagrammatic (network schematic) showing the combination of network paths from CCTV router to a central facility.
Is the reason you want to use IPSec due to that the camera is creating the VPN connection? You can still have this while using SpeedFusion also.
Happy to Help,
Marcus 
Hello @mldowling,
rethinking the whole thing, I think it’s easier to do a SpeedFusion L2VPN with only the WAN and 4G interfaes and use WAN WiFi to bridge traffic directly to the CCTV VLAN.
The connectivity priority should be like this:
1.- WAN-WiFi: only available on end locations → to be used whenever possible
2.- WAN: available on several locations, it connects through cable with an external AP that establish a mesh connection to another AP when possible → to be used only when 1 isn’t available
3.- 4G: available through the whole path → to be used just in case 1 and 2 are not available
The goal is to use the WAN-WiFi whenever possible without tunnel (bridge LAN directly to CCTV VLAN through WiFi WAN) and if this is not available use the SpeedFusion VPN (LAN through L2VPN to BPL-Router then CCTV VLAN). A hard requirement is to not change the gear on board ip addresses.
+------------+ +----------+
| | | |
+--------------+ 4G +------+ BPL-ROUTER <--+ CCTV VLAN +--> ROUTER |
| | | | |
| +------------+ +--^-----^-+
| | |
| | |
+------+------+ | |
| +-------+ WAN+WiFi +-------+ CCTV VLAN +--------------+ |
| MAX+BR1 | |
| +-------+ WAN +------------+ CCTV VLAN +--------------------+
+------+------+
LAN PORT
|
|
CCTV VLAN
|
+--------+--------+
| GEAR ON BOARD |
+-----------------+
Best regards
