Derek Schauland demonstrates how the Peplink and Pepwave bonding routers that he's previously reviewed can be configured to allow site-to-site and IPsec VPN connections.
VPN connections are a requirement of doing business, but many devices for creating these connections require a significant investment in time and knowledge. In previous posts, I looked at two bonding routers, the Peplink Balance 380 and the Pepwave 700 Max, covering their link aggregation features. Being able to use more than one Internet connection within both an organization and from a mobile location is a great way to improve availability and connectivity.
Peplinks do VPN, too
In working with the link aggregation features, I found some additional features for creating VPN connections on both the Balance 380 and the Pepwave Max. These devices can be configured for the following types of VPN connection:
- Site to Site: a connection between two Peplink routers, using the configured external IP address of each device and the serial number to ensure the link.
- IPSec VPN: a connection between a software VPN client or non-Peplink VPN device (like a Cisco ASA)
IPsec isn't anything fancyIPsec VPN connections from Peplink to other devices are pretty standard. The connection is aware of one interface and can only make use of the interface it knows about — just like a VPN between two Cisco ASA devices. The web interface, shown partially in Figure A, is nice but that is the only thing that stood out when researching the device(s). Figure A
Site-to-siteThe site-to-site VPN connection is where the Peplink really stands out. Not only are they extremely straightforward to set up, Figure B shows the PepWave site-to-site configuration screen. Figure B
Once the site-to-site connection is configured, the VPN part is complete and it behaves much like the IPsec type of VPN. Traffic is encrypted between the devices and access is available across the VPN. Where this type of VPN really becomes worthwhile is that the devices on both ends of the pipe can both support multiple WAN connections, and because both ends of the VPN may have multiple Internet links, the VPN can use any available Internet links for its connection.
There are caveats to this, in that there are VPN throughput limits which are less than the WAN link capabilities, but even with the limitations, link failover is a pretty nice thing to have. The table below outlines the Internet throughput and VPN throughput capabilities of the Pepwave Max 700 and the Peplink Balance 380 used in my blog posts.
Internet Throughput Allowed
VPN Throughput Allowed
|Max 700||Variable depending on connections||Variable depending on connections|
Using site-to-site VPNs between these devices can provide options if an organization or users are considering adding multiple Internet connections. Allowing failover between multiple connections to keep a VPN connection to the office alive with little or no interruption to the user is really something to consider depending on the connectivity needs of the user. Because the devices can aggregate low to moderate cost Internet connections, it isn't something that will break the bank for anyone involved.