Slot Time A This field is for specifying the unit wait time before transmitting a packet. By default, this field is set to 9 µs. ACK Timeout A This field is for setting the wait time to receive an acknowledgement packet before performing a retransmission. By default, this field is set to 48 µs. Frame Aggregation This option allows you to enable frame aggregation to increase transmission A A throughput. - Advanced feature, please click the https://www.peplink.
Web Administration Settings Enable Web Access Protocol Ticking this box enables web admin access for APs located on the WAN. Determines whether the web admin portal can be accessed through HTTP or HTTPS Management Port Determines the port at which the management UI can be accessed. Admin Username Determines the username to be used for logging into the web admin portal Admin Password Determines the password for the web admin portal on external AP.
11 ContentHub Configuration 11.1 ContentHub ContentHub allows you to deliver webpages and applications to users connected to the SSID using the local storage on your router like the Max HD2/HD4 with Mediafast, which can store up to 8GB of media. Users will be able to access news, articles, videos, and access your web app, without the need for internet access. The ContentHub can be used to provide infotainment to connected users on transport. 11.
11.3 Configure a website to be published from the ContentHub This option allows you to sync a website to the Peplink router, this website will then be published with the specified domain from the router itself and makes the content available to the client via the HTTP/HTTPS protocol. Only FTP sync is supported for this type of ContentHub content. The content should be uploaded to an FTP server before.
under Username and Password. Period This field determines how often the Router will search for updates to the source content. Method Only applicable for application: Choose between sync or file upload Bandwidth Limit Used to limit the bandwidth for each client to access the web server. Click “Save & Apply Now” to activate the changes. Below is a screenshot after configuration: The content will be sync based on the Period that is configured before.
● Node.js (version 6.9.2) First install the desired framework in “Package Manager” as below: After installing the framework, you can select the type to “Application” and configure the website: https://www.peplink.
The setting is same as Website type and you can refer to the description in the above section For the Application type, you need to pack your application as below: 1. Implement two bash script files, start.sh and stop.sh in root folder, to start and stop your application. the Mediafast router will only execute start.sh and stop.sh when the corresponding website is enabled and disabled respectively. 2. Compress your application files and the bash script to .tar.gz format. 3.
MediaFast Enable Domains / IP Addresses Source IP Subnet Click the checkbox to enable MediaFast content caching. Choose to Cache on all domains, or enter domain names and then choose either Whitelist (cache the specified domains only) or Blacklist (do not cache the specified domains). This setting allows caching to be enabled on custom subnets only. If "Any" is selected, then caching will apply to all subnets.
*See https://forum.peplink.com/t/certificate-installation-for-mediafast-https-caching/ Cache Control Content Type Check these boxes to cache the listed content types or leave boxes unchecked to disable caching for the listed types. Cache Lifetime Settings Enter a file extension, such as JPG or DOC. Then enter a lifetime in days to specify how long files with that extension will be cached. Add or delete entries using the controls on the right. 12.
Name This field displays the name given to the scheduled download. Status Check the status of your scheduled download here. Next Run Time/Last Run Time These fields display the date and time of the next and most recent occurrences of the scheduled download. Last Duration Check this field to ensure that the most recent download took as long as expected to complete.
https://www.peplink.
.3 Viewing MediaFast Statistics To get details on storage and bandwidth usage, select Status>MediaFast. https://www.peplink.
Bandwidth Bonding SpeedFusionTM / PepVPN Pepwave bandwidth bonding SpeedFusionTM is our patented technology that enables our SDWAN routers to bond multiple Internet connections to increase site-to-site bandwidth and reliability. SpeedFusion functionality securely connects your Pepwave router to another Pepwave or Peplink device (Peplink Balance 210/310/380/580/710/1350 only). Data, voice, or video communications between these locations are kept confidential across the public Internet.
The local LAN subnet and subnets behind the LAN (defined under Static Route on the LAN settings page) will be advertised to the VPN. All VPN members (branch offices and headquarters) will be able to route to local subnets. Note that all LAN subnets and the subnets behind them must be unique. Otherwise, VPN members will not be able to access each other. All data can be routed over the VPN using the 256-bit AES encryption standard.
PepVPN Profile Settings Name This field is for specifying a name to represent this profile. The name can be any combination of alphanumeric characters (0-9, A-Z, a-z), underscores (_), dashes (-), and/or non-leading/trailing spaces ( ). Active When this box is checked, this VPN connection profile will be enabled. Otherwise, it will be disabled. Encryption Authentication Remote ID / Pre-shared Key By default, VPN traffic is encrypted with 256-bit AES.
ID/Remote Certificate Balance’s VPN authentication method, as explained above. To authenticate VPN connections using X.509 certificates, copy and paste certificate details into these fields. To get more information on a listed X.509 certificate, click the Show Details link below the field. Allow Shared Remote ID When this option is enabled, the router will allow multiple peers to run using the same remote ID.
Settings>*LAN Profile Name* and refer to instructions in section 9.1 8.41 WAN Connection Priority If your device supports it, you can specify the priority of WAN connections to be used for making VPN connections. WAN connections set to OFF will never be WAN Connection used. Only available WAN connections with the highest priority will be used. Priority To enable asymmetric connections, connection mapping to remote WANs, cut-off latency, and packet loss suspension time, click the button.
Outbound Policy/PepVPN Outbound Custom Rules Some models allow you to set outbound policy and custom outbound rules from Advanced>PepVPN. See Section 14 for more information on outbound policy settings. PepVPN Local ID The local ID is a text string to identify this local unit when establishing a VPN connection. When creating a profile on a remote unit, this local ID must be entered in the remote unit's Remote ID field. Click the icon to edit Local ID.
When Faster is selected, a health check packet is sent every second, and the expected detection time is two seconds. When Extreme is selected, a health check packet is sent every 0.1 second, and the expected detection time is less than one second. A - Advanced feature, please click the button on the top right-hand corner to activate. Important Note Peplink proprietary SpeedFusionTM uses TCP port 32015 and UDP port 4500 for establishing VPN connections.
One of the WANs connected to Router A is non-NAT’d (212.1.1.1). The rest of the WANs connected to Router A and all WANs connected to Router B are NAT’d. In this case, the Peer IP Addresses / Host Names field for Router B should be filled with all of Router A’s hostnames or public IP addresses (i.e., 212.1.1.1, 212.2.2.2, and 212.3.3.3), and the field in Router A can be left blank.
headquarters or to other branches. Data, voice, and video communications between these locations are kept safe and confidential across the public Internet. IPsec VPN on Pepwave routers is specially designed for multi-WAN environments. For instance, if a user sets up multiple IPsec profiles for a multi-WAN environment and WAN1 is connected and healthy, IPsec traffic will go through this link. However, should unforeseen problems (e.g.
IPsec VPN Settings https://www.peplink.
Name This field is for specifying a local name to represent this connection profile. Active When this box is checked, this IPsec VPN connection profile will be enabled. Otherwise, it will be disabled. Connect Upon Check this box and select a WAN to connect to this VPN automatically when the Disconnection specified WAN is disconnected. of Remote Gateway IP Enter the remote peer’s public IP address. For Aggressive Mode, this is Address / Host optional. Name Enter the local LAN subnets here.
This defines the peer authentication pre-shared key used to authenticate this Pre-shared Key VPN connection. The connection will be up only if the pre-shared keys on each side match. Remote Available only when X.509 Certificate is chosen as the Authentication method, Certificate (pem this field allows you to paste a valid X.509 certificate. encoded) Local ID In Main Mode, this field can be left blank.
WAN Connection Priority WAN Connection Select the appropriate WAN connection from the drop-down menu. 15 Outbound Policy Management Pepwave routers can flexibly manage and load balance outbound traffic among WAN connections. Important Note Outbound policy is applied only when more than one WAN connection is active. The settings for managing and load balancing outbound traffic are located at Advanced>Outbound Policy or Advanced>PepVPN, depending on the model. 15.
There are three main selections for the outbound traffic policy: ● High Application Compatibility ● Normal Application Compatibility ● Custom Note that some Pepwave routers provide only the Send All Traffic To setting here. See Section 12.1 for details. Outbound Policy Settings Outbound traffic from a source LAN device is routed through the same WAN High Application connection regardless of the destination Internet IP address and protocol.
http://youtu.be/rKH4AS_bQnE 15.2 Custom Rules for Outbound Policy Click in the Outbound Policy form. Choose Custom and press the Save button. 15.2.1 Algorithm: Weighted Balance This setting specifies the ratio of WAN connection usage to be applied on the specified IP protocol and port. This setting is applicable only when Algorithm is set to Weighted Balance. https://www.peplink.
The amount of matching traffic that is distributed to a WAN connection is proportional to the weight of the WAN connection relative to the total weight. Use the sliders to change each WAN’s weight. For example, with the following weight settings: ● Ethernet WAN1: 10 ● Ethernet WAN2: 10 ● Wi-Fi WAN: 10 ● Cellular 1: 10 ● Cellular 2: 10 ● USB: 10 Total weight is 60 = (10 +10 + 10 + 10 + 10 + 10). Matching traffic distributed to Ethernet WAN1 is 16.7% = (10 / 60 x 100%.
is that an IP address change during a session may be the result of an unauthorized intrusion attempt. Therefore, to prevent damages from the potential intrusion, the session is terminated upon the detection of an IP address change. Pepwave routers can be configured to distribute data traffic across multiple WAN connections. Also, the Internet IP depends on the WAN connections over which communication actually takes place.
Matching traffic will be routed through the specified WAN connection, regardless of the health check status of the WAN connection. Starting from Firmware 5.2, outbound traffic can be enforced to go through a specified SpeedFusionTM connection. 15.2.4 Algorithm: Priority This setting specifies the priority of the WAN connections used to route the specified network service. The highest priority WAN connection available will always be used for routing the specified type of traffic.
Drag and drop to specify the order of WAN connections to be used for routing traffic. Only the highest priority healthy connection that is not in full load will be used. 15.2.6 Algorithm: Least Used The traffic matching this rule will be routed through the healthy WAN connection that is selected in Connection and has the most available download bandwidth.
available bandwidth. 15.2.8 Expert Mode Expert Mode is available on some Pepwave routers for use by advanced users. To enable the feature, click on the help icon and click turn on Expert Mode. In Expert Mode, a new special rule, SpeedFusionTM Routes, is displayed in the Custom Rules table. This rule represents all SpeedFusionTM routes learned from remote VPN peers. By default, this bar is on the top of all custom rules.
Port Forwarding Settings Enable This setting specifies whether the inbound service takes effect. When Enable is checked, the inbound service takes effect: traffic is matched and actions are taken by the Pepwave router based on the other parameters of the rule. When this setting is disabled, the inbound service does not take effect: the Pepwave router disregards the other parameters of the rule. This setting identifies the service to the system administrator.
The Port setting specifies the port(s) that correspond to the service, and can be configured to behave in one of the following manners: Any Port, Single Port, Port Range, Port Map, and Range Mapping Any Port: all traffic that is received by the Pepwave router via the specified protocol is forwarded to the servers specified by the Servers setting. For example, with IP Protocol set to TCP, and Port set to Any Port, all TCP traffic is forwarded to the configured servers.
When a computer creates a rule using these protocols, the specified TCP/UDP port of all WAN connections' default IP address will be forwarded. Check the corresponding box(es) to enable UPnP and/or NAT-PMP. Enable these features only if you trust the computers connected to the LAN ports. When the options are enabled, a table listing all the forwarded ports under these two protocols can be found at Status>UPnP / NAT-PMP.
Client(s) or an IP Network. Address This refers to the LAN host’s private IP address. The system maps this address to a number of public IP addresses (specified below) in order to facilitate inbound and outbound traffic. This option is only available when IP Address is selected. Range The IP range is a contiguous group of private IP addresses used by the LAN host. The system maps these addresses to a number of public IP addresses (specified below) to facilitate outbound traffic.
18 QoS 18.1 User Groups LAN and PPTP clients can be categorized into three user groups: Manager, Staff, and Guest. This menu allows you to define rules and assign client IP addresses or subnets to a user group. You can apply different bandwidth and traffic prioritization policies on each user group in the Bandwidth Control and Application sections (note that the options available here vary by model). The table is automatically sorted by rule precedence.
18.2 Bandwidth Control You can define a maximum download speed (over all WAN connections) and upload speed (for each WAN connection) that each individual Staff and Guest member can consume. No limit can be imposed on individual Manager members. By default, download and upload bandwidth limits are set to unlimited (set as 0). 18.3 Application 18.3.
and define the application by providing the protocol, scope, port number, and DSCP value. 18.3.3 DSL/Cable Optimization DSL/cable-based WAN connections have lower upload bandwidth and higher download bandwidth. When a DSL/cable circuit's uplink is congested, the download bandwidth will be affected. Users will not be able to download data at full speed until the uplink becomes less congested. DSL/Cable Optimization can relieve such an issue.
19.1 Outbound and Inbound Firewall Rules 19.1.1 Access Rules The outbound firewall settings are located at Advanced>Firewall>Access Rules>Outbound Firewall Rules. Click Add Rule to display the following screen: Inbound firewall settings are located at Advanced>Firewall>Access Rules>Inbound Firewall Rules. https://www.peplink.
Click Add Rule to display the following screen: Rules are matched from top to bottom. If a connection matches any one of the upper rules, the matching process will stop. If none of the rules match, the Default rule will be applied. By default, the Default rule is set as Allow for both outbound and inbound access. Inbound / Outbound Firewall Settings Rule Name Enable This setting specifies a name for the firewall rule. This setting specifies whether the firewall rule should take effect.
Alternatively, the Protocol Selection Tool drop-down menu can be used to automatically fill in the protocol and port number of common Internet services (e.g., HTTP, HTTPS, etc.) After selecting an item from the Protocol Selection Tool drop-down menu, the protocol and port number remains manually modifiable. This specifies the source IP address(es) and port number(s) to be matched for the firewall rule.
● ● ● Hold the left mouse button on the rule. Move it to the desired position. Drop it by releasing the mouse button. Tip If the default inbound rule is set to Allow for NAT-enabled WANs, no inbound Allow firewall rules will be required for inbound port forwarding and inbound NAT mapping rules. However, if the default inbound rule is set as Deny, a corresponding Allow firewall rule will be required. 19.1.
19.2 Content Blocking 19.2.1 Application Blocking Choose applications to be blocked from LAN/PPTP/PepVPN peer clients' access, except for those on the Exempted User Groups or Exempted Subnets defined below. 19.2.2 Web Blocking Defines website domain names to be blocked from LAN/PPTP/PepVPN peer clients' access except for those on the Exempted User Groups or Exempted Subnets defined below. https://www.peplink.
If "foobar.com" is entered, any web site with a host name ending in foobar.com will be blocked, e.g. www.foobar.com, foobar.com, etc. However, "myfoobar.com" will not be blocked. You may enter the wild card ".*" at the end of a domain name to block any web site with a host name having the domain name in the middle. If you enter "foobar.*", then "www.foobar.com", "www.foobar.co.jp", or "foobar.co.uk" will be blocked. Placing the wild card in any other position is not supported.
OSPF Router ID Area https://www.peplink.com This field determines the ID of the router. By default, this is specified as the LAN IP address. If you want to specify your own ID, enter it in the Custom field. This is an overview of the OSPFv2 areas you have defined. Click on the area name to configure it. To set a new area, click Add. To delete an existing area, click .
OSPF Settings Area ID Link Type Determine the name of your Area ID to apply to this group. Machines linked to this group will send and receive related OSPF packets, while unlinked machines will ignore it. Choose the network type that this area will use. Authentication Choose an authentication method, if one is used, from this drop-down menu. Available options are MD5 and Text. Enter the authentication key next to the dropdown menu.
RIPv2 Settings Authentication Interfaces Choose an authentication method, if one is used, from this drop-down menu. Available options are MD5 and Text. Enter the authentication key next to the dropdown menu. Determine which interfaces this group will use to listen to and deliver RIPv2 packets. OSPF & RIPv2 Route Advertisement PepVPN Route Isolation Isolate PepVPN peers from each other. Received PepVPN routes will not be forwarded to other PepVPN peers to reduce bandwidth consumption..
21 BGP Click the Advanced tab from the top bar, and then click the Routing Protocols>BGP item on the sidebar to configure BGP. Click "x" to delete a BGP profile Click "Add" to add a new BGP profile BGP Name This field is for specifying a name to represent this profile. Enable When this box is checked, this BGP profile will be enabled. Otherwise, it will be disabled.
address does not match the selected Interface's network subnets. TTL value must be between 2 to 255. Password AS-Path Prepending: Hold Time Optional password for MD5 authentication of BGP sessions. AS path to be prepended to the routes received from this neighbor. The value must be a comma separated ASN. For example "64530,64531" will prepend "64530, 64531" to received routes. Time in seconds to wait for a keepalive message from the neighbor before considering the BGP connection is staled.
Restricted Networks Export to other BGP Profile This specifies the network in the “route import” entry Exact Match: When this box is checked, only routes with the same Networks and Subnet Mask will be filtered. Otherwise, routes within the Networks and Subnet will be filtered. When this box is checked, routes learnt from this BGP profile will export to other BGP profiles. When this box is checked, routes learnt from this BGP profile will export to the Export to OSPF OSPF routing protocol.
22.1 L2TP with IPsec L2TP with IPsec Remote User Access Settings Enter your pre shared key in the text field. Please note that remote devices will Pre-shared Key need this preshared key to access the Balance. Listen On Disable Weak Ciphers This setting is for specifying the WAN IP addresses that allow remote user access. Click the button to show and enable this option. When checked, weak ciphers such as 3DES will be disabled. Continue to configure the authentication method. 22.
22.3 PPTP No additional configuration required. The Point-to-Point Tunneling Protocol (PPTP) is an obsolete method for implementing virtual private networks. PPTP has many well known security issues Continue to configure authentication method. 22.4 Authentication Methods Authentication Method Connect to Network Authentication Select the VLAN network for remote users to enable remote user access on.
Enter the matching LDAP server details to allow for LDAP server authentication. Radius Server: Enter the matching Radius server details to allow for Radius server authentication. Active Directory: Enter the matching Active Directory details to allow for Active Directory server authentication. https://www.peplink.
23 Miscellaneous Settings The miscellaneous settings include configuration for High Availability, Certificate Manager, service forwarding, service passthrough, GPS forwarding, GPIO, Groupe Networks and SIM Toolkit (depending the feature is supported on the model of Peplin router that is being used). 23.1 High Availability Many Pepwave routers support high availability (HA) configurations via an open standard virtual router redundancy protocol (VRRP, RFC 3768).
become active. You can configure high availability at Advanced>Misc. Settings>High Availability. Interface for Master Router Interface for Slave Router High Availability Enable Checking this box specifies that the Pepwave router is part of a high availability configuration. This number identifies a pair of Pepwave routers operating in a high availability Group Number configuration. The two Pepwave routers in the pair must have the same Group Number value.
LAN This setting specifies a LAN IP address to be used for accessing administration Administration functionality. This address should be unique within the LAN. IP Subnet Mask This setting specifies the subnet mask of the LAN. Important Note For Pepwave routers in NAT mode, the virtual IP (VIP) should be set as the default gateway for all hosts on the LAN segment.
Please note that the drop-in WAN cannot be configured as a LAN bypass port while it is configured for high availability. 23.2 Certificate Manager This section allows for certificates to be assigned to the local VPN, Web Admin SSL, Captive Portal SSL, OpenVPN CA, Wi-Fi WAN Client certificate and Wi-Fi WAN CA Certificate. https://www.peplink.
The following knowledge base article describes how to create self-signed certificates and import it to a Peplink Product. https://forum.peplink.com/t/how-to-create-a-self-signed-certificate-and-import-it-to-a-peplinkproduct/ 23.3 Service Forwarding Service forwarding settings are located at Advanced>Misc. Settings>Service Forwarding. Service Forwarding SMTP Forwarding When this option is enabled, all outgoing SMTP connections destined for any host at TCP port 25 will be intercepted.
23.3.1 SMTP Forwarding Some ISPs require their users to send e-mails via the ISP’s SMTP server. All outgoing SMTP connections are blocked except those connecting to the ISP’s. Pepwave routers support intercepting and redirecting all outgoing SMTP connections (destined for TCP port 25) via a WAN connection to the WAN’s corresponding SMTP server. To enable the feature, select Enable under SMTP Forwarding Setup. Check Enable Forwarding for the WAN connection(s) that needs forwarding.
destined for the proxy server specified in Web Proxy Interception Settings, choose a WAN connection with reference to the outbound policy, and then forward them to the specified web proxy server and port number. Redirected server settings for each WAN can be set here. If forwarding is disabled for a WAN, web proxy connections for the WAN will be simply forwarded to the connection’s original destination. 23.3.
Service Passthrough Support SIP Session initiation protocol, aka SIP, is a voice-over-IP protocol. The Pepwave router can act as a SIP application layer gateway (ALG) which binds connections for the same SIP session to the same WAN connection and translate IP address in the SIP packets correctly in NAT mode. Such passthrough support is always enabled, and there are two modes for selection: Standard Mode and Compatibility Mode.
23.5 UART Selected Pepwave MAX routers feature a RS-232 serial interface on the built-in terminal block. The RS-232 serial interface can be used to connect to a serial device and make it accessible over an TCP/IP network. The serial interface can be enabled and parameters can be set on the web admin page under Advanced > UART. Make sure they match the serial device you are connecting to. https://www.peplink.