MAX Series User Manual Pepwave Products: Transit Pro Pepwave Firmware 8.1.3 November 2021 Copyright & Trademarks Specifications are subject to change without notice. Copyright © 2021 Pepwave Ltd. All Rights Reserved. Pepwave and the Pepwave logo are trademarks of Pepwave Ltd. Other brands or products mentioned may be trademarks or registered trademarks of their respective owners.
Table of Contents Introduction and Scope 7 Glossary 8 Product Features Supported Network Features WAN LAN VPN Firewall Captive Portal Outbound Policy AP Controller QoS Other Supported Features 9 9 9 9 10 10 10 10 11 11 12 Pepwave MAX Mobile Router Overview MAX Transit Pro 13 13 Advanced Feature Summary Drop-in Mode and LAN Bypass: Transparent Deployment QoS: Clearer VoIP Per-User Bandwidth Control High Availability via VRRP USB Modem and Android Tethering Built-In Remote User VPN Support SIM-card US
Mounting the Unit Wall Mount Car Mount IP67 Installation Guide PDX Accessory Kit Installation Guide 22 22 22 22 23 Connecting to the Web Admin Interface 30 SpeedFusion Cloud Activate SpeedFusion Cloud Service Enable SpeedFusion Cloud Connect Clients to Cloud Link Wi-Fi to Cloud Optimize Cloud Application 32 32 35 42 43 45 Configuring the LAN Interface(s) Basic Settings Port Settings Captive Portal 46 46 58 59 Configuring the WAN Interface(s) Ethernet WAN DHCP Connection Static IP Connection PPPoE Co
ContentHub Configuring the ContentHub Configure a website for ContentHub Configure an application for ContentHub 100 100 100 103 Docker 104 KVM 105 Bandwidth Bonding SpeedFusionTM / PepVPN PepVPN The Pepwave Router Behind a NAT Router 107 107 114 IPsec VPN IPsec VPN Settings GRE Tunnel 115 116 120 Outbound Policy Outbound Policy Adding Rules for Outbound Policy Algorithm: Weighted Balance Algorithm: Persistence Algorithm: Enforced Algorithm: Priority Algorithm: Overflow Algorithm: Least Used Algor
Firewall Outbound and Inbound Firewall Rules Access Rules Apply Firewall Rules to PepVpn Traffic Intrusion Detection and DoS Prevention Content Blocking Application Blocking Web Blocking Customized Domains Exempted User Groups Exempted Subnets URL Logging 141 143 143 147 147 148 148 148 149 149 149 149 Routing Protocols OSPF & RIPv2 BGP 150 150 152 Remote User Access L2TP with IPsec OpenVPN PPTP Authentication Methods 157 157 157 158 158 Miscellaneous Settings High Availability Certificate Manager Ser
Grouped Networks Remote SIM Management SIM Toolkit 175 177 178 AP Controller Wireless SSID Wireless Mesh Settings 180 181 181 185 186 AP AP Controller Status Info Access Point (Usage) Wireless SSID Mesh / WDS Wireless Client Nearby Device Event Log 192 192 194 196 197 198 200 200 Toolbox 201 System Settings Admin Security Firmware Time Schedule Email Notification Event Log SNMP SMS Control InControl Configuration Feature Add-ons Reboot 202 202 206 208 208 210 213 214 216 216 218 219 219 Tools Pin
CLI (Command Line Interface Support) 222 Status Device GPS Data Active Sessions Client List WINS Client UPnP / NAT-PMP OSPF & RIPv2 BGP SpeedFusion Status Event Log 222 223 224 226 228 228 229 229 229 230 233 WAN Quality 233 Usage Reports Real-Time Hourly Daily Monthly 234 235 235 236 237 Appendix A: Restoration of Factory Defaults 240 Appendix B: FusionSIM Manual 241 Appendix C: Overview of ports used by Peplink SD-WAN routers and other Peplink services 253 Appendix D: Declaration 255
Introduction and Scope Pepwave routers provide link aggregation and load balancing across multiple WAN connections, allowing a combination of technologies like 3G HSDPA, EVDO, 4G LTE, Wi-Fi, external WiMAX dongle, and satellite to be utilized to connect to the Internet. The MAX wireless SD-WAN router series has a wide range of products suitable for many different deployments and markets. Entry level SD-WAN models such as the MAX BR1 are suitable for SMEs or branch offices.
Glossary The following terms, acronyms, and abbreviations are frequently used in this manual: Term Definition 3G 3rd generation standards for wireless communications (e.g., HSDPA) 4G 4th generation standards for wireless communications (e.g.
1 Product Features Pepwave routers enable all LAN users to share broadband Internet connections, and they provide advanced features to enhance Internet access. Our Max BR wireless routers support multiple SIM cards. They can be configured to switch from using one SIM card to another SIM card according to different criteria, including wireless network reliability and data usage.
● ● ● 1.1.3 ● ● ● ● ● ● ● ● ● ● ● 1.1.4 ● ● ● ● ● 1.1.5 ● ● ● 1.1.6 ● ● ● ● Extended DHCP option support Static routing rules VLAN on LAN support VPN PepVPN with SpeedFusionTM PepVPN performance analyzer X.
1.1.7 ● ● 1.1.
1.
2 Pepwave MAX Mobile Router Overview 2.1 Transit Pro 2.1.1 Panel Appearance 2.1.
Cellular Indicators Cellular 1 / Cellular 2* OFF Disabled or no SIM card inserted Blinking slowly Connecting to network(s) Green Connected to network(s) Wi-Fi Indicators Wi-Fi OFF Wi-Fi AP is turn off Blinking Wi-Fi AP is turn on LAN and Ethernet WAN Ports Green LED Orange LED Port Type ON 1000 Mbps OFF 10 Mbps / 100 Mbps or port is not connected ON Port is connected without traffic Blinking Data is transferring OFF Port is not connected Auto MDI/MDI-X ports
3 Advanced Feature Summary 3.1 Drop-in Mode and LAN Bypass: Transparent Deployment As your organization grows, it may require more bandwidth, but modifying your network can be tedious. In Drop-in Mode, you can conveniently install your Peplink router without making any changes to your network. For any reason your Peplink router looses power, the LAN Bypass will safely and automatically bypass the Peplink router to resume your original network connection.
3.3 Per-User Bandwidth Control With per-user bandwidth control, you can define bandwidth control policies for up to 3 groups of users to prevent network congestion. Define groups by IP address and subnet, and set bandwidth limits for every user in the group. 3.4 High Availability via VRRP When your organization has a corporate requirement demanding the highest availability with no single point of failure, you can deploy two Peplink routers in High Availability mode.
3.5 USB Modem and Android Tethering For increased WAN diversity, plug in a USB LTE modem as a backup. Peplink routers are compatible with over 200 modem types. You can also tether to smartphones running Android 4.1.X and above. Compatible with: MAX 700, HD2 (all variants except IP67), HD4 (All variants) 3.6 Built-In Remote User VPN Support Use OpenVPN or L2TP with IPsec to safely and conveniently connect remote clients to your private network.
3.7 SIM-card USSD support Cellular-enabled routers can now use USSD to check their SIM card’s balance, process pre-paid cards, and configure carrier-specific services. Click here for full instructions on using USSD 3.8 KVM Virtualization KVM is a virtualisation module that allows administrators using our routers to host a large range of virtual machines. KVM is now supported on some MediaFast / ContentHub routers.
Click here for the full instructions on how to set up KVM Click here for the full instructions on how to set up KVM with USB Storage 3.9 DPI Engine The DPI report written in the updated KB article will show further information on InControl2 through breaking down application categories into subcategories. https://forum.peplink.com/t/updated-ic2-deep-packet-inspection-dpi-reports-and-everyt hing-you-need-to-know-about-it/29658 3.10 NetFlow NetFlow protocol is used to track network traffic.
4 Installation The following section details connecting Pepwave routers to your network. 4.1 Preparation Before installing your Pepwave router, please prepare the following as appropriate for your installation: ● At least one Internet/WAN access account and/or Wi-Fi access information ● Depending on network connection type(s), one or more of the following: ● 4.
4.3 Configuring the Network Environment To ensure that the Pepwave router works properly in the LAN environment and can access the Internet via WAN connections, please refer to the following setup procedures: ● LAN configuration For basic configuration, refer to Section 8, Connecting to the Web Admin Interface. For advanced configuration, go to Section 9, Configuring the LAN Interface(s). ● WAN configuration For basic configuration, refer to Section 8, Connecting to the Web Admin Interface.
5 Mounting the Unit 5.1 Wall Mount The Pepwave MAX 700/HD2/On-The-Go can be wall mounted using screws. After adding the screw on the wall, slide the MAX in the screw hole socket as indicated below. Recommended screw specification: M3.5 x 20mm, head diameter 6mm, head thickness 2.4mm. The Pepwave MAX BR1 requires four screws for wall mounting. 5.2 Car Mount The Pepwave MAX700/HD2 can be mounted in a vehicle using the included mounting brackets.
5.4 PDX Accessory Kit Installation Guide 5.4.1 Battery Set appearance ● Step 1: Lock the battery set in the slot with 2 pcs M3 screws.
● STEP 3: Lock the slot cover with 4 pcs M3 screws. 5.4.
● STEP 1: Assemble SMA cables to the device ● STEP 2: Assemble bracket to the device
● STEP 3: Assemble SMA connectors to the bracket
● STEP 4: Lock the SFE-Duo set in the slot with 2 pcs M3 screws.
● STEP 5: Connect DC power & ETH port ● STEP 6: Lock the slot cover with 4 pcs M3 screws.
0
6 Connecting to the Web Admin Interface 1. Start a web browser on a computer that is connected with the Pepwave router through the LAN. To connect to the router’s web admin interface, enter the following LAN IP address in the address field of the web browser: http://192.168.50.1 (This is the default LAN IP address for Pepwave routers.) 2. 3. Enter the following to access the web admin interface. Username: admin Password: admin (This is the default username and password for Pepwave routers).
After successful login, the Dashboard of the web admin interface will be displayed. The Dashboard shows current WAN, LAN, and Wi-Fi AP statuses. Here, you can change WAN connection priority and switch on/off the Wi-Fi AP. For further information on setting up these connections, please refer to Sections 8 and 9. Device Information displays details about the device, including model name, firmware version, and uptime. For further information, please refer to Section 22.
7 SpeedFusion Cloud With Peplink products, your device is able to connect to SpeedFusion Cloud without the use of a second endpoint. This service has wide access to a number of SpeedFusion endpoints hosted from around the world, providing your device with unbreakable connectivity wherever you are.* *SpeedFusion Cloud is supported in firmware version 8.1.0 and above. SpeedFusion Cloud is a subscription basis. SpeedFusion Cloud license can be purchased at https://store.peplink.
Go to activate.speedfusion.com and select the type of SpeedFusion Cloud service, “Via Free 30-days Trial” or “Via Care Plans”, that you would like to activate. Next, register or login to your account. Select the devices that you wish to activate SpeedFusion Cloud on and Click ACTIVATE.
From System > Features Add-ons, paste the license key into the window and click on Activate once you have received the license key.
7.2 Enable SpeedFusion Cloud Enable SpeedFusion Cloud from SpeedFusion Cloud > Choose Cloud Location. Choose Automatic > Click on the green tick button to confirm the change.
Click on Apply Changes to save the change.
By default, the router will build a SpeedFusion tunnel to the SpeedFusion Cloud
If you are running a latency sensitive service like video streaming or VOIP, a WAN Smoothing sub-tunnel can be created. Navigate to Speedfusion Cloud > Choose a cloud location > SFC. A Speedfusion tunnel configuration window will pop out. Click on the + sign to create the WAN Smoothing sub-tunnel.
Click on Save and Apply Changes to save the configuration. Now, the router has 2 Speedfusion tunnels to the Speedfusion Cloud.
Create an outbound policy to steer the internet traffic to go into Speedfusion Cloud. Please go to Advanced > Outbound Policy, click on Add Rule to create a new outbound policy.
7.3 Connect Clients to Cloud SpeedFusion Cloud provides a convenient way to route the LAN client to the cloud. From SpeedFusion Cloud > Connect Clients to Cloud.
Choose a client from the drop down list > Click + > Save > Apply Changes. 7.4 Link Wi-Fi to Cloud SpeedFusion Cloud provides a convenient way to route the Wi-Fi client to the cloud from SpeedFusion Cloud > Link Wi-Fi to Cloud. This option is available for Balance 20X, Balance 30 Pro, and Balance One.
Create a new SSID for SpeedFusion Cloud. The new SSID will inherit all settings from one of the existing SSIDs including the Security Policy. Then click Save follow by Apply Changes. SpeedFusion Cloud SSID will be shown on Dashboard.
7.5 Optimize Cloud Application Optimize Cloud Application allows you to route Internet traffic to SpeedFusion Cloud based on the application. Go to SpeedFusion Cloud > Optimize Cloud Application. Select a Cloud application to route through SpeedFusion Cloud from the drop down list > Click > Save > Apply Changes. Click the route through SpeedFusion Cloud.
8 Configuring the LAN Interface(s) 8.1 Basic Settings LAN interface settings are located at Network>LAN>Network Settings. Navigating to that page will show the following dashboard: This represents the LAN interfaces that are active on your router (including VLAN). A grey “X” means that the VLAN is used in other settings and cannot be deleted. You can find which settings are using the VLAN by hovering over the grey “X”. Alternatively, a red “X” means that there are no settings using the VLAN.
Layer 2 PepVPN Bridging PepVPN Profiles The remote network of the selected PepVPN profiles will be bridged with this local LAN, creating a Layer 2 PepVPN, they will be connected and operate like a single to Bridge LAN, and any broadcast or multicast packets will be sent over the VPN. Remote Network Enable this option if you want to block network traffic between the remote networks, this will not affect the connectivity between them and this local LAN.
DHCP Server Settings DHCP Server When this setting is enabled, the DHCP server automatically assigns an IP address to each computer that is connected via LAN and configured to obtain an IP address via DHCP. The Pepwave router’s DHCP server can prevent IP address collision on the LAN. DHCP Server Logging Enable logging of DHCP events in the eventlog by selecting the checkbox.
pass additional configuration information to LAN hosts. To define an extended DHCP option, click the Add button, choose the option to define and enter its value. For values that are in IP address list format, you can enter one IP address per line in the provided text area input control. Each option can be defined once only. DHCP Reservation This setting reserves the assignment of fixed IP addresses for a list of computers on the LAN.
In case of a network address conflict with remote peers (i.e. PepVPN / IPsec VPN / IP Forwarding WAN are considered as remote connections), you can define Virtual Network Mapping to resolve it. Note: OSPF & RIPv2 settings should be updated as well to avoid advertising conflicted networks. For further details on virtual network mapping watch this video: https://youtu.
DNS Proxy Settings Enable To enable the DNS proxy feature, check this box, and then set up the feature at Network>LAN>DNS Proxy Settings. A DNS proxy server can be enabled to serve DNS requests originating from LAN/PPTP/SpeedFusionTM peers. Requests are forwarded to the DNS servers/resolvers defined for each WAN connection. DNS Caching This field is to enable DNS caching on the built-in DNS proxy server.
resolver IP address(es). Queries will be forwarded to the selected connections’ resolvers. If all of the selected connections are down, queries will be forwarded to all resolvers on healthy WAN connections. A - Advanced feature, please click the button on the top right hand corner to activate. Finally, if needed, configure Bonjour forwarding, Apple’s zero configuration networking protocol. Once VLAN configuration is complete, click Save to store your changes.
Drop-In Mode Drop-in mode (or transparent bridging mode) eases the installation of the Pepwave MAX on a live network between the firewall and router, such that changes to the settings of existing equipment are not required. The following diagram illustrates drop-in mode setup: Check the box Enable to enable the Drop-in Mode. After enabling this feature and selecting the WAN for Drop-in mode, various settings including the WAN's connection method and IP address will be automatically updated.
Drop-in Mode Settings Enable Drop-in mode eases the installation of the Pepwave MAX on a live network between the existing firewall and router, such that no configuration changes are required on existing equipment. Check the box to enable the drop-in mode feature. WAN for Drop-In Mode Select the WAN port to be used for drop-in mode. If WAN is selected, the high availability feature will be disabled automatically.
AddressA not serving the service being accessed. The shared IP address will be used in connecting to hosts on the WAN (e.g., email notification, remote syslog, etc.) The device will also listen on the IP address when hosts on the WAN access services served on this device (e.g., web admin accesses from WAN, DNS server, etc.) Enter the WAN router's IP address in this field.
Network Settings Name VLAN ID Inter-VLAN routing Captive Portal Enter a name for the LAN. Enter a number for the LAN. Check this box to enable routing between virtual LANs. Check this box to turn on captive portals. DHCP Server Settings DHCP Server When this setting is enabled, the Pepwave router’s DHCP server automatically assigns an IP address to each computer that is connected via LAN and configured to obtain an IP address via DHCP.
DNS Servers This option allows you to input the DNS server addresses to be offered to DHCP clients. If Assign DNS server automatically is selected, the Pepwave router’s built-in DNS server address (i.e., LAN IP address) will be offered. WINS Servers This option allows you to specify the Windows Internet Name Service (WINS) server. You may choose to use the built-in WINS server or external WINS servers.
Address active-passive DHCP server configurations, enter active and passive DHCP server relay IP addresses in DHCP Server 1 and DHCP Server 2. DHCP Option 82 includes device information as relay agent for the attached client when forwarding DHCP requests from client to server. This option also embeds DHCP Option 82 the device’s MAC address and network name in circuit and remote IDs. Check this box to enable DHCP Option 82.
8.3 Captive Portal The captive portal serves as a gateway that clients have to pass if they wish to access the internet using your router. To configure, navigate to Network>LAN>Captive Portal. Captive Portal Settings Enable Check Enable and then, optionally, select the LANs/VLANs that will use the captive portal. Hostname To customize the portal’s form submission and redirection URL, enter a new URL in this field. To reset the URL to factory settings, click Default.
Fill in the necessary information to complete your connection to the server and enable authentication. Access Quota Quota Reset Time Allowed Networks Set a time and data cap to each user’s Internet usage. This menu determines how your usage quota resets. Setting it to Daily will reset it at a specified time every day. Setting a number of minutes after quota reached establish a timer for each user that begins after the quota has been reached. Add networks that can bypass the captive Portal in this field.
Portal Customization Logo Image Message Terms & Conditions Custom Landing Page Click the Choose File button to select a logo to use for the built-in portal. If you have any additional messages for your users, enter them in this field. If you would like to use your own set of terms and conditions, please enter them here. If left empty, the built-in portal will display the default terms and conditions. Fill in this field to redirect clients to an external URL.
9 Configuring the WAN Interface(s) WAN Interface settings are located at Network>WAN. To reorder WAN priority, drag on the appropriate WAN by holding the left mouse button, move it to the desired priority (the first one would be the highest priority, the second one would be lower priority, and so on), and drop it by releasing the mouse button.
9.1 Ethernet WAN Health Check Settings This field specifies the Health Check method to be used for this WAN connection. ● ● Health Check Method ● ● Disabled - The WAN connection is always considered to be up and will not be treated as down for any IP routing errors. PING - ICMP PING packets will be issued to test connectivity with configurable target IP addresses or host names. DNS Lookup - DNS lookups will be issued to test the connectivity with configurable target DNS server IP addresses.
Bandwidth Allowance Monitor Settings Bandwidth Allowance Monitor Check the box Enable to enable bandwidth usage monitoring on this WAN connection for each billing cycle. When this option is not enabled, bandwidth usage of each month is still being tracked but no action will be taken. If Email Notification is enabled, you will receive an email notification when usage hits 75% and 95% of the monthly allowance.
Dynamic DNS Settings This setting specifies the dynamic DNS service provider to be used for the WAN based on supported dynamic DNS service providers: Dynamic DNS Service Provider ● ● ● ● ● changeip.com dyndns.org no-ip.org tzo.com DNS-O-Matic Select Disabled to disable this feature. See Section 9.5 for configuration details. 9.1.1 DHCP Connection There are four possible connection methods: 1. DHCP 2. Static IP 3. PPPoE 4. L2TP 5.
DHCP Connection Settings NAT allows substituting the real address in a packet with a mapped address Routing Mode Hostname (Optional) that is routable on the destination network. By clicking the help icon in this field, you can display the IP Forwarding option, if your network requires it. If your service provider's DHCP server requires you to supply a hostname value upon acquiring an IP address, you may enter the value here.
this WAN connection, and will be used when none of the other higher priority connections are available. This option allows you to choose whether to remain connected when this WAN connection is no longer in the highest priority and has entered the standby state. When Remain connected is chosen, upon bringing up this WAN connection to active, it will be immediately available for use.
9.1.2 Static IP Connection The static IP connection method is suitable if your ISP provides a static IP address to connect directly. Static IP Settings Routing Mode NAT allows substituting the real address in a packet with a mapped address that is routable on the destination network. By clicking the help icon in this field, you can display the IP Forwarding option, if your network requires it.
When Use the following DNS server address(es) is selected, you may enter custom DNS server addresses for this WAN connection into the DNS Server 1 and DNS Server 2 fields. 9.1.3 PPPoE Connection This connection method is suitable if your ISP provides a login ID/password to connect via PPPoE. PPPoE Settings Routing Mode NAT allows substituting the real address in a packet with a mapped address that is routable on the destination network.
Password Service Name (Optional) IP Address (Optional) Service name is provided by the ISP. Note: Leave this field blank unless it is provided by your ISP. If your ISP provides a PPPoE IP address, enter it here. Note: Leave this field blank unless it is provided by your ISP. Each ISP may provide a set of DNS servers for DNS lookups. This setting specifies the DNS (Domain Name System) servers to be used when a DNS lookup is routed through this connection.
9.1.4 L2TP Connection L2TP has all the compatibility and convenience of PPTP with greater security. Combine this with IPsec for a good balance between ease of use and security. L2TP Settings Routing Mode NAT allows substituting the real address in a packet with a mapped address that is routable on the destination network. By clicking the help icon in this field, you can display the IP Forwarding option, if your network requires it.
is routed through this connection. Selecting Obtain DNS server address automatically results in the DNS servers assigned by the PPPoE server to be used for outbound DNS lookups over the WAN connection. (The DNS servers are obtained along with the WAN IP address assigned from the PPPoE server.) When Use the following DNS server address(es) is selected, you can enter custom DNS server addresses for this WAN connection into the DNS server 1 and DNS server 2 fields. 9.1.
L2TP Settings Routing Mode NAT allows substituting the real address in a packet with a mapped address that is routable on the destination network. By clicking the help icon in this field, you can display the IP Forwarding option, if your network requires it. WAN IP Address These settings allow you to specify the information required in order to / Subnet Mask / communicate on the Internet via a fixed Internet IP address.
9.2 Cellular WAN To access cellular WAN settings, click Network>WAN>Details. WAN Connection Status IMSI This is the International Mobile Subscriber Identity which uniquely identifies the SIM card. This is applicable to 3G modems only. ICCID This is a unique number assigned to a SIM card used in a cellular device. MEID Some Pepwave routers support both HSPA and EV-DO.
Connection Settings WAN Connection Name Routing Mode Indicate a name you wish to give this WAN connection This option allows you to select the routing method to be used in routing IP frames via the WAN connection. The mode can be either NAT (Network Address Translation) or IP Forwarding. In the case if you need to choose IP Forwarding for your scenario. Click the button to enable IP Forwarding. Each ISP may provide a set of DNS servers for DNS lookups.
Idle Disconnect If this is checked, the connection will disconnect when idle after the configured Time value. This option is disabled by default. Cellular Settings SIM Card IIndicate which SIM card this cellular WAN will use. Only applies to cellular WAN with redundant SIM cards. For routers that support the SIM Injector, you may select the “Use Remote SIM Only” to provision a SIM from a SIM Injector. Further details on the SIM Injector found is available here: https://www.peplink.
Card of the SIM card slots here. If “Use Remote SIM Only” is selected in the SIM card section, the Remote SIM Settings will be shown. Remote SIM Settings You may need to enable the remote SIM Host settings in the Remote SIM management, see the section 22.10 or Appendix B for more details on FusionSIM. After that, click on “Scan nearby remote SIM server” to show the serial number(s) of the connected SIM Injector(s).
APN / Login / When Auto is selected, the information in these fields will be filled automatically. Password / Select Custom to customize these parameters. The parameter values are determined by and can be obtained from the ISP. SIM PIN Bandwidth Allowance Monitor Check the box Enable to enable bandwidth usage monitoring on this WAN connection for each billing cycle. When this option is not enabled, bandwidth usage of each month is still being tracked but no action will be taken.
Health Check Settings Health Check Method This setting allows you to specify the health check method for the cellular connection. Available options are Disabled, Ping, DNS Lookup, HTTP, and SmartCheck. The default method is DNS Lookup. See Section 10.4 for configuration details. Timeout If a health check test cannot be completed within the specified amount of time, the test will be treated as failed. Health Check Interval This is the time interval between each health check test.
MTU MTU 9.3 This field is for specifying the Maximum Transmission Unit value of the WAN connection. An excessive MTU value can cause file downloads stall shortly after connected. You may consult your ISP for the connection's MTU value. Wi-Fi WAN To access Wi-Fi WAN settings, click Network>WAN>Details. WAN Connection Settings WAN Connection Name Operating Schedule Enter a name to represent this WAN connection. Click the drop-down menu to apply a time schedule to this interface.
WAN connection establishes Reply to ICMP PING If this setting is disabled, the WAN connection will not respond to ICMP ping requests. By default, this setting is enabled. Wi-Fi WAN Settings Channel Width Select the channel width for this Wi-Fi WAN. 20MHz will have greater support for older devices using 2.4Ghz, while 40MHz is appropriate for networks with newer devices that connect using 5Ghz Determine whether the channel will be automatically selected.
Beacon Miss Counter This sets the threshold for the number of missed beacons. Bandwidth Allowance Monitor If enabled, you will be notified by email when usage hits 75% and 95% of the monthly allowance. Action Start Day Monthly Allowance If Disconnect when usage hits 100% of monthly allowance is checked, this WAN connection will be disconnected automatically when the usage hits the monthly allowance.
When Disabled is chosen in the Method field, the WAN connection will always be considered as up. The connection will NOT be treated as down in the event of IP routing errors. Health Check Method: PING ICMP ping packets will be issued to test the connectivity with a configurable target IP address or hostname. A WAN connection is considered as up if ping responses are received from either one or both of the ping hosts.
HTTP connections will be issued to test connectivity with configurable URLs and strings to match. URL1 WAN Settings>WAN Edit>Health Check Settings>URL1 The URL will be retrieved when performing an HTTP health check. When String to Match is left blank, a health check will pass if the HTTP return code is between 200 and 299 (Note: HTTP redirection codes 301 or 302 are treated as failures).
Dynamic DNS Settings Service Provider User ID / User / Email This setting specifies the dynamic DNS service provider to be used for the WAN. Supported providers are: ● changeip.com ● dyndns.org ● no-ip.org ● tzo.com ● DNS-O-Matic Select Disabled to disable this feature. This setting specifies the registered user name for the dynamic DNS service. Password / Pass / TZO Key This setting specifies the password for the dynamic DNS service. Update All Hosts Check this box to automatically update all hosts.
9.3.1 Creating Wi-Fi Connection Profiles You can manually create a profile to connect to a Wi-Fi connection. This is useful for creating a profile for connecting to hidden-SSID access points. Click Network>WAN>Details>Create Profile… to get started. This will open a window similar to the one shown below Wi-Fi Connection Profile Settings Type Network Name (SSID) Select whether the network will connect automatically or manually. Enter a name to represent this Wi-Fi connection.
9.4 WAN Health Check To ensure traffic is routed to healthy WAN connections only, the Pepwave router can periodically check the health of each WAN connection. The health check settings for each WAN connection can be independently configured via Network>WAN>Details. Health Check Settings Method This setting specifies the health check method for the WAN connection. This value can be configured as Disabled, PING, DNS Lookup, or HTTP. The default method is DNS Lookup.
This field allows you to specify two DNS hosts’ IP addresses with which connectivity is to be tested via DNS lookup. If Use first two DNS servers as Health Check DNS Servers is checked, the first two DNS servers will be the DNS lookup targets for checking a connection's health. If the box is not checked, Host 1 must be filled, while a value for Host 2 is optional.
Interval Health Check Retries requests. The default health check interval is 5 seconds. This setting specifies the number of consecutive ping/DNS lookup timeouts after which the Pepwave router will treat the corresponding WAN connection as down. Default health retries is set to 3. Using the default Health Retries setting of 3, the corresponding WAN connection will be treated as down after three consecutive timeouts.
Settings. Dynamic DNS Settings This setting specifies the dynamic DNS service provider to be used for the WAN based on supported dynamic DNS service providers: Dynamic DNS ● ● ● ● ● ● changeip.com dyndns.org no-ip.org tzo.com DNS-O-Matic Others… Support custom Dynamic DNS servers by entering its URL. Works with any service compatible with DynDNS API. Select Disabled to disable this feature. Account Name / Email Address This setting specifies the registered user name for the dynamic DNS service.
10 Advanced Wi-Fi Settings Wi-Fi settings can be configured at Advanced>Wi-Fi Settings (or AP>Settings on some models). Note: Menus displayed can vary by model. AP Settings SSID You can select the wireless networks for 2.4 GHz or 5 GHz separately for each SSID. This drop-down menu specifies the national/regional regulations which the Wi-Fi radio should follow.
AP Settings (part 2) Protocol This option allows you to specify whether 802.11b and/or 802.11g client association requests will be accepted. Available options are 802.11ng and 802.11na. By default, 802.11ng is selected. Channel Width Available options are 20 MHz, 40 MHz, and Auto (20/40 MHz) . Default is Auto (20/40 MHz), which allows both widths to be used simultaneously. Channel This option allows you to select which 802.11 RF channel will be utilized. Channel 1 (2.412 GHz) is selected by default.
Advanced AP Settings This field specifies the VLAN ID to tag to management traffic, such as communication traffic between the AP and the AP Controller. The value is zero Management VLAN by default, which means that no VLAN tagging will be applied. ID Note: Change this value with caution as alterations may result in loss of connection to the AP Controller. Operating Schedule Choose from the schedules that you have defined in System>Schedule.
ACK Timeout A This field is for setting the wait time to receive an acknowledgement packet before performing a retransmission. By default, this field is set to 48 µs. Frame Aggregation This option allows you to enable frame aggregation to increase transmission A A throughput. - Advanced feature, please click the button on the top right-hand corner to activate. Web Administration Settings Enable Web Access Protocol Ticking this box enables web admin access for APs located on the WAN.
11 MediaFast Configuration MediaFast settings can be configured from the Advanced menu. 11.1 Setting Up MediaFast Content Caching To access MediaFast content caching settings, select Advanced>Cache Control MediaFast Enable Domains / IP Addresses Source IP Subnet Click the checkbox to enable MediaFast content caching. Choose to Cache on all domains, or enter domain names and then choose either Whitelist (cache the specified domains only) or Blacklist (do not cache the specified domains).
The Secure Content Caching menu operates identically to the MediaFast menu, except it is for secure content cachting accessible through https://. In order for Mediafast devices to cache and deliver HTTPS content, every client needs to have the necessary certificates installed*. *See https://forum.peplink.com/t/certificate-installation-for-mediafast-https-caching/ Cache Control Content Type Check these boxes to cache the listed content types or leave boxes unchecked to disable caching for the listed types.
11.2 Scheduling Content Prefetching Content prefetching allows you to download content on a schedule that you define, which can help to preserve network bandwidth during busy times and keep costs down. To access MediaFast content prefetching settings, select Advanced >Prefetch Schedule. Prefetch Schedule Settings Name This field displays the name given to the scheduled download. Status Check the status of your scheduled download here.
To delete a scheduled download, click . Click to begin creating a new scheduled download. Clicking the button will cause the following screen to appear: New Schedule Simply provide the requested information to create your schedule. Clear Web Cache Clear Statistics To clear all cached content, click this button. Note that this action cannot be undone. To clear all prefetch and status page statistics, click this button.
11.3 Viewing MediaFast Statistics To get details on storage and bandwidth usage, select Status>MediaFast.
12 ContentHub ContentHub allows you to deliver webpages and applications to users connected to the SSID using the local storage on your router, like the Max HD2/HD4 with Mediafast, which can store up to 8GB of media. Users will be able to access news, articles, videos, and access your web app without the need for internet access. The ContentHub can be used to provide infotainment to connected users on transport. 12.
Click New Website and a window with the following configuration options will appear: Schedule Active Type Protocol Domain/Path Checking the box toggles the activation of the content. Select the type of content: Website or Application. Configure the protocol to be used: HTTP, HTTPS or both. Enter the URL for the ContenHub to use as the domain name for client access (such as http://mytest.com). Method Only applicable for Application type content. Choose between sync or file upload.
Click “Save & Apply Now” to activate the changes. A screenshot of the display after configuration is shown below: The content will be synced regularly according to the time set in the Period that was configured earlier. If you want to activate the sync manually, you can click the “ ” icon. The “Status” column will display the sync progress.
Configure an application for ContentHub MediaFast routers allow you to configure and publish any application from the router itself by using one of the supported frameworks below: ● Python (version 2.7.12) ● Ruby (version 2.3.3) ● Node.js (version 6.9.2) Install the desired framework under “Package Manager” as shown below: After installing the framework, change the ”Type” to “Application” and configure the website.
The setting is the same as the Website type (refer to the description in the section above). Application type content need to be packed as explained below: 1. Implement two bash script files, start.sh and stop.sh in the root folder, to start and stop your application. The MediaFast router will only execute start.sh and stop.sh when the corresponding website is enabled and disabled respectively. 2. Compress the application files and the bash script to .tar.gz format. 3. Upload this tar file to the router.
13 Docker MediaFast enabled routers can host Docker containers when running Firmware 7.1 or later. Docker is an open platform for developing, shipping, and running applications. From Firmware version 7.1.0 and upwards, it is possible to install and run Docker Containers on your Pepwave routers with MediaFast, such as the MAX HD2 and the MAX HD4. Due to the nature of Docker and its unlimited variables, this feature is supported by Pepwave up to the point of creating a running Docker Container.
14 KVM MediaFast enabled routers now support KVM. Users will have to download and install Virtual Machine Manager to manage the KVM virtual machines. Through this, users are able to virtualise a Linux environment. For detailed configuration instructions, refer to our knowledge base articles: 1. How to install a Virtual Machine on Peplink/Pepwave - MediaFast/ContentHub Routers 2.
15 Bandwidth Bonding SpeedFusionTM / PepVPN Pepwave bandwidth bonding SpeedFusionTM is our patented technology that enables our SD-WAN routers to bond multiple Internet connections to increase site-to-site bandwidth and reliability. SpeedFusion functionality securely connects your Pepwave router to another Pepwave or Peplink device (Peplink Balance 210/310/380/580/710/1350 only). Data, voice, or video communications between these locations are kept confidential across the public Internet.
15.1 PepVPN To configure PepVPN and SpeedFusion, navigate to Advanced>SpeedFusion™ or Advanced>PepVPN. The local LAN subnet and subnets behind the LAN (defined under Static Route on the LAN settings page) will be advertised to the VPN. All VPN members (branch offices and headquarters) will be able to route to local subnets. Note that all LAN subnets and the subnets behind them must be unique. Otherwise, VPN members will not be able to access each other.
PepVPN Profile Settings Name This field is for specifying a name to represent this profile. The name can be any combination of alphanumeric characters (0-9, A-Z, a-z), underscores (_), dashes (-), and/or non-leading/trailing spaces ( ). Active When this box is checked, this VPN connection profile will be enabled. Otherwise, it will be disabled. Encryption By default, VPN traffic is encrypted with 256-bit AES. If Off is selected on both sides of a VPN connection, no encryption will be applied.
ID/Remote Certificate MAX’s VPN authentication method, as explained above. To authenticate VPN connections using X.509 certificates, copy and paste certificate details into these fields. To get more information on a listed X.509 certificate, click the Show Details link below the field. Allow Shared Remote ID When this option is enabled, the router will allow multiple peers to run using the same remote ID. NAT Mode Check this box to allow the local DHCP server to assign an IP address to the remote peer.
means links with latency 600ms or more will not be used) A - Advanced feature, please click the button on the top right-hand corner to activate. To enable Layer 2 Bridging between PepVPN profiles, navigate to Network>LAN>Basic Settings>*LAN Profile Name* and refer to instructions in section 9.1 8.41 WAN Connection Priority If your device supports it, you can specify the priority of WAN connections to be used for making VPN connections. WAN connections set to OFF will never be WAN Connection used.
You could also specify a DNS server to resolve incoming DNS requests. Click the checkbox next to Backup Site to designate a backup SpeedFusion profile that will take over, should the main PepVPN connection fail. Outbound Policy/PepVPN Outbound Custom Rules Some models allow you to set outbound policy and custom outbound rules from Advanced>PepVPN. See Section 14 for more information on outbound policy settings.
bandwidth will be consumed. When Recommended (default) is selected, a health check packet is sent every five seconds, and the expected detection time is 15 seconds. When Fast is selected, a health check packet is sent every three seconds, and the expected detection time is six seconds. When Faster is selected, a health check packet is sent every second, and the expected detection time is two seconds. When Extreme is selected, a health check packet is sent every 0.
15.2 The Pepwave Router Behind a NAT Router Pepwave routers support establishing SpeedFusionTM over WAN connections which are behind a NAT (network address translation) router. To enable a WAN connection behind a NAT router to accept VPN connections, you can configure the NAT router in front of the WAN connection to inbound port-forward TCP port 32015 to the Pepwave router.
15.3 SpeedFusionTM Status SpeedFusionTM status is shown in the Dashboard. The connection status of each connection profile is shown as below. After clicking the Status button at the top right corner of the SpeedFusionTM table, you will be forwarded to Status>SpeedFusionTM, where you can view subnet and WAN connection information for each VPN peer. Please refer to Section 22.6 for details.
16 IPsec VPN IPsec VPN functionality securely connects one or more branch offices to your company's main headquarters or to other branches. Data, voice, and video communications between these locations are kept safe and confidential across the public Internet. IPsec VPN on Pepwave routers is specially designed for multi-WAN environments. For instance, if a user sets up multiple IPsec profiles for a multi-WAN environment and WAN1 is connected and healthy, IPsec traffic will go through this link.
IPsec VPN Settings Name This field is for specifying a local name to represent this connection profile. Active When this box is checked, this IPsec VPN connection profile will be enabled. Otherwise, it will be disabled. Connect Upon Check this box and select a WAN to connect to this VPN automatically when the Disconnection specified WAN is disconnected. of Remote Gateway IP Enter the remote peer’s public IP address. For Aggressive Mode, this is Address / Host optional.
Force UDP For forced UDP encapsulation regardless of NAT-traversal, tick this checkbox. Encapsulation This defines the peer authentication pre-shared key used to authenticate this Pre-shared Key VPN connection. The connection will be up only if the pre-shared keys on each side match. Remote Available only when X.509 Certificate is chosen as the Authentication method, Certificate (pem this field allows you to paste a valid X.509 certificate. encoded) Local ID In Main Mode, this field can be left blank.
WAN Connection Priority WAN Connection Select the appropriate WAN connection from the drop-down menu. 16.2 GRE Tunnel Generic Routing Encapsulation (GRE) is a tunneling protocol that can encapsulate a wide variety of network layer protocols inside virtual point-to-point links over an Internet Protocol network. A GRE tunnel is similar to IPSec or PepVPN. To configure a GRE Tunnel, navigate to Advanced > GRE Tunnel.