Outbound Internet Access

How did we create reliable, resilient, and redundant Internet access? It starts with having multiple options to connect. We use 2 Google Fi SIMs, a Verizon SIM, as well as Starlink. We also have the ability to connect to a camp WiFi. This gives us a total of 5 possible connections. Let’s dive into he details.

Paths to the Internet

Google Fi

Google Fi is Google’s cellular offering, running as a virtual operator on T-Mobile’s network. So, while the network on our phones says ‘Google Fi’, it’s really T-Mobile behind the scenes. We are on an unlimited family plan, with each family member getting 50Gb per month before traffic starts to slow down. Each member can order data SIMs at no cost. So, we have 2 data SIMs connected to our family accounts. Each data SIM is set up in our Peplink router with a maximum monthly data consumption of 40Gb (to leave enough for our phones to work). This gives us 80 Gb per month.

Here’s how to set this up correctly on a Peplink router:

  • Under cellular settings set up both SIM cards with carrier selection set to auto and APN set to h2g2
  • Enable bandwidth monitor. For each SIM card the limit is set at 40 Gb. Specify the start of your monthly billing cycle. And then decide if you want the SIM card to be turned off when the limit is reached. In our case, we’ve set up SIM card B to turn off and SIM card A to continue. We want to avoid losing all connectivity to the Airstream in case both SIMs were to run out of bandwidth.
  • Set SIM card selection to custom, with SIM Card B as priority 1 and SIM Card A as priority 2. This means that B will be used until the monthly limit of 40G is reached. At that point, B will be disabled and A takes over. When A gets close to the limit, we start receiving email notifications, but it won’t turn off when the limit is reached.

Google Fi is our always-on cellular connection when we’re not traveling with Beastie. T-Mobile coverage in our RV storage location is very good. So this enables us to keep tracking things while we’re not there. But we have to be very careful with how we use this data, since it eats into our personal phone data allowance. It’s the most precious data connection we have.

Verizon Wireless

When traveling with Beastie, we also carry our iPad. Our iPad has a Verizon SIM with a large bucket of data and doesn’t eat into our phone allowances. Rather than swapping SIMs on the Peplink, we’ve set up the iPad to create a personal hotspot. The Peplink will automatically connect to the iPad over WiFi, using its WiFi as WAN capability, and make the connection available to all clients (subject to the outbound policy – see below).

Make sure your WiFi network name and password don’t contain spaces or special characters. We’ve seen issues with Peplink trying to connect to such networks.

Starlink

The final option is our Starlink in-motion dish. For most of the year, Starlink service is paused, and we enable it only when we go on long road trips.

Connecting Starlink to Peplink

Starlink has a built-in WiFi router. We could connect to the Peplink using WiFi as WAN but that has several downsides:

  • Having two WiFi radios run next to each other (Peplink’s WiFi and Starlink’s WiFi) can cause interference issues
  • Having two routers connected to each other is needlessly complex
  • Connecting Starlink over WiFi would occupy our WiFi as WAN port, and prevent us from connecting our iPad at the same time.

Luckily Starlink offers the option to connect over ethernet. We use the Starlink ethernet adapter to connect Starlink to the WAN port of the Peplink, freeing up our WiFi as WAN port for our Verizon iPad connection (or RV camp connection).

Access to Starlink app from Peplink’s WiFi network

We want to make sure we can still access the Starlink app when connected to our Peplink WiFi network. To do this, make following changes to the Peplink configuration:

  • Click into the WAN connection, find the Hostname (Optional) option under WAN Connection Settings
  • Click on the little question mark next to the Hostname (Optional) item.
  • A box will pop up – click the here link to enable the Management IP address option.
  • Under the Management IP Address field, enter an address in the 192.168.100.x range that doesn’t conflict with the router address (.1) – I chose 192.168.100.100.
Other Starlink-specific settings

We also need to tweak the WAN health check settings to account for the rapidly varying quality of Starlink connections:

This is a fairly aggressive setting. We check the connection every 5 seconds and allow for 3 retries before marking the connection as unavailable. This means that the connection will be disabled 15 seconds after the first test failed. The connection will be back up upon a single successful retry.

With Peplink v8.3, a new feature was introduced that specifically helps with Starlink connections. It’s called TCP Ramp Up. Enable it on the Speedfusion configuration screen. This improves the handling of Upload/ Download TCP traffic, which is important because Starlink uses TCP acceleration. This also helps with congested LTE networks. It is the initial duplication of traffic and allows for more bandwidth (TCP Ramp Up disables WAN Smoothing).

Setting up connection speed and MTU details

Under WAN Connection Settings we specify upload and download speeds of our Starlink connection. This is particularly important when using Speedfusion to bond multiple connections together. Peplink uses these values in its algorithm to determine which links to use and how much. We set Upload Bandwidth to 25 Mbps and Download Bandwidth to 125 Mbps. Also, set the MTU to 1500.

Disabling Starlink WiFi router

You can do this from the Starlink WiFi app:

  • Go into Settings on your Starlink App.
  • Expand the Advanced area
  • Turn on the toggle for Bypass Starlink WiFi router and click Save. Follow the prompts
  • Starlink will reboot.

Speedfusion VPN Tunnel

One of the cool features of the Peplink router is its ability to bond multiple connections together to create an ‘unbreakable’ connection. The feature is called Speedfusion. Speedfusion is basically a smart VPN tunnel between two Peplink end points. It offers a number of very impressive features:

  • Hot failover. When a connection fails (e.g. Starlink obstruction causes signal loss), Speedfusion will switch traffic to another connection without dropping the VPN link. So, critical time-sensitive applications like Zoom will continue uninterrupted.
  • Bandwidth bonding. Speedfusion will combine the bandwidth over multiple slow connections to provide one robust fast connection.
  • WAN smoothing. Rather than focusing on higher speeds, WAN smoothing focuses on higher reliability. By duplicating more traffic over more connections (hence lower overall bandwidth), WAN smoothing can increase the reliability of the entire connection.

There are two ways to set up Speedfusion:

  • Set up “Speedfusion Connect Cloud (SFC Cloud)”. In this case, the Peplink router establishes a VPN link to a cloud server, hosted by Peplink. You can choose which location to connect to. This is the easiest way to establish a Speedfusion connection, since you only need to manage the client side of the link (ie. the settings in your router). The disadvantage is that you don’t get a static IP address, and hence it makes it more difficult to enable remote access to the RV.
  • Set up Speedfusion between two Peplink routers. In this scenario, we create a virtual Peplink router appliance (called “Fusionhub”) and host it inside a datacenter (Amazon, Vultr, etc.). We establish a Speedfusion connection between the two routers. This is obviously more difficult to do since you have to manage both sides of the VPN tunnel. However it has the advantage you can get a static IP from your hosting provider and manage inbound port forwarding.
Setting up Fusionhub on Vultr

We decided to manage our own Fusionhub and host it on Vultr. Here’s how to set this up:

  • Login to Incontrol2, Peplink’s cloud-based devices management service. If you don’t have an account yet, you can easily create one for free.
  • Set up your organization and create a group. A group is a bundling of different Peplink devices.
  • Obtain a free Fusionhub license. Go to organization->organizational settings->warranty&license. Click on acquire new FusionHub license and select Solo license.
  • Add the Fusionhub to the group you just created.

Now, let’s switch to Vultr and set up the Fusionhub hosting:

  • Go to vultr.com, create a new account, and set up credit card details.
  • Download Fusionhub image from Peplink and unzip it. Upload the unzipped version to Dropbox or Google Drive.
  • On Vultr, click on create new snapshot and paste in the link to your Fusionhub image.
  • Now we can build the virtual appliance. Go to instance and click on deploy new instance. Select cloud compute, your preferred location, select plan (cheapest is ok), give your instance a hostname, and click deploy now. After it has successfully deployed, a public IP will be assigned.

We can now log in to the Fusionhub, apply the license we created and start configuring.

  • Go to the public IP address and log in with admin/admin. Go through the wizard and accept all defaults. Set local id to Fusion01.
  • You can grab the license key from Incontrol2 (organization->organizational settings->warranty&license) and paste it in the setup wizard license key field.
  • The Fusionhub will validate the license and reboot.
  • Now, change the password from Incontrol2 ( Go to Settings -> Device System Management and enable Device Web Admin Management). Change your admin username and select the option of assign random password to each device.
  • Finally, let’s update the firmware. Go to the group level and click Settings->Firmware Policy, and select the latest firmware for both the router and the fusionhub.

Fusionhub is now set up properly.

Setting up Speedfusion VPN connection

First, let’s establish a connection from our Peplink router to Fusionhub:

  • Log in to the Peplink router, go to advanced. Create a local id name for PepVPN with Speedfusion and click save.
  • Set up a new profile. Paste in remote id (Fusion01), enter the static IP address, decide whether to enable encryption (lower bandwidth) or not.

Now, let’s set up the Fusionhub so it accepts an inbound connection from the Peplink router:

  • Log in to the Fusionhub, go to ‘network->speedfusion’. Create a new profile. Under remote ID, paste in the local ID you created on the peplink router, set the same encryption level as above, and click save.

If all goes well, the dashboard on both the router and the fusionhub should show that the PepVPN with Speedfusion link is now established.

Define Outbound Policies

The final step is to determine how users of Beastie’s WiFi network will access the Internet. We could set it up so that all traffic gets routed over the VPN connection. However this problematic for multiple reasons:

  • Expensive. Speedfusion focuses on overall reliability and ‘unbreakable’ Internet. But that comes at a cost of higher data usage, and that’s something we want to manage closely. We cannot allow all traffic, especially video traffic, to go over this expensive link.
  • Streaming and VPN. Several streaming providers (such as Netflix) will block traffic over VPNs. Since Speedfusion is basically a VPN (a fancy one), we cannot watch Netflix when using Speedfusion.
  • Prioritization depends on use case. We really want to change the priority of WAN connections based on the particular use case, and route as much traffic as possible over lower cost connections. Speedfusion’s approach of unbreakable access is great for mission critical applications, but too expensive for other use cases.

The basic approach we’re following here is to create a number of WiFi networks and associate each network with a particular use case. A user will select the right network for the objective they have in mind. As follows:

Let’s look at each rule in a bit more detail:

Beastie-vpn: Best-quality (expensive) network with Speedfusion bonding

This outbound policy is linked to WiFi network ‘Beastie-vpn’. It is used when we truly want highly reliable, ‘unbreakable’ Internet. For instance when we do video conferencing, WiFi calling or for regular web browsing that is not expected to consume a massive amount of data. It is the most expensive because bonding creates a roughly 19% increase in overall data consumption. It’s the price to pay for increased reliability.

Here’s how we configured Speedfusion:

We chose dynamic weighted bonding as this is a better algorithm when cellular connections are involved. In our set up, the Starlink and Verizon iPad connections are preferred and bonded together (both have priority 1). The Google Fi link is configured as a hot failover (lower priority 2).

Beastie-guest: the advantages of Speedfusion bonding, but without Google Fi

For our guests, we designed a specific network with the advantages of bonding together Starlink and Verizon, but we removed the Google Fi/T-Mobile hot failover, since that is our most expensive network that eats into our personal phone allowance.

How did we create two tunnels over the same Speedfusion connection? Simple. On your local Peplink router, click on the Speedfusion profile name, then click on the question mark in the top right. Click on the link to create multiple tunnels. Set up each sub tunnel as described above.

Then, log in to your Fusionhub appliance and use the same process to create the same 2 tunnels. The IDs of the tunnels have to match with the IDs of your Peplink router tunnels. There is no need to describe the WAN connections to be used since that is controlled by the local router.

Beastie-streaming: Video streaming network

For video streaming to work, we cannot use a VPN, and prefer not to use our Google Fi SIM cards. So we only rely on Verizon and Starlink. We put Starlink as highest priority (because it’s truly unlimited) and Verizon/iPad as second priority.

Beastie: High-quality (expensive) network

Our fourth WiFi network (“Beastie”), is the one used by all the sensors, smart devices and servers in the RV. Our Home Assistant and Victron servers are connected to this network. We have found that putting Starlink in the mix creates unreliable connections, especially when trying to connect to the network from outside the RV. So, in this case, we put Starlink as the lowest priority connection.

Learn More

This is a pretty technical subject and it doesn’t help that the Speedfusion technical documentation is pretty poor. These external sources were very useful:

Leave a Reply

Your email address will not be published. Required fields are marked *