Installing Peplink FusionHub on Vultr (Pre-8.5.1)

Peplink offers ready-to-go images/templates for FusionHub for various platforms including AWS, Azure, VMWare, and even a RAW image. However, some VPS platforms (including Vultr) don't support these images out of the box. In this article we will go through installing FusionHub on a Vultr VPS to save you the headache of figuring out the pitfalls on your own. 

 

What You'll Need

  • A Vultr account
  • A FusionHub license
  • About an hour of time

Upload the FusionHub Image to your Vultr Account

Currently, the only straightforward-ish way to get a FusionHub image into your Vultr account is to create a snapshot from the FusionHub RAW image. 

  1. If you don't already have a Vultr account, create one
    FTC Disclosure: We may receive a commission if you sign up for Vultr using this link.
  2. Log into your Vultr account
  3. Follow the process below to upload the FusionHub image into Vultr:

Create a VPC

You will need to create a virtual private cloud (VPC) if you don't already have one. Even if you do have one, we recommend creating/using one specifically for network appliances. We recommend using VPC 2.0. If you already have a VPC you wish to use, you can skip to the next section.

 

Configure Firewall Rules

There are quite a few firewall rules that need to be created an applied to the VPS that you will be creating next. You can find the rules we will be creating in section 2 of an article from Venn Telecom. I've extracted the data here, but big hat tip to the team at Venn for posting this in a simple chart!

 

Mandatory  
UDP 4501 PepVPN / Speedfusion Data
TCP 32015 PepVPN / Speedfusion Handshake
TCP 5312 Web Admin Interface (*)
Optional Only in some specific cases or when debugging needed.
TCP 2222 Direct Remote Access for Troubleshooting Assistance
TCP 5246 Used when TCP 443 is not responding
UDP 5246  Incontrol Data Flow
UDP 4500 PepVPN / Speedfusion Data
UDP 4505 PepVPN / Speedfusion Data
UDP 32015 PepVPN / Speedfusion alternative Data
TCP 443 Web Admin Interface (*)

(*) port 443 must sometimes be authorised during Setup Process but can be removed when Fusionhub Server is configured to accept https connection on port TCP 5312, which is the standard configuration automatically pushed at the end of the Fusionhub installation process.

 

We will now create a Firewall Group for FusionHub that will be applied to our VPS:

If you would like to further restrict access to/from your instance, you can allowlist the IPs for InControl2 and other Peplink services. See the Additional Resources section for a link to Peplink IP addresses.

Create a VPS

Once your snapshot, firewall group, and a VPC is created, you can finally provision your server!

You can choose from multiple server types (dedicated CPU, bare metal, shared CPU, GPU, and more), but for this purpose we will use a Shared CPU instance as FusionHub is relatively lightweight on resources. If you are terminating many IPSec tunnels or doing a significant amount of filtering here (which isn't really possible on FusionHub anyway), be sure to choose a machine that is a bit beefier than the minimum requirements. 

Configuring your VPS to run FusionHub properly

FusionHub's image is proprietary and doesn't properly support UEFI. In the steps above we did not enable UEFI, but there are a few more changes to allow FusionHub to boot properly. Unfortunately, this requires contacting Vultr's support team. Don't fret! Vultr has top notch support and usually responds within 30 minutes (at least for me!). 

Open a ticket with Vultr

  1. Click Support in the left menu of the dashboard
  2. Click "Open Ticket" on the secondary menu on the left
  3. Click "Did you find what you need? If not, click here to open a ticket."
  4. For the Category, select "General Support"
  5. Under Server, select the VPS you just created using the FusionHub snapshot
  6. For Subject, enter "Disable UEFI"
  7. Finally, for Message, we use the following text:
  8. Click "Open Ticket"

Once support informs you that this has been completed, visit the public IP address of your FusionHub instance to verify you get the FusionHub login screen. DO NOT login at this point. 

h/t to Paul Mossip for working this in detail with Vultr support and providing the Peplink community with the ticket referenced above. This has saved me and others countless hours of work. 

Create a New Snapshot

We don't want to bother Vultr Support every time we spin up a new instance, so we take a snapshot of the "fixed" VPS so we can easily boot additional FusionHub environments that are already fully working. In order to do this, we will create a snapshot of the "fixed" VPS and delete the RAW image snapshot we made earlier. 

Congratulations! That's it! Enjoy FusionHub :) 

 

Additional Resources



Have more questions? Submit a request