It has been a busy week for Peplink. Two things landed that are worth your attention if you run Peplink routers: an open beta of Direct Access Mode in the SpeedFusion Connect app, and Router Firmware 8.6.0 RC3. I have been running both, and the app feature is the one I would look at first.

Direct Access Mode: your router's LAN, straight from your phone

SpeedFusion Connect is Peplink's cloud service for secure remote access. Normally, when you reach a router or the devices behind it from the SFC app, that traffic is relayed through a cloud location. Direct Access Mode changes that. It lets the app connect straight to your router and reach its local network directly, with no cloud location in the path.

The practical effect is lower latency and a more direct route to the kit on site. If you are a field engineer who needs to reach a router's web admin or a device on its LAN from a phone, you now get there without backhauling through the cloud first. For day-to-day remote management, that is a real improvement.

Two things to know before you try it. The router needs a public IP address, so this will not work behind carrier-grade NAT. And it is an open beta: the iOS build is on TestFlight now, with Android to follow.

Setting it up

The router has to be on firmware 8.6.0 RC3 or later. In Web Admin you go to SF Connect, then Relay Mode, and under Device Access you set it to block all except an allowed list, then add your Peplink ID to the allowed app users. Sign in to the SFC app with the same Peplink ID and the router appears under the access your network admin has allowed. Connect, and you are on the router's local network. It is a sensible model: access is granted explicitly per Peplink ID rather than open by default.

One honest caveat from the known-issues list: if you have WAN Web Admin Access enabled, Direct Access Mode may not be able to reach the router's web admin or the devices on its LAN. That is the sort of wrinkle you expect in a beta, and exactly why it is in beta. Test it before you lean on it.

Firmware 8.6.0 RC3

Direct Access Mode rides on Router Firmware 8.6.0 RC3, the third release candidate for 8.6.0. A release candidate is the stage just before general release, so the feature set is settled and the work now is fixes and polish. RC3 itself is a small set of changes, which is what you want to see this late in a cycle. The full release notes list everything.

The fixes that matter most in RC3 are two security ones: a command-injection vulnerability in the command line, and a Web Admin vulnerability that could allow unauthenticated access to internal binaries. Both are fixed across all models. There is also a fix for SpeedFusion VPN profiles that could get stuck showing "Updating Routes" after a firmware upgrade, and a RemoteSIM stability fix. If you run RemoteSIM or lean on SpeedFusion, those are worth having.

Before you upgrade

Two things to plan for with 8.6.0. Some older hardware is not supported by it and stays on the 8.5.x maintenance track, so check your fleet before assuming everything moves up. And a number of models, including the BR1 Pro, BR2 Pro, the Transit Pro E and Duo Pro, the Dome Pro range and all the B One series, have to be on firmware 8.5.4 first before they will take 8.6.0. Neither is a problem if you know about it going in.

What I would do with this

Direct Access Mode is the more interesting of the two for most people, because it changes how you reach a site day to day rather than what the router can do. I would join the beta, set it up on a router with a public IP, and get a feel for the latency difference against the cloud-relayed path before relying on it for anything live. 8.6.0 itself I would treat like any release candidate: run it in the lab, confirm the fixes land for your setup, and wait for general release before it goes near production. Both are pre-release, and both are worth testing now so you are ready when they ship.