Peplink Firmware 8.5.3: New Features, Fixes, and Why You Should Upgrade

Peplink has officially released Firmware 8.5.3 (September 12, 2025), bringing a host of improvements, new features, and critical fixes across a wide range of supported devices. Whether you rely on Peplink Balance, MAX, UBR, B One, MediaFast, or enterprise-grade SDX/EPX routers, this release offers significant enhancements to stability, performance, and functionality.

In this post, we’ll cover the key new features, important improvements, and major fixes, along with real-world examples of how they benefit Peplink users.

Key New Features in Firmware 8.5.3

1. BGP over Route-Based IPsec

• What it means: Border Gateway Protocol (BGP) can now run over route-based IPsec tunnels.
• Why it matters: Businesses running multi-WAN or multi-site deployments can now dynamically exchange routing information between encrypted IPsec tunnels.
• Example use case: An enterprise with multiple branch offices using IPsec tunnels for security can achieve automatic route updates across sites, improving failover and network resilience.

2. Docker Support for Tunneling

• What it means: Docker containers can now use /dev/net/tun, enabling tunneling inside containersfirmware-8.5.3-release-notes.
• Why it matters: IT teams deploying custom applications (such as VPN clients, monitoring tools, or proxies) inside Peplink devices can now run containerized network tunnels.
• Example use case: A managed service provider could deploy a custom OpenVPN container directly on a Peplink device, avoiding the need for external servers.

3. Starlink Enhancements: GPS Receiver & Forwarding

• What it means: When Starlink WAN is enabled, devices can now use the GPS receiver and forward GPS datafirmware-8.5.3-release-notes.
• Why it matters: Mobile and maritime users running Starlink can now pass accurate GPS data into fleet management or tracking systems.
• Example use case: A trucking company using Starlink as backup connectivity can also leverage GPS for real-time vehicle tracking.

4. InControl-Based Cellular Site Surveys (5G)

• What it means: Connection Test in InControl now scans nearby cellular towers, providing deeper network visibility.
• Why it matters: This helps organizations optimize SIM selection and carrier choice in areas with multiple networks.
• Example use case: A construction site can run a site survey to decide whether Verizon, AT&T, or T-Mobile offers the best 5G signal before deployment.

5. Expanded DPI (Deep Packet Inspection) Protocols

• What it means: The DPI engine now recognizes additional apps and services such as Sonos, NordVPN, Surfshark, Temu, Paramount+, and Generative AI trafficfirmware-8.5.3-release-notes.
• Why it matters: More granular control for QoS (Quality of Service) and application blocking.
• Example use case: A school can now prioritize Zoom and Teams traffic while restricting Temu or Shein during class hours.

6. IPv6 Passthrough for B One Series

• What it means: B One routers can now handle IPv6 traffic more natively.
• Why it matters: Future-proofing as more ISPs and enterprise networks adopt IPv6.
• Example use case: A home office using Comcast IPv6 can pass traffic seamlessly without manual configuration.

7. Multiple NTP Servers & Logging Improvements

• What it means: Devices can now sync time with multiple NTP servers and log more detailed events (like power-off times or HA sync failures).
• Why it matters: More reliable logs for troubleshooting and compliance.
• Example use case: A bank using Peplink for branch connectivity ensures logs remain consistent even if one time source fails.

Improvements in Firmware 8.5.3

• Switch Controller Enhancements – Switches can now preserve VLAN/Port settings when coming online, reducing reconfiguration work.
• Remote User Access – DHCP reservations can now be tied to usernames, making remote access sessions more consistent.
• RADIUS Authentication – A secondary RADIUS server can now be used for both Web Admin and wired 802.1X fallback.
• Cellular & SIM Management – Enhanced handling of eSIM download confirmations, SMS length, and private SIM profile enforcementfirmware-8.5.3-release-notes.

These improvements help IT teams simplify deployments and minimize downtime.

Major Fixes in Firmware 8.5.3

This release also addresses critical bugs and stability issues:

• Wi-Fi Stability – Fixed issues with Wi-Fi WAN roaming and dropped connectionsfirmware-8.5.3-release-notes.
• Cellular Connectivity – Fixed problems where certain 5G and LTE-A SIMs failed to connect on global roaming networks.
• Outbound Policy Reliability – Corrected misrouting when “Least Used” policy was active, preventing traffic imbalance.
• InControl Sync Issues – Fixed scenarios where InControl could not apply configurations or where synergized devices showed offline status.
• Security Patch – Addressed CVE-2025-26466, ensuring protection against known vulnerabilities.

These fixes significantly enhance network reliability, security, and performance.

Known Issues (What to Watch Out For)

• Switch Controller VLAN Issues – Some VLAN external access settings may still cause devices to go offline.
• Docker Limitation – Containers cannot run if no DHCP server is active.
• YouTube QUIC Traffic – Blocking may not work if YouTube is using QUIC.

Peplink has documented these issues and continues to work toward fixes in future releasesfirmware-8.5.3-release-notes.

Why You Should Upgrade

Firmware 8.5.3 is more than a maintenance release. It expands Peplink’s support for modern applications (Docker, IPv6, Generative AI), strengthens Starlink integration, enhances security, and fixes long-standing issues.

For IT managers, MSPs, and businesses relying on always-on connectivity, upgrading ensures better stability, improved control, and future-proof networking. Questions? Reach out to the Peplink Experts @ 5gstore!

There was a bug with firmware 8.5.2 that only impacted the EOL Balance 20X, which would cause random reboots. The only solution was to downgrade to 8.5.1. We have been testing 8.5.3 on the Balance 20X and will update after we have finished testing.