All LAN subnets will be advertise to PepVPN peer. This is the design and expected behavior for PepVPN. You can’t prevent this at the moment. Anyway I understand where you come from. We will look into this.
Possible to enable NAT mode for PepVPN? Will this meet your requirement? NAT mode for PepVPN - By selecting this option, the remote unit VPN will be assigned with an IP address from the local DHCP server. All the remote side traffic via this VPN will go through Network Address Translation (NAT) using the assigned IP address.
This is an interesting topic, and a very useful thing to be able to have control over. It should be easy because OSPF has supported these capabilities for decades. Can we have and OSPF that behaves by default however you think best, but also offers us the option to take some more control? Network summarization, (without having to use NAT)
Selective subnet advertisement.
The ability to make an interface passive.
The ability to control which interfaces are included in the OSPF process.
+1 from me as well. I’m all for all routes being advertised by default (keeping PepVPN’s inherent setup simplicity), but sometimes a remote route is not valid for certain local hosts. The ability to enable/disable remote routes would save me a ton of workaround effort. Thanks!