Block certain IP addresses from access PepVPN / SpeedFusion End Points


#1

Hello!

I have PepVPN / SpeedFusion End Points setup between multiple offices.

Our main corporate office is on a Balance 305 and main network here is 192.168.127.x

I have a remote office (connected via PepVPN) which is 192.168.30.x. All sub/remote offices are Balance 20’s.

I have 4 users (by IP) I would like to give access to the 192.168.127.x network, but want to restrict the rest. Currently the entire 192.168.90.x subnet can access all of 192.168.127.x.

I have added the 4 allowed devices as static DHCP reservations, 192.168.90.106,.113,.123,.124.

I would also like to limit the 192.168.90.x subnet from accessing my other networks. My networks are as follows.

10.0.25.0/24, 10.0.32.0/24, 10.0.64.0/24, 10.0.128.0/24, 10.1.10.0/24, 192.168.10.0/24, 192.168.30.0/24, 192.168.40.0/24, 192.168.123.0/24, 192.168.127.0/24

I’ve attempted adding block rules at 192.168.90.1 to block all traffic coming from 192.168.90.x network to anything at 192.168.127.x, and then setup ALLOW rules for the 4 specific IP addresses (listed above), but it seems it never limits the traffic coming from anything on the 192.168.90.x subnet.

Ideas or best practices on limiting traffic across the PepVPN?


#2

This post seems to describe my exact situation. I suppose I will open a helpdesk ticket.

https://forum.peplink.com/threads/3020-PepVPN-Disable-peers-from-talking-to-each-other?highlight=PepVPN+block


#3

Hi,

Can you share which firmware you are using on B305 and B20?

Can I have the screen shot of Inbound and Outbound Firewall rules on B305 amd B20?


#4

Well, upgrading to 6.2.0 across all my PEP’s made all correct and work properly. 6.1.2 does have a bug that prevents blocking this traffic… All is good now at 6.2.0. Thanks Everyone!