MAX BR1 - restrict PepVPN to wifi AP

I’m using a MAX BR1 at my home to maintain a PepVPN connection to the office, which works great. However, I’ve had to use a number of firewall rules to try (probably somewhat unsuccessfully) to selectively filter what can/can’t access the office network ( and vice-versa at the office). I’d much rather set up an identical SSID as the office on the BR1’s AP (which is currently disabled as I use eero wifi devices at home) and restrict the PepVPN connection to that. I would love it if devices on that network would get DCHP from the Balance 20 at the office instead of the BR1 (I think this would make connecting to the Windows Server box a lot simpler) but even a locally-assigned IP would work.

How would I best go about setting this up?


Can you provide a simple network diagram that appearance the office network setup (B20) ?

Beside that, can you let us know which office network devices is not allow accessing by the home device (BR1) ? and how many type of network devices in home network that allowing to access the office network ?

Thank You

Sorry for the long delay! Diagram below.

Basically, what I’d like ideally is for the server at the office to be able to communicate with two laptops when they’re on the work-specific WiFi (via PepVPN) at home, and vice-versa. I don’t want any other devices at the office to communicate with my home network, nor do I want any other home devices to communicate with the work network. I know firewall rules are an option, but I have to keep updating that when devices change (somewhat regular for me at home). Essentially, I just want these two laptops to think and act like they’re at the office.

If I could restrict the PepVPN connection to just the MAX BR1’s AP that’d be fantastic…

Edit: Just to be clarify, I don’t care what devices at the office can communicate with the 2 work laptops at home. I just don’t want ANY work devices to access the rest of my home network. Same for my normal home devices. I want only the laptops on the office Wi-Fi SSID to communicate with the office via PepVPN. Hopefully that’s clear.

There are 2 options to achieved this.


  1. Create Vlan on BR1

  1. Create SSID on BR1

Option 1 - Limit the network advertisement on BR1

  • Only Work subnet will be advertised to office. Hence, Home subnet will not able to communicate with office network and vice versa.

Option 2 - Using Internal Firewall Rule to block Home subnet to access Office subnet

  • This is just an one time implementation.