I’m sure this will be an easy answer for someone. I’ve read many of the other topics on PepVPN in the knowledge base, but haven’t seen this one directly answered. Other users (Martin and Don) have provided great information on firewall rules and setting up PepVPN.
I’m in the process of slowly getting a PepVPN connection going between a SOHO and Balance One. I was having issues getting them to establish a connection over the internet, so for the time being, I’ve moved them both to a local router to help eliminate that as a potential issue.
I have a PepVPN connection now being established between the SOHO and Balance One. The SOHO and Balance One both have multiple VLANs defined. I can see the OSPF information show up on the PepVPN Status screens for each of the VLANS.
I can ping from the Balance to the IP address on the SOHO defined on the VLAN. But I can’t ping from the Balance to the IP address of a device on any of the VLANS. I believe this comes down to internal firewall rules (discussed greatly earlier by Martin and Don in one of the posts).
The rules are fairly strict on the SOHO and Balance One. The Internal Network Firewall Rules is where I believe my issue is at. The default rule is DENY and there is a handful of ALLOW rules. I believe this is preventing the communication. Martin mentioned how the default rule is ALLOW when the default settings are used. I’m on the side Don represents, where this is set to DENY and I know rules have to be created to allow specific traffic.
Here’s the big question. Let’s say there’s a machine on VLAN “A” on the SOHO trying to view a web page on a machine on VLAN “B” on the Balance One, are the Internal Network Firewall Rules checked on BOTH the SOHO and the Balance One? Or are the rules only checked when the traffic leaves the SOHO or when it arrives at the Balance One? I did not get a chance to test this situation this week and it’ll be another week or two before I have the opportunity to do so. I was looking to see if I could get a little more background before attempting the testing.