PepVPN and pptp VPN


#1

hi,

I have two b20 (local & remote) and a pepVPN between them.

On the local b20, I have two LANs.

On the local b20 I have a pptp VPN server activated, to allow remote access.

Now that i have setup pepVPN between the two routers, i’m not able to connect anymore to the main LAN remotely via pptp VPN but i founf out that i can connect to the LAN on the remote site!!!

I must be missing something somewhere… Any recommendation on what I should check to investigate further?

thanks,


#2

Hi,

Please ensure you have enabled Inter-VLAN routing (Network > LAN).


#3

Ok, just did it, on my main LAN and it works.
Thank you very much.

One question to be sure : should I activate interVLAN routing on each LAN or just one is enough?
And a second one : does this open a way for my second LAN to see one way or the other the main LAN? I don’t want that at all…

Thanks,


#4

First of all, enabling InterVLAN route for LAN (Untagged VLAN) is just a temporary work around to allowing PPTP client access to LAN (Untagged VLAN). Known issue reported for firmware 6.2.X whereby InterVLAN routing for LAN (Untagged VLAN) need to enable to allow PPTP client access to LAN (Untagged VLAN). This will be fixed for firmware 6.3.0 and InterVLAN routing doesn’t require for PPTP access to LAN (Untagged VLAN).

If you require PPTP access to VLANs other than LAN (Untagged), you need to allow InterVLAN route for those VLANs.

And a second one : does this open a way for my second LAN to see one way or the other the main LAN? I don’t want that at all…

The recommended solution to have such comprehensive VLANs access control is using “Firewall Access Rules” instead of InterVLAN routing. You should defined “Internal Network Firewall Rules” to block InterVLAN traffics.

For more information regarding to “Internal Network Firewall Rules”, please refer to the screenshot below:


Thank You


#5

Ok, first point is very clear and very welcome. I like it this way. Thanks.

By the way, if PepVPN could behave the sales, it would look good to me:-)

On the need for blocking inter VLANs traffic, i thought that by default two different LANs would not be able to talk to each other? I guess this is still true (provided that i don’t activate intervlan routing). Is this correct?


#6

Hi,

You are right, if Inter-VLAN routing is not enabled for the VLAN, routing are not allowed between the VLANs.

Consider the example below:

Untagged VLAN - Inter-VLAN routing enabled
VLAN 1 - Inter-VLAN routing disabled
VLAN 2 - Inter-VLAN routing enabled

Untagged VLAN <–> VLAN 2 are Interconnected
Untagged VLAN <–> VLAN 1 are not connected
VLAN 1 <–> VLAN 2 are not connected

Do note that on top of the Inter-VLAN routing feature, you still have “Internal network Firewall Rules” for the comprehensive control access between the VLANs.

if PepVPN could behave the same, it would look good to me:-)

This is scheduled feature for firmware 6.3.0, whereby you can have custom routing setting to decide which network need to be inter route between the PepVPN peer.

For now, do consider to use “Internal network Firewall Rules” to block the PepVPN traffics between the PepVPN peers.

Thank You


#7

Hi,

I just saw the Release Notes for 6.3.0 and I’m not able to locate a mention of the feature you refer to in your message “whereby you can have custom routing setting to decide which network need to be inter route between the PepVPN peer”? Is it that it did not make it in 6.3.0?

Thanks,


#8

Hi,

The feature is available v6.3.0 - Network > OSPF & RIPv2 > OSPF > 0 (This is available is SpeedFusion/PepVPN is established) > Network Advertising. You can choose which network to advertise to SpeedFusion/PepVPN peers.


#9

ok, just upgraded to 6.3 and configured OSPF area 0 as you recommended. It seems to be ok. Thanks a lot.