PepVPN behind internet router, setup routes to VPN from LAN

What do I need to configure on the ‘internal pepwave’ to access devices behind the ‘external’ Pepwave from the PC on the LAN of the internet router through PepVPN?

image

VPN profile: Star, rest default settings (I wasn’t too sure so left everything as is).

  • I’ve set up a static route on my ‘internet router’ i.e. all traffic for 10.50.135.0/24 is forwarded to 192.168.1.10. I tested this with mtr/traceroute and see traffic die at 192.168.1.10 (from my PC)

I expect that because traffic will flow through the WAN port of the Pepwave, I need to open up traffic coming from my LAN range (192.168.1.1/24). I didn’t find where to configure this, is it possible?

Setting up a specif static forwarding rule on the internal Pepwave to forward for example SSH to a specific host in the network of the external Pepwave was successful, but that way I would need to keep updating configuration which is not desirable.

What settings should I look at? an example would help.

Thanks so much,
Aias

Hi! Welcome to the forum.

  1. Set WAN of Internal Pepwave (192.168.1.10) to use IP forwarding instead of NAT - this will allow inbound routing of traffic without needing NAT rules.
  2. Add a static route to the internet router for 10.50.130.0/24 with 192.168.1.10 as the next hop. So devices on 192.168.1.0/24 know where to send the traffic.
  3. Set Outbound policy on external Pepwave to send traffic for 192.168.1.0 over PepVPN. So that traffic for 192.168.1.1 is not sent out over the External Pepwave WAN.

Instead of 3 above you could modify OSPF on the internal Pepwave so that it advertises the WAN subnet automatically to the external Pepwave. This can be a better approach when you have lots of external Pepwave devices and/or when the LAN segment on the internet router might change.

2 Likes

Great that works fantastic, this’ll make my life supporting 800+ remote pepwaves (with devices behind it) much easier . In case anyone else wonders, as the option in item 1 is hidden:


Above was found by clicking the WAN details button in the main dashboard, there’s a link to un-hide IP Forwarding which’ll give you selection for IP Forwarding and those options.

1 Like

and the OSPF change was the following:


Notice Network advertising set to WAN.

Glad that came right. There are lots of things that help with managing larger numbers of devices in IC2 especially. Do shout if you have any challenges.