Routing or firewall problem?

On my boat, I have a Balance One with an HD1 Dome, along with two other WAN devices. The Balance One has a PepVPN connection to a Fusionhub hosted in the cloud.

The Balance One is at 10.1.0.1 and the HD1 Dome at 10.1.2.1. The Balance is the DHCP server for 10.1.0.0/24 and the Dome is the DHCP server for 10.1.2.0/24. The WAN port on the Balance One is assigned 10.1.2.2. This configuration follows the relevant example in the Peplink manual for a SIM injector hanging of the LAN of the Balance.

Almost everything works. From home, I can connect to the Fusionhub via VPN and then talk to devices on 10.1.0.0, the Balance’s LAN. On the boat I can talk to the HD1 Dome at 10.1.2.1 (and of course to other devices on 10.1.0.0).

What I can’t do is talk to the Dome at 10.1.2.1 from home, i.e. over the VPN. Traceroute shows that packets for 10.1.2.1 get routed to the Fusionhub, but that’s it.

Is this a firewall problem or a routing problem? I’ve tried various changes to the internal firewall on the Balance and have tried adding a static route in various places, but I’m really shooting in the dark.

Any guidance would be much appreciated!

Its a routing topology/protocol issue.

Routing table of the boat is not being propagated to the Speedfusion tunnel.

Take a look at these options. I believe you want to do the Network Advertising selector and choose the WAN interface - in addition to your LAN. That should cause that both to be propagated to the rest of your speedfusion networks.

I would not make these changes “remotely” without a way to ensure I can still access the admin web page of the router in the boat - in case you bork your wan.

screen-shot-2022-08-09-at-4.png1902×1270 308 KB

Many thanks indeed. Problem solved!