Setup with pepVPN & security question


#1

hi,

I have a quick question on how to make my setup as “clean” and safe as possible. Bear with me, this might be a dumb question…

I have 2 NAS on different locations. One is a backup (rsnapshot) of the other one. I used to run that with rsync over ssh.

I have now put a second peplink b20 routeur on the backup location and my backup NAS is now “behind it”. Question what would be the right thing to do to prevent that anyone connecting a PC directly to one of the ports at my backup place would have access to the local network on my main place (via PepVPN)?
My backup location is decently safe, I’m not that worried, but the setup is not ideal as it is…

I thought about playing with the DHCP sever (disabling DHCP it and having the backup NAS with a fixed IP address or enabling it but serving only 1 IP address reserved to the NAS Mac address)?

I was wondering if there is a better way of doing this? Anyway I can protect my side of PepVPN link to accept communication only with the backup NAS?

Thanks in advance,


#2

Hi,

You can add Internal Network Firewall Rules on B20 at backup location as below.

Rule 1
Protocol : Any
Source IP & Port : Single Address, IP - <NAS IP>
Destination IP & Port : Any Address
Action : Allow

Rule 2 - Default Rule
Action : Deny


#3

thanks a lot for the answer, I’ll do that tonight.
Thanks again!


#4

Ok, so I tried the rule you suggested and I added a second one to allow any address to go to the NAS IP address as a destination, because with the proposal above, I was not able to access the backup NAS from the main side of the VPN anymore.

I hope it makes sense.


#5

Hi,

This is make sense! :up: