ok, I'll add the first 2 rules.
For the second 2 rules, I'm surprised that this is needed. The two ERs are replacing 2 Peplink routers with a VPN between them and i never needed any change on any PC.
Isn't it so that when the PC does not know what to do with an adress it sends it to the router who tries whatever it can?
Thanks,
