Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    VPN only for specific app?

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 4 Posters 594 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      hudri
      last edited by hudri

      Dears

      I have some security cameras, a NVR, a pfSense FW and mobile clients as well as within the LAN and in the internet.
      How do i need to set everything up, that the mobile clients outside my network can access the Cams/NVR exclusively via VPN, but all other traffic to the internet without any kind of VPN?

      f04167a5-0241-4cb1-8397-5adc15ef32ba-grafik.png

      I, for sure will need to set up Wireguard, openVPN, etc the usual way with the usual rules in my network and need to install the same on the external mobile clients.

      I assume, that, once VPN is activated on the external mobile client, ALL traffic on this client will be encapsulated.

      What I want is to encapsulate traffic only for one specific app on my (external) mobile device. E.g. the software to access my cameras, which is being provided by the vendor of the camera (Reolink, wyze, arlo, etc)

      tnx
      Hudri

      V J stephenw10S 3 Replies Last reply Reply Quote 0
      • V
        viragomann @hudri
        last edited by

        @hudri
        You cannot route the packets of specific apps through the VPN on the client, but you can route specific destination IPs through the VPN (split tunnel).
        So you have to route only your home local network to the VPN server, all other upstream traffic goes the default gateway.

        Any supported VPN on pfSense is capable of doing this. So simply decide which you like.

        1 Reply Last reply Reply Quote 0
        • J
          Jarhead @hudri
          last edited by

          @hudri The openVPN client lets you select which apps can go through the VPN but I'm a bit confused, are you doing this to give other people access to the cameras only or are you doing this for yourself?
          If other people, they would be able to change the setings on the client themselves so that wouldn't work for security purposes.
          If only for yourself, what difference would it make? It's your network, why not have access to all of it?

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator @hudri
            last edited by

            @hudri said in VPN only for specific app?:

            I assume, that, once VPN is activated on the external mobile client, ALL traffic on this client will be encapsulated.

            That's not necessarily the case, and it sounds like that's not what you want.

            As others have said you don't need to have clients use the VPN for all traffic. Just define only the camera/NVR IPs addresses as the local side of the VPN and that's all that will be routed across it.

            Steve

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.