Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSEC VPN Configuration, restrict access.

    Scheduled Pinned Locked Moved IPsec
    2 Posts 2 Posters 874 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      TomT
      last edited by

      Hi

      I'm looking to setup an IPSEC VPN to allow my son remote access to home, but only to one device.

      My pfSense box is setup as:

      WAN
      LAN 192.168.100.x
      OPT1 10.10.100.x
      OPT2 Unused.

      The above is working fine.
      My son is setting up a NAS at home, that he can access when back at his dorm.

      Ideally I want the VPN to only have access to that NAS and no other devices on LAN or OPT1

      I'd thought about assigning 172.16.100.1 to OPT2 and 172.16.100.100 to the NAS
      Add a rule to OPT2 to stop OPT2 from accessing LAN and OPT1 and vis versa.

      When I setup the IPSEC VPN can I assign that a 172.16.100.x IP Address ?
      Can a rule be setup to only allow access from the VPN to 172.16.100.100 (NAS) ?

      I'd be grateful for any pointers doing this.

      Thanks

      1 Reply Last reply Reply Quote 0
      • J
        jrsphoto
        last edited by

        Its been a while and you likely already figured this out but What I would do is add rules to the firewall for IPSec, reducing the access to only the NAS box.  The SOURCE address would be LAN NET and the DESTINATION address would be "single host or alias", with the hostname or ip address of the NAS box.  Make sure to allow all protocols/ports to this device to keep the rule simple.

        John

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.