IPSEC VPN Configuration, restrict access.



  • Hi

    I'm looking to setup an IPSEC VPN to allow my son remote access to home, but only to one device.

    My pfSense box is setup as:

    WAN
    LAN 192.168.100.x
    OPT1 10.10.100.x
    OPT2 Unused.

    The above is working fine.
    My son is setting up a NAS at home, that he can access when back at his dorm.

    Ideally I want the VPN to only have access to that NAS and no other devices on LAN or OPT1

    I'd thought about assigning 172.16.100.1 to OPT2 and 172.16.100.100 to the NAS
    Add a rule to OPT2 to stop OPT2 from accessing LAN and OPT1 and vis versa.

    When I setup the IPSEC VPN can I assign that a 172.16.100.x IP Address ?
    Can a rule be setup to only allow access from the VPN to 172.16.100.100 (NAS) ?

    I'd be grateful for any pointers doing this.

    Thanks



  • Its been a while and you likely already figured this out but What I would do is add rules to the firewall for IPSec, reducing the access to only the NAS box.  The SOURCE address would be LAN NET and the DESTINATION address would be "single host or alias", with the hostname or ip address of the NAS box.  Make sure to allow all protocols/ports to this device to keep the rule simple.

    John


Log in to reply