Connecting to VLAN devices

  • I have setup a VLAN for all my Surveillance cameras. When I'm connected to my wifi I can access all cameras with no problem. But when I plug in to the Ethernet port to my network and turn off my wifi I can no longer connect to any camera.
    Would this be a firewall rule?

  • LAYER 8 Global Moderator

    Are you plugging into the same vlan as your wireless network or some other network. How are you trying to access your camera(s)?

    Via some layer 2 discovery protocol - via IP, via some name? What port?

    Out of the box pfsense lan rules are any any. So if you created another network/vlan your lan rules would not block you from accessing anything be it the internet or some other vlan/network attached to pfsense.

  • Think I got it. Seems like my LAN card in my laptop locked up. I did a restart and now I can connect to all IP's on the VLAN.
    Now which way is the best to setup the firewall rules? I don't want the VLAN to have access to the internet and I dont want the internet to have access to the VLAN. But I still want access internal.

    This is what I have done for firewall rules. Hope it right.


  • LAYER 8 Global Moderator

    The 1st rule allows your surv net to access lan net.. But the 2nd rule is pointless - there would never be inbound traffic into the surv interface from lan net IP range..

    To be honest if all you want to do is access surv net from lan net - and you don't wan surv net to go anywhere or do any sort of internet then you need zero rules on surv interface.

    Your lan net any any rules would allow your lan to talk to surv net.

  • Perfect. Deleted both rules and all is good.

    Thank you for your help :)

  • LAYER 8 Global Moderator

    great, enjoy your new vlan and isolated cameras..

  • Thanks for your help before.
    Just wondering if you could help with a little more on my vlan for the cameras.

    I have a Amcrest NVR that records 24/7 and is accessible through a p2p connection. Now I know that the cameras are isolated from the internet and that no longer works is there a secure way so I could still login to the NVR to view the cameras when I,m outside my network?

    I have a OpenVPN connection setup already. Is there way to do it through the VPN or would you suggest something better?

  • @dayve said in Connecting to VLAN devices:

    is there a secure way so I could still login to the NVR to view the cameras when I,m outside my network?

    In my experience with the recorders is they have 2 ports, one for the cameras and one for remote access. Does yours have that?

  • @jknott It only has one port.

  • @dayve said in Connecting to VLAN devices:

    @jknott It only has one port.

    Then you'll have to set up a route to the camera VLAN. Since you want to be able to access it when away from your network, you could use a VPN and only allow that address to be forwarded to that VLAN.

  • @jknott
    Thanks. That's what i was thinking. Now I just need to figure out how to do that.

  • LAYER 8 Global Moderator

    When you say you have vpn - not talking about some vpn service you have to hide your shit from your isp. Talking about a remote access vpn.

    This is how you access your camera's while you are remote..

  • @johnpoz

    Yes its a remote access vpn.

  • LAYER 8 Global Moderator

    well then if your on your vpn and you have listed your vlan as a local network in your vpn config - you would be able to access it while on your connected to the vpn. As long as this vlan network does not overlap with your vpn clients local network, and or its not the same as your tunnel network used in your vpn connection.

    example - these are 3 of my vlans I can access while connected to my vpn


  • @johnpoz
    Sorry I was out of the country for a few weeks. Would have been nice to have this working before I left.
    Got it now. Just had to add the subnet in like you said.

    Thank you.

  • @johnpoz

    Hey John,

    You were so helpful before. Could I ask for some more help?

    I'm trying to setup a VPN with Nordvpn service that I subscribe to. The Nordvpn client services is up and running on pfsense.

    What I,m trying to do is a separate Wifi ssid on my unifi ap controller with a VLAN 60 to route just to the Nordvpn. Setup of the unifi was easy and working.

    What would be the next steps to pfsense to have this work?

  • LAYER 8 Global Moderator

    Setup vlan 60 firewall rules to use your vpn gateway..

Log in to reply