Correct way to only allow my cellphone-openvpn to view LAN side ip cams

  • I have a working openvpn connection from my cell phone (wifi turned off) to my LAN(s) to view my IP-cams, so i can view them when away from home (but within a local area...i don't travel far). It's the only occasion I would like to permit any access into my network from the outside. my IP-cams are on a separate LAN and aren't allowed internet access. To get this all to work I did this:

    0_1539387483928_Screenshot (3).png

    The "OpenVPNPort" is just one port.

    my question is...Is this the proper way of handling this from a security standpoint? is permitting in the north america list to that available port too broad? I don't know if my phone IP (via verizon) is static, and if i should just forget the geoip north america permit rule and allow the phone IP address only? I use pfblocker with many of the ip lists and feeds, paid Snort subscription lists , and suricata (WAN firewall rules screenshot below).

    0_1539388232124_Screenshot (4).png

    When i "disable" the list action for the list containing north america, i cannot access my cam's outside of the home. Is there a better (more secure) way of doing this or am i on the right track. Thank you in advance!

  • Your IP could be static with Verizon if you pay them $500 for the privilege. Alternatively you’ll be on a dynamic address and the best you could do is the whitelist Verizon’s IP ranges.

  • Thank you.

Log in to reply