How to block Internet access for some devices but allow connections through VPN?
-
I want to block some cams so that they have no Internet access and are only accessible through OpenVPN.
Any tutorial or how-to out there?
-
The easiest way is to put them on their own subnet and use the firewall rules to block them from anything but the VPN. You'd need either a separate interface or VLAN to do this in pfsense.
-
@jknott
So its not easy :-)
I never did something with VLANs -
A VLAN is just a way to logially separate networks. A VLAN appears as though it were a separate network. You can add a VLAN to pfsense and configure a subnet on it. You then use a managed switch to control where the VLANs appear. VLANs are commonly used for things like sharing a LAN connection for a computer and phone, with them on different subnets. Another common use is for a guest WiFi connection to an access point. If you can configure an Ethernet port, you can configure a VLAN.
-
I have 2 camera rules. One allows them to talk to another subnet and the 2nd blocks the internet. Maybe something similar for a VPN. Order is important.
-
If all the cameras are on the same subnet, that rule that lets them "talk" to each other will never be used.
-
Another possibility is to put all the cameras into a subset of the subnet, so that anything within that subnet can be filtered.
-
Wireless200 was a test AP directly off of the FW. Without the rule they could not talk to anything on it. The cameras are not on wireless200.
-
Easy.
Set fixed ip on the cam
Make alias (hosts) for the Cams
Block access to Wan for alias
Select any protocol
DoneThey are now not allowed to Wan
Can still be accessed via VPN
