Hey y’all,
I know this has gotta be pretty simple, but my firewall-fu is poor.
I’m just trying to give my phone access to a single server on my LAN when away. I have OpenVPN set up and can connect to my home network while away, but I’ve set it up on a different subnet. I want to allow access to one machine on the LAN.
Specifically, 10.0.0.36 should be visible to VPN connections (10.0.2.0).
Any help would be GREATLY appreciated!
First, I’m making no claims this is the best way to do it, but it is the way I do it.
So, assuming I understand what you are asking, You want to set up a VPN server that can ONLY access one IP address on your home network and no other network access?
If this is the case, go into your firewall rules and select your VPN VLAN tab. Disable the default rule that allows access to ‘Any’. Create a rule that that blocks access to ‘Any’:
Right above this rule, you’ll then want another rule to allow access to the single IP address.
This should restrict VPN access to a specific IP address and even a single port of your choosing.
If you still want internet access trough your home internet while only being able to access a single server, instead of disabling the default rule ‘access to any’ and creating the rule denying accesses to any, you will need to make a rule to block access to any local VLANS you have and put it below the rule that allows specific access to your server. Pfsense always follows rules in order from top to bottom so the order is important.