VPN and then two Dlink IP Cameras?

[Bamsefar]

So I have, yet again, open up my AX88 for OpenVPN - of course that works perfect.
Then I have two rather old D-Link IP cameras. They like to call "home" so I stopped that in the GUI (which will create a DROP everything kind of IPTables filter I guess).
However that also seems to stop me from connecting from my VPN device to the IP cameras. They are on different subnets of course.

Am I thinking correct that I will not be able to connect to the two IP Cameras, since they are not allowed outside the subnet due to not allowed to connect to internet? like VPN on 10.8.x.x and IP-camera on 192.168.1.100 - and that is not simply possible when one stops the IP Camera from connecting internet?

 

[RMerlin]

Try using Parental Control instead of a firewall rule, not giving them any allowed Internet access periods.

 

[dosborne]

You could also add a route entry to allow access to 10.8.x.x

 

[Bamsefar]

I have validate that turning on internet access for (one of my) ip camera will allow me to connect from inside over VPN. So clearly the IPTables filter is the reason for not being able earlier.

Will try RMerlin suggestion later today.

@dosborne - not sure how to do this, could you help me?

 

[System Error Message]

So I have, yet again, open up my AX88 for OpenVPN - of course that works perfect.
Then I have two rather old D-Link IP cameras. They like to call "home" so I stopped that in the GUI (which will create a DROP everything kind of IPTables filter I guess).
However that also seems to stop me from connecting from my VPN device to the IP cameras. They are on different subnets of course.

Am I thinking correct that I will not be able to connect to the two IP Cameras, since they are not allowed outside the subnet due to not allowed to connect to internet? like VPN on 10.8.x.x and IP-camera on 192.168.1.100 - and that is not simply possible when one stops the IP Camera from connecting internet?

You can do custom routing on the router, but i would still ditch the dlink cameras because its dlink, they're horrible in security and at one point if you got a camera that was returned, the previous guy could see you.

You can do a blanket block or you'll need RMerlin's firmware for the custom filters to specify the routing for the device (or just simply block its internet access) which is what i like about configurable routers, easy to do that on them.

This isnt the first time dlink has seen to be improving security, they did it before and had huge security leaks and vulnerabilities that it simply wasnt worth the effort to look at them, even their hardware quality sucks.

 

[Bamsefar]

Well I would love to change to say Netgear Arlo - however I refuse to be dependent on the cloud. I would like just simple IP Cameras, that well just works.

 

[grifo]

IMO the best way to do this is to use Skynet's IOT devices blocking feature.

It will prevent the devices from accessing the Internet (while giving you the ability to open selected ports, for example to allow the cameras to send you motion detection email alerts) but it allows full access to them from the VPN subnet.

You can access it from Skynet's main menu with options 11 --> 11, ban the cameras IPs and optionally allow any ports you may want open.