Connect NAS folders via VPN tunnel and limiting access to a specific add-on

Hey everyone,

I’m in the process of setting up my Home Assistant to have read-only access to shared folders on my remote Synology NAS through its VPN tunnel. The OpenVPN server is up and running on the NAS, and I can connect to it using Tunnelblick on my MacBook.

Steps in my mind:

1. Configuring Home Assistant to connect to the VPN tunnel and only redirect traffic with the target IP address to the tunnel.
2. Automating the mounting process so that these folders are always accessible to Home Assistant. (e.g. can survive after restart)
3. Limiting access to these folders to a specific add-on in Home Assistant (e.g. only allowing Immich add-on to read photos from the NAS).

I believe 2 can be done with the “Add network storage” feature but I am not sure if 1 and 3 are achievable. If anyone has experience or advice on setting this up, particularly with NAS over a VPN tunnel, I’d really appreciate your input!

Thanks in advance!

1. VPN tunnels can be set to disable the default gateway and block access to local sites.
   This is often the default recommended setting, but if you allow local access and do not disable th normal default gateway, then it should only send data through the VPN tunnel that is intended for hosts in the opposite network.

2. This should be handled on the NAS.
   Make a new user with just those rights and use that user in the addon.