VPN Primer for Noobs

[SamSpade]

I just wanted to say thanks to you all here. Especially nayer and fenderman.

I was port forwarding, and went to VPN...

1. Bought a router (Netgear R7800).
2. Setup No-IP account.
3. On the router, turned on DDNS (linked DDNS to ISP issued IP Address)
4. Again, on the router, enabled VPN.
5. Downloaded OpenVPN and installed it on my Android phone.
6. Coaxed Netgear router spit out a *.ovpn file that had the key and certificate file to load into the Android phone.
7. Port forwarded PC hosting WebServer (BlueIris4) to Router.

Now I'm able to connect the Andriod phone - via OpenVPN - through the cell network, through the internet, to the router, and finally to the BlueIris PC --- so that I can view my cameras from my phone securely.

Now, I can watch my cats sitting on the couch, licking their cat stuff, and know that no one else can see them.

That and I'm not worrying about my camera's becoming part of a botnet wreaking havoc on the rest of the internet.

Note: In the above summary, I may not have used the correct terminology (and I really don't understand all that I've done) but it all seems to have worked.

Seriously, thank you all.

Edit: Oh, yeah, the summary above makes it out like it was simple... It was not! I spent hours and hours on it. All through Friday and Saturday way into the wee hours... From my perspective, for someone who has never setup a VPN before, it's not trivial.



sam

 

[mmdb]

i need some litle help if someone can tell me what im doing wrong with openvpn im getting this error messages .i have isp router modem speedport and second router asus Asus RT-N18U ..im tryid to do this all Friday Saturday and Sunday with no success ,when i call my isp provider to set primary router modem , in bridge mode i loose telephony and internet and at my work place where i install 5231s and nvr5216 16p have no cellphone signal at all so cant connect to internet with tablet to check what im doing wrong

 

[DavidDavid]

You should disable DCHP and I think Disable NAT on the first modem/router. You want that just to be your modem. You don't want it routing or assigning IP addresses. That probably explains why in the second picture you've got the WAN ip as the internal address. Change the WAN IP on your last picture from 192.168.1.2 to whatever your actually WAN IP address is.
www.whatsmyip.org

Give that a go and see how it works.

Because they're each handing out ip addresses, your first one is handing out 192.168.1.xx addresses and the second one is handing out 192.168.2.xx addresses. Those can't talk to each other, at least most likely not on the setup your trying to make work.

Why do you have two routers? Either disable routing on the modem, or just buy a standard switch to use if you need more Ethernet ports.

 

[DavidDavid]

Are you renting the modem from your ISP? If so, can you buy your own? If so, I'd suggest buying one that doesn't include WiFi or routing functions. It'll be cheaper plus Then you should be able to just plug your router into it and it should just work.

 

[mmdb]

thx davidavid ill give it try after work hours now im not allowed because here each pc is connected directly to tax payer office and each bill i make go directly there So cant be without internet ... i will change WAN IP but doesn't it ip change every day because i don't have static ip ?
i have router modem combo provided by my isp ..i don't know do i rent it but i assume i buy it with 2 year contract and i put other asus router so i can make openvpn so i can see my cameras remotely .

 

[mmdb]

what modem would you suggest ?

 

[DavidDavid]

OK obviously you got the second router because you want a VPN haha sorry... That's why your in the thread.

Check your bill to see if there's a "equipment charge" or fee. Not sure how Croatia does it but I was charged $7 a month to rent their modem. I found one on ebay for $22 last year and now I'm saving $7/month. If you're renting it would make financial sense to buy if they allow you. You'll have to check with your isp to see which ones will work for their service. They should be able to provide you with a list of acceptable modems. Buy one off of that list. If you aren't paying a rental fee, don't bother buying a new one.

Your WAN ip shouldn't be set by you. It should be set by the ISP. And when it changes the DDNS service will update that change for you.

 

[DavidDavid]

But to get it working for now just disabled DCHP and NAT on the modem/router. Then the only thing that will be plugged into the modem is your new router that's running the VPN. Everything else on your network will be connected directly to your new router.

 

[mmdb]

lol thx david david .i dont have any charge on router modem when i sign 2 year contract they sell me router for some 1 buck or so .i dont pay monthly for router modem ..
i got some error that i have double nat error message and it cant work...ill give it a go later after work hours...its really hard without cellphone signal so cant check anything on net

 

[Hound Dog 911]

My netgear router supports openvpn. However I am using Android to view remotely. I found an android app that supports tap tunnel. OpenVPN Client - Android Apps on Google Play
Has anyone tried it? My wife and daughter use iPhones. Do they support tap tunnels?

 

[Hound Dog 911]

Also, are third party firewalls better than the built in Windows firewall? Recommendations?

 

[Hound Dog 911]

I believe I have VPN working on my android device using the app I posted above. If that is working, I do not need a subscription through privatetunnel correct?

 

[nayr]

Running your own VPN Server does not require a subscription to anyone..

 

[Hound Dog 911]

I got it running. Yeah.

 

[Hound Dog 911]

Netgear says fail to connect to VPN. But it works. I can access my router through it as well as my cameras while on it.

 

[Hound Dog 911]

I bought the app that supports tap on android.

 

[Hound Dog 911]

Many thanks to the help from hmjgriffon! Love this place.

 

[Hound Dog 911]

I had a neighbor come check out my my VPN setup. I have to say I really over think things sometimes. I can't get over how simple it was to set up with the netgear router and the Android app that supports tap tunnel. Learning every day.

 

[nayr]

if you have the right gear its incredibly easy; but understanding why to do it and how it works is the hard part apparently

 

[Hound Dog 911]

I had it setup correctly and out of embarrassment will leave it at that. SMH. Live and learn. Lol.