VPN Primer for Noobs

What VPN Solution are you using?


  • Total voters
    836

nbstl68

Getting comfortable
Joined
Dec 15, 2015
Messages
1,399
Reaction score
321
My setup is as follows:

CenturyLink ZYXEL C1100z modem \ wireless Router -> Linksys Cisco SRW248G4P 48 Port POE Switch -> HP computer dedicated to BI server

Neither the router or the managed switch, (as far as I know) support using or installing VPN.
So would it be best practice to run VPN software on the computer or figure out something additional like the Raspberry Pi setup I have read about here?

If the RPi, then where \ how would it connect in exactly?

Pros \ cons to running VPN on the computer other than taking away additional CPU from BI if needed?

Best options for VPN software in this case?
(I have 0 experience with this sort of thing other than reading this forum and other posts here) Open VPN? It seems to be the most popular option around here.

My DSL provider changes up my IP address quite often...like sometimes more than once a week. Is this a concern?
Thanks
 

Paulx

Young grasshopper
Joined
Aug 23, 2017
Messages
72
Reaction score
21
Location
St. Louis, Missouri
I am by no way an expert. But I will kind of tell you my journey. I ended up buying an Asus wireless router with openVPN server built into its firmware. I too have CenturyLink Zyxel modem/router/wireless but a different model. With some hand holding (LOL) I was advised to change the protocol from PPPoE to Transparent Bridging mode. This will bring the public IP into and through their modem. Now you will need to know your user name and password. These will be programmed into the Asus. The WAN side will also be set to dynamic IP. Now with CL giving you a dynamic IP address. This is going to be problem, but Asus also offers a DDNS service that is a snap to set up in their router. Think up a fictitious user name for your account. And type that in to the router. This DDNS will talk with your router from time to time to keep updated on the changing Public address that CL assigns to your account.
That said. I believe that using a Pi solution will require either a static IP from CL or buying a DDNS service Either of these two solutions is going to cost you more money. The Asus solution does not cost a monthly fee.
 

nbstl68

Getting comfortable
Joined
Dec 15, 2015
Messages
1,399
Reaction score
321
Thanks! Would running the VPN on the computer also require a static IP?
This seems like the cheapest solution vs having to buy a new router.
 

Paulx

Young grasshopper
Joined
Aug 23, 2017
Messages
72
Reaction score
21
Location
St. Louis, Missouri
I would think you would still need a DDNS server service provider. Thus monthly service fee. Or pay CL for a static IP address. I believe that is a service fee of 90 bucks and then 10 bucks per month. I almost went that route, but customer service sucks and I back away when they could not answer some questions. And if you have done much with CL you know they suck. My caller ID still shows the last person who had my phone number. So if I call someone they think I am someone else. Even after calling and being told about 5 times that they changed the caller ID info.
So, its your call. Pay once (abt 150 bucks) and cry, or pay a little over and over and cry every month.
 

58chev

Pulling my weight
Joined
Aug 30, 2017
Messages
300
Reaction score
143
Location
Etobi, Ontario
@nbstl68 , Suck it up and get yourself an ASUS router to simplify the issue at hand.
I went that route also and within less than 24hrs I was up and running on OpenVPN. On my router, there is no noticeable CPU usage while running VPN and viewing two camera feeds at the same time.
I can not say how running VPN on BI will affect CPU usage.

@Paulx - You did good with a "Little hand holding" :D
 

nbstl68

Getting comfortable
Joined
Dec 15, 2015
Messages
1,399
Reaction score
321
Alrighty then...I'm picking up you are hinting I should get an ASUS router and run Open VPN on it.
I'll give it a go.
 
Joined
May 16, 2018
Messages
2
Reaction score
0
Location
Amelia Island
Hello! I'm new to the site. I've done lots of reading on here trying to get up to speed, but I haven't had luck so far determining what issue I am having with my VPN connection.

I have a Lorex LNR616 DVR, which I believe has the Dahua interface. I have the DVR setup in the home office, which also serves a ipsec/l2tp vpn.

The only external ports I have open are for a business website. Via the VPN I have many servers operating which all work quite well. I have an sip server, various IOT webservers, file server, can remote access my machines in both directions etc etc. If I search the remote subnet for my ip cameras from Flir Cloud, it will find them, add the cameras, and connect. However, when I go to stream or save video, the video never comes through the connection. Flir Cloud will say "Failed to connect to video" or "Search stream timeout". This same behavior occurs whether I attempt to access the cameras directly or via the DVR.

Additionally I am unable to access the web interfaces of the remote cameras from the home office.....

In poking around myself (in the dark, no doubt), I have determined...

-Home office is able to ping the cameras, with delays averaging about 23ms.
-Home office is able to telnet to all relevant ports on the cameras (80,443,35000, etc)
To my untrained eye, it seems the traffic is making it across the vpn, hitting the cameras, but the cameras are then ignoring that traffic. Do they ignore traffic from other subnets by default? I've been through the settings and cannot see anything like that. I do see a bless list for ip address ranges --- but the enabled box is not checked in that section and just for kicks I added the relevant networks, but still no joy on the video stream.

So, yeah, I'm stumped. Need some next level ninja help.
 
Joined
May 16, 2018
Messages
2
Reaction score
0
Location
Amelia Island
Hello! I'm new to the site. I've done lots of reading on here trying to get up to speed, but I haven't had luck so far determining what issue I am having with my VPN connection.

I have a Lorex LNR616 DVR, which I believe has the Dahua interface. I have the DVR setup in the home office, which also serves a ipsec/l2tp vpn.

The only external ports I have open are for a business website. Via the VPN I have many servers operating which all work quite well. I have an sip server, various IOT webservers, file server, can remote access my machines in both directions etc etc. If I search the remote subnet for my ip cameras from Flir Cloud, it will find them, add the cameras, and connect. However, when I go to stream or save video, the video never comes through the connection. Flir Cloud will say "Failed to connect to video" or "Search stream timeout". This same behavior occurs whether I attempt to access the cameras directly or via the DVR.

Additionally I am unable to access the web interfaces of the remote cameras from the home office.....

In poking around myself (in the dark, no doubt), I have determined...

-Home office is able to ping the cameras, with delays averaging about 23ms.
-Home office is able to telnet to all relevant ports on the cameras (80,443,35000, etc)
To my untrained eye, it seems the traffic is making it across the vpn, hitting the cameras, but the cameras are then ignoring that traffic. Do they ignore traffic from other subnets by default? I've been through the settings and cannot see anything like that. I do see a bless list for ip address ranges --- but the enabled box is not checked in that section and just for kicks I added the relevant networks, but still no joy on the video stream.

So, yeah, I'm stumped. Need some next level ninja help.
Update: I used netcat to verify UDP connectivity by setting up a listener at remote site and sending traffic from home office. And vice versa. So I do in fact have confirmed UDP connectivity via the VPN.
 

TL1096r

IPCT Contributor
Joined
Jan 28, 2017
Messages
1,223
Reaction score
465
You ain't kidding. While being a great write-up having a step by step DIY on how to set it up can really help.
 

brad2388

Getting the hang of it
Joined
Oct 5, 2016
Messages
162
Reaction score
24
Nice write up!

My question/problem is im currently on att lte with no way out.

Whats the best way to setup a vpn? I currently am using a edgerouter x.

Can i set a rpi running vpn and have the nvr connect thru that? If so how would i set that up?


Sent from my iPhone using Tapatalk
 

Barboots

Pulling my weight
Joined
Mar 15, 2018
Messages
408
Reaction score
241
Location
Perth, Western Australia
I'm currently trying to decide whether to throw $230 into a new Asus modem, or whether to have a go at Gargoyle/Tomato/OpenWRT on a Netgear WNDR3800. We're still on ADSL+ but fibre is coming, at this moment the maximum speed of the VPN isn't an issue.

It would have been nice if I could have implemented a reasonably secure interim configuration with the basic modem/router I currently have, along with the D'Link DGS-1100-24P I bought.

Anyway, what I'm curious about is whether anyone has commentary on the open firmware options... I am quite interested in Gargoyle.

Cheers, Steve
 

Barboots

Pulling my weight
Joined
Mar 15, 2018
Messages
408
Reaction score
241
Location
Perth, Western Australia
Sort of answering my own post about Gargoyle...

I've just finished setting it up on the Netgear with OpenVPN. I had a steep learning curve as I'm not good with networking. I'm quite proud that I didn't bother anyone here (or elsewhere) with my stupid questions about the set-up in general.

Gargoyle was straightforward to flash and has a clean interface. The inbuilt OpenVPN would be easy to use if you were not a noob like me. It works great with the "OpenVPN for Android" app, even building one-click configuration files to import. Speed from the old hardware is still far better than the ADSL we suffer here.

However the the other reason I've posted now is to thank those who promoted doing things properly with regard to security, and in particular remote access. My girlfriend suggested that I just use P2P like most other consumers would, but I wanted to do the right thing by myself and the internet community. Thanks for the guidance onto the high road.

Cheers, Steve
 

Barboots

Pulling my weight
Joined
Mar 15, 2018
Messages
408
Reaction score
241
Location
Perth, Western Australia
Is the GRC "Shields Up" group of services an adequate check? I noticed that you can't scan all ports from 1 to 65535.

Is there anything the gurus can recommend?

Cheers, Steve
 

brad2388

Getting the hang of it
Joined
Oct 5, 2016
Messages
162
Reaction score
24
I have a router running tomato running openvpn.

How do i setup my nvr to use it?

If i plug my internet to the wan port of the router i will lose access to the cameras.


Sent from my iPhone using Tapatalk
 

randytsuch

Pulling my weight
Joined
Oct 1, 2016
Messages
495
Reaction score
176
I have a router running tomato running openvpn.

How do i setup my nvr to use it?

If i plug my internet to the wan port of the router i will lose access to the cameras.


Sent from my iPhone using Tapatalk
How do you access you NVR when you are at home?
When you are out, you open the openvpn connection, and then you device will think you are at home. It's actually pretty simple once you understand that. Just pretend you're in your living room.

BTW, for anyone with an asus router, I wrote these instructions, which has been linked to before in this long thread, but thought I'd do it again.
Randy : OpenVPN on a Asus router

Randy
 

58chev

Pulling my weight
Joined
Aug 30, 2017
Messages
300
Reaction score
143
Location
Etobi, Ontario
How do you access you NVR when you are at home?
When you are out, you open the openvpn connection, and then you device will think you are at home. It's actually pretty simple once you understand that. Just pretend you're in your living room.

BTW, for anyone with an asus router, I wrote these instructions, which has been linked to before in this long thread, but thought I'd do it again.
Randy : OpenVPN on a Asus router

Randy
@randytsuch
Best HowToo on the interweb. Hands Down.

This write up is what prompted me to buy an ASUS router just to avoid confusion and head aches.
Tossed my Linksys with DD-WRT
 

brad2388

Getting the hang of it
Joined
Oct 5, 2016
Messages
162
Reaction score
24
But this doesnt work behind a strict nat. We have att wireless lte.


Sent from my iPhone using Tapatalk
 

randytsuch

Pulling my weight
Joined
Oct 1, 2016
Messages
495
Reaction score
176
But this doesnt work behind a strict nat. We have att wireless lte.


Sent from my iPhone using Tapatalk
So I'm not a network guy, know just enough to be dangerous, but I'm not sure about your strict nat comment?

I can tell you I have an iphone 8 with ATT as the provider, and I have no problem running openvpn and checking cams.
 
Top