Setup OpenVPN with Asus Router

Rick Simonton

Young grasshopper
Joined
Jan 1, 2019
Messages
77
Reaction score
10
Location
San Fernando Valley
Hello,
I've been advised by you kind folk that I should set up an openVPN for remote access to my Hik IP cameras from an iPhone. My Router is an Asus RT-AC86U with support for OpenVPN. To accomplish this I'm following the procedure as described here... I'll be using OpenVPN Connect on my phone.
My questions are, is this a good approach?
Is there a downside that is not obvious to this noob?
How do I tell if my address is static or dynamic?
Did I post the in the right place?


Thanks in advance!

Rick
 

Whoaru99

Pulling my weight
Joined
Dec 22, 2018
Messages
422
Reaction score
159
Location
Here
Odds are you have a dynamic IP. If you had static you'd probably remember needing to configure the router accordingly.

Provided that's true you'd also want to set up a dynamic DNS account with one of those services too. I use the DynDNS service and OpenVPN to access my system.
 
Last edited:

Rick Simonton

Young grasshopper
Joined
Jan 1, 2019
Messages
77
Reaction score
10
Location
San Fernando Valley
Great! Thanks for the reply! I think I have that covered as the router OpenVPN setup has the option to create a web address for the client rather than a IP address.

But I do have a Question... The router generated a file called client.ovpm and a folder with two documents inside cert.pem and key.pem.
I think the latter two in the folder are related to the DNS function you are referring to, but the instructions did NOT cover what to do with them. They were referred to as a certificate. I see that I have nothing listed in my certificates section on OpenVPN Connect on the phone app.

At this point when i try to access the VPN on the phone, it reports back with "Authentication failed".
 
Last edited:

Whoaru99

Pulling my weight
Joined
Dec 22, 2018
Messages
422
Reaction score
159
Location
Here
In the OpenVPN app on the phone typically you'd import the OPVN file exported from the router.

The dynamic DNS stuff is a completely different thing to set up regardless of using OpenVPN.

Dynamic DNS allows you to always use the same domain name to access the VPN despite a changing dynamic IP address.

Been a while since I set up those two, but I think you'd want to set up dynamic DNS before OpenVPN so the VPN knows the domain name to hit to get to your public IP.
 
Last edited:

Rick Simonton

Young grasshopper
Joined
Jan 1, 2019
Messages
77
Reaction score
10
Location
San Fernando Valley
Randy : OpenVPN on a Asus router

as part of The set up of the asus router you will set up the asus DDNS.
Thanks for Responding ...Yes I think Ive done that and it had me export two addition files separate from the .opvm files. They are " inside cert.pem" and "key.pem", but i don't know what6 to do with them. At this point when i try to access the VPN on the phone, it reports back with "Authentication failed".
 

Whoaru99

Pulling my weight
Joined
Dec 22, 2018
Messages
422
Reaction score
159
Location
Here
Thanks for Responding ...Yes I think Ive done that and it had me export two addition files separate from the .opvm files. They are " inside cert.pem" and "key.pem", but i don't know what6 to do with them. At this point when i try to access the VPN on the phone, it reports back with "Authentication failed".
I believe those are certificates to authenticate the web page of (presumably) the router. Without them you get warnings about untrusted website when you try to go to that address/domain. While that would be icing on the cake I think that's probably not why the VPN isn't working.
 
Last edited:

catcamstar

Known around here
Joined
Jan 28, 2018
Messages
1,659
Reaction score
1,193
Depending on your openVPN client (eg iOS / android), you can either "try" to import these certificates in your wallet, OR (and this is what I did), include them in the .ovpn file itself: Openvpn23ManPage – OpenVPN Community

Especially if you want to have the additional security with HMAC, you can easily include that key into the .ovpn file.

Hope this helps!
CC
 

SouthernYankee

IPCT Contributor
Joined
Feb 15, 2018
Messages
5,170
Reaction score
5,320
Location
Houston Tx
Never used the perm files. Just opvm files. My openvpn cients connect with no problems.

I use Android and windows.
 

Whoaru99

Pulling my weight
Joined
Dec 22, 2018
Messages
422
Reaction score
159
Location
Here
Never used the perm files. Just opvm files. My openvpn cients connect with no problems.

I use Android and windows.
I'm presently using a Linksys router for VPN, not an ASUS router, but same here with W7 and W10, an Android phone (mine), and two iPhones (work, and hers).

Have used Netgear routers with OpenVPN too, same client set, and dealt only with the .ovpn file to make it work as well.
 

Rick Simonton

Young grasshopper
Joined
Jan 1, 2019
Messages
77
Reaction score
10
Location
San Fernando Valley
I'm presently using a Linksys router for VPN, not an ASUS router, but same here with W7 and W10, an Android phone (mine), and two iPhones (work, and hers).

Have used Netgear routers with OpenVPN too, same client set, and dealt only with the .ovpn file to make it work as well.
Baby steps! But I'm getting closer! I found that I mis typed the user name in the profile page of OpenVPN Connect on the iphone...DAH! So I fixed that and now it appears I have the VPN working! There is a VPN indicator just to the right of my wifi indicator on the top left of the phone. I started it with wifi only and with cell only, so I think it's working...BUT...how do I get to my hik cameras? Or to my home network?
 

Whoaru99

Pulling my weight
Joined
Dec 22, 2018
Messages
422
Reaction score
159
Location
Here
If you are on the VPN then, essentially, you are on your LAN.

I'm not familiar with Hik cams. To access my Dahua cams from a remote computer, I start the VPN then put the IP of the camera I want to access in the address bar of the browser.

Or, from smart phone, you start the VPN and use one of the IP camera apps. I've heard of TinyCam and a couple others. I use the free version of Onvifer on my phone if I want a quick look. If the Hik cameras don't need a special plug-in to view in a browser you might be able to simply use the IP as mentioned before to pull up a view on your phone.
 
Last edited:

Rick Simonton

Young grasshopper
Joined
Jan 1, 2019
Messages
77
Reaction score
10
Location
San Fernando Valley
As I understand it, with my VPN on I launch iVMS 4500 app to see the camera. I've tried to add my camera to devices but its not connecting. I'm fairly sure I'm doing it wrong.
But I also don't know how to see my network so i'm not 100% sure the VPN is working correctly. I do get the VPN logo at the top of my iphone.

Rick
 

SouthernYankee

IPCT Contributor
Joined
Feb 15, 2018
Messages
5,170
Reaction score
5,320
Location
Houston Tx
Rick
start simple.
I am assuming your device is a phone.
With the openvpn on your phone turned off. The phone cell network off. Using the phone and app iVMS4500 at home on the wifi connect and use the app. Does it work connect and use see the cameras ?

If yes. Then at home, disable the wifi on the phone, enable the cell network. Start the openVPN app. Do you get the green horse shoe icon on the top of the screen? If not it is not connected. If it is connected use the app. make no changes to the iVMS4500 app. Does it work ?

If no then your problem may be your cell network or the openVPN.
Go to a remote location with wifi, coffee shop, work, library .... Connect your phone to the local wifi, turn off your cell service. Verify that the phone is connected to the wifi , go to a few web site. If connected start the openVPN app. do you have the green horse shoe. If not your openVPN is not configured correctly. If you have the green horse shoe try the app. Does it work
 

Rick Simonton

Young grasshopper
Joined
Jan 1, 2019
Messages
77
Reaction score
10
Location
San Fernando Valley
Rick
start simple. I am assuming your device is a phone.
Yes iPhone 6 plus ios 11.2.6

With the openvpn on your phone turned off. The phone cell network off. Using the phone and app iVMS4500 at home on the wifi connect and use the app. Does it work connect and use see the cameras ?
Can we start even simpler? The answer is NO but i don't think i'm entering the device data correctly to iVMS4500. I need to confirm the correct way to do this. Tomorrow I will focus on that.
In the mean time i can tell you I can access the login pages (using IP address with safari) of the cameras with CEL OFF (airplane mode), WIFI ON and VPN OFF, but not with VPN ON.

HOWEVER... I CAN NOT access the login pages (using IP address with safari) of the cameras with CEL ON, WIFI OFF and VPN ON or OFF.

Thank you for time!
Rick
 

SouthernYankee

IPCT Contributor
Joined
Feb 15, 2018
Messages
5,170
Reaction score
5,320
Location
Houston Tx
I am not an apple person.

Login to your asus router.
From your home PC/MAC provide a screen shot of your ASUS router home page !
On the asus router open the system log screen. note the time in the log.
From your phone on the cell network open and connect with the vpn client.
Save the asus system log file. Post the new items in the log file
 

Whoaru99

Pulling my weight
Joined
Dec 22, 2018
Messages
422
Reaction score
159
Location
Here
Out of curiosity, what provides your internet connection?
 

Rick Simonton

Young grasshopper
Joined
Jan 1, 2019
Messages
77
Reaction score
10
Location
San Fernando Valley
Not a waste of time. Sorry it took me 24 hours to respond, but I had not got a response for weeks, I thought everybody gave up on me.
My IP is spectrum.

I’m am guilty of not responding to your previous suggestion Jan 17, because I wanted to do it thoroughly and thoughtfully, but I’ve become overcome by events that I’m still addressing.

I will be following up ASAP. I’m very appreciative of you and everyone from IP talk who are taking their time helping me with my system.
Rick
 
Top