Openvpn with an Apple router

Todd Schmidt

Getting the hang of it
Joined
May 17, 2019
Messages
119
Reaction score
50
Location
Massachusetts
Hi @Todd Schmidt, glad you have your VPN server up and running. To answer your follow-up questions, it is important for us to know WHERE you actually installed it on? On that synology? On the BI pc? Asus router? Because depending on your answer, our advice will differ.

In any case: when connecting to your VPN server, you "enter" your network through a VPN-port-server forward (default 1194 by heart), and your VPN server gives an "internal" 10.x address. Make sure it does not "collide" with what you call the pc lan 10.0.0.x network. Your VPN server is then "internally" routing that 10.x address to your LAN address (hence it should differ from the aforementioned pc lan network, otherwise routing is not working). From there, you can access your "internal LAN".
The vpn is on my synology.

So for BI do I just disable the wan access under the web server tab? And leave the lan IP address?
 

catcamstar

Known around here
Joined
Jan 28, 2018
Messages
1,659
Reaction score
1,193
Hang on, we might be talking about two different things: what are the current IP addresses on the two NICs in your BI pc? I think the one carrying 192.168.xx is the one to your apple router, the 10.x is the one towards your CAMs.

If that is correct: do you mean "wan access" on the 192.168.xx interface? If you disable that, you won't be able to reach BI anymore. If you mean 10.x: there should not be any traffic there.

If you mean with "wan access" your ISP's public ip address: that should be removed immediately: openVPN is thé way to connect from now on.

Hope this helps!
CC
 

Todd Schmidt

Getting the hang of it
Joined
May 17, 2019
Messages
119
Reaction score
50
Location
Massachusetts
Hang on, we might be talking about two different things: what are the current IP addresses on the two NICs in your BI pc? I think the one carrying 192.168.xx is the one to your apple router, the 10.x is the one towards your CAMs.

If that is correct: do you mean "wan access" on the 192.168.xx interface? If you disable that, you won't be able to reach BI anymore. If you mean 10.x: there should not be any traffic there.

If you mean with "wan access" your ISP's public ip address: that should be removed immediately: openVPN is thé way to connect from now on.

Hope this helps!
CC
So the secondary nic going to cameras is 192 while the primary internet connected is 10. Right now, remote access through Bi is using my wan (public ip), I guess I need to delete that.
 

catcamstar

Known around here
Joined
Jan 28, 2018
Messages
1,659
Reaction score
1,193
So the secondary nic going to cameras is 192 while the primary internet connected is 10. Right now, remote access through Bi is using my wan (public ip), I guess I need to delete that.
Hmmm yes, affirmative. And if you had put a port forward from your wan public ip to that bi pc, delete that also immediately.
 

Todd Schmidt

Getting the hang of it
Joined
May 17, 2019
Messages
119
Reaction score
50
Location
Massachusetts
I’m wondering if maybe it’s something in the firewall maybe. The vpn connects fine, but it keeps saying can’t reach server.
 

catcamstar

Known around here
Joined
Jan 28, 2018
Messages
1,659
Reaction score
1,193
I’m wondering if maybe it’s something in the firewall maybe. The vpn connects fine, but it keeps saying can’t reach server.
Well, you won't be the first shouting "my VPN server works" while actually some configuration settings are "missing". Unfortunately, debugging is a bit difficult when being on a mobile device (because ping/traceroute commands are not easily available).

But briefly explain us the steps you took to setup openvpn on Synology:
- you installed the package
- you configured the package: OpenVPN active on port 1194?
- you did tick the box "allow clients to connect to lan"?
- you configured your router to forward INTERNET traffic to the synology 1194?

Then you did what exactly? You installed openVPN client on your mobile device, entered your INTERNET (WAN) IP? Or did you import the .ovpn file?
When you enter your credentials, is the light going to green?
What do you see in the "connected clients" list on Synology?

From here on, we can debug further down the road.
 

Todd Schmidt

Getting the hang of it
Joined
May 17, 2019
Messages
119
Reaction score
50
Location
Massachusetts
Well, you won't be the first shouting "my VPN server works" while actually some configuration settings are "missing". Unfortunately, debugging is a bit difficult when being on a mobile device (because ping/traceroute commands are not easily available).

But briefly explain us the steps you took to setup openvpn on Synology:
- you installed the package
- you configured the package: OpenVPN active on port 1194?
- you did tick the box "allow clients to connect to lan"?
- you configured your router to forward INTERNET traffic to the synology 1194?

Then you did what exactly? You installed openVPN client on your mobile device, entered your INTERNET (WAN) IP? Or did you import the .ovpn file?
When you enter your credentials, is the light going to green?
What do you see in the "connected clients" list on Synology?

From here on, we can debug further down the road.
Yes, to everything.,.ovpn file was imported, phone shows up on connection list.

Going to change everything to the pc's ip and see if that fixes it.
 

catcamstar

Known around here
Joined
Jan 28, 2018
Messages
1,659
Reaction score
1,193
Yes, to everything.,.ovpn file was imported, phone shows up on connection list.

Going to change everything to the pc's ip and see if that fixes it.
Indeed, now you have to put the pc's ip (10.x) in the BI app. If that is not working, you should change the "internal IP" for the OpenVPN in the Synology (which I think is colliding/overlapping with your internal LAN). Can you show us a screenshot of your VPN settings in the Synology please?

Thanks!
CC
 
Top