VPN Primer for Noobs

What VPN Solution are you using?


  • Total voters
    836

EmptyWallet

Young grasshopper
Joined
Aug 23, 2017
Messages
34
Reaction score
1
Yes, you have to have one external link through to your VPN server. The software 'should' be robust enough to keep the bad guys it's, that's it's some purpose really.

Sent from my ONEPLUS A3003 using Tapatalk
Got it, so....what is he referring to when simply "forwarding ports" to an NVR or Cameras?

Just to be clear, with what I have setup, I am NOT doing that, correct?
 

MrRalphMan

Getting the hang of it
Joined
Jan 20, 2016
Messages
309
Reaction score
72
Got it, so....what is he referring to when simply "forwarding ports" to an NVR or Cameras?

Just to be clear, with what I have setup, I am NOT doing that, correct?
Port forwarding to your VPN server will not expose your Cameras etc to the Internet.
Just ensure you have UPNP turned off on your router, otherwise devices can open their own ports.

Sent from my ONEPLUS A3003 using Tapatalk
 

EmptyWallet

Young grasshopper
Joined
Aug 23, 2017
Messages
34
Reaction score
1
Port forwarding to your VPN server will not expose your Cameras etc to the Internet.
Just ensure you have UPNP turned off on your router, otherwise devices can open their own ports.

Sent from my ONEPLUS A3003 using Tapatalk
UPnP and NAT-PMP are off in pfSense by default, so none of my devices can do that currently.
 

Roger

Getting the hang of it
Joined
May 30, 2014
Messages
89
Reaction score
47
Location
Bellevue, WA
This list doesn't match what I thought I saw in the manual for your device.
You should only need to complete the following:
Name: Your choice - something to remind you what the port forward is for.
Source Port: The port incoming
Destination IP: Your laptop you are running SoftEther on
Destination port: Same as the source port in this application
Protocol: UDP or TCP
 
  • Like
Reactions: GKL

GKL

Getting the hang of it
Joined
Oct 20, 2017
Messages
167
Reaction score
8
This list doesn't match what I thought I saw in the manual for your device.
You should only need to complete the following:
Name: Your choice - something to remind you what the port forward is for.
Source Port: The port incoming
Destination IP: Your laptop you are running SoftEther on
Destination port: Same as the source port in this application
Protocol: UDP or TCP
Thanks, but still not 100% clear, here is info from the following page -

Setup L2TP/IPsec VPN Server on SoftEther VPN Server - SoftEther VPN Project

If your SoftEther VPN Server is behind the NAT or firewall, you have to expose the UDP port 500 and 4500. On the NAT, UDP 500 and 4500 should be transferred to the VPN Server. If any packet filters or firewalls are existing, open UDP 500 and 4500 ports. (end of quote)

......so would the 500 and 4500 be the source port or destination port ?

Would the destination IP be the actual laptop ip or the address that the softether VPN uses ?

Thanks for your patience, eventually this stuff will finally "click" :confused::lol:
 

Roger

Getting the hang of it
Joined
May 30, 2014
Messages
89
Reaction score
47
Location
Bellevue, WA
Source and destination port are the same in this case. Destination IP is the laptop
 
  • Like
Reactions: GKL

GKL

Getting the hang of it
Joined
Oct 20, 2017
Messages
167
Reaction score
8
Source and destination port are the same in this case. Destination IP is the laptop
Okay, thanks, I'll mess with it some more tomorrow, you've helped me fill in some of the blanks ! I'll let you know how it goes.
 

GKL

Getting the hang of it
Joined
Oct 20, 2017
Messages
167
Reaction score
8
This list doesn't match what I thought I saw in the manual for your device.
You should only need to complete the following:
Name: Your choice - something to remind you what the port forward is for.
Source Port: The port incoming
Destination IP: Your laptop you are running SoftEther on
Destination port: Same as the source port in this application
Protocol: UDP or TCP
Here is a screenshot so you can tell me if I'm in the right section or not -

portforward3.jpg
 

Roger

Getting the hang of it
Joined
May 30, 2014
Messages
89
Reaction score
47
Location
Bellevue, WA
That looks correct. In Port range, you will just have the single port that matches the destination port. You will have about 6 entries.
 
  • Like
Reactions: GKL

GKL

Getting the hang of it
Joined
Oct 20, 2017
Messages
167
Reaction score
8
That looks correct. In Port range, you will just have the single port that matches the destination port. You will have about 6 entries.
Okay, thanks, being a noob at this at least I'll know I'll be in the right section when I mess with it tomorrow :lol:
 

Roger

Getting the hang of it
Joined
May 30, 2014
Messages
89
Reaction score
47
Location
Bellevue, WA
other than exposing your entire network to hackers, I don't think you can break much in the section. :rofl:
 
  • Like
Reactions: GKL

GKL

Getting the hang of it
Joined
Oct 20, 2017
Messages
167
Reaction score
8
other than exposing your entire network to hackers, I don't think you can break much in the section. :rofl:
:lol::lol:

After I set it up I should be able to use this online open port check tool and it should give the same message I'm getting now showing no ports are visible to the internet, right ?

Open Port Check Tool

Error: I could not see your service on (my ip was here) on port (500)
Reason: Connection timed out

........or should it be saying something else ?
 
Joined
Mar 23, 2016
Messages
8
Reaction score
3
So I have a static IP address, but my ISP modem routes a private (172.16.xxx.xxx) ip address to my ASUS router.

I guess I'll need to ask if they'll bridge the ISP modem so it will send the static IP address direct to my ASUS router?

Also, since I have a static IP address, I assume that I don't need to have "respond to DNS" and "advertise DNS to clients" enabled?

P.S. FYI, ASUS just published an updated firmware which fixes the KRACK exploit, at least for the RT-AC66U routers
 

Probird79

Getting the hang of it
Joined
Aug 23, 2017
Messages
161
Reaction score
51
I setup an OpenVPN server on my Asus AC68U router. I can connect with my Android phone perfectly fine. The only problem is that I can't access my computer on my LAN unless I disable the computer's firewall. I've searched but haven't found a solution. I know I can add a rule so I tried to open the port that is used but I still can't connect and would this still be secure even though the port is open behind the VPN?
Update: I got it working. A firewall rule needs to be created for the VPN port and subnet. Here is a great write-up for setting up OpenVPN on ASUS' gui: How to setup a VPN Server with Asus routers 380.68 updated 08.24
 

GKL

Getting the hang of it
Joined
Oct 20, 2017
Messages
167
Reaction score
8
This list doesn't match what I thought I saw in the manual for your device.
You should only need to complete the following:
Name: Your choice - something to remind you what the port forward is for.
Source Port: The port incoming
Destination IP: Your laptop you are running SoftEther on
Destination port: Same as the source port in this application
Protocol: UDP or TCP
Tried adjusting those settings, still can't connect to my windows phone L2TP client, I was getting error 720 before adjusting those settings, now I'm getting error 1460 (on my phone).

I'm not giving up on VPN, I'll keep researching and trying different settings, but this seems like it might be something that might take me weeks or even months before I finally get it working, if I cant get it working soon I might have to settle for using Hikvision's Hik-connect and their iVMS-4500 phone app until I can eventually figure out how to get a VPN connection to my phone.
 

Superdon

Young grasshopper
Joined
Oct 21, 2017
Messages
39
Reaction score
2
Ok, I am very new to VPNs

I think i need to be setting this up. I have two IP Cams, a Synology NAS (which may run surveillance station), a Qnap NAS and various other networked items.

I have a Virgin Media router (superhub 3 which I believe doesn't do VPN), and a dynamic IP.

I currently using ddns to access the NAS on the network and port forwarding for the cam's. I also.use tinycam to view the cam's. Its only from my phone and laptop that the LAN is ever accessed remotely.

If I simply turn on a VPN server on either the synology and qnap, will I still be able to access things as now? Will the ddns still be ok?
 

MrRalphMan

Getting the hang of it
Joined
Jan 20, 2016
Messages
309
Reaction score
72
Ok, I am very new to VPNs

I think i need to be setting this up. I have two IP Cams, a Synology NAS (which may run surveillance station), a Qnap NAS and various other networked items.

I have a Virgin Media router (superhub 3 which I believe doesn't do VPN), and a dynamic IP.

I currently using ddns to access the NAS on the network and port forwarding for the cam's. I also.use tinycam to view the cam's. Its only from my phone and laptop that the LAN is ever accessed remotely.

If I simply turn on a VPN server on either the synology and qnap, will I still be able to access things as now? Will the ddns still be ok?
Yep, I run my VPN server on my Synology NAS. Just make sure you disable the current port forwarding for the cameras once the VPN is set up.

Sent from my ONEPLUS A3003 using Tapatalk
 

Superdon

Young grasshopper
Joined
Oct 21, 2017
Messages
39
Reaction score
2
Yep, I run my VPN server on my Synology NAS. Just make sure you disable the current port forwarding for the cameras once the VPN is set up.

Sent from my ONEPLUS A3003 using Tapatalk
Thanks. Do you use synologys DDNS (myds.me)? Does that all still work?

All sounds straightforward....almost.too much so!
 

MrRalphMan

Getting the hang of it
Joined
Jan 20, 2016
Messages
309
Reaction score
72
Thanks. Do you use synologys DDNS (myds.me)? Does that all still work?

All sounds straightforward....almost.too much so!
Hi, no I have a static ip with Plusnet, but I was using no-ip before that.

Sent from my ONEPLUS A3003 using Tapatalk
 

DavidDavid

Getting comfortable
Joined
Jan 29, 2017
Messages
605
Reaction score
267
Location
Ohio
I'm running the QVPN app on my qnap NAS....works wonderfully.

Be sure to create a different VPN login for each device so if you lose a phone or tablet you can just delete that specific account and not have to reset everything back up on all your devices.
 
Top