VPN Primer for Noobs

What VPN Solution are you using?


  • Total voters
    836

RicRat2009

Getting the hang of it
Joined
Jan 8, 2018
Messages
123
Reaction score
84
Location
Tejas
OK, got it working for the most part, and most important part. I can access my cameras!
Looks like the thing that got it working was an adapter tweak. Just hope this is safe to do.

Adapter tweaks
  1. Open the network adapters window
  2. Right-click your internet adapter (e.g. Ethernet) and then: Properties -> Sharing -> Allow other network users to connect through this computer's Internet connection
  3. (if applicable) From the drop-down list select your OpenVPN TAP adapter (e.g. Ethernet 2)
 

Probird79

Getting the hang of it
Joined
Aug 23, 2017
Messages
161
Reaction score
51
OK, got it working for the most part, and most important part. I can access my cameras!
Looks like the thing that got it working was an adapter tweak. Just hope this is safe to do.
Glad you got it working! I never saw any information about doing that. I do know on my computer if that is enabled the CPU usage shoots sky high. There has been a Windows update or 2 since then so I don't know if was ever resolved.

You still might want to post over on OpenVPN's forum to go over everything to make sure your setup is okay.
 

RicRat2009

Getting the hang of it
Joined
Jan 8, 2018
Messages
123
Reaction score
84
Location
Tejas
I'll check on that, but will only use the VPN when away to access the cameras.
Still thinking about building a RPi to use as a server.
 

DavidDavid

Getting comfortable
Joined
Jan 29, 2017
Messages
605
Reaction score
267
Location
Ohio
A raspberry pi is a nice device to have running on your network 24/7 anyway. I'm using mine for lot more than I thought i would when I first got mine.

And I even got one for my parents house to run a VPN server so they could check the camera I installed for them and so I could remote in and work on their computers too. I used a program called pivpn I think to set theirs up. Pretty straightforward and easy.
 

Moose

n3wb
Joined
Feb 24, 2017
Messages
27
Reaction score
6
A raspberry pi is a nice device to have running on your network 24/7 anyway. I'm using mine for lot more than I thought i would when I first got mine.

And I even got one for my parents house to run a VPN server so they could check the camera I installed for them and so I could remote in and work on their computers too. I used a program called pivpn I think to set theirs up. Pretty straightforward and easy.
What are you using it for besides the VPN?


Sent from my iPhone using Tapatalk Pro
 

RicRat2009

Getting the hang of it
Joined
Jan 8, 2018
Messages
123
Reaction score
84
Location
Tejas
Glad you got it working! I never saw any information about doing that. I do know on my computer if that is enabled the CPU usage shoots sky high. There has been a Windows update or 2 since then so I don't know if was ever resolved.

You still might want to post over on OpenVPN's forum to go over everything to make sure your setup is okay.
I checked and with VPN running and iPhone connected CPU was at 9%, so looks like maybe they found a fix.
 

DavidDavid

Getting comfortable
Joined
Jan 29, 2017
Messages
605
Reaction score
267
Location
Ohio
What are you using it for besides the VPN?


Sent from my iPhone using Tapatalk Pro
My Pi at home runs...

Pihole (whole network advertising blocker. This also blocks ads on my phone because I stay connected to my VPN all the time when away from home)

Unifi Controller (for my 3 ubiquity unifi access points)

VNC viewer (I also have this on my phone and can have access to my remote desktop from my phone anytime I want. Comes in handy when I think a website is not working correctly on my mobile phone, and want to visit the webpage in a "real" browser on a "real" computer)

Domoticz (my home automation controller. Had to change the default Port of domoticz from 8080 Because the unifi controller needed that port.)

Kodi (my home entertainment)

I use juicessh app on my phone to shh into the pi quite often as well. Gives me quick access to the command line of a Linux box at home when I'm sitting at work, have an idea and want to try something really quickly.

This might be all....will update if I think of anything else. When we originally got the pi it was just to run Kodi and I also plugged a portable USB drive into it that acted as our Network storage. I have a NAS now that takes care of that though (my NAS also is my VPN server)

On my parents pi I have pihole and VPN server. I use nomachine once connected to their VPN to remote desktop into their computers to help them with computer issues since they live 1.5 hrs away.
 

Probird79

Getting the hang of it
Joined
Aug 23, 2017
Messages
161
Reaction score
51
I checked and with VPN running and iPhone connected CPU was at 9%, so looks like maybe they found a fix.
I should have elaborated. I didn't have a VPN setup on my computer when this happened. I'm not sure how many people were affected and why. I just found the solution in a forum and disabled it.
 
Joined
Jan 28, 2018
Messages
2
Reaction score
0
First off let me thank the guys here on the forum. I have had analog camera security system for years and I guess I didn't know what I was missing with IP cameras and their potential. After reading hundreds of postings here I recently purchased four 5231 turret cams from Andy to start plan on replacing 8 more analog cams later for a total of 12 cams.. Set them up installed blue iris on a 2600k with 16 gb ram quick sync enabled direct to disk, the 4 cams are using 21% of CPU , runs perfect. Next step OpenVPN with OpenVPN connect for remote access from my android phone. Flashed my T-mobile AC-19200 router over to Asus AC-68u official firmware running Merlin now:). Bought 3 years of NordVPN for a good price, set it up perfect on router but when I went to set up DDNS with a NO-IP account to use VPN connect on my android to access my home network I ran into the :

The wireless router currently uses a private WAN IP address.
This router may be in the multiple-NAT environment and DDNS service cannot work in this environment.

Now I am stuck, can anyone here point me in the right direction on what I should try next. My ISP modem doesn't have a way to disable its NAT.
Thank you for your help getting me here so far really enjoy messing with all this stuff.
 

Probird79

Getting the hang of it
Joined
Aug 23, 2017
Messages
161
Reaction score
51
Next step OpenVPN with OpenVPN connect for remote access from my android phone. Flashed my T-mobile AC-19200 router over to Asus AC-68u official firmware running Merlin now:). Bought 3 years of NordVPN for a good price, set it up perfect on router but when I went to set up DDNS with a NO-IP account to use VPN connect on my android to access my home network I ran into the :

The wireless router currently uses a private WAN IP address.
This router may be in the multiple-NAT environment and DDNS service cannot work in this environment.

Now I am stuck, can anyone here point me in the right direction on what I should try next. My ISP modem doesn't have a way to disable its NAT.
Thank you for your help getting me here so far really enjoy messing with all this stuff.
You want to run the OpenVPN server on your ASUS router so there is no need for NordVPN. Read this thread to help you set it up: How to setup a VPN Server with Asus routers 380.68 updated 08.24
 
Joined
Jan 28, 2018
Messages
2
Reaction score
0
You want to run the OpenVPN server on your ASUS router so there is no need for NordVPN. Read this thread to help you set it up: How to setup a VPN Server with Asus routers 380.68 updated 08.24
Thank you for the advise sounded really good but the router tells me I have to first configure DDNS so I run into the same problem being that my ISP provides a private IP address. I can't even change their modem to bridge mode as it not allowed but for business accounts. Yes my IPS sucks and they are my only option. Any other suggestions would be appreciated.
 

Spudz

Young grasshopper
Joined
Dec 6, 2016
Messages
50
Reaction score
16
I currently have a Synology NAS with an intel processor running the latest DSM. I would like to use my NAS as the openvpn server to access my cameras since it is always on. My local network is 192.168.0.x subnet.

Is anyone else using their Synology NAS for this and if so was it easy to setup and does it work well?

If you can point me to the best guide to follow to set it up that would be much appreciated.
 

username

Getting the hang of it
Joined
Feb 7, 2016
Messages
116
Reaction score
18
I currently have a Synology NAS with an intel processor running the latest DSM. I would like to use my NAS as the openvpn server to access my cameras since it is always on. My local network is 192.168.0.x subnet.

Is anyone else using their Synology NAS for this and if so was it easy to setup and does it work well?

If you can point me to the best guide to follow to set it up that would be much appreciated.
It may be useful to check out the Synology user forum. I don't use my Synology NAS for my cameras but it does have that capability.
 

n8huntsman

Getting the hang of it
Joined
Jul 25, 2015
Messages
68
Reaction score
47
As suggested in the first post, I want to have a mobile connection to my home VPN. I also want a site-to-site to my vacation home.

Ive got an IPsec mobile vpn setup on my pfsense sg-1000. I can connect from my phone to my pfsense home network, no issues.
Ive also got a site to site network setup between my home pfsense and vacation house ubiquiti ER-X. I used this tutorial to get it working: https://help.ubnt.com/hc/en-us/articles/115012408087-EdgeRouter-IPsec-Policy-Based-Site-to-Site-VPN-...
This is also working with the exception that I can't access the ER-X router to configure it from home. That's a topic for another post. I can access all devices on that network.

From my phone, I'd like to be able to connect via mobile IPsec VPN to home pfsense and have access to the vacation home ubiquiti network. This is challenging to setup because Im only there once a month and wife would not allow me to play on the computer the whole trip so Im trying to figure this out before I get there.

My assumption is that I need to add a second tunnel by adding a separate phase 2 entry in pfsense using the subnet of the mobile VPN as the local subnet, and the river house subnet as the remote?
In the ER-X I believe I just need to click "+Add Subnets" with the above subnets, local/remote reversed of course.

As for firewall rules, I selected the "Automatically open firewall and exclude from NAT" check box so I don't think I need to do anything there.
Since I don't need to connect from river house to phone, I shouldnt need an IPsec firewall rule in pfsense, correct?

Am I on the right track or is there an easier way to make all the mobile traffic look like its coming from the home network subnet?
 

Shang

Young grasshopper
Joined
May 4, 2017
Messages
38
Reaction score
0
Is it possible to connect to multiple site with vpn?
 

xtropodx

Getting the hang of it
Joined
Apr 30, 2017
Messages
139
Reaction score
40
Have read all 25 pages :highfive:.... great info.

Just few questions;

1. How much data does doing this use & is it data used on server/client side or both?
2. What would be bare minimum speed required? My home/server internet connection is 25Mbs down, 5Mbs up.
3. How long should VPN client take to connect (first time)? I've just started getting this set up & OpenVPN connect just sits there constantly loading like it's trying to connect, there's no log files though, on router DDNS appears up/running on asus.com but DDNS on routers general page says "Sign up" :wtf:. Trying to do reboot now.


Actually, 255.255.255.0 is the correct subnet mask for 192.168.254.2.
And 254 in the 3rd octant means it is a non-routable address, this is a good thing, it means that the address won't advertise itself to the world.
Does this apply regardless of the other octants? ie If I use 123.456.254.7


Thanks, such useful thread :).
 

DavidDavid

Getting comfortable
Joined
Jan 29, 2017
Messages
605
Reaction score
267
Location
Ohio
Screenshot_20180228-085207.png my VPN is connected 100% of the time I'm away from home and this is what mine uses.

And my upload speed at home is 2mbps (recently bumped up from 1) and it's definitely slower than when on 4G...but it's not the worst.

And I don't know how long it takes to connect as I have Tasker do it automatically for me as soon as my phone disconnects from my home WiFi.
 

xtropodx

Getting the hang of it
Joined
Apr 30, 2017
Messages
139
Reaction score
40
So I've spent the last day+ & getting nowhere, OpenVPN Connect does not connect & does not have any log files, it just continually sits there loading trying to connect. Following are steps/things I've tried;

Running RT-AC3200 ASUS router with Merlin, which is sitting behind & bridged with a modem.
Smartphone: Samsung S7.

1. Followed randy openvpn
2. Disabled Router Firewall.
3. Disabled Router VPN client.
4. VPN Server - various settings, including many items disabled/none & no password. Applied & Exported new .ovpn file each time.
5. OpenVPN connect app tried different settings.
6. Turned off other VPN on smartphone.
7. Rebooted multiple times.

(Current) Settings I've tried:
DDNS: currently working & shows up on main Network Map.
WAN->DDNS enabled.
VPN Server ->
Tried Default settings.
Port: 443.
Auth digest: None & SHA1.
VPN Subnet / Netmask: 10.8.0.0 / 255.255.255.0 (& 255.20)
Username / Password Auth. Yes & No.
Push LAN to clients Yes & No.
Direct clients to redirect Internet traffic No
Respond to DNS Yes
Advertise DNS to clients Yes
Cipher Negotiation: Disabled & Enable with fallback.
Compression: None
Played with smartphone power settings.


Where/how would I start troubleshooting this or am I missing something?
If OpenVPN Connect isn't connecting at all, will the Router still have log files on it & where exactly would I locate them?

Thanks.

EDIT: don't know if relevant, but;
LAN -> LAN IP Address
LAN -> LAN DHCP Server ->IP Pool Starting/Ending Address
Are not router default IP. So don't know if I need to compensate for that for this at all?
 
Last edited:

xtropodx

Getting the hang of it
Joined
Apr 30, 2017
Messages
139
Reaction score
40
So I've spent the last day+ & getting nowhere, OpenVPN Connect does not connect & does not have any log files, it just continually sits there loading trying to connect.
Ok so got it working....somehow. Posting below for others in same boat.

Latest round of things I did that possibly helped get whole thing to work;
1. Closed all browsers & cleared cache. I've seen this cause a problem before when making router changes.
2. Setup PPTP on router & created PPTP VPN on smartphone, following this article: Connect to a PPTP VPN from your Android phone
(Later noticed that smartphone -> settings -> connections-> more connections -> VPN: "OpenVPN connect" was not listed). As result, using smartphone inbuilt VPN it forced PIA VPN to stop. So possible culprit right here. I think adding/using the inbuilt VPN did something to phone settings, because I'd previously tried all this unsuccessfully with turning PIA off.
3. Turned PPTP off, turned server on.
4. Export again, import into smartphone.........
5. BAM worked!!!!

I've since gone back & made other changes to Server settings, export each time, and it's still connecting. So I don't know what/how it's now working with the same settings. Most likely problem with smartphone side.
So now any time I try connect either PIA or OpenVPN Connect, phone automatically disconnects the other.
Anyone know how to use both on smartphone simultaneously?
 
Top