VPN Primer for Noobs

What VPN Solution are you using?


  • Total voters
    836

t84a

Getting the hang of it
Joined
Oct 10, 2014
Messages
204
Reaction score
39
Location
Maryland
Has anybody elses OpenVPN stopped working? Was there a recent update? Android. I'm getting a certificate failure. It worjed fine until today. Thanks
 

58chev

Pulling my weight
Joined
Aug 30, 2017
Messages
300
Reaction score
143
Location
Etobi, Ontario
Has anybody elses OpenVPN stopped working? Was there a recent update? Android. I'm getting a certificate failure. It worjed fine until today. Thanks
Just checked and working as it should. Samsung S7
 

nuraman00

Getting the hang of it
Joined
Aug 6, 2017
Messages
348
Reaction score
14
DONT ENABLE PORT FORWARDING!!!!!!!!!!!
You don't use the DDNS URL for anything. The router uses it when it sets up openvpn, so you need it, but you never use that URL for anything.

And with openvpn you don't port forward, that's the point of openvpn.
There is a "port forward" of sorts in some VPN set ups... Gargoyle for example. I was concerned by the terminology, however it is about routing through to the internal VPN server... not dropping your pants in general.

Cheers, Steve
Another bit of confusion is how remote viewing works. I'm assuming you'd have a VPN client on your cell phone, login, and then open TinyCam or whatever viewing software? I'd then be getting the streams as if I was on the home network correct?

I am also confused how remote viewing works, after I've logged into the VPN.

Or, if I'm on the home network, what do I do the view the streams? What do I do in the browser?

I used the ASUS firmware to set up the VPN. Is the ASUS firmware's port forwarding also tied to the VPN?

Also, I thought with the VPN enabled, then port forwarding was now more secure, because every client had to connect to the VPN first. Sort of like how I can't remotely access my router's homepage until after I connect to the VPN.

When I checked with the installer several weeks ago, he said that port forwarding must be enabled. I'm not saying I trust everything he says, but I'm trying to understand what configuration I need before I set up the appointment.
 

fenderman

Staff member
Joined
Mar 9, 2014
Messages
36,897
Reaction score
21,250
I am also confused how remote viewing works, after I've logged into the VPN.

Or, if I'm on the home network, what do I do the view the streams? What do I do in the browser?

I used the ASUS firmware to set up the VPN. Is the ASUS firmware's port forwarding also tied to the VPN?

Also, I thought with the VPN enabled, then port forwarding was now more secure, because every client had to connect to the VPN first. Sort of like how I can't remotely access my router's homepage until after I connect to the VPN.

When I checked with the installer several weeks ago, he said that port forwarding must be enabled. I'm not saying I trust everything he says, but I'm trying to understand what configuration I need before I set up the appointment.
No, if you are port forwarding any device on your network you are punching a hole in your firewall defeating the purpose of the vpn.
When you are home connected to the wifi network, you dont need the vpn.
When you are home connected on your home network you can access your router without being connected to the vpn.
 

Barboots

Pulling my weight
Joined
Mar 15, 2018
Messages
408
Reaction score
241
Location
Perth, Western Australia
My understanding is that the VPN will refuse any connection without an appropriate certificate... therefore the "forward" I have screenshot is not a security risk, it is a requirement of a particular VPN solution.

I note that the post was not contested directly...
 

fenderman

Staff member
Joined
Mar 9, 2014
Messages
36,897
Reaction score
21,250
My understanding is that the VPN will refuse any connection without an appropriate certificate... therefore the "forward" I have screenshot is not a security risk, it is a requirement of a particular VPN solution.

I note that the post was not contested directly...
he is not talking about your particular setup..he is using an asus router...he is forwarding the cameras which directly exposes them to the net defeating the purpose of the vpn.
 
Last edited:

nuraman00

Getting the hang of it
Joined
Aug 6, 2017
Messages
348
Reaction score
14
he is not talking about your particular setup..he is using an asus router...he is forwarding the cameras which directly exposes them to the net defeating the purpose of the vpn.
I don't have the cameras installed right now, so I haven't actually port forwarded anything. (Nor have I done any such configuration on my router).

So how do I view the streams then? What do I do in my browser, both on the home network, and remotely after connecting to the VPN?
 

randytsuch

Pulling my weight
Joined
Oct 1, 2016
Messages
495
Reaction score
176
I don't have the cameras installed right now, so I haven't actually port forwarded anything. (Nor have I done any such configuration on my router).

So how do I view the streams then? What do I do in my browser, both on the home network, and remotely after connecting to the VPN?
That really had nothing to do with VPN. It will depend on what NVR you are using. I use Blue Iris running on a PC, and view streams on a browser.
I suggest you get your cameras setup and working before worrying anymore about VPN. You can't look at anything anyway, so not much point at this time.
 

nuraman00

Getting the hang of it
Joined
Aug 6, 2017
Messages
348
Reaction score
14
That really had nothing to do with VPN. It will depend on what NVR you are using. I use Blue Iris running on a PC, and view streams on a browser.
I suggest you get your cameras setup and working before worrying anymore about VPN. You can't look at anything anyway, so not much point at this time.
I have the NVR5416-16P-4KS2E NVR.

I have the VPN set up.

I just want to understand the process of viewing, so when I make the installation appointment, if the installer says to enable port forwarding, I can say no.

So how do I view the streams in a browser, both on the home network, and remotely after connecting to the VPN?
 

awsum140

Known around here
Joined
Nov 14, 2017
Messages
1,254
Reaction score
1,128
Location
Southern NJ
Once you connect to your home network with a VPN from a remote point, you are, effectively, directly on your home network. You can view things and browse your own network as if your were at home.
 

Barboots

Pulling my weight
Joined
Mar 15, 2018
Messages
408
Reaction score
241
Location
Perth, Western Australia
I have the NVR5416-16P-4KS2E NVR.

So how do I view the streams in a browser, both on the home network, and remotely after connecting to the VPN?
Heading off topic, but every device will have an IP address. Enter the it into your browser on the home network and you will see the device... same on a mobile device once you have the VPN running and connected.

For mobile viewing a similar NVR and my cameras I use Gdmss... from the Google Play Store. I think iDevices use Dmss.

Cheers, Steve
 

TonyR

IPCT Contributor
Joined
Jul 15, 2014
Messages
16,451
Reaction score
38,164
Location
Alabama
Heading off topic, but every device will have an IP address. Enter the it into your browser on the home network and you will see the device... ...
Assuming the device has an HTTP port available and an embedded webGUI, correct?
 

nuraman00

Getting the hang of it
Joined
Aug 6, 2017
Messages
348
Reaction score
14
Once you connect to your home network with a VPN from a remote point, you are, effectively, directly on your home network. You can view things and browse your own network as if your were at home.
Heading off topic, but every device will have an IP address. Enter the it into your browser on the home network and you will see the device... same on a mobile device once you have the VPN running and connected.

For mobile viewing a similar NVR and my cameras I use Gdmss... from the Google Play Store. I think iDevices use Dmss.

Cheers, Steve
Thank you. I was a little confused earlier in this thread, as I thought I had to use the DDNS once I logged into the VPN from a remote point. I thought that since the IP address could change, then the DDNS would be used instead of the IP address. But that was cleared up in post #898. I don't use the DDNS URL for anything.https://ipcamtalk.com/threads/vpn-primer-for-noobs.14601/page-30#post-285751

I was also a little concerned that I was missing a step, because even after connecting to the VPN from a remote point, when I went into my Tivo App, and tried to tell it to play a recording on my TV, I got an error message that it couldn't find my Tivo DVR on my home network. I don't get that error message when I'm directly on my home network. So that's why I thought I was missing some configuration somewhere. But, that issue with the Tivo is beyond the scope of this thread, and it's not as important. It was just something I wanted to test out from a remote point after connecting to the VPN. I thought I could try extracting a recording from my DVR, when I'm at a remote point through VPN, instead of directly on my home network. But that's something I'll try again later. If I can find a way to do it, great. Otherwise, oh well. Maybe next time I'll try entering my Tivo's IP after connecting to the VPN, to see what happens.

When I enter the IP address into the browser, do I use HTTP or HTTPS?

Thank you for the tip about Gdmss from the Google Play store, for a mobile device.
 

TonyR

IPCT Contributor
Joined
Jul 15, 2014
Messages
16,451
Reaction score
38,164
Location
Alabama
Is this true? How do I know if a device has an HTTP port available?
  • Install the free Fing app for your iOS or Android smartphone.
  • Using your Wi-Fi, get onto the same LAN as the device, open Fing and select scan (the circling arrow upper right).
  • After it finds all devices on your LAN, on the device you recognize by name or IP, tap it then select 'Scan Services'.
  • The various ports (like 22, 80, 443, 554, etc.) will be shown,
  • If an HTTP entry (normally port 80) is shown, select it and if the device has an available webGUI, your default browser will be launched and likely ask for login credentials.
 
Last edited:

m4paws

n3wb
Joined
May 28, 2018
Messages
21
Reaction score
21
Location
usa
I just got a Netgear R7000 which has OpenVPN server built in once you enable it. Once enabled, you click one what your client device is (android, windows, etc) and then you can download the certificates. I installed the OpenVPN connect app on my android phone and imported the certificates I had earlier downloaded for android. I left my house and was at another location. I was not expecting it all to work. Anyway, I opened up the OpenVPN app on my phone and it connected. Then I opened up the app NVMS7000 which I use for my cameras. I was able to see my cameras on the app. It's nice to see my cameras when I'm away from home without having to do any port forwarding too. I am also using DDNS because I don't have a static IP.

I'm assuming in order to see my cameras from my work PC, all I have to do is install OpenVPN onit, and import the windows certificates from my home router?
 

nuraman00

Getting the hang of it
Joined
Aug 6, 2017
Messages
348
Reaction score
14
I just got a Netgear R7000 which has OpenVPN server built in once you enable it. Once enabled, you click one what your client device is (android, windows, etc) and then you can download the certificates. I installed the OpenVPN connect app on my android phone and imported the certificates I had earlier downloaded for android. I left my house and was at another location. I was not expecting it all to work. Anyway, I opened up the OpenVPN app on my phone and it connected. Then I opened up the app NVMS7000 which I use for my cameras. I was able to see my cameras on the app. It's nice to see my cameras when I'm away from home without having to do any port forwarding too. I am also using DDNS because I don't have a static IP.

I'm assuming in order to see my cameras from my work PC, all I have to do is install OpenVPN onit, and import the windows certificates from my home router?
Just to verify, you weren't able to see the cameras from the NVMS7000 app until AFTER you connected to the VPN, correct? When you tried before connecting to the VPN, it gave some kind of an error?

Also, I exported my certificate, but when I try to log in to my router from my Android phone, I get the warning the the certificate might not be valid and I have to click on advanced and accept it anyways.

Is there a way for the browser on the Android phone to recognize the certificate as valid without bypassing the warning?

I'm on an Asus AC2900 router.
 

m4paws

n3wb
Joined
May 28, 2018
Messages
21
Reaction score
21
Location
usa
Just to verify, you weren't able to see the cameras from the NVMS7000 app until AFTER you connected to the VPN, correct? When you tried before connecting to the VPN, it gave some kind of an error?

Also, I exported my certificate, but when I try to log in to my router from my Android phone, I get the warning the the certificate might not be valid and I have to click on advanced and accept it anyways.

Is there a way for the browser on the Android phone to recognize the certificate as valid without bypassing the warning?

I'm on an Asus AC2900 router.
Before connecting to the VPN, the VMS7000 app would said "connection failed" when I would try to access the cameras. Only after connecting to the OpenVPN first was I able to access the cameras. Which OpenVPN app are you using on your phone? I use OpenVPN Connect (I had previously tried OpenVPN for Android but had problems). Today, I started the OpenVPN app on my phone and then typed in my camera's IP address and was able to access the camera's browser page. I don't believe you should be logging directly into your router, but rather use your camera's IP address.
 

58chev

Pulling my weight
Joined
Aug 30, 2017
Messages
300
Reaction score
143
Location
Etobi, Ontario
I'm assuming in order to see my cameras from my work PC, all I have to do is install OpenVPN onit, and import the windows certificates from my home router?
Correct.
That is exactly how I have mine setup. On my Android phone and work computer. (don't tell my boss) o_O
 

m4paws

n3wb
Joined
May 28, 2018
Messages
21
Reaction score
21
Location
usa
Correct.
That is exactly how I have mine setup. On my Android phone and work computer. (don't tell my boss) o_O
Thanks! I created the certificates at home and installed OpenVPN on my work computer. Then I put the certs in the right directory, connected the OpenVPN and typed in my camera's IP and was able to see it live view. It's weird on my phone, when I use my camera app, I can only see the cameras but can't use wifi to get regular internet when OpenVPN is connected. But at work, I can browse on the internet normally while OpenVPN is connected.

I also have another camera but it's just a cheap camera that doesn't have Onvif and I can't access it through a browser. I"m thinking of installing iVMS windows program on work computer then I should be able to see both cameras.

I won't tell your boss if you don't tell mine :winktongue:
 
Top