Inbound Port and IP Address Bypass VPN

WA3PNT

Getting the hang of it
Joined
Jan 22, 2018
Messages
105
Reaction score
74
Location
Chino Valley, AZ USA
I have ExpressVPN running on a WRT1200AC Router.
I have a CAM with LAN Address 192.168.0.55 that uses Port 8102.
I have setup Weather Cloud (Station WA3PNT) to pull the video from this CAM when the site is accessed.

This works fine when the VPN is disabled, however when the VPN is enabled, Weather Cloud cannot obtain the video.

Can anyone point me to a script that will have INBOUND traffic to 192.160.0.55:8102 bypass the VPN?

Bypassing the VPN for outgoing traffic is easy. It is the inbound that I cannot find a way to do.

Thanks for any help.

RodeoGeorge
 

fenderman

Staff member
Joined
Mar 9, 2014
Messages
36,897
Reaction score
21,250
Best thing to do is disable expressvpn and stop wasting your money. You're paying to pass your traffic through some random server which slows you down.
 

SouthernYankee

IPCT Contributor
Joined
Feb 15, 2018
Messages
5,170
Reaction score
5,320
Location
Houston Tx
The term VPN is used to describe two completely different products . It has to do with where the traffic originates from.
1) hide the outbound traffic from your pc, ie hide traffic originating location. Ie hide you pc from Microsoft when requesting info from Microsoft.
2) encrypt an inbound request to your home network and it's response.

The type 1 VPN is a service and is paid for, this service has nothing to do with ip cameras and blue iris
The type 2 VPN is normally free, it uses openVPN or a similar solution.
 
Last edited:
Joined
Apr 26, 2016
Messages
1,090
Reaction score
852
Location
Colorado
You'll want to setup OpenVPN using instructions like: Linksys Official Support - Configuring the Linksys Smart Wi-Fi Router with the OpenVPN Server feature

Although, a couple changes:
  1. I would definitely not "Allow remote access to this page" once you get everything setup and working, I wouldn't want to open up cloud access to internal LAN from https://www.linksyssmartwifi.com.
  2. Create a username and password, don't use admin & a password.
  3. Make sure your router firmware is as up-to-date as it can be Linksys Official Support - WRT1200AC Downloads
 

concord

Getting comfortable
Joined
Oct 24, 2017
Messages
663
Reaction score
739
@Weather Cloud (Station WA3PNT),

You need to expand on how you are doing this. Are you?:

1) You have a weather station device at home that gets your current local conditions.
2) You installed the software that comes with the weather station device on your PC, to get the readings
3) You are sharing your readings with others on www.WeatherCloud.net by:
a) linking your PC software to Weather Cloud, or
b) linking your weather station device directly to Weather Cloud
4) You are either:
a) linking the camera to the local software running on your computer, or
b) linking the camera directly to the Weather Cloud
5) You are using expressVPN from home to Weather Cloud to protect your connection from your weather station device (or PC) to Weather Cloud...
 

WA3PNT

Getting the hang of it
Joined
Jan 22, 2018
Messages
105
Reaction score
74
Location
Chino Valley, AZ USA
1. YES
2. Using METEOBRIDGE to obtain WX readings, and sending to Weather Cloud (This works using ExpressVPN on the Router)
3. See #2
4. Neither. In my Settings on Weather Cloud I have included an "Image". The URL for that Image is : "wa3pntfront.from-az.net:8102/videostream.cgi?user=admin&pwd=gbs99039903&resolution=32" When the WA3PNT Device is accessed on Weather Cloud, Weather Cloud pulls that Image. DynDNS provides the link to the Host 192.168.0.55:8102 which is the CAM. This works correctly when ExpressVPN is disabled in the Router.
5. With ExpressVPN on the Router, everything goes through the VPN tunnel.

What I am looking for is a way (script) that I can run in the VPN setup on the Router to cause INBOUND and OUTBOUND traffic for 192.168.0.55:8102 to use the non-VPN (WAN) tunnel.

George
 
Joined
Apr 26, 2016
Messages
1,090
Reaction score
852
Location
Colorado
If someone could see the URL for the image, wouldn't you be giving them the username and password to your camera? (sorry, naive me doesn't know much about Weather Cloud).

If DynDNS resolves wa3pntfront.from-az.net to 192.168.0.55 then anyone in the world could login as admin on your camera I'm afraid. Yeah never mind, I just checked and I could login to your camera from the WWW. Don't port forward, you are asking for a world of problems imho.
 

concord

Getting comfortable
Joined
Oct 24, 2017
Messages
663
Reaction score
739
@WA3PNT,

As @crw030 mentions, your camera is exposed to the public, I can access it too.

Is there an option on the Metobridge, it's self, to grab the image locally from 192.168.0.55:8102, then send the readings and image to Weather Cloud via the Metobridge? That way you don't need to port forward the IP cam and expose it to the internet...

EDIT: I did a search and it appears that you should setup you cam on the Metobridge from the local IP address and it uploads the image to Weather Cloud, according to this forum thread:
Weather Cam and Meteobridge
IP cam snapshot upload problem **solved** - meteohub.de
 
Last edited:

WA3PNT

Getting the hang of it
Joined
Jan 22, 2018
Messages
105
Reaction score
74
Location
Chino Valley, AZ USA
@WA3PNT,

As @crw030 mentions, your camera is exposed to the public, I can access it too.

Is there an option on the Metobridge, it's self, to grab the image locally from 192.168.0.55:8102, then send the readings and image to Weather Cloud via the Metobridge? That way you don't need to port forward the IP cam and expose it to the internet...

EDIT: I did a search and it appears that you should setup you cam on the Metobridge from the local IP address and it uploads the image to Weather Cloud, according to this forum thread:
Weather Cam and Meteobridge
IP cam snapshot upload problem **solved** - meteohub.de
That solution works for a single Image.
I have Weather Cloud pulling a live video stream of the CAM.

The reason that you were able to access the CAM is because I currently have the VPN turned OFF, while I'm trying to sort things out.

Thanks
George
 

concord

Getting comfortable
Joined
Oct 24, 2017
Messages
663
Reaction score
739
That solution works for a single Image.
I have Weather Cloud pulling a live video stream of the CAM.

The reason that you were able to access the CAM is because I currently have the VPN turned OFF, while I'm trying to sort things out.

Thanks
George
Ok, so others are somehow updating the image every so often from the MetroBridge, via a script or something. You are setting up access to the cam from the Weather Cloud website instead, I don't think it's possible when turning on expressVPN on the router :(, but I may be wrong.
 

WA3PNT

Getting the hang of it
Joined
Jan 22, 2018
Messages
105
Reaction score
74
Location
Chino Valley, AZ USA
When someone looks at my Weather Data on Weather Cloud, embedded in the GUI is the video from my WEB CAM.

That image is LIVE video from the WEB CAM.

I think you can connect to this URL and see what I'm trying to explain.

ChinoValley Rd1N - Weathercloud

George
 

WA3PNT

Getting the hang of it
Joined
Jan 22, 2018
Messages
105
Reaction score
74
Location
Chino Valley, AZ USA
If someone could see the URL for the image, wouldn't you be giving them the username and password to your camera? (sorry, naive me doesn't know much about Weather Cloud).

If DynDNS resolves wa3pntfront.from-az.net to 192.168.0.55 then anyone in the world could login as admin on your camera I'm afraid. Yeah never mind, I just checked and I could login to your camera from the WWW. Don't port forward, you are asking for a world of problems imho.
They would have to have the Password to log into the Camera GUI.

George
 
Joined
Apr 26, 2016
Messages
1,090
Reaction score
852
Location
Colorado
They would have to have the Password to log into the Camera GUI.
Or have enough information to identify the camera so they can (potentially) abuse some software vulnerability to bypass login altogether. Camera firmware is notoriously insecure and rarely patched.

Not picking a fight just saying try to be careful.
 

concord

Getting comfortable
Joined
Oct 24, 2017
Messages
663
Reaction score
739
When someone looks at my Weather Data on Weather Cloud, embedded in the GUI is the video from my WEB CAM.

ChinoValley Rd1N - Weathercloud

George
I assume you are using VPN from your router, using one LAN (i.e. 192.168.0.0/24). When you turn on expressVPN on your router, it is contacting an expressVPN server that is close to you, with the least amount of traffic (if like nordVPN). The traffic between your router and the expressVPN is encrypted. Any traffic that goes out to the internet is going thru the expressVPN server and then out to the rest of the internet. The same goes for information coming back to your computer from the internet, like accessing a website, the web page information is sent back.

What you are trying to do is go directly to your router to access your camera, but since your router is running in VPN mode and everything is going thru the expressVPN server, it's not possible, in my opinion.

If your router has the ability to define what devices on your local network should go thru expressVPN, maybe there's a way to tell it not to include the cam (maybe by MAC Address). For example, if you were using Untangle router software, you can easily define what devices should be going thru expressVPN.

However, I
would highly recommend using VLANs to isolate your camera from the rest of your local network, in case your camera is hacked.

 

WA3PNT

Getting the hang of it
Joined
Jan 22, 2018
Messages
105
Reaction score
74
Location
Chino Valley, AZ USA
I assume you are using VPN from your router, using one LAN (i.e. 192.168.0.0/24). When you turn on expressVPN on your router, it is contacting an expressVPN server that is close to you, with the least amount of traffic (if like nordVPN). The traffic between your router and the expressVPN is encrypted. Any traffic that goes out to the internet is going thru the expressVPN server and then out to the rest of the internet. The same goes for information coming back to your computer from the internet, like accessing a website, the web page information is sent back.

What you are trying to do is go directly to your router to access your camera, but since your router is running in VPN mode and everything is going thru the expressVPN server, it's not possible, in my opinion.

If your router has the ability to define what devices on your local network should go thru expressVPN, maybe there's a way to tell it not to include the cam (maybe by MAC Address). For example, if you were using Untangle router software, you can easily define what devices should be going thru expressVPN.

However, I
would highly recommend using VLANs to isolate your camera from the rest of your local network, in case your camera is hacked.


Yes, basically you've restated what I initially was looking for. A script that I can run at startup in the WRT1200AC that will "pre route" specific inbound packets through the WAN, as opposed to the VPN.

I have gathered several scripts, however I'm not sure that they will fit in the amount of RAM available in the WRT1200AC. I need to strip out all the comments and try them. Another alternative is to move up to the WRT1900ACS which has 512 as opposed to 256 RAM. A side benefit of this would be the faster processor.

I do have another alternative. I have Cable One as my primary ISP, but I also have a Century Link DSL available. I could run another CAT6 from the Shop (where the CAM LAN Cable is located) to the Computer Room, and isolate the CAM on the DSL connection.

Thanks for joining in on the discussion.

George
 

whoami ™

Pulling my weight
Joined
Aug 4, 2019
Messages
230
Reaction score
224
Location
South Florida
If you want a VPN to change your IP address I'd suggest running your own VPN software on a OpenVZ VPS for less than $20 a year or KVM for less than $40 with a dedicated IP. There's a lot more you have to do than connect to a VPN to hide your identity online. Flash, WebRTC, DNS, Cookies, & IPv6 can all give away your identity if not set up correctly. Not to mention a kill switch in case the VPN were to drop the connection.

ServerHunter (link below) is a good site for finding a host. Switzerland and Spain have the best internet privacy laws... For what-ever that's worth. Just set the filters for what your looking for.

Server Hunter - Find a server
 
Last edited:
Top