settings for Blue Iris and OpenVPN

CaliBear

n3wb
Joined
Jun 20, 2019
Messages
8
Reaction score
4
Location
CA
I installed Blue Iris v5 (my Dahua cameras from Andy are in the mail), and I set up the OpenVPN server on my brand new router.

Now how do I set it up so that I can access Blue Iris remotely, while keeping it secure? I'm confused on whether I should access my PC remotely through the VPN without using BI web server, or whether I should configure BI web server to go through the VPN port.

Looking around the BI Settings I saw Web Server tab:

Enable HTTP server on port: do I put here the service port number that I set for the OpenVPN server (UDP)?

then I also see the Internal address and the External address. Do I need to do anything with these?

Also, during installation, I authorized BI to access local networks (but not public) in Windows Firewall. I thought this was necessary for BI to access the cameras when I install them with the PoE switch, but please let me know if I was wrong.

I haven't run the "remote access" wizard yet. Should I?

Thanks for any help!

EDIT: I went into the firewall rules and there are 2 'inbound' rules that seem to allow all ports as remote - should I change the remote ports to the same VPN port I specified above? should I leave the local ports to "all"?
 
Last edited:

SouthernYankee

IPCT Contributor
Joined
Feb 15, 2018
Messages
5,170
Reaction score
5,320
Location
Houston Tx
I use the BI web server to access the video via the VPN on my laptop and by android tablet.
I use the android application with the VPN to access the video from my phone.
I do not use a remote access (RDP, teamviewer) to the BI computer, just a personal preference.
 

TL1096r

IPCT Contributor
Joined
Jan 28, 2017
Messages
1,223
Reaction score
465
I use the BI web server to access the video via the VPN on my laptop and by android tablet.
I use the android application with the VPN to access the video from my phone.
I do not use a remote access (RDP, teamviewer) to the BI computer, just a personal preference.
When you are away from home and want to connect to UI3 how do you use the VPN on your laptop/android to connect? Or do you mean when you are on your home network?
 
Last edited:

Cbang000

n3wb
Joined
Jul 5, 2018
Messages
27
Reaction score
1
Location
Burnsville, MN
Ok, that didn't answer my question. I'll tell you what I have and you can compare. I have an Asus rt-5300 with openvpn enabled on it. The router creates a certificate which you upload to your mobile devices or computers that allows you to access anything on your local network away from home. So if I want to check my cameras away from home, I turn on my VPN on my mobile device and then I am able to view my cameras. My cameras can only be accessed by a device with the certificate installed in the openvpn app on my device... Make sense?
 

TL1096r

IPCT Contributor
Joined
Jan 28, 2017
Messages
1,223
Reaction score
465
Same thing applies to ui3... I can even access my router away from home just as if I was on my home wifi...
Nice. I didn't figure out the certificate on a computer away from home to connect to securely using UI3. Where is the info.
 

Cbang000

n3wb
Joined
Jul 5, 2018
Messages
27
Reaction score
1
Location
Burnsville, MN
On YouTube. just Google: Setup openvpn Asus router... It isn't just for ui3. It's anything on your local network.
 

SouthernYankee

IPCT Contributor
Joined
Feb 15, 2018
Messages
5,170
Reaction score
5,320
Location
Houston Tx
On my setup the ASUS router which has OpenVPN on it, generates the file needed for the openVPN client (client.ovpn). The openVPN client is down loaded onto your laptop, tablet, phone (openvpn.net). Different files and different downloads
 

CaliBear

n3wb
Joined
Jun 20, 2019
Messages
8
Reaction score
4
Location
CA
I got a tplink a20 router. it has 6 antennas and I think a quad core for VPN processing. I generated the certificate on the router and I put a copy in my android phone, but I am not sure how to set up BI web server in the BI software.

So do I understand it right that the BI web server is only used to connect with an outside computer? So do I just change the BI web server default port to the VPN port? what about firewall rules?

For example, the default BI port for the web server is 81. So I think I have to change it to the VPN port, which is not port 81 - right?

If I use the android BI app, does it automatically use the VPN to connect? I haven't downloaded it yet.
 
Last edited:

Mike A.

Known around here
Joined
May 6, 2017
Messages
3,825
Reaction score
6,377
You're kinda over-thinking it...

When using the VPN remotely you'll be accessing your network effectively as if you're a client on your local network. So you'll access whatever on your network in the same way that you would when home. i.e., If your BI server is on local IP 192.168.1.5:80, then after connecting to your network via the VPN, then you'd hit it on that same IP : port using whatever browser or other application.

You don't need to open other ports on your router. Rather, you want to close those. The VPN will open a single port (usually 1194) on its own and that's all that you need open on it (kind of the point of the VPN). In most cases you won't need to do anything as far as firewalls on the machine or your router.

You do need to set up DDNS or otherwise know the public IP in order to find your network when remote to make the connection but that's a different question. Once you do, then you're good as far as accessing anything inside.

I've not used the Andriod BI app but I know that there are various ways to automatically launch the VPN on Android. You'll set up the BI app to access the server via a local IP address. You'll launch the VPN in whatever way and then, as above, the app will hit the BI server as a local IP.
 
Last edited:

CaliBear

n3wb
Joined
Jun 20, 2019
Messages
8
Reaction score
4
Location
CA
When using the VPN remotely you'll be accessing your network effectively as if you're a client on your local network. So you'll access whatever on your network in the same way that you would when home. i.e., If your BI server is on local IP 192.168.1.5:80, then after connecting to your network via the VPN, then you'd hit it on that same IP : port using whatever browser or other application.
Ah ok. I thought if I left the BI server enabled with port 81, it'd listen to port 81 ignoring the VPN. But I think I understand now - the BI server would listen to port 81, but since I didn't forward it from the router, nothing would come through from outside the home network. But if I enter the home network with the VPN, then I can talk to whatever port the BI server is listening to.

Thanks!

(I did set up DDNS in my router so I'm covered there)
 

Mike A.

Known around here
Joined
May 6, 2017
Messages
3,825
Reaction score
6,377
Correct. The VPN server sets up a secured, encrypted connection into your network and assigns a local IP to the remote device via the VPN client when it connects. That's the only way into your network (generally at least, you could also open other things up if you wanted to for some specific reason, e.g., hosting a public server). The only thing that can connect to it is a client with the proper certificate/key.

Actually a little more complicated in that it sets up its own IP and then routes that over internally to a local IP (which is a distinction as far as firewall rules. etc.) but at a practical level you end up with what functions effectively as a local IP address.
 
Top