Thanks! When a family member visits, we've always let them into our LAN with the router access password. I've never looked into "guest" access. But I think I would want to set up guest access after switching to OpenVPN, yes? That way I wouldn't have to import the cert. to guest devices that normally don't reside here, but could still let them have internet access. They just couldn't access the internal LAN, correct?
“Putting a camera directly on the Internet is not a good idea. I don’t care whose camera it is.”
- Thread starter fenderman
- Start date
Thanks! When a family member visits, we've always let them into our LAN with the router access password. I've never looked into "guest" access. But I think I would want to set up guest access after switching to OpenVPN, yes? That way I wouldn't have to import the cert. to guest devices that normally don't reside here, but could still let them have internet access. They just couldn't access the internal LAN, correct?
Setting up the VPN doesn't affect your wifi and how users connect to it. They're two separate functions in the router. What he meant was that once you connect to your home network over the VPN, it is as if you are sitting at home on your wifi (or wired network). You then have access to things on your home network that are not visible to anyone outside of your home's network (cameras, printers, NAS). Imagine running a really long Ethernet cable from where ever you are back to your home network. That's what a VPN does.
Yeah. I can see how that wasn't clear.
The VPN access is only from outside your home network.
Maybe you are using 4G mobile, or you are at work , or on holiday, hardware store, and you want to check your cameras/ security (remember we trying to get away from port forwarding)
But you would need to have the Certificate imported onto the devices you want to connect with.
Everything at home , wifi , lan stays the same, you dont put a vpn client on the devices in the home.
In the home you have good wifi authentication, you could do MAC address filtering but I don't think it's needed. But you give guests a guest wifi password.
The VPN access is only from outside your home network.
Maybe you are using 4G mobile, or you are at work , or on holiday, hardware store, and you want to check your cameras/ security (remember we trying to get away from port forwarding)
But you would need to have the Certificate imported onto the devices you want to connect with.
Everything at home , wifi , lan stays the same, you dont put a vpn client on the devices in the home.
In the home you have good wifi authentication, you could do MAC address filtering but I don't think it's needed. But you give guests a guest wifi password.
Oh, OK. Thank you for clarifying that! It answered some questions that began forming in my mind, because I had mistakenly thought that every device INSIDE our WiFi would need the certificate. So I was beginning to wonder how one would import a certificate on, for example, a garage door opener.
Glad I was mistaken. This doesn't appear to be too terribly hard to implement then. Having never done this, I am wondering, on an Asus router, if turning on OpenVPN and setting it up automatically precludes previous port forwarding for things like Blue Iris, or is stopping the exisiting internet access to Blue Iris something I would have to do myself. I'll have to also remember I have one camera I got before Blue Iris that uses the camera maker's proprietary online access. It is also sending to my Blue Iris setup, so after reading this info above I reckon the first thing I should do is disable that initial link to the web, right? I had let it continue because I initially had some problems to work out with Blue Iris, so that had given me a secondary means of accessing that camera. It is inside a storage building which is closed most of the time, so I hadn't considered the imagery a security risk. But that was before I learned hackers can do far more than just view the video feed.
you want to turn off UPnP and port forwarding off your router.
this applications are what is the vunerab ilities and exposing your cameras to the web.
at any moment in time your modem is being scanned for open ports (port forwarding) 1000s of times a day.
take it in little steps. read my first post.
get the vpn working first, transfer a camera over validate it works and then change the config on TinyCam, iVMS to have the local IP addresses of your home network and then turn everything off on your router UPnP and Port forwarding.
Remember with a vpn and when you "vpn in" its effectively like you are at home on your wifi or local network.
Youve got a secure tunnel from whereever you are into your home network.
this applications are what is the vunerab ilities and exposing your cameras to the web.
at any moment in time your modem is being scanned for open ports (port forwarding) 1000s of times a day.
take it in little steps. read my first post.
get the vpn working first, transfer a camera over validate it works and then change the config on TinyCam, iVMS to have the local IP addresses of your home network and then turn everything off on your router UPnP and Port forwarding.
Remember with a vpn and when you "vpn in" its effectively like you are at home on your wifi or local network.
Youve got a secure tunnel from whereever you are into your home network.