Access NVR from internet using PPTP

[andrewke01]

Would appreciate some help accessing my Dahua NVR from the internet using PPTP from my Android phone.

My setup -
1. Netgear CG3100 cable modem in bridge mode. WAN ip not static but has been the same for months, even after multiple reboots.

2. Cisco RV130 router in gateway mode. LAN ip assigned by Netgear CG3100 - 10.253.134.1
There are 3 VLANs setup with the following gateways :- VLAN 10 - 192.168.10.1
VLAN 20 - 192.168.20.1
VLAN 30 - 192.168.30.1
InterVlan routing enabled
NVR & ip cameras are setup on VLAN 20 - NVR ip 192.168.20.250
PPTP server ip 192.168.20.10
PPTP clients ip range 192.168.20.11 - 192.168.20.20
VPN PPTP passthrough enabled

Firewall service management - PPTP TCP port 1723
Firewall access rules - Inbound & Outbound port 1723 enabled for 192.168.20.250 (NVR)
Port forwarding - port 1723 to 192.168.20.1 (VLAN 20 gateway)

3. Cisco 3560 - Gi0/1 setup in trunk mode, all VLANs allowed etc. to port 1 on RV130.
PC's, Playstation, internet TV, NVR & cameras all connected here.


Things to note: all devices connect correctly to the internet.
InterVlan routing working correctly - from PC on VLAN 10 web browser is happy
logon to all ip cameras on VLAN 20

I can connect via PPTP from phone - phone gets assigned ip 192.168.20.11.
This ip address is shown on phone & RV130 status page
I can ping all VLAN gateways from phone.
I cannot ping any other device on my local LAN
If I enable P2P on NVR the gDMSS connects with no problem!

i am thinking this is a router firewall issue - I have tried different ip addresses firewall access rule/port forwarding etc combinations but nothing seems to work.

Am I flogging a dead horse?
Any help would be greatly appreciated.
Cheers.

 

[hmjgriffon]

Would appreciate some help accessing my Dahua NVR from the internet using PPTP from my Android phone.

My setup -
1. Netgear CG3100 cable modem in bridge mode. WAN ip not static but has been the same for months, even after multiple reboots.

2. Cisco RV130 router in gateway mode. LAN ip assigned by Netgear CG3100 - 10.253.134.1
There are 3 VLANs setup with the following gateways :- VLAN 10 - 192.168.10.1
VLAN 20 - 192.168.20.1
VLAN 30 - 192.168.30.1
InterVlan routing enabled
NVR & ip cameras are setup on VLAN 20 - NVR ip 192.168.20.250
PPTP server ip 192.168.20.10
PPTP clients ip range 192.168.20.11 - 192.168.20.20
VPN PPTP passthrough enabled

Firewall service management - PPTP TCP port 1723
Firewall access rules - Inbound & Outbound port 1723 enabled for 192.168.20.250 (NVR)
Port forwarding - port 1723 to 192.168.20.1 (VLAN 20 gateway)

3. Cisco 3560 - Gi0/1 setup in trunk mode, all VLANs allowed etc. to port 1 on RV130.
PC's, Playstation, internet TV, NVR & cameras all connected here.


Things to note: all devices connect correctly to the internet.
InterVlan routing working correctly - from PC on VLAN 10 web browser is happy
logon to all ip cameras on VLAN 20

I can connect via PPTP from phone - phone gets assigned ip 192.168.20.11.
This ip address is shown on phone & RV130 status page
I can ping all VLAN gateways from phone.
I cannot ping any other device on my local LAN
If I enable P2P on NVR the gDMSS connects with no problem!

i am thinking this is a router firewall issue - I have tried different ip addresses firewall access rule/port forwarding etc combinations but nothing seems to work.

Am I flogging a dead horse?
Any help would be greatly appreciated.
Cheers.

PPTP you may as well not even use VPN, that takes probably under a minute to crack.

 

[andrewke01]

Yes I know PPTP is not very secure but it is simple & should be "easy" to get working. Once i get an understanding of PPTP I will then move on to setting up an IPSec VPN server. I am having much the same problem with the IPSec server - connecting but getting no LAN access.

small steps & all that.

 

[hmjgriffon]

Would appreciate some help accessing my Dahua NVR from the internet using PPTP from my Android phone.

My setup -
1. Netgear CG3100 cable modem in bridge mode. WAN ip not static but has been the same for months, even after multiple reboots.

2. Cisco RV130 router in gateway mode. LAN ip assigned by Netgear CG3100 - 10.253.134.1
There are 3 VLANs setup with the following gateways :- VLAN 10 - 192.168.10.1
VLAN 20 - 192.168.20.1
VLAN 30 - 192.168.30.1
InterVlan routing enabled
NVR & ip cameras are setup on VLAN 20 - NVR ip 192.168.20.250
PPTP server ip 192.168.20.10
PPTP clients ip range 192.168.20.11 - 192.168.20.20
VPN PPTP passthrough enabled

Firewall service management - PPTP TCP port 1723
Firewall access rules - Inbound & Outbound port 1723 enabled for 192.168.20.250 (NVR)
Port forwarding - port 1723 to 192.168.20.1 (VLAN 20 gateway)

3. Cisco 3560 - Gi0/1 setup in trunk mode, all VLANs allowed etc. to port 1 on RV130.
PC's, Playstation, internet TV, NVR & cameras all connected here.


Things to note: all devices connect correctly to the internet.
InterVlan routing working correctly - from PC on VLAN 10 web browser is happy
logon to all ip cameras on VLAN 20

I can connect via PPTP from phone - phone gets assigned ip 192.168.20.11.
This ip address is shown on phone & RV130 status page
I can ping all VLAN gateways from phone.
I cannot ping any other device on my local LAN
If I enable P2P on NVR the gDMSS connects with no problem!

i am thinking this is a router firewall issue - I have tried different ip addresses firewall access rule/port forwarding etc combinations but nothing seems to work.

Am I flogging a dead horse?
Any help would be greatly appreciated.
Cheers.

Why are you forwarding the PPTP port to the gateway? Turn that off and see what happens.

PPTP you may as well not even use VPN, that takes probably under a minute to crack.

Yes I know PPTP is not very secure but it is simple & should be "easy" to get working. Once i get an understanding of PPTP I will then move on to setting up an IPSec VPN server. I am having much the same problem with the IPSec server - connecting but getting no LAN access.

small steps & all that.

Sent from my Nexus 6P using Tapatalk

 

[andrewke01]

thanks for suggestion.
Disabled - still no joy.

 

[hmjgriffon]

thanks for suggestion.
Disabled - still no joy.

I will say I tried to set up PPTP on a similar Cisco model a while back and could never make it work for some reason lol might end up being easier to set up VPN on another device on the network

 

[andrewke01]

That's irritating - things that should work but don't.

 

[Go3Team]

Try setting subnet mask to 255.255.0.0. It works on my Frankenstein network.

 

[hmjgriffon]

Try setting subnet mask to 255.255.0.0. It works on my Frankenstein network.

subnet mask really just controls the ip address range, changing it shouldn't make something work that wasn't though, if my networking knowledge is correct.

 

[Alimanya]

I believe the LAN ip assigned to the Cisco RV130 router, by the Netgear CG3100 -> (10.253.134.1) is a private IP address which kinda indicates that NAT is turned on and the unit is in router mode? Should work either way, some of this stuff can be finicky with vpn pass-through. Did you enable PPTP Pass-Through on the netgear CG3100 along with trying port forwarding to the Cisco units wan ip.

To check your port forwarding the following site may helpful. Open Port Check Tool

 

[andrewke01]

Thanks for replies.

Go3Team - this is not a allowed. Something to do with overlapping VLANs. Spits out this message - "Another provisioned VLAN already occupies this Gateway IP."

Alimanya - with the NAT check box 'unchecked' & wireless turned off this puts the CG3100 into bridge mode. The ip address 10.253.134.1 is assigned by default & so not likely to be on the same subnet as anything on the LAN side of the router (my limited & possibly wrong understanding).

 

[andrewke01]

Alimanya - forgot to mention - as soon as modem is in bridge mode most of the setting's options become unavailable. Basically only option is to turn on NAT & 'Setup'

 

[Alimanya]

Sounds like its in bridge mode then. In the good old days the ISP use to give you a real routable internet ip address. The ISP may have you NATed down stream. If you go to IP Chicken - What is my IP address? Free public IP lookup., it will tell you your real internet address. You may want to check with your ISP to see if they could assist but may require a static ip address. You could also look at other VPN options like Hamachi by LogMeIn or Free P2P VPN software - Wippien. to get around the port forwarding issues. Sorry couldn't be more help.

 

[andrewke01]

Checked ip & it comes up with the same as WAN ip on the status page of the router.

I have got an account with Private Internet Access so I might have to setup a VPN server on another device (as suggested by hmjgriffon earlier). I really didn't want to go down that route. I just wanted router - switch - NVR - cameras on & everything else powered off when I am not around.

I'll struggle on for a while.
Bought a used Linksys WRT54GL with dd-wrt firmware for $40, so might end up dumping the RV130.

Cheers

 

[Bryan]

Trying to set up a VPN on my Android and home router without any port forwarding. Cisco has a great site for info, but it is more complicated than I need. I need to find what would be the remote IP address for my Moto G Play Android phone USING 4G/3G Verizon network. One would think the remote IP for my Android phone might change as I change locations..I don't know the answer to this. I see plenty of explanations for if you have a free IP service (Strong, Anyconnect, OpenVPN, etc), but I thought I had read you could set up a VP between phone and Router without a third party VPN. Is this true? 2nd thing..see attached pic of my Router VPN setup page.. What would be the addresses needed (an example) for the Remote IPSEC gateway, the Tunnel Access Local & Tunnel Access Remote ?

 

[hmjgriffon]

Trying to set up a VPN on my Android and home router without any port forwarding. Cisco has a great site for info, but it is more complicated than I need. I need to find what would be the remote IP address for my Moto G Play Android phone USING 4G/3G Verizon network. One would think the remote IP for my Android phone might change as I change locations..I don't know the answer to this. I see plenty of explanations for if you have a free IP service (Strong, Anyconnect, OpenVPN, etc), but I thought I had read you could set up a VP between phone and Router without a third party VPN. Is this true? 2nd thing..see attached pic of my Router VPN setup page.. What would be the addresses needed (an example) for the Remote IPSEC gateway, the Tunnel Access Local & Tunnel Access Remote ?

that is for setting up a point to point VPN, that is not what you need, you need the other kind, you won't need to know the public IP your phone gets.

 

[andrewke01]

UPDATE - all working perfectly.
Solution - upgraded mobile phone to Samsung J5 & it it took all of 5 minutes to get up and running with PPTP.
When I get some time I will try with IPSec.
The Sony C6603 has been consigned to the rubbish bin.

Thanks for all comments & suggestions.