Adding VPN Router

[Pocono Joe]

OK, so I have a NVR4208-8P-4KS2 that I just got from Andy. I have not hooked anything up yet. I put a Hard Drive in the NVR and a have monitor and 3 IPC-HDW5231IR-ZE Cameras that are not yet installed.

A friend gave me a LInksys RV042 VPN Router. Of course I already have a router for my home network.

My question is can I use the VPN router and how do I place it in the system?

Thanks, Joe

 

[Mr_D]

It would replace your existing router. However, that's a pretty old router. I believe it only supports pptp which isn't the greatest. It does have a more configurable firewall that most consumer stuff though.

 

[Pocono Joe]

My existing router is wireless and provides my home network wifi.. I thought maybe I could use the VPN router just for the NVR..

Joe

 

[Nonsense]

My question is can I use the VPN router and how do I place it in the system?

I'm pretty sure you can. I had similar setup about year ago. Use your main router as it is and route incoming VPN port traffic to second router which has the VPN server running.
To connect to your VPN server you use primary router WAN address.

 

[Pocono Joe]

Thanks Nonsense.. I really need a step by step .. I should probably look for someone local who can help me with this.. I just don't understand all this IP address, WAN, LAN, etc. stuff...

Joe

 

[Nonsense]

Thanks Nonsense.. I really need a step by step .. I should probably look for someone local who can help me with this.. I just don't understand all this IP address, WAN, LAN, etc. stuff...

Joe

It took several days of tinkering and custom firmware to get my old setup up and running, so you need some knowledge about IP ranges, ports, routing and so on.
Easiest solution would be to get new main router that has (wireless lan of course) OpenVPN server built in. ASUS routers are quite good imo.

 

[GCoco]

KISS - keep it simple stupid. Not calling you stupid. Buy a new router, it the simplest easiest thing to do especially if you are not knowledgeable in the networking/IT area.

 

[Pocono Joe]

Thats ok..when it come to this stuff I am a little stupid... I am willing to learn... I'll look at the ASUS routers mentioned above...

I'm open to recommendations

Thanks, Joe

 

[TonyR]

Try VPN Primer for Noobs

 

[crw030]

While I think technically it would be very similar to people that setup a VPN server behind their main firewall and just route all the VPN traffic straight to that internal box, I would pause and consider a couple other things.

Not familiar with the VPN router you were given, but my basic concerns before you chose that over a new ASUS router (or similar) would be:

1. Is the firmware being updated for that router regularly against vulnerabilities? If not you are actually making yourself possibly less secure by exposing it to the internet to handle VPN traffic. And since it will be inside your firewall, compromise of that device opens up the attack landscape to your other devices.
2. Do you want the additional hassle of configuring a second box to handle VPN anyway? It sounds like you might be part-time-network engineer like myself, and in that case KISS probably will have a better end result.
3. If you are really happy with your existing router, it will stink to PAY to replace it, but maybe it can be repurposed into a WiFi repeater or something on your network.

 

[fenderman]

The linksys is end of life...they will not be issuing patches...its useless.

 

[Pocono Joe]

Good to know fenderman.. (I assume you like Fender Guitars or do Body Work?)

Thanks, Joe

 

[fenderman]

Good to know fenderman.. (I assume you like Fender Guitars or do Body Work?)

Thanks, Joe

guitars

 

[catcamstar]

Thats ok..when it come to this stuff I am a little stupid... I am willing to learn... I'll look at the ASUS routers mentioned above...

I'm open to recommendations

Thanks, Joe

One "challenge" on having a VPN server offloaded on your WAN gateway, is that for certain use cases you might need to enforce a static route on your default LAN gateway (probably your wifi router). Some routers do allow this setup, some not. My suggestion is to look into the Asus RT-ACxx family, they have good wifi, ànd OpenVPN capabilities - really n00b proof setup. If you are more into the technical bits & bytes, and more capabilities, the Ubiquity would be my second suggestion, it offers tons of additional SOHO capabilities like VLANs and stuff.
Good luck!

 

[Pocono Joe]

I have no idea what that first sentence means! Looks like https://www.amazon.com/gp/product/B00FB45SI4/ref=ox_sc_act_title_1?smid=ATVPDKIKX0DER&psc=1 might work?
Thanks, Joe

 

[catcamstar]

I have no idea what that first sentence means! Looks like https://www.amazon.com/gp/product/B00FB45SI4/ref=ox_sc_act_title_1?smid=ATVPDKIKX0DER&psc=1 might work?
Thanks, Joe

What I mean is: if you have an additional network component hosting your openVPN server, all incoming traffic coming from your VPN tunnels (being eg vtun0) has an "internal" network address (eg 10.0.0.x), it has to be able to reach your local gateway who on its turn needs to be able to route (internal) LAN traffic towards that tunnel. Either you can "hard code" this gateway into each of your devices (undoable in 90% of the cases unless you get shell access), OR you must be able to configure it in your existing gateway (router) to have a static route line to accomplish this.

So unless you have a good excuse to have an "external" openvpn server instance, I would deadvice going that way.

Your pick on the Asus RT-AC68U is not bad, I personally have the RT-AC87U which has great wifi. Cannot comment on the 68U. What I did check for you, is that that device is RMerlin compatible (and good news: it is! Asuswrt-Merlin - Browse /RT-AC68U/Release at SourceForge.net ) - it allows many tweaks (including tons of OpenVPN settings, ssh access, and much more).

Good Luck,
CC

 

[J Sigmo]

I have no idea what that first sentence means! Looks like https://www.amazon.com/gp/product/B00FB45SI4/ref=ox_sc_act_title_1?smid=ATVPDKIKX0DER&psc=1 might work?
Thanks, Joe

I got one of those exact routers from Amazon very recently, and while I have not set up the VPN on it yet, the unit has performed very well, and the WiFi coverage in my house and on my property has been excellent. The 5Ghz band really screams! The bottleneck for internet connectivity on most devices is my actual cable modem connection, which tops out at about 115Mb/s. So the data rates provided by this new router are probably overkill.

But one of the things that is supposed to be good about this router is that it has powerful processors and quite a bit of RAM. That is important when hosting a VPN so that the encryption and decryption can happen quickly and not slow down the traffic passing through these "tunnels".

The older VPN router you were given is likely not nearly as powerful, and thus might slow data throughput down far more than these new units will.

It is also easy to block individual devices from accessing the internet, so all of my cameras are blocked. Thus, they can only talk to devices on my local network, and that includes (of course) the PC that I have set up to run Blue Iris. Once I get the VPN set up, I'll be able to access Blue Iris via the VPN remotely, and of course, that's the whole point of having a router that can do the VPN.

Your NVR will be doing for you what my Blue Iris PC is doing in my setup. So the router VPN setup will probably be pretty much the same for you and I.

I'm learning about this as I get time, myself, so I can't offer any direct step-by-step advice yet. But as I get it working, I may be able to be helpful.

The main thing I'd say to you right now is that I agree with what others have posted:

Retire your existing router, and don't bother with the old one you were given.

Buy a new one (the one you linked to is what I've got, but the one @catcamstar suggested is apparently an even fancier one). Then use that new router as your only router. That way, things are easy to set up and will do what you want without the problems a separate router for your VPN might create.

Yes, that means retiring some existing gear, but sometimes it's a lot less hassle in the long run to get a gadget that does exactly what you want. That extra expense pays off in saving your time and working better. Plus, we'll have access to the knowledge of other folks on here who are doing the same things using the same routers in case we end up with questions.

 

[fenderman]

I have no idea what that first sentence means! Looks like https://www.amazon.com/gp/product/B00FB45SI4/ref=ox_sc_act_title_1?smid=ATVPDKIKX0DER&psc=1 might work?
Thanks, Joe

for a bit more, you might want to consider the newer model https://www.amazon.com/Dual-band-Dual-core-AiProtection-Compatible-RT-AC86U/dp/B0752FD3XJ

 

[J Sigmo]

Sure, a week after getting the one I got, I'm now tempted by an even fancier one!

 

[Pocono Joe]

Ok.. So I have the ASUS router set up and running.. How to I set it up for the VPN?

Joe