Banned IP Addresses

Three options really:

1. Change from port 81 to a random high number port (between 10000 and 65535) that is not commonly used for any particular service. Literally just pick a number, google it "port xxxxx" and see if it is commonly used for anything. This will dramatically reduce the amount of unwanted bot connections you get, since most bots are just scanning for low hanging fruit on default ports.

2. Run a VPN server. Doesn't have to be on your router. It can be on the Blue Iris machine, even. Disable all other port forwarding (including UPnP and NAT-PMP functions in your router) and only use the VPN for remote connections.

3. Run ZeroTier instead of a VPN server. It is basically a cloud-hosted VPN server that you can connect all your machines to, and they keep it free for home users by utilizing peer-to-peer tunneling methods whenever possible so they don't have to carry a lot of your network traffic on their own infrastructure. The downside is you have to trust a cloud service, and it will only provide access to specific machines that are running the zerotier client, not your entire LAN unless you do some advanced routing stuff that is even over my head.
 
  • Like
Reactions: gwminor48, looney2ns and OBXJeepGuy
A Netgate 1100 is a fine little router and the pfSense OS has OpenVPN server built in, and Wireguard VPN server (which is simpler and more efficient) available as an installable package. I like the 1100 specifically because it is super energy-efficient compared to high-end consumer routers, and especially compared to old PCs that some people may use to run pfsense.
 
  • Like
Reactions: weigle2, fenderman, looney2ns and 2 others
OBXJeepGuy said:
Well now this has turned into something else I would like to build. Or I could just buy a Netgate 1100, and be done with it.
Click to expand...

I have pfS running on an HP T730 thin client and also and HP T610 thin client, these are available fairly cheap on ebay, much cheaper then buying the actual Netgate hardware.
 
  • Like
Reactions: OBXJeepGuy
OBXJeepGuy said:
Well now this has turned into something else I would like to build. Or I could just buy a Netgate 1100, and be done with it.
Click to expand...

For that money just get a higher end home router been as you say you need a new Router anyway (I think you mean Router Modem rather than router).

I chose an Asus AX82U Router paired with a Vigor 130 modem run in bridge mode. The Router has modern features, top class performance reviews and a VPN Built in. May others on here are using Asus routers.

I have yet to set my system up - on with other projects ie renovating a room in my house, and still need some bits eg cabling. However, if you don't want to go True Router + Modem combination, others on here are using some slightly lower end but similarly priced Modem Routers from Asus (all in ones). I couldn't tell you the models but I'm sure someone will chime in. The 82U also has another model with slightly different letters in front that's an all in one. Its the same router but with a modem included internally.

I went separate as it means less to replace when something fails and generally there's evidence to suggest the separate parts are better overall. Can't comment on the router difference other than to say they should be the same, but I imagine the Vigor being a business modem is a world better than a built in modem especially when the price difference between built in and not built in 82u's is only around £10. By contrast the Vigor is a £100 modem. You get what you pay for as they say.

One advantage of going Asus, is I believe the VPN tutorial on here relates to an Asus Router.
 
  • Like
Reactions: looney2ns, sebastiantombs and OBXJeepGuy
Okay..... So to continue (finally) I settled on a Netgear CM1100 for simplicity's sake. I also now have a pfSense appliance in place, and running. Now I can't make thing access remotely via port 81 because I can't figure out the correct port forwarding rule. Yes, I know this isn't supposed to be done. Baby steps. I will change everything once I figure this rule thing out.
 
  • Like
Reactions: TVille
I just got an SG-1100 running last week and OpenVPN on Android. Works fine. Did you use the export add on for pfSense?

Sent from my Pixel 4a using Tapatalk
 
How are you trying to connect using OpenVPN? OpenVPN basically dumps your connection into your LAN side of your router. So if on your phone, it is like it is on the LAN, even when not. For things on the LAN, OpenVPN has nothing to do with it. The BI LAN connection is the same as to connect from another computer or phone on your LAN.
 
I am not trying to connect with OpenVPN. I’m trying to do so via port forwarding, which I still can’t seem to figure out.
Yes, I know port forwarding is the devil. Once I get that figured out for BI (and others), I will move in to a more secure way of viewing remotely.
 
I just installed the Android client, easier than port forwarding. Export from pfSense, use that for the client. Now I can get to ANY thing inside my network, including pfSense, wherever I am.

Sent from my Pixel 4a using Tapatalk
 
Well it appears port 81 is in fact open on my end, so I must have someting else out of whack. That's what I get for "upgrading".

EDIT: My DynDNS account didn't see the new public IP because I forgot to set it up in pfSense FACE PALM.
 
Last edited:
  • Like
Reactions: TVille
You must log in or register to reply here.
Top Bottom