BI app needs to port forward?
- Thread starter dabflyboy
- Start date
fenderman
Staff member
- Joined
- Mar 9, 2014
- Messages
- 36,902
- Reaction score
- 21,274
To follow the wiki and secure your network properly with a VPN
I've read through it. The confusing part is that it says to never forward ports, while the BI app contradicts it and says it requires it.
I have an Arris TG1682G modem/router that is supplied by my ISP. It doesn't have a built-in VPN. From what I've read, it looks like I'll either have to buy a separate router with it built in, or subscribe to a service. Is that correct?
I have an Arris TG1682G modem/router that is supplied by my ISP. It doesn't have a built-in VPN. From what I've read, it looks like I'll either have to buy a separate router with it built in, or subscribe to a service. Is that correct?
Last edited:
fenderman
Staff member
- Joined
- Mar 9, 2014
- Messages
- 36,902
- Reaction score
- 21,274
Once again you do not need to port forward The Blue Iris server if you properly set up a VPN. The instructions you posted are geared towards the lowest common denominator and is terrible advice and provides an unsecured path for others to hack your PC. Paid VPN Services is not what you need they are the wrong type of VPN start weeding or port forward At your own risk there are a bunch of threads on this topic
Gotcha. Thanks.
SouthernYankee
IPCT Contributor
I have the same modem from comcast. I have placed the modem/router in passthru/bypass/bridge mode. This allows the arris tg1682g to only be a modem. not a router. Then I use a ASUS router which has a vpn built in, as my router.
-----------------------------------------------
My general VPN post
There are two types of VPN, do not get them confused.
The type depends on where the traffic conversation (traffic) originates
1) origination: local home network, destination the internet.
This type of VPN purpose to hides your activity from the internet, it is outbound, it normally costs a monthly fee to use. Direction is from your home PC to the internet, going to your bank, google, porn sites,,,, this not what you want. This VPN uses a VPN server that is in the middle of your communications.
2) Origination: the internet world wide web, destination: your home network.
This VPN type is used to provide a secure connection onto your local network, in bound to you local home network, from your office computer, your cell phone in your car, tablet at the coffee shop.. This is what you want, it does not have a monthly fee and is normally completely free. OpenVPN is this type of VPN.
If you home internet provider is a cellular network, then DDNS (dynamic Domain Name System) may not work, the DDNS is needed for most Inbound VPN services (OpenVpn), so OpenVPN may not work for you.
A video on the paid VPN.
------------------------------------------------------
-----------------------------------------------
My general VPN post
There are two types of VPN, do not get them confused.
The type depends on where the traffic conversation (traffic) originates
1) origination: local home network, destination the internet.
This type of VPN purpose to hides your activity from the internet, it is outbound, it normally costs a monthly fee to use. Direction is from your home PC to the internet, going to your bank, google, porn sites,,,, this not what you want. This VPN uses a VPN server that is in the middle of your communications.
2) Origination: the internet world wide web, destination: your home network.
This VPN type is used to provide a secure connection onto your local network, in bound to you local home network, from your office computer, your cell phone in your car, tablet at the coffee shop.. This is what you want, it does not have a monthly fee and is normally completely free. OpenVPN is this type of VPN.
If you home internet provider is a cellular network, then DDNS (dynamic Domain Name System) may not work, the DDNS is needed for most Inbound VPN services (OpenVpn), so OpenVPN may not work for you.
A video on the paid VPN.
------------------------------------------------------
Last edited:
Thanks for the clarification. Much appreciated. It looks like I'll have to purchase another router. Any recommendations that won't break the bank?
edit: OR should I purchase my own modem/router combo to use instead of my ISP's?
Last edited:
fenderman
Staff member
- Joined
- Mar 9, 2014
- Messages
- 36,902
- Reaction score
- 21,274
A modem router combo always presents problems.
Asus routers have built in vpn servers that are easy to setup or you can run an open vpn server on your blue iris pc.
If you want something more advanced but will require some work on your part to learn that lets you create vlans to segment networks but not too overly complex look at the unifi dream machine. (on a scale where asus is a 1, the unifi is a 5 while most others are 8-10).
If you are paying monthly for your modem router combo then get your own modem and use one of these routers.
Thanks @fenderman, but I think that one may be a bit out of my price range, at the moment. Going to have to go a bit cheaper, as there are a couple other things I need to spend a few dollars on first. Namely, a good UPS and a few more cameras. Too many brown-outs here. It may be something to look into for the future, though.
Warptrooper
Pulling my weight
Port forward is required yes. Safer to open a port for VPN than a port for something else (unless your router can run the VPN server).
I run OpenVPN on my Milestone box. Works great.
I run OpenVPN on my Milestone box. Works great.
Last edited:
You can pick up a used Araknis Router that will do VPN and provides free DDNS for $30-$40 on ebay. Here's one example:
Araknis Router
Here's the documentation:
Araknis 300 Series Router
I've been using one for about a month now with no issues.
As an eBay Associate IPCamTalk earns from qualifying purchases.
reflection
Getting comfortable
OpenVPN uses the OpenSSL library for encryption. Another option is to use stunnel, which also uses the OpenSSL library. Stunnel creates a TLS wrapper around your session to BI.
So without any additional monetary investment, you can setup stunnel. Instead of opening a port for OpenVPN, you would open a port for stunnel.
So without any additional monetary investment, you can setup stunnel. Instead of opening a port for OpenVPN, you would open a port for stunnel.
Thanks everyone. I ended up buying a used ASUS RT-AC66U. Getting everything going has been slow due to...life (aka: toddlers) Ha! Right now I need to figure out how to place the Arris TG1682G in passthru/bypass/bridge mode.
Edit: nevermind, found it.
Edit: nevermind, found it.
Last edited: