Confused - Sort Of - VPN/Port Forwarding

gokiwi

n3wb
Joined
Oct 30, 2019
Messages
24
Reaction score
3
Location
United Kingdom
So as I have been told in a previous thread - Do NOT use Port Forwarding, however a lot of folks across various forums all say to use Port Forwarding and a VPN.

I registered for a VPN (SurfShark) but for the life of me could not get remote access to my NVR ,So I have either completely misunderstood how all this is supposed to work or my VPN needs more/additional configuration - Probably ALL of these ...

1 . Find a VPN provider
2. Install their VPN app on the NVR
3. Then what ?
 

area651

Getting the hang of it
Joined
Aug 18, 2018
Messages
161
Reaction score
72
Location
USA
So as I have been told in a previous thread - Do NOT use Port Forwarding, however a lot of folks across various forums all say to use Port Forwarding and a VPN.

I registered for a VPN (SurfShark) but for the life of me could not get remote access to my NVR ,So I have either completely misunderstood how all this is supposed to work or my VPN needs more/additional configuration - Probably ALL of these ...

1 . Find a VPN provider
2. Install their VPN app on the NVR
3. Then what ?
I believe you're facing the wrong direction. The VPN you found is one for you going OUT onto the internet. When someone says to "use a vpn" (at least here), it is meant that YOU should host/be the vpn for incoming traffic. In other words, YOU run the vpn and allow the only incoming traffic to come IN though YOUR vpn.

One that's super popular (& easy) is to set up a vpn connection on your Asus router. VPN service comes pre-installed on most (iirc) Asus routers. It likely does on others as well and then of course there's always the idea of building your own firewall/vpn computer, etc, etc, etc...

But in short, you don't have to go to that extent. Just run a vpn service on your own router and then "vpn into your own network" from the outside and you can see everything


edit - maybe to clarify a little, I use a computer to run my blueiris so I'm not sure how different it would be w/ an NVR. hopefully someone can help there
 

psycik

Getting the hang of it
Joined
Dec 9, 2015
Messages
158
Reaction score
22
Location
Wellington, New Zealand
You can actually do what you're looking at also, ie get a virtual server (vps) and run a vpn between the virtual server and your house etc....but as area651 said, its much easier to look at setting up a vpn server at home. Some routers can do it.....if you're more diy you can do it with a raspberry pi (strongswan, openvpn, ipsec, l2tp) etc. But check your router first.
 

gokiwi

n3wb
Joined
Oct 30, 2019
Messages
24
Reaction score
3
Location
United Kingdom
So my ASUS router does support either PPTP or OpenVPN as a server - so thats positive .

When I say NVR I'm probably confusing the issue its actually a Dell Optiplex running Blueiris 5 with some big SAS disks.

So I enable OpenVPN on my router and then install some sort of client on the Blueiris machine (or any local machine I want to access) ?
 

gokiwi

n3wb
Joined
Oct 30, 2019
Messages
24
Reaction score
3
Location
United Kingdom
Okay so on "playing" around I realise this is never going to work - given my ability and understanding of how it works.

What I am trying to achieve is the ability to view my security camera's/recordings from wherever I am - I will not be able to do this at work (priority as there most of the time) as certainly cannot install vpn client on work machine and have no ability to connect private laptop from same.
So that would only allow me to view camera's in a web page .
My ISP WAN address changes frequently so VPN wont work anyway.

Thanks to all concerned and those that have tried to help but think this is beyond me and the technology available to me.
 

Walrus

Getting comfortable
Joined
Nov 19, 2018
Messages
513
Reaction score
352
Location
Ontario
My ISP WAN address changes frequently so VPN wont work anyway.
Incorrect. My ISP WAN changes, and I can connect remotely. Another setting in your router allows you to setup DDNS. Keep reading. It's been covered many times.
 

Silas

Getting the hang of it
Joined
Jan 6, 2017
Messages
284
Reaction score
90
Location
Down Under
You made a pretty common mistake (assumption)

There are two (2) types of VPN options, consider them as OUT and IN

1. OUT - This is when YOU need to secure/hide the outgoing data from systems to your ISP and other prying eyes. this is where you have to buy a service from a supplier ( ExpressVPN, NordVPN, PIA etc etc) they then provide you with some type of clients that you install on a device that YOU have within your home network. This has NO bearing on your cameras and functions. Once started, your ip traffic is routed by the client through the suppliers servers and this hides you from the prying eyes, think torrents/porn :)'

2. IN - This is where YOU operate some form of VPN server at your end, this can be done in the router, or with some 3rd party software/hardware, OpenVPN is a well know variant and is often used by most people


So in order for you to be able to see your cameras/NVR when you are NOT connected to your home network, YOU would need to have the 2nd option operational, and a changing WAN is not an issue, most routers support some form of dynamic DNS updates,
Then on a device you initiate a VPN connection to the WAN ip of your home system, once connected, you then become 'part' of your home network and access to your devices is on the same ip as if you were at home.

It is one of those things that is difficult to explain, but once you have it working, it becomes SO obvious.

Hope this helps ?
 

Hammerhead786

Getting the hang of it
Joined
Apr 23, 2018
Messages
96
Reaction score
38
Okay so on "playing" around I realise this is never going to work - given my ability and understanding of how it works.
Don't give up so easily. You need to set up OpenVPN on your router, along with DDNS. Export the OpenVPN certificate and email that to yourself. Install the OpenVPN client on your mobile. You could then install remote desktop on your phone and rdp into your blue iris server or you could install the Blue Iris mobile client. If you need some help with this let me know.
 

gokiwi

n3wb
Joined
Oct 30, 2019
Messages
24
Reaction score
3
Location
United Kingdom
Okay so some success !!
I have found the issue with my asus router and fixed that , so I enabled the open vpn server on it and exported the configuration file.
Installed open vpn client on my android phone and imported the configuration file and it connected instantly.
I could then load the Blueiris mobile client :headbang:

However I cannot get the asus ddns service to work , it just constantly says unable to connect to the internet - which is nonsense as I am definitely connected Capture_1_LI.jpgCapture_2_LI.jpgCapture_3_LI.jpg

So a bit at a loss of what to do next.
 

gokiwi

n3wb
Joined
Oct 30, 2019
Messages
24
Reaction score
3
Location
United Kingdom
Nope - No multinatting (that I am aware of or can find evidence of). Private lan is normal 192.168.x.x and WAN address is 84.x.x.x

I have since read that the asus service is rather unreliable, however I have logged a support ticket with them.
 

area651

Getting the hang of it
Joined
Aug 18, 2018
Messages
161
Reaction score
72
Location
USA
Nope - No multinatting (that I am aware of or can find evidence of). Private lan is normal 192.168.x.x and WAN address is 84.x.x.x

I have since read that the asus service is rather unreliable, however I have logged a support ticket with them.
I don't necessarily think this is the root of your trouble but I use Google for my DDNS stuff. I just don't trust Asus to reliably do it. Maybe they can.....I'm just saying what I do.
 

gokiwi

n3wb
Joined
Oct 30, 2019
Messages
24
Reaction score
3
Location
United Kingdom
I looked at the google thing but that suggests you need your own domain (so an additional cost and additional complexity), there doesn't seem to be a "free" DDNS service anymore (yes I know there is but when you look at the domains they offer they dont match what the router supports).
 

looney2ns

IPCT Contributor
Joined
Sep 25, 2016
Messages
7,949
Reaction score
6,427
Location
Evansville, Indiana
I looked at the google thing but that suggests you need your own domain (so an additional cost and additional complexity), there doesn't seem to be a "free" DDNS service anymore (yes I know there is but when you look at the domains they offer they dont match what the router supports).
The Asus DDNS works just fine. I'm guessing your issue is you are using the simplistic "camera" for the beginning DDNS, someone else may already have used that name, try something else with a little more random. It needs to be unique. How to Secure Your Network (Don't Get Hacked!) | IP Cam Talk
 

Hammerhead786

Getting the hang of it
Joined
Apr 23, 2018
Messages
96
Reaction score
38

Hammerhead786

Getting the hang of it
Joined
Apr 23, 2018
Messages
96
Reaction score
38
DNS changes can take up to 48 hours replicate fully around the globe. You could try and see if it works now. Make sure the OpenVPN profile on your phone has the correct name too.
 

gokiwi

n3wb
Joined
Oct 30, 2019
Messages
24
Reaction score
3
Location
United Kingdom
Logged a ticket with ASUS support - they are next to useless and unable to help.

Phone VPN works fine using openvpn client so looks like I'm stuck with that.
 
Top