Help setting up DDNS/VPN behind a Verizon FiOS modem

C

chipreibel

n3wb
Dec 24, 2014
19
2
Commerce Twp, MI
I have (4) Hikvision cameras (all four are model DS-2CD2332-I) installed and am using the iVMS software to record two cameras 24/7 and one camera to record (and e-mail photos) using the intrusion detection feature. I still haven't figured out why the "pre-record" doesn't work, but figuring that out is fairly low on the priority list.

I'm at the point now where I'd really like to have access to three of the cameras when offsite. I recently purchased and installed an ASUS RT-AC66U router. It has an integrated VPN solution (which other online reviews have stated works well), so I started to play with it (since using a VPN for remote access is more secure than port-forwarding).

On the VPN set-up page, I see the message: “The wireless router currently uses a private WAN IP address (192.168.x.x, 10.x.x.x, or 172.16.x.x). Please configure DDNS service before starting the VPN server.” No problem. I headed over to the DDNS set-up page and see the message: “The wireless router currently uses a private WAN IP address (192.168.x.x, 10,x,x,x, or 172.16.x.x). This router may be in the multiple-NAT environment and DDNS service cannot work in this environment.” While I understand what the message is telling me, I don't know how to address it and where I am currently stuck. As an FYI, I have the ASUS router plugged directly into my Verizon FiOS modem (Actiontec model: MI424WR rev.1).

A couple questions:

  1. Will pushing a public IP address through the FiOS modem to my ASUS router make my network more vulnerable?
  2. If the answer to #1 is, “no”, do you have an idea how to get a public IP address through the FiOS modem to the ASUS so that I can set-up a DDNS and ultimately a VPN?
  3. If the answer to #1 is, “yes”, then can you give me some pointers on how to expose the ports for three of the cameras? There are a TON of ports associated with each camera - which one(s) do I forward and how woud I go about doing that? In the Verizon modem or the ASUS router?


Thanks!
Chip
 
1. No, as long as the router's WAN port is the only thing connected (wired or wirelessly) to the FiOS modem.
2. Look for "bridge" mode or something like that.

Edit: I read that enabling bridge mode will disable any verizon tv services if you are receiving them. If that is the case then your setup will be a lot more complicated.
 
So, I did some web crawling and came across this article describing how to turn the Actiontec modem into a bridge. It was a very intimidating read. What was EXTREMELY valuable was the third comment below the article. Use the RJ-45 coming off the Optical Network Terminal (ONT) instead of the coax going to the Actiontec. This allows me to bypass the Actiontec altogether and connect the WAN of the ASUS router directly to the ONT. Here's the bonus - several years ago I opted to use Verizon telephone service (as a bundle with my internet and TV). I had run a CAT6e cable from the ONT to my office (a.k.a. "server room") for the telephone lines. I crimped new RJ-45 ends on both ends and I didn't need to run any cables. SCORE.

I did have to call Verizon FiOS tech support to get them to switch the port I'm using on the ONT (from coax to RJ-45), which took ~15 minutes (including hold time).

I am sending this update with the Actiontec sitting on the shelf in the closet (and an external 71.xxx.xxx.xxx IP address in my ASUS router).

Back to work - Let's knock this LAN thing out!!!
 
1) I successfully created a DDNS for my Router.
2) There are two options for VPN on the ASUS: "PPTP" and "OpenVPN". I created a PPTP account.

Now that I've gotten this far, is there a "using a VPN for dummies" thread? LOL

I have three devices that I'd like to view three cameras on: iPad, iPhone and WindowsPhone.

I successfully set-up the VPN on one of the iPads using the external IP address of the router and the login/password I created for the PPTP VPN (I tried using the DDNS address, but it says that the server is unreachable). It connects to the VPN with the WiFi turned off. It does not let me use the iVMS or VLC software to view the cameras using the internal (192.168.x.xxx) IP address. Now what? Do I need to flag the IP addresses of my cameras to be accessible via VPN?
 
I hope that you have been successful in getting your iDevices to connect to the VPN and viewing your camera feeds. I have a Mac Mini running Server hosting my VPN service for me. It seems to working great, so I hope I can lend a hand here.

First off, turn Wifi on your iDevice off and establish the connection to your VPN using data from the carrier. To ensure you are getting an internal IP address go to Settings > General > VPN > click the "i" for info on the connected VPN and look at the Assigned IP Address. This should match your internal IP scheme or whatever IP range you have assigned from your VPN. If this is done correctly you can generally assume you have access to your internal network from an outside data connection.

Let us know if this is working before moving forward...
 
You must log in or register to reply here.
Top Bottom