How do I setup my VPN so I am not just pointing it to my house from my laptop (remote)? Help me make this secure (OpenVPN to view my QNAP from laptop)

[user33432]

Sorry if this has been beat to death, I have everything finally working right (home QNAP NAS runs my Amcrest IP/POE cameras, my Asus router uses OpenVPN to let me in on my iPhone/laptop when away), my question is, it seems like the OpenVPN is just pointing to my house?

With all the weird stuff going on in the world and basically nothing being made in the United States I'd like to make this so there is no link back to my house and obviously want to make sure this OpenVPN isn't allowing any holes into my home PC through Amcrest IP camera software.

Please help me out, everything is running perfect I just need to make sure I am 1000% secure now, thanks (I was sent here because you all are apparently the Jedis of cameras lol)

 

[bigredfish]

Open VPN (server module) is running on your Asus router IN your house.
When you activate the OpenVPN Client on your phone/laptop (remote) it is making a direct secure tunnel connection to your router.

So you're as secure as can be expected and it wont work any other way

 

[user33432]

Open VPN (server module) is running on your Asus router IN your house.
When you activate the OpenVPN Client on your phone/laptop (remote) it is making a direct secure tunnel connection to your router.

So you're as secure as can be expected and it wont work any other way

Ok, I was just thrown off when it showed my city as my locations since a VPN usually at least shows you're like a city away, is that normal? And are there any special OpenVPN settings I should have?

Another question since you seem to have some knowledge around here, how do you tell people to secure their network when using camera software controlled outside the US (its probably fine, but who knows)? I assume you can only do so much since your cameras are on your own network, but is there a little something I can do? Maybe some extra security where my QNAP does not completely allow access to my PC/Router since my 10 Amcrest cameras run through my QNAP and I only use the QNAP for the cameras?

 

[bigredfish]

As far as somehow cloaking your openVPN server location , you'll need someone smarter than me on networking.
But to your question, I wouldn't advise someone remoting in from Bolivia to do anything different than from Pittsburgh.

 

[user33432]

As far as somehow cloaking your openVPN server location , you'll need someone smarter than me on networking.
But to your question, I wouldn't advise someone remoting in from Bolivia to do anything different than from Pittsburgh.

Ok so it sounds like you're saying I'm overthinking it and its plenty safe -- What about if I want to use a VPN to hide my location as well, can I use a VPN and OpenVPN together? I think I can use a static VPN IP and use that for my OpenVPN tunnel too right?

And this is totally separate but what do people around here think about Amcrest IP cameras and the software security? From a google search it looks like everyone just says there "could be" security issues because its based out of Hong Kong, is there anyway to limit your IP cameras to only have access to lets say my QNAP NAS where they record? Or are we all just hoping they're secure enough and that's all we can do....? lol

Thanks again

 

[elvisimprsntr]

@user33432

• Speaking from prior experience, QNAP QTS is by far the most insecure system, but as long as you don't expose it directly to the internet or use their remote cloud access you are generally more secure. It does not protect against an insider threat from a computer on your local LAN. Just read
  https://forums.quap.com
  threads of so many people getting infected with malware, or worse, ransomware.
• If I want to disguise my location or encrypt my data when using the internet while connected to an untrusted WiFi, I simply connect to my self hosted VPN (IPSec or Tailscale) and use my home network as the exit node. You can do the same thing with your self hosted OpenVPN by configuring it to route all traffic through your home network. I ignore the Internet and YT shills who use scare tactics to get people so sign up for so called paid "privacy" VPNs in exchange for a paid kickback. All you are doing is handing all your data to another provider, potentially offshore, who may be subject to subpoenas just like every other company. Not to mention the huge performance and bandwidth throttling hit you take using one of these privacy VPNs. If you want to use a privacy VPN and your self hosted OpenVPN at the same time to remotely access your cameras or NAS, you will be disappointed in the performance.

 

[user33432]

@user33432

• Speaking from prior experience, QNAP QTS is by far the most insecure system, but as long as you don't expose it directly to the internet or use their remote cloud access you are generally more secure. It does not protect against an insider threat from a computer on your local LAN. Just read
  https://forums.quap.com
  threads of so many people getting infected with malware, or worse, ransomware.
• If I want to disguise my location or encrypt my data when using the internet while connected to an untrusted WiFi, I simply connect to my self hosted VPN (IPSec or Tailscale) and use my home network as the exit node. You can do the same thing with your self hosted OpenVPN by configuring it to route all traffic through your home network. I ignore the Internet and YT shills who use scare tactics to get people so sign up for so called paid "privacy" VPNs in exchange for a paid kickback. All you are doing is handing all your data to another provider, potentially offshore, who may be subject to subpoenas just like every other company. Not to mention the huge performance and bandwidth throttling hit you take using one of these privacy VPNs. If you want to use a privacy VPN and your self hosted OpenVPN at the same time to remotely access your cameras or NAS, you will be disappointed in the performance.

Thank you, I think I'm following -- so with OpenVPN I am basically relying on my home PC to be clean and all traffic will flow through that, so assuming my home connection is secure so will the device I'm using remotely?

Going back to the QNAP, when you say directly connected to the internet what do you mean? Do I need to find a way to run my QNAP through that OpenVPN too?

 

[elvisimprsntr]

Thank you, I think I'm following -- so with OpenVPN I am basically relying on my home PC to be clean and all traffic will flow through that, so assuming my home connection is secure so will the device I'm using remotely?

You have to configure OpenVPN on your Asus router to route all traffic through your home network. It's a fairly common request. Search the OpenVPN forums for others who have had success.

Route all traffic through VPN - OpenVPN Support Forum

Going back to the QNAP, when you say directly connected to the internet what do you mean? Do I need to find a way to run my QNAP through that OpenVPN too?

Disable UPnP on your firewall and QNAP, and don't manually forward ports. Also, don't enable the QNAP iCloud connect service.

What are best practices for enhancing NAS security?

Applicable Products All NAS series Best Practices The highest security risks to a NAS are malware/ransomware threats from the int ...

www.qnap.com

Once you have OpenVPN configured on your Asus router, you should be able to access the QNAP remotely using the LAN IP address of the QNAP. This assumes you configured a static IP address for the QNAP either directly in QNAP QTS, or if you router supports it, a static IP reservation. In fact, once you have OpenVPN proplrly configured on your Asus router, you can access any IP based device on your home network via its IP address. You don't need to install a client on every device on your network in order to access it remotely.