I need your expertise

Travis798

Pulling my weight
Joined
Jun 25, 2020
Messages
101
Reaction score
195
Location
Oklahoma
This isn't really about my camera setup, but it is about networking in a way.

Either tomorrow or Tuesday the phone company is supposed to come and get me hooked up to VDSL. I'm currently using a WISP provider that I've been with for the last 17 years, and while obviously speeds have improved and they are more reliable than they once were, I still see way too frequent downtime, not to mention the congestion. I'm paying for 40Mb internet, speed test have shown as high as 80Mb but are normally in the 20-30 range, depending on the time of day. I will be back on the road for work soon, leaving me to do everything involving the cameras long distance. I'm assuming the VDSL will be more reliable than my Fixed wireless, but I'm not really sure. I know my mothers home phone seems to have semi-frequent issues and I'm not sure if the internet will be the same way.

Since I don't want to get into a situation where I need to check my cameras and can't connect, and reliability is more important when I'm on the road than price, I'm considering keeping both connections to have one as a backup. I currently have a subscription to ExpressVPN that I'm using as my VPN, but I would be willing to use spotify if that's my best option. My main question is whether I should use speedify or just connect both of my connections into a switch and call it good. If the switch is the best route, what all do I need to configure to make it work? I'll have one router plugged into the phone company's modem, and I have another router I can run the other connection to if needed. One is currently running ExpressVPN firmware on it, but I can flash back to the original Asus firmware if needed. I just want to be sure I'm using a VPN for all internet traffic because the people at the local Telco can get nosy and speedify does not support OpenWRT or DD-WRT so I may be answering my own question. I'm just curious if there's any awesome options I could be missing.
 

SouthernYankee

IPCT Contributor
Joined
Feb 15, 2018
Messages
5,170
Reaction score
5,320
Location
Houston Tx
can not help you with the network issue.

but does expressVPN work for inbound connections so you can access your cameras remotely.
-----------------------------------------------
My general VPN post
There are two types of VPN, do not get them confused.
The type depends on where the traffic conversation (traffic) originates

1) origination: local home network, destination the internet.
This type of VPN purpose to hides your activity from the internet, it is outbound, it normally costs a monthly fee to use. Direction is from your home PC to the internet, going to your bank, google, porn sites,,,, this not what you want. This VPN uses a VPN server that is in the middle of your communications.

2) Origination: the internet world wide web, destination: your home network.
This VPN type is used to provide a secure connection onto your local network, in bound to you local home network, from your office computer, your cell phone in your car, tablet at the coffee shop.. This is what you want, it does not have a monthly fee and is normally completely free. OpenVPN is this type of VPN.

If you home internet provider is a cellular network, then DDNS (dynamic Domain Name System) may not work, the DDNS is needed for most Inbound VPN services (OpenVpn), so OpenVPN may not work for you.

A video on the paid VPN.
------------------------------------------------------
Hacked VPNs
-----------------------------------------------------
 

Travis798

Pulling my weight
Joined
Jun 25, 2020
Messages
101
Reaction score
195
Location
Oklahoma
can not help you with the network issue.
but does expressVPN work for inbound connections so you can access your cameras remotely.
-----------------------------------------------
I don't believe so. My plan has been to allow the NVR to do the recording and access via P2P connection as needed. But that was because my current ISP closes all ports unless you pay an extra $35 a month for a static IP, in which case all ports are open.

My general VPN post
There are two types of VPN, do not get them confused.
The type depends on where the traffic conversation (traffic) originates

1) origination: local home network, destination the internet.
This type of VPN purpose to hides your activity from the internet, it is outbound, it normally costs a monthly fee to use. Direction is from your home PC to the internet, going to your bank, google, porn sites,,,, this not what you want. This VPN uses a VPN server that is in the middle of your communications.
I believe this is what I need to keep local telco prying eyes out of my internet traffic. I understand it does not provide true anonymity, but it does provide anonymity of my online life from my local ISP, if I'm not mistaken.

2) Origination: the internet world wide web, destination: your home network.
This VPN type is used to provide a secure connection onto your local network, in bound to you local home network, from your office computer, your cell phone in your car, tablet at the coffee shop.. This is what you want, it does not have a monthly fee and is normally completely free. OpenVPN is this type of VPN.
Thanks for the reminder that this may now be possible with the new ISP. I'll have to see how they have everything set up. I had looked into OpenVPN before but kept running into the issue of being behind my isp's NAT with no open ports.

If you home internet provider is a cellular network, then DDNS (dynamic Domain Name System) may not work, the DDNS is needed for most Inbound VPN services (OpenVpn), so OpenVPN may not work for you.

A video on the paid VPN.
------------------------------------------------------
Hacked VPNs
-----------------------------------------------------
 

mikeynags

Known around here
Joined
Mar 14, 2017
Messages
1,034
Reaction score
939
Location
CT
The Ubiquiti Edge Router has the ability to do multiple ISP connections. I have not done it (yet) but you may want to look at it. The Edge router also supports OpenVPN.
 

catcamstar

Known around here
Joined
Jan 28, 2018
Messages
1,659
Reaction score
1,193
In the early 90's, when dialup internet was a thing (and you wanted to stay online as long as possible), we already did "client" pinging. Instead of a client pinging a server (to see if that's working), you can also ping the client(s) from the server to see whether or not they are working. So what can you potentially do with this information? If you would have a VPS somewhere (does not matter where), and you do a "site2site VPN" towards your home LAN, and you perform regular traffic checks (can be a ping, or even transfer the latest IVS snapshots or whatever).

This gives you (at least) 5 advantages:
  • if your home network goes down, you can access these latest snapshots from your phone whilst being on the road
  • this generates traffic, it might be that when the ISP does not see traffic, it kills the line
  • your traffic is encrypted
  • you can enter your LAN through the VPS and/or through your regular VPN access
  • and last but not least: when the pingtest fails, you actually can measure "how much/how long" downtime, and map that on (if any) SLA within your ISP contract.

Hope this helps!
CC
 

Travis798

Pulling my weight
Joined
Jun 25, 2020
Messages
101
Reaction score
195
Location
Oklahoma
Well I got my dsl today. I also got a call saying I'm going to have to be out of state to report for work next week, so I have to leave Friday morning and have a lot to do to get ready. That won't give me time to get something that will let me use both internet providers, so I'm going to just connect everything to the DSL and hope it's reliable.
 

reflection

Getting comfortable
Joined
Jan 28, 2020
Messages
348
Reaction score
261
Location
Virginia
If cost is not a factor, you easily do this with an SDWAN solution like VeloCloud. You would install a VCE at your home and connect both WAN connections to it. On your laptop, you would run a virtual VCE as the other endpoint. Velocloud allows you to connect multiple sites together dynamically. Your laptop would be a simulated site and you would be doing a site2site VPN. The advantage with VeloCloud is that you will have active/active links and it does per packet load balancing (and tracks sequence so you don't get out of order packets) and everything is encrypted.

Other options:
1. Run LISP at your site (only works on a Cisco router). You would have to find a LISP provider and get your own provider independent address space (free). LISP will register both providers WAN ip address as the XTR to your site. The LISP beta network used to allow you to do this for free but that closed down a few years ago so you would need another LISP provider. This will be active/standby.
2. Use a router that supports two links like a Cisco ISR series. Your DSL will be primary, wireless will be secondary. You can setup your wireless link with less preference so that the DSL link is primary. You can still setup a VPN gateway on your Cisco router for remote access but you will have to do two profiles, one for each WAN uplink. Your laptop will connect to it as an SSL VPN client. You would connect to the primary first (DSL WAN IP), if that one is down, retry to your secondary (wireless WAN IP).
3. There are other options but these are more for enterprises which typically will have 2+ links for redundancy.

Assuming both providers are also doing DHCP, connecting both to your switch could cause conflicts. Both will try to give your home client devices IP addresses.
 

bp2008

Staff member
Joined
Mar 10, 2014
Messages
12,666
Reaction score
14,006
Location
USA
I would just use a router with dual-WAN capability and either use a load balancing scheme (if more bandwidth is needed) or a simple fallback where if the primary connection drops, the secondary gets used for all outgoing traffic afterward. Typically with this kind of setup you can connect TO your home using either of the two internet providers just by having two DDNS setups.
 
Top