Is P2P and Easy4IP "safe"?

[randytsuch]

Background for my question.
Working on setting up my first camera system, have one camera now lol.
I have it connected to a PC running milestone, but it's an older pc, and doesn't seem up to the task.

So now I have to decide on whether to upgrade the PC, or get a Dahua NVR.

The NVR is appealing because the P2P function looks like it makes it really easy to connect my phone to the NVR, to be able to monitor while I'm away.

I know the answer will is VPN for security, but I spent some time last year trying to get VPN working with my Tmobile (slightly crippled ASUS) router and iphone/android phone for Domoticz. I finally gave up and used Weaved, which works fine for that.
So for that reason, I'd like to avoid VPN. My main problem was when it didn't work, I had no idea why. If I had the normal Asus router I could connect to the com port, and get more information, but can't do that with the tmobile version, so I was flying blind.

Back to my question.
Can I just just use Dahau P2P to make the connection, and will this be relatively safe?

Thanks
Randy

 

[nayr]

only if you trust Dahua to keep its shit secure; which I do not.

 

[randytsuch]

only if you trust Dahua to keep its shit secure; which I do not.

After I posted, I started to think the same thing. I could see some Dahua employee selling user names/passwords to their site.

So I think I may have to ditch my free tmobile router, guess you get what you pay for
I may buy the standard Asus version of the router, and install merlin on it.
I figure I can get openvpn running ok on that.

Randy

 

[fenderman]

After I posted, I started to think the same thing. I could see some Dahua employee selling user names/passwords to their site.

So I think I may have to ditch my free tmobile router, guess you get what you pay for
I may buy the standard Asus version of the router, and install merlin on it.
I figure I can get openvpn running ok on that.

Randy

The standard versions of the asus routers have a vpn server built in...does the t-mobile unit lack that function?

 

[randytsuch]

The standard versions of the asus routers have a vpn server built in...does the t-mobile unit lack that function?

No, it has a VPN server. But I couldn't get it to connect to an iphone or android, and couldn't figure out why. The console port is disabled in the tmobile unit, so no visibility into what's going on in the router, and I wasn't smart enough to figure it out from the iphone/android side.

Its the way a lot of these things go, if they work, its pretty easy. But if it doesn't work, it can be hard to fix because you don't know why it's now working.

 

[randytsuch]

Thinking about it some more, I was probably using a Domoticz app to try to access my Domoticz server at home through openVPN, so issue could have been app setup too.
So I guess I'll try to vpn through my router again, and see if I can get at my camera from outside.

I also have a logistics problem, in that I don't get cell reception at home. Makes it much harder to troubleshoot, I have to be away from home, then turn on vpn and see if it works. And since I'm away from home, I can't make any chances until I get home.

Randy

 

[nayr]

what are you running domoticz on? can probably run openvpn on the same machine if your router does not support it..

 

[randytsuch]

what are you running domoticz on? can probably run openvpn on the same machine if your router does not support it..

Running Domoticz on a Pi. I guess I could run openvpn on the pi too, but going to try router again first.

 

[nayr]

the pi can handle about ~40Mbit of VPN Traffic; its a good candidate.

 

[brad2388]

Also you can run openvpn in ddwrt. In using airvpn for my bi server


Sent from my iPhone using Tapatalk

 

[randytsuch]

My existing router setup is kind of kludgy. I have a tmobile/asus router as my main, and then a pair of older linksys routers running ddwrt bridged together, to get ethernet to the back of my house. I was going to use this bridge for the cameras and nvr too.

I think I'm going to get a "normal" asus router, and use it for my main router. Then I can bridge the asus to the tmobile router, and use the tmobile for the NVR. The NVR and all cameras will be on their own POE switch, and I'll connect that POE switch to the tmobile router, hoping that will keep the camera traffic pretty isolated from the rest of my network. Hope that makes sense.

I plan to use merlin on the asus router, it looks like merlin has an improved openvpn, and I think I'll be able to get more help with the merlin version if I run into any problems.

But I now still need to decide pc or NVR. I'm still leaning towards NVR.

Randy

 

[avi6581]

what are you running domoticz on? can probably run openvpn on the same machine if your router does not support it..

I have both domoticz and Openvpn running on my pi, introduced to both my Nayrs helpful posts about the risk of port forwarding. My first foray away from Windows and its got me hooked.

 

[randytsuch]

I have both domoticz and Openvpn running on my pi, introduced to both my Nayrs helpful posts about the risk of port forwarding. My first foray away from Windows and its got me hooked.

Nice to know the pi is an option, but just ordered a asus router that I will run openvpn on. My home network needed the upgrade anyway, so this was a good excuse. Bought the RT-AC68P, I like to buy routers that are a few years old, way cheaper than the latest and greatest. $100 for a reconditioned one.

Randy

 

[mando209]

Is P2P and Easy4IP "safe"?

Is The tmobile asus router a ac68u? If so u can flash it to latest asus firmware if u follow the tutorial on how to do it.i tried openvpn on that router and it takes minutes to setup.tried openvpn on android phone for couple mins.works good.


Sent from my iPhone using Tapatalk

 

[randytsuch]

Re: Is P2P and Easy4IP "safe"?

Is The tmobile asus router a ac68u? If so u can flash it to latest asus firmware if u follow the tutorial on how to do it.i tried openvpn on that router and it takes minutes to setup.tried openvpn on android phone for couple mins.works good.


Sent from my iPhone using Tapatalk

Its a ac68u with special tmobile software in it. And one thing tmobile did is not allow you to load in other software like merlin or the normal asus firmware. I tried a while ago, until I figured out tmobile had disabled it.

Well what to you want for free lol

 

[mando209]

Is P2P and Easy4IP "safe"?

Here u go.if u can follow the guide u can load up Merlin, tomato or asus fw

Check out this deal:
ASUS RT-AC68U T-Mobile WiFi CellSpot Gigabit Router

https://slickdeals.net/share/iphone_app/fp/220231

Sent using Slickdeals for iOS


Sent from my iPhone using Tapatalk

 

[Stonefunker]

Running Domoticz on a Pi. I guess I could run openvpn on the pi too, but going to try router again first.

Here you have an installer for OpenVPN server on a Pi. Cant be any easier... http://www.pivpn.io/

 

[randytsuch]

Thanks for the info ando and Stonefunker.

Back over a year ago when I got the router, I think tmobile had just rolled out the sw to defeat changes, and at that time there was no reliable way I could find to do it. Nice to know that it is possible now.
But I needed another asus so I could scrap my old linksys routers, and make a bridge, so I'm not sure if I will need to change the tmobile router.
I should be getting the asus today, it shipped yesterday from a local source.



When I was messing with openvpn a while ago, I did look for an easy way to run it on a pi, and couldn't find one, this is great to know.
But, in my simple minded view, I think it would be safer to have the openvpn server running in the router, so the vpn pipe stops at the router, and doesn't have to come inside my network. Or since it's a secure vpn pipe anyway, then it doesn't matter?
My first attempt will be to run the openvpn server in my router, but options are good.

Randy

 

[TVT73]

You are speaking of tmobile ... I assume you use a mobile internet stick on an asus router and of course this will not function for an vpn incomming connection. Or better i should say i think your external ip is your problem.
If this is the case i maybe have a really simple solution for you working together with your raspi.

For security reasons, you can also use p2p or easy4ip in an separate vlan, Firewall real DMZ or you use an video poe switch. So the maximum what will happens, that the cam will be accessible, but not your local network.

 

[randytsuch]

You are speaking of tmobile ... I assume you use a mobile internet stick on an asus router and of course this will not function for an vpn incomming connection. Or better i should say i think your external ip is your problem.
If this is the case i maybe have a really simple solution for you working together with your raspi.

For security reasons, you can also use p2p or easy4ip in an separate vlan, Firewall real DMZ or you use an video poe switch. So the maximum what will happens, that the cam will be accessible, but not your local network.

No mobile internet stick. My tmobile router attaches to my cable modem. I have cable internet. I don't get cell reception at my house, so mobile internet stick is not an option.

I have a feeling in my last attempt I was not doing all the settings correctly, but still waiting for my new asus router. Its going to take fedex a week to get router to me from about 60 miles away. It took them two days to take it to the post office, so usps can deliver it. lol