I've tried all day to not make this post.

Giorgio23

Giorgio23

Getting the hang of it
Dec 28, 2021
78
43
Canada
Hi Everyone,

I have been struggling hard today and trying to keep my cool for the last 10 hours.

I setup the Dual NIC properly and everything is configured properly. Internet is coming into the computer, the second NIC is connected to my POE switch, and I am able to see all my cameras properly in Blueiris and in my browser via dahua configuration page with their respective IP addresses.

My problem is with OpenVPN. I want to view my cameras on my laptop and phone when away from my home.

I have been trying all day to get OpenVPN setup on the PC that will be on 24/7 for blueiris.

I even setup the PC so it turns back on automatically after a power outage as well as Blueiris running as a service and windows logging in automatically.

Dual NIC setup on your Blue Iris Machine

In making your system more secure this is a great option to eliminate your cameras calling home / connecting to the internet This is a great place to start to setup a bit more secure network and learn more about IP/Subnets etc. before adding dual NICs: Router Security - Subnets and IP addresses...
ipcamtalk.com ipcamtalk.com

Thanks very much for the tutorial @TL1096r

who here has done this successfully with the dual nic setup and doing openvpn after?

I thought it was going to be relatively simple and I have been pouring over tutorials and tried to get this going. Please help with any guidance or tutorials you may have because I am very frustrated now with a "wasted" day of time lol.

Guide To Set Up & Configure OpenVPN Client/Server VPN | OpenVPN

Step-by-step guides and tutorials for OpenVPN. Learn how to configure and set up VPNs.
openvpn.net openvpn.net

anybody have any suggestions/other tutorials because I am about to say screw it and do the stunnel instead
 
  • Like
Reactions: Flintstone61
OpenVPN is simple, but we overthink it and make it way more difficult than it needs to be lol.

Does your router have OpenVPN native to the router? If so, you don't need to screw around with that how to guide and setting up a VPN on a computer. Simply enable it in your router.

You will need a DDNS as your WAN IP address is subject to change at anytime by your ISP (although most do not change often) or you are paying for a static IP address.

I was there too once with OpenVPN...tried to do all this research to find directions and got to the point I said screw it and just enabled it and kinda of followed what it was asking and it worked.

Just go to OpenVPN and enable it and see what it says - probably asks you to create a user/PW, DDNS name, encryption method, and create certificate. Then copy and save the certificate on your mobile device. Then install the OpenVPN app and select the certificate and then connect and you are on your home network.

It really is simpler than our minds make it out to be.

randyshomeprojects.blogspot.com

OpenVPN on a Asus router

Sept 2021 Turned off comments because of ads July 2021 Bought a new Asus router, an RT-AX86U. Loaded it right away with Merlin firmware, s...
randyshomeprojects.blogspot.com randyshomeprojects.blogspot.com
 
  • Like
Reactions: pete_c, sebastiantombs and jrbeddow
wittaj said:
OpenVPN is simple, but we overthink it and make it way more difficult than it needs to be lol.

Does your router have OpenVPN native to the router? If so, you don't need to screw around with that how to guide and setting up a VPN on a computer. Simply enable it in your router.

You will need a DDNS as your WAN IP address is subject to change at anytime by your ISP (although most do not change often) or you are paying for a static IP address.

I was there too once with OpenVPN...tried to do all this research to find directions and got to the point I said screw it and just enabled it and kinda of followed what it was asking and it worked.

Just go to OpenVPN and enable it and see what it says - probably asks you to create a user/PW, DDNS name, encryption method, and create certificate. Then copy and save the certificate on your mobile device. Then install the OpenVPN app and select the certificate and then connect and you are on your home network.

It really is simpler than our minds make it out to be.

randyshomeprojects.blogspot.com

OpenVPN on a Asus router

Sept 2021 Turned off comments because of ads July 2021 Bought a new Asus router, an RT-AX86U. Loaded it right away with Merlin firmware, s...
randyshomeprojects.blogspot.com randyshomeprojects.blogspot.com
Click to expand...


Hi There,

No That is the first thing I looked at. My ISP has provided the Eero system. No OpenVPN on the router.

So You're saying to install openvpn and not mess around with generating the certificate, server/client key, etc as all the tutorials state?

Thanks for the quick reply

I am not paying for a static IP can you elaborate on the DDNS Need?
 
Agreed, I haven't run across any instance where OpenVPN needs to be setup at all on the computer that is running BlueIris: it does absolutely need to be running on your router, so you will need to use one that supports that, as well as running OpenVpn on the external devices (generally phones) that you will ultimately use to remotely access your "inside" LAN devices (ie: your BlueIris machine in this case).

Read the above linked tutorial, as it is pretty thorough and well done.

Ugh, I just saw your post regarding the Eero router: I'm not familiar with it, but if it doesn't support running an OpenVPN SERVER (not just CLIENT), you will need to find a way around that.
 
Can you get to the router admin GUI? You may need to open port 443 on it.
 
jrbeddow said:
Agreed, I haven't run across any instance where OpenVPN needs to be setup at all on the computer that is running BlueIris: it does absolutely need to be running on your router, so you will need to use one that supports that, as well as running OpenVpn on the external devices (generally phones) that you will ultimately use to remotely access your "inside" LAN devices (ie: your BlueIris machine in this case).

Read the above linked tutorial, as it is pretty thorough and well done.

Ugh, I just saw your post regarding the Eero router: I'm not familiar with it, but if it doesn't support running an OpenVPN SERVER (not just CLIENT), you will need to find a way around that.
Click to expand...

I've spent enough on everything up to now. Ran my own cat 6. bought proper cameras from andy. Why can I not run it on the computer that's on 24/7 anyways? I think it's silly to buy another router there's gotta be a way to do it from the PC side as I already sectioned off the cameras with the dual nic.

So it's going to be Modem, eero to pc, pc to asus router, asus to poe, poe to cameras? Is there really nothing else I can do?
 
My problem is OpenVPN won't even launch properly. I followed the tutorials and and everytime I tired the past 8 hours I get Unrecognized option or missing or extra parameter(s) in server.ovpn:78: ca
 
If your router does not have port 443 open, the default port used by OpenVPN, so that your computer can see the traffic coming in on that port all your efforts are wasted. The big trick, for the moment at least, is getting OpenVPN to load on you machine. I'm not an expert at that and will defer to those here that are.
 
Flintstone61 said:
Would this be a use case for Zero Tier by any chance?
Click to expand...
ncpilot said:
Yes, zerotier. I run it on my BI computer. I also run openvpn on my router for other uses. It was way easier to set up family members for BI viewing with zerotier (easier for them)...
Click to expand...

I'm looking into this now.

I actually got openvpn going properly now and have my android phone connected.

The problem is I still can't see my cameras because of the dual nic setup ( means it's working properly at least) and i can just view stuff on my pc from what I can see.

Can you elaborate on zerotier. I see it's free for personal use? any limitations? is it all running through a third party vpn server though? I want this done. wasted an entire day on openvpn when I could have been configuring the cameras for better quality settings.
 
A very good video on how to install Zerotier is in the following link.
Thanks to Alaska Country who posted it and can be downloaded by using right click and save link as... It is near the bottom of the post
It is free and no port forwarding required.

Zero Tier remote access to Blue Iris

I have ZeroTier on my BI pc as well... tried a bunch of other stuff first but couldnt get my mobile BI to connect to my cameras when away from home. Like others I found a video review and tutorial online and followed it. I installed it on my android phone and so far it has been working...
ipcamtalk.com ipcamtalk.com
 
Broachoski said:
A very good video on how to install Zerotier is in the following link.
Thanks to Alaska Country who posted it and can be downloaded by using right click and save link as... It is near the bottom of the post
It is free and no port forwarding required.

Zero Tier remote access to Blue Iris

I have ZeroTier on my BI pc as well... tried a bunch of other stuff first but couldnt get my mobile BI to connect to my cameras when away from home. Like others I found a video review and tutorial online and followed it. I installed it on my android phone and so far it has been working...
ipcamtalk.com ipcamtalk.com
Click to expand...

amazing thanks very much going through this now. From what I am seeing here this is miles ahead of what I have been trying all day with openvpn. Wow.
 
  • Like
Reactions: Broachoski
Check Blue Iris Web Server is listening on the correct IP, if it's only listening on the IP allocated to the camera subnets then it won't be reachable outside of that subnet.
Ensure you have not specified a gateway on the BI server Interface\IP on the camera subnet.

On the assumption your second interface is on a different subnet, you won't be able to reach the Camera's directly from Open VPN, ou need to go via BlueIris, but assume that's the plan.
Secondly, your Open VPN Server will push down client settings. New installs use this concept of SplitTunnelling where only the advertised VPN subnet is directed via the Tunnel.
By Default your Primary IP Address of the BlueIris server will be on your local LAN subnet not in the VPN subnet, so the client won't route the traffic for BlueIris down the VPN tunnel.
Either modify the VPN Subnet to allocate a range of IP's from your LAN subnet (exclude them from your primary DHCP scope), or you need to modify the config to also push your LAN route down to the client.
Some OpenVPN deployments work around this via a masquerading rule.

  • No sensitive footage?
  • Dedicated BI server?
  • No shared credentials?
Then don't even bother with stunnel, BI encrypts the userid and password, just use port forwarding from your router.
Even when at home, I use dedicated BI user with read-only access. Log all connections and review regularly.
If you are really concerned (remove the port forwarding when you don't need it)
 
  • Like
Reactions: Giorgio23
spammenotinoz said:
Check Blue Iris Web Server is listening on the correct IP, if it's only listening on the IP allocated to the camera subnets then it won't be reachable outside of that subnet.
Ensure you have not specified a gateway on the BI server Interface\IP on the camera subnet.

On the assumption your second interface is on a different subnet, you won't be able to reach the Camera's directly from Open VPN, ou need to go via BlueIris, but assume that's the plan.
Secondly, your Open VPN Server will push down client settings. New installs use this concept of SplitTunnelling where only the advertised VPN subnet is directed via the Tunnel.
By Default your Primary IP Address of the BlueIris server will be on your local LAN subnet not in the VPN subnet, so the client won't route the traffic for BlueIris down the VPN tunnel.
Either modify the VPN Subnet to allocate a range of IP's from your LAN subnet (exclude them from your primary DHCP scope), or you need to modify the config to also push your LAN route down to the client.
Some OpenVPN deployments work around this via a masquerading rule.

  • No sensitive footage?
  • Dedicated BI server?
  • No shared credentials?
Then don't even bother with stunnel, BI encrypts the userid and password, just use port forwarding from your router.
Even when at home, I use dedicated BI user with read-only access. Log all connections and review regularly.
If you are really concerned (remove the port forwarding when you don't need it)
Click to expand...

Appreciate the response thanks for taking the time to write this up. I' experimenting with zerotier now if not good I will come back to openvpn again
 
Giorgio23 said:
I' experimenting with zerotier now if not good I will come back to openvpn again
Click to expand...
I'm not familiar with zerotier, but if you're still having issues you should consider tailscale. Tailscale is a Zero config VPN. Installs on any device in minutes, manages firewall rules for you, and works from anywhere.

tailscale.com

Tailscale · Best VPN Service for Secure Networks

Securely connect to anything on the internet with Tailscale. Deploy a WireGuard®-based VPN to achieve point-to-point connectivity that enforces least privilege.
tailscale.com tailscale.com
 
  • Love
Reactions: Flintstone61
Vettester said:
I'm not familiar with zerotier, but if you're still having issues you should consider tailscale. Tailscale is a Zero config VPN. Installs on any device in minutes, manages firewall rules for you, and works from anywhere.

tailscale.com

Tailscale · Best VPN Service for Secure Networks

Securely connect to anything on the internet with Tailscale. Deploy a WireGuard®-based VPN to achieve point-to-point connectivity that enforces least privilege.
tailscale.com tailscale.com
Click to expand...

i tried zerotier and your suggestion as well. My computer and android phone see eachother and says online. can ping them no problem. the situation is that I can't see my cams in blue iris. I watched the video as posted above and followed it step by step.

I think the problem is my dual nic setup. For some reason I can access the computer but not the cameras on my poe switch on second lan port.

Very frustrating. been a long day. I'm going to bed will try again tomorrow. thanks everyone for your help
 
  • Like
Reactions: Flintstone61
ncpilot said:
Yes, zerotier. I run it on my BI computer. I also run openvpn on my router for other uses. It was way easier to set up family members for BI viewing with zerotier (easier for them)...
Click to expand...

do you have a dual nic setup so the cameras are not directly connected to the internet?

I got zerotier setup properly shows online between devices and everything.

Just can't see cameras on the blueiris app still unfortunately
 
You must log in or register to reply here.
Top Bottom