I've tried all day to not make this post.

Giorgio23

Getting the hang of it
Joined
Dec 28, 2021
Messages
78
Reaction score
42
Location
Canada
Hi Everyone,

I have been struggling hard today and trying to keep my cool for the last 10 hours.

I setup the Dual NIC properly and everything is configured properly. Internet is coming into the computer, the second NIC is connected to my POE switch, and I am able to see all my cameras properly in Blueiris and in my browser via dahua configuration page with their respective IP addresses.

My problem is with OpenVPN. I want to view my cameras on my laptop and phone when away from my home.

I have been trying all day to get OpenVPN setup on the PC that will be on 24/7 for blueiris.

I even setup the PC so it turns back on automatically after a power outage as well as Blueiris running as a service and windows logging in automatically.


Thanks very much for the tutorial @TL1096r

who here has done this successfully with the dual nic setup and doing openvpn after?

I thought it was going to be relatively simple and I have been pouring over tutorials and tried to get this going. Please help with any guidance or tutorials you may have because I am very frustrated now with a "wasted" day of time lol.


anybody have any suggestions/other tutorials because I am about to say screw it and do the stunnel instead
 

wittaj

IPCT Contributor
Joined
Apr 28, 2019
Messages
24,428
Reaction score
47,544
Location
USA
OpenVPN is simple, but we overthink it and make it way more difficult than it needs to be lol.

Does your router have OpenVPN native to the router? If so, you don't need to screw around with that how to guide and setting up a VPN on a computer. Simply enable it in your router.

You will need a DDNS as your WAN IP address is subject to change at anytime by your ISP (although most do not change often) or you are paying for a static IP address.

I was there too once with OpenVPN...tried to do all this research to find directions and got to the point I said screw it and just enabled it and kinda of followed what it was asking and it worked.

Just go to OpenVPN and enable it and see what it says - probably asks you to create a user/PW, DDNS name, encryption method, and create certificate. Then copy and save the certificate on your mobile device. Then install the OpenVPN app and select the certificate and then connect and you are on your home network.

It really is simpler than our minds make it out to be.

 

Giorgio23

Getting the hang of it
Joined
Dec 28, 2021
Messages
78
Reaction score
42
Location
Canada
OpenVPN is simple, but we overthink it and make it way more difficult than it needs to be lol.

Does your router have OpenVPN native to the router? If so, you don't need to screw around with that how to guide and setting up a VPN on a computer. Simply enable it in your router.

You will need a DDNS as your WAN IP address is subject to change at anytime by your ISP (although most do not change often) or you are paying for a static IP address.

I was there too once with OpenVPN...tried to do all this research to find directions and got to the point I said screw it and just enabled it and kinda of followed what it was asking and it worked.

Just go to OpenVPN and enable it and see what it says - probably asks you to create a user/PW, DDNS name, encryption method, and create certificate. Then copy and save the certificate on your mobile device. Then install the OpenVPN app and select the certificate and then connect and you are on your home network.

It really is simpler than our minds make it out to be.


Hi There,

No That is the first thing I looked at. My ISP has provided the Eero system. No OpenVPN on the router.

So You're saying to install openvpn and not mess around with generating the certificate, server/client key, etc as all the tutorials state?

Thanks for the quick reply

I am not paying for a static IP can you elaborate on the DDNS Need?
 

jrbeddow

Getting comfortable
Joined
Oct 26, 2021
Messages
370
Reaction score
485
Location
USA
Agreed, I haven't run across any instance where OpenVPN needs to be setup at all on the computer that is running BlueIris: it does absolutely need to be running on your router, so you will need to use one that supports that, as well as running OpenVpn on the external devices (generally phones) that you will ultimately use to remotely access your "inside" LAN devices (ie: your BlueIris machine in this case).

Read the above linked tutorial, as it is pretty thorough and well done.

Ugh, I just saw your post regarding the Eero router: I'm not familiar with it, but if it doesn't support running an OpenVPN SERVER (not just CLIENT), you will need to find a way around that.
 

Giorgio23

Getting the hang of it
Joined
Dec 28, 2021
Messages
78
Reaction score
42
Location
Canada
Agreed, I haven't run across any instance where OpenVPN needs to be setup at all on the computer that is running BlueIris: it does absolutely need to be running on your router, so you will need to use one that supports that, as well as running OpenVpn on the external devices (generally phones) that you will ultimately use to remotely access your "inside" LAN devices (ie: your BlueIris machine in this case).

Read the above linked tutorial, as it is pretty thorough and well done.

Ugh, I just saw your post regarding the Eero router: I'm not familiar with it, but if it doesn't support running an OpenVPN SERVER (not just CLIENT), you will need to find a way around that.
I've spent enough on everything up to now. Ran my own cat 6. bought proper cameras from andy. Why can I not run it on the computer that's on 24/7 anyways? I think it's silly to buy another router there's gotta be a way to do it from the PC side as I already sectioned off the cameras with the dual nic.

So it's going to be Modem, eero to pc, pc to asus router, asus to poe, poe to cameras? Is there really nothing else I can do?
 

Giorgio23

Getting the hang of it
Joined
Dec 28, 2021
Messages
78
Reaction score
42
Location
Canada
My problem is OpenVPN won't even launch properly. I followed the tutorials and and everytime I tired the past 8 hours I get Unrecognized option or missing or extra parameter(s) in server.ovpn:78: ca
 

Giorgio23

Getting the hang of it
Joined
Dec 28, 2021
Messages
78
Reaction score
42
Location
Canada
Can you get to the router admin GUI? You may need to open port 443 on it.

Theres no web interface just an app for eero. What's the significance of this port as I am trying to open the default port for openvpn on the PC firewall side
 

sebastiantombs

Known around here
Joined
Dec 28, 2019
Messages
11,511
Reaction score
27,690
Location
New Jersey
If your router does not have port 443 open, the default port used by OpenVPN, so that your computer can see the traffic coming in on that port all your efforts are wasted. The big trick, for the moment at least, is getting OpenVPN to load on you machine. I'm not an expert at that and will defer to those here that are.
 

ncpilot

Pulling my weight
Joined
Feb 16, 2017
Messages
69
Reaction score
138
Location
NC
Yes, zerotier. I run it on my BI computer. I also run openvpn on my router for other uses. It was way easier to set up family members for BI viewing with zerotier (easier for them)...
 

Giorgio23

Getting the hang of it
Joined
Dec 28, 2021
Messages
78
Reaction score
42
Location
Canada
Would this be a use case for Zero Tier by any chance?
Yes, zerotier. I run it on my BI computer. I also run openvpn on my router for other uses. It was way easier to set up family members for BI viewing with zerotier (easier for them)...
I'm looking into this now.

I actually got openvpn going properly now and have my android phone connected.

The problem is I still can't see my cameras because of the dual nic setup ( means it's working properly at least) and i can just view stuff on my pc from what I can see.

Can you elaborate on zerotier. I see it's free for personal use? any limitations? is it all running through a third party vpn server though? I want this done. wasted an entire day on openvpn when I could have been configuring the cameras for better quality settings.
 

Broachoski

Getting comfortable
Joined
Jun 21, 2019
Messages
589
Reaction score
1,409
Location
USA
A very good video on how to install Zerotier is in the following link.
Thanks to Alaska Country who posted it and can be downloaded by using right click and save link as... It is near the bottom of the post
It is free and no port forwarding required.
 

Giorgio23

Getting the hang of it
Joined
Dec 28, 2021
Messages
78
Reaction score
42
Location
Canada
A very good video on how to install Zerotier is in the following link.
Thanks to Alaska Country who posted it and can be downloaded by using right click and save link as... It is near the bottom of the post
It is free and no port forwarding required.
amazing thanks very much going through this now. From what I am seeing here this is miles ahead of what I have been trying all day with openvpn. Wow.
 

spammenotinoz

Getting comfortable
Joined
Apr 4, 2019
Messages
345
Reaction score
274
Location
Sydney
Check Blue Iris Web Server is listening on the correct IP, if it's only listening on the IP allocated to the camera subnets then it won't be reachable outside of that subnet.
Ensure you have not specified a gateway on the BI server Interface\IP on the camera subnet.

On the assumption your second interface is on a different subnet, you won't be able to reach the Camera's directly from Open VPN, ou need to go via BlueIris, but assume that's the plan.
Secondly, your Open VPN Server will push down client settings. New installs use this concept of SplitTunnelling where only the advertised VPN subnet is directed via the Tunnel.
By Default your Primary IP Address of the BlueIris server will be on your local LAN subnet not in the VPN subnet, so the client won't route the traffic for BlueIris down the VPN tunnel.
Either modify the VPN Subnet to allocate a range of IP's from your LAN subnet (exclude them from your primary DHCP scope), or you need to modify the config to also push your LAN route down to the client.
Some OpenVPN deployments work around this via a masquerading rule.

  • No sensitive footage?
  • Dedicated BI server?
  • No shared credentials?
Then don't even bother with stunnel, BI encrypts the userid and password, just use port forwarding from your router.
Even when at home, I use dedicated BI user with read-only access. Log all connections and review regularly.
If you are really concerned (remove the port forwarding when you don't need it)
 

Giorgio23

Getting the hang of it
Joined
Dec 28, 2021
Messages
78
Reaction score
42
Location
Canada
Check Blue Iris Web Server is listening on the correct IP, if it's only listening on the IP allocated to the camera subnets then it won't be reachable outside of that subnet.
Ensure you have not specified a gateway on the BI server Interface\IP on the camera subnet.

On the assumption your second interface is on a different subnet, you won't be able to reach the Camera's directly from Open VPN, ou need to go via BlueIris, but assume that's the plan.
Secondly, your Open VPN Server will push down client settings. New installs use this concept of SplitTunnelling where only the advertised VPN subnet is directed via the Tunnel.
By Default your Primary IP Address of the BlueIris server will be on your local LAN subnet not in the VPN subnet, so the client won't route the traffic for BlueIris down the VPN tunnel.
Either modify the VPN Subnet to allocate a range of IP's from your LAN subnet (exclude them from your primary DHCP scope), or you need to modify the config to also push your LAN route down to the client.
Some OpenVPN deployments work around this via a masquerading rule.

  • No sensitive footage?
  • Dedicated BI server?
  • No shared credentials?
Then don't even bother with stunnel, BI encrypts the userid and password, just use port forwarding from your router.
Even when at home, I use dedicated BI user with read-only access. Log all connections and review regularly.
If you are really concerned (remove the port forwarding when you don't need it)
Appreciate the response thanks for taking the time to write this up. I' experimenting with zerotier now if not good I will come back to openvpn again
 

Vettester

Getting comfortable
Joined
Feb 5, 2017
Messages
740
Reaction score
693
I' experimenting with zerotier now if not good I will come back to openvpn again
I'm not familiar with zerotier, but if you're still having issues you should consider tailscale. Tailscale is a Zero config VPN. Installs on any device in minutes, manages firewall rules for you, and works from anywhere.

 

Giorgio23

Getting the hang of it
Joined
Dec 28, 2021
Messages
78
Reaction score
42
Location
Canada
I'm not familiar with zerotier, but if you're still having issues you should consider tailscale. Tailscale is a Zero config VPN. Installs on any device in minutes, manages firewall rules for you, and works from anywhere.

i tried zerotier and your suggestion as well. My computer and android phone see eachother and says online. can ping them no problem. the situation is that I can't see my cams in blue iris. I watched the video as posted above and followed it step by step.

I think the problem is my dual nic setup. For some reason I can access the computer but not the cameras on my poe switch on second lan port.

Very frustrating. been a long day. I'm going to bed will try again tomorrow. thanks everyone for your help
 

Giorgio23

Getting the hang of it
Joined
Dec 28, 2021
Messages
78
Reaction score
42
Location
Canada
Yes, zerotier. I run it on my BI computer. I also run openvpn on my router for other uses. It was way easier to set up family members for BI viewing with zerotier (easier for them)...
do you have a dual nic setup so the cameras are not directly connected to the internet?

I got zerotier setup properly shows online between devices and everything.

Just can't see cameras on the blueiris app still unfortunately
 
Top