*snap*
Sorry what other thread do I have?
*snap*
I was indeed referring to the same thread you started earlier (
What are you using/doing to make your camera more secure?) on which I replied back in the days before you changed the full starting post with your great step-by-step stunnel procedure.
But you are completely right: my advice (in between the lines) indeed is "you should read more", not to waste your time, but like my networking instructor always stated: each (customer) case is different, and all roads lead to Rome. So before selecting the technology layer(s) - like VPN, vlans, dual NIC - you should
first note down
what you want to achieve (functional and non-functional requirements), note down the constraints and limitations (money is one of them), and then start with a high level diagram (simple drawing blocks). Then, in the last cycle of this design planning, you enter the technology selection phase (eg a "simple" ASUS router with VPN, or a Win10 device, or a Cisco high-end yet refurbished edgerouter). I am more than happy to share with you how I constructed my home network (with vlans) even in step-by-step, but I'm pretty sure it will not fit your environment and it won't serve your purpose. But I can share you the decision process / flow I followed, and you can learn from it, steal (loan) the good stuff that suits your environment. And gradually, your network will become better and better.
Take a piece of paper, and draw:
- scenario 1: your current networking diagram: where's your gateway/router, where's your wifi, where's your DHCP, where's your BI, note down IPs, subnets and gateway addresses
- scenario 2: your "to-be" diagram
with OpenVPN: if someone enters through OpenVPN: what are these users allowed to see? All? Only BI? Should they be able to reach the internet too (redirect gateway)?
- scenario 3: your "to-be" diagram
with increased security: write down some network firewall considerations: draw arrows: inbound & outbound traffic: what would you allow? Who should be able to see your cams? Your NAS? Your wifi'd printer? Your fridge? Your smartTV?
And based on the answers of these questions, you can derive which networking capabilities you NEED versus which are "OPTIONAL". Luckily for you: there is NO ideal networking setup. It should be obvious that a banking institution has different "rules and regulations" in their datacenter than a home-user, however all these technologies are readily available too today! Which should not block you - if you would like to - from using them! Networks do change over time too, they are not designed to run for 100 years. For example, in summary, my network setup journey:
- I started years ago with my ASUS RT-AC87U - Allrounder with tons of network capabilities, expert functions (certainly when loading the Rmerlin firmware). But if you want to go "hardcore", with vlans and stuff, you'll run into "limitations", like my AC87U: it uses two different chipsets (for "maximum bandwidth" excuse, but the Debian underneath couldn't handle vlans properly anymore). OpenVPN runs like a charm on it, and you can "parental control" wise block any intranet device from phoning home. Asus is one of the best picks to "mature" your networking needs.
- But then I wanted more... More vlans (to secure my NAS (vlan 202), my domotica (vlan 203), my alarm systems (vlan 204), my cams plus nvr plus intercoms (vlan 205), intranet (200) and guest intranet (201)). This wasn't possible at all in the ASUS network. My core router functions are now running on a single Edgerouter ER-X from ubiquity: it can do ANYTHING you want, this little box is very powerful: openVPN, Vlans, firewalling, etcetc. Pricewise 1/4th of the ASUS, but worth every penny. If you have already some Ubiquity gear, do investigate the management software compatibility: not everything is "user"friendly. I still use the ASUS as "main" router for my internal (v)LAN, with guest wifi and other nice things! But than one might change to another ubiquity device (soon).
So no worries if many of the things above are "chinese" to you, but just like looking for a new car, take a moment, write down your requirements (what you want), and it becomes much more visible (easier) to actually see what you want/need.
Always welcome to go in deeper details if you want!
Hope this helps!
CC
