Openvpn with an Apple router

[Todd Schmidt]

Hi @Todd Schmidt, glad you have your VPN server up and running. To answer your follow-up questions, it is important for us to know WHERE you actually installed it on? On that synology? On the BI pc? Asus router? Because depending on your answer, our advice will differ.

In any case: when connecting to your VPN server, you "enter" your network through a VPN-port-server forward (default 1194 by heart), and your VPN server gives an "internal" 10.x address. Make sure it does not "collide" with what you call the pc lan 10.0.0.x network. Your VPN server is then "internally" routing that 10.x address to your LAN address (hence it should differ from the aforementioned pc lan network, otherwise routing is not working). From there, you can access your "internal LAN".

The vpn is on my synology.

So for BI do I just disable the wan access under the web server tab? And leave the lan IP address?

 

[catcamstar]

Hang on, we might be talking about two different things: what are the current IP addresses on the two NICs in your BI pc? I think the one carrying 192.168.xx is the one to your apple router, the 10.x is the one towards your CAMs.

If that is correct: do you mean "wan access" on the 192.168.xx interface? If you disable that, you won't be able to reach BI anymore. If you mean 10.x: there should not be any traffic there.

If you mean with "wan access" your ISP's public ip address: that should be removed immediately: openVPN is thé way to connect from now on.

Hope this helps!
CC

 

[Todd Schmidt]

Hang on, we might be talking about two different things: what are the current IP addresses on the two NICs in your BI pc? I think the one carrying 192.168.xx is the one to your apple router, the 10.x is the one towards your CAMs.

If that is correct: do you mean "wan access" on the 192.168.xx interface? If you disable that, you won't be able to reach BI anymore. If you mean 10.x: there should not be any traffic there.

If you mean with "wan access" your ISP's public ip address: that should be removed immediately: openVPN is thé way to connect from now on.

Hope this helps!
CC

So the secondary nic going to cameras is 192 while the primary internet connected is 10. Right now, remote access through Bi is using my wan (public ip), I guess I need to delete that.

 

[catcamstar]

So the secondary nic going to cameras is 192 while the primary internet connected is 10. Right now, remote access through Bi is using my wan (public ip), I guess I need to delete that.

Hmmm yes, affirmative. And if you had put a port forward from your wan public ip to that bi pc, delete that also immediately.

 

[Todd Schmidt]

Hmmm yes, affirmative. And if you had put a port forward from your wan public ip to that bi pc, delete that also immediately.

Ok that’s what I thought. Thanks for confirming.

 

[Todd Schmidt]

So it worked on the BI pc, using the ui3, but now won’t work through the app, with vpn running. Any thoughts? Do I use the pc ip of 10.0.0.213 or the cameras network ip of 192.168.1.1?

 

[Todd Schmidt]

I’m wondering if maybe it’s something in the firewall maybe. The vpn connects fine, but it keeps saying can’t reach server.

 

[catcamstar]

I’m wondering if maybe it’s something in the firewall maybe. The vpn connects fine, but it keeps saying can’t reach server.

Well, you won't be the first shouting "my VPN server works" while actually some configuration settings are "missing". Unfortunately, debugging is a bit difficult when being on a mobile device (because ping/traceroute commands are not easily available).

But briefly explain us the steps you took to setup openvpn on Synology:
- you installed the package
- you configured the package: OpenVPN active on port 1194?
- you did tick the box "allow clients to connect to lan"?
- you configured your router to forward INTERNET traffic to the synology 1194?

Then you did what exactly? You installed openVPN client on your mobile device, entered your INTERNET (WAN) IP? Or did you import the .ovpn file?
When you enter your credentials, is the light going to green?
What do you see in the "connected clients" list on Synology?

From here on, we can debug further down the road.

 

[Todd Schmidt]

Well, you won't be the first shouting "my VPN server works" while actually some configuration settings are "missing". Unfortunately, debugging is a bit difficult when being on a mobile device (because ping/traceroute commands are not easily available).

But briefly explain us the steps you took to setup openvpn on Synology:
- you installed the package
- you configured the package: OpenVPN active on port 1194?
- you did tick the box "allow clients to connect to lan"?
- you configured your router to forward INTERNET traffic to the synology 1194?

Then you did what exactly? You installed openVPN client on your mobile device, entered your INTERNET (WAN) IP? Or did you import the .ovpn file?
When you enter your credentials, is the light going to green?
What do you see in the "connected clients" list on Synology?

From here on, we can debug further down the road.

Yes, to everything.,.ovpn file was imported, phone shows up on connection list.

Going to change everything to the pc's ip and see if that fixes it.

 

[catcamstar]

Yes, to everything.,.ovpn file was imported, phone shows up on connection list.

Going to change everything to the pc's ip and see if that fixes it.

Indeed, now you have to put the pc's ip (10.x) in the BI app. If that is not working, you should change the "internal IP" for the OpenVPN in the Synology (which I think is colliding/overlapping with your internal LAN). Can you show us a screenshot of your VPN settings in the Synology please?

Thanks!
CC

 

[Todd Schmidt]

That did the trick. Everything is working now. Thanks guys.

 

[catcamstar]

That did the trick. Everything is working now. Thanks guys.

Hooray for ourselves!

 

[Todd Schmidt]

Now, time for more cameras.