Replaced Port-forwarding with VPN. Now what?

CHB

n3wb
Joined
Jun 8, 2019
Messages
2
Reaction score
1
Location
California
Hi All,

I'm new here and a newbie in terms of networking. I have an Asus RT-AC86U router and a Swann (rebranded Hikvision) NVR. The NVR was setup with port-forwarding by the installer but thanks to the detailed direction on this site I've disabled the port-forwarding and used the router to create a VPN which works perfectly. Now, I'm wondering about what's next and I have a couple of questions that I couldn't figure from just reading the forums here.

1. DDNS: I enabled it using ASUS' option in the router. But, I'm not sure if I need to do anything else. Will Open VPN on my iPhone just keep working if/when my home Internet provider changes my public IP, or is there something else I need to do?

2. VLAN: Everything is on one flat network currently. Now that I'm running a VPN do I need a VLAN? If so, is it something that can be configured from the router? I don't really know anything about VLANs, so is there a thread/wiki I could read to get up to speed, if necessary?

Thanks in advance. I'm trying to do my best as a newbie to secure my system.
 

SouthernYankee

IPCT Contributor
Joined
Feb 15, 2018
Messages
4,442
Reaction score
3,738
Location
Houston Tx
:welcome:

My standard welcome to the forum message.

Please read the cliff notes and other items in the wiki. The wiki is in the blue bar at the top of the page.

Read How to Secure Your Network (Don't Get Hacked!) | IP Cam Talk in the wiki also.

Quick start
1) Use Dahua starlight cameras or Hikvision darkfighter cameras or ICPT Night eye cameras (https://store.ipcamtalk.com/) if you need good low light cameras.
2) use a VPN to access home network (openVPN)
3) Do not use wifi cameras.
4) Do not use cloud storage
5) Do Not use uPNP, P2P, QR, do not open ports,
6) More megapixel is not necessarily better.
7) Avoid chinese hacked cameras (most ebay, amazon, aliexpress cameras(not all, but most))
8) Do not use reolink, ring, nest cameras (they are junk)
9) If possible use a turret camera , bullet collect spiders, dome collect dirt and reflect light (IR)
10) Use only solid copper, AWG 23 or 24 ethernet wire. , no CCA (Copper Clad Aluminum)
11) use a test mount to verify the camera mount location. My test rig: rev.2

Read,study,plan before spending money ..... plan plan plan
Test do not guess
 

SouthernYankee

IPCT Contributor
Joined
Feb 15, 2018
Messages
4,442
Reaction score
3,738
Location
Houston Tx
I use the same router as you. But I use Blue Irirs.

The Asus DDNS is all you really need, your ASUS personal custom url will keep track of any changes to your Internet providers IP address. In openVPN you use your ASUS personal custom url not your IP address.

If your cameras connect directly to the NVR, plug into an RJ45 on the back of the NVR you do not need a VLAN at all. As your cameras are on a seperate network already.
 

TL1096r

IPCT Contributor
Joined
Jan 28, 2017
Messages
1,197
Reaction score
412
Hi All,

I'm new here and a newbie in terms of networking. I have an Asus RT-AC86U router and a Swann (rebranded Hikvision) NVR. The NVR was setup with port-forwarding by the installer but thanks to the detailed direction on this site I've disabled the port-forwarding and used the router to create a VPN which works perfectly. Now, I'm wondering about what's next and I have a couple of questions that I couldn't figure from just reading the forums here.

1. DDNS: I enabled it using ASUS' option in the router. But, I'm not sure if I need to do anything else. Will Open VPN on my iPhone just keep working if/when my home Internet provider changes my public IP, or is there something else I need to do?

2. VLAN: Everything is on one flat network currently. Now that I'm running a VPN do I need a VLAN? If so, is it something that can be configured from the router? I don't really know anything about VLANs, so is there a thread/wiki I could read to get up to speed, if necessary?

Thanks in advance. I'm trying to do my best as a newbie to secure my system.
Great questions. Something I am reading up on currently too. If I find any threads on IPCT I will link here.
 
  • Like
Reactions: CHB

CHB

n3wb
Joined
Jun 8, 2019
Messages
2
Reaction score
1
Location
California
I use the same router as you. But I use Blue Irirs.

The Asus DDNS is all you really need, your ASUS personal custom url will keep track of any changes to your Internet providers IP address. In openVPN you use your ASUS personal custom url not your IP address.

If your cameras connect directly to the NVR, plug into an RJ45 on the back of the NVR you do not need a VLAN at all. As your cameras are on a seperate network already.
Thanks so much for the quick and detailed reply! I'm glad to know I did it correctly.
 

Neuk

n3wb
Joined
Jun 4, 2019
Messages
16
Reaction score
9
Location
Johannesburg, South Africa
Hi All,

I'm new here and a newbie in terms of networking. I have an Asus RT-AC86U router and a Swann (rebranded Hikvision) NVR. The NVR was setup with port-forwarding by the installer but thanks to the detailed direction on this site I've disabled the port-forwarding and used the router to create a VPN which works perfectly. Now, I'm wondering about what's next and I have a couple of questions that I couldn't figure from just reading the forums here.

1. DDNS: I enabled it using ASUS' option in the router. But, I'm not sure if I need to do anything else. Will Open VPN on my iPhone just keep working if/when my home Internet provider changes my public IP, or is there something else I need to do?

2. VLAN: Everything is on one flat network currently. Now that I'm running a VPN do I need a VLAN? If so, is it something that can be configured from the router? I don't really know anything about VLANs, so is there a thread/wiki I could read to get up to speed, if necessary?

Thanks in advance. I'm trying to do my best as a newbie to secure my system.
Hi

Sorry to hijack but I thought my questions may help others.

I am looking in to using a VPN for home but was told that I may have issues with accessing my cameras when not on my home network? Do you have this issue using a VPN? I am currently using a dynamic DNS service and port forwarding.

Thanks
Nic
 

SouthernYankee

IPCT Contributor
Joined
Feb 15, 2018
Messages
4,442
Reaction score
3,738
Location
Houston Tx
If you can access your cameras at home directly. Then openvpn will work. Openvpn puts you on your home network, with the same IP address.

If not using openvpn, there are two types on VPN in bound and outbound. If the company you get the VPN from is charging you it is the wrong type of VPN.
 
Last edited:

Neuk

n3wb
Joined
Jun 4, 2019
Messages
16
Reaction score
9
Location
Johannesburg, South Africa
If you can access your cameras at home directly. Then openvpn will work. Openvpn plan es you on your home network, with he same IP address.

If not using openvpn, there are two types on VPN in bound and outbound. If the company you get the VPN from os charging you it is the wrong type of VPN.
Thanks for the input @SouthernYankee, I am busy doing a lot of research and coming across some great posts/blogs that yourself and others have referenced. I am learning, slowly...
 

58chev

Pulling my weight
Joined
Aug 30, 2017
Messages
300
Reaction score
137
Location
Etobi, Ontario
'm new here and a newbie in terms of networking. I have an Asus RT-AC86U router and a Swann (rebranded Hikvision) NVR. The NVR was setup with port-forwarding by the installer but thanks to the detailed direction on this site I've disabled the port-forwarding and used the router to create a VPN which works perfectly.
On your ASUS Router, turned off uPNP? Which is on by default. Also on your NVR and cameras.

The only time you would need to do anything on the VPN Client side is IF you make any changes on the Server side. Then an export of the client file would need to be done.
 
Top