Router questions

tigerwillow1 · Oct 27, 2016

My router is owned and controlled by my ISP. They won't make any changes from their standard configuration, and don't want to tell me how it's configured. Over time I have a pretty good feel for the address range it assigns via DHCP. Question 1: If I assign static IP addresses for the nvr and cameras that are in the same subnet but outside what the router assigns, will I be causing any problems? Question 2: Will this closed router cause me any problems setting up a VPN? Other than the inaccessible router I like the ISP. The Internet connection is wireless and the router is integrated with a wireless receiver.

nayr · Oct 27, 2016

Q1: Not if your sure it wont assign none of those static IP's to something else in the future.. if it truly is outside the range then its fine.. but the day it assigns one of those static configured devices it dont know about you'll have a hell of a time troubleshooting it.

Q2: Depends, does your router have a routable IP address and can you forward ports to your VPN Server? If no to any of those; then yes you will have some major problems w/remote access.

alastairstevenson · Oct 27, 2016

My router is owned and controlled by my ISP. They won't make any changes from their standard configuration, and don't want to tell me how it's configured.

Ouch! It's your home network, you should be able to fully manage and control it.
You can't even reserve IP addresses for your LAN?
How do you know they have not put it at risk by allowing some form of inbound access? Have you tested with ShieldsUp! or canyouseeme?
What if you wanted to set up a VPN or (heaven forbid) do some port forwarding?
How do you know they are not monitoring internal activity?
etc etc

Time to ditch your ISP, in my view.

Hotelone · Oct 27, 2016

Can you ask them to put their router into bridge mode and use your own router? If they want your business at all I can't imagine they'd have a problem with that.

tigerwillow1 · Oct 28, 2016

Thanks for the responses. Every new piece helps fit the puzzle together. I talked to my ISP and they say I can put my own router behind their router, then I can forward ports from my router, and a VPN server should work ("should" because they aren't aware of anybody who has done it yet, it's a relatively small ISP). The next question: Any recommendations for a wired router that also acts as a VPN server?

Hotelone · Oct 28, 2016

If they simply put their router into bridge mode and you deploy your own router behind it you can either port forward or VPN to your hearts content. You control your network, not them. If they're not just bridging their router then I have no idea what to advise you. Many people on this forum are very passionate, and with good reason, VPN or nothing people. They can give you good advice about setting one up. While I'm personally confident in the security of my specific deployment of my forwarded ports I'm also certain that many people here who know a whole lot more than I do about this would have many sound reasons to question my confidence.

nayr · Oct 28, 2016

they probably going to put his router in a DMZ and double nat him; but it'll be fine overall.. this one seems capable of ~20Mbit VPN: https://www.amazon.com/gp/product/B00DES2FQW

tigerwillow1 · Oct 28, 2016

The ISP is not going to change a thing on my router. For customers that don't pay extra for a static IP address, there's one configuration, period. I have a feeling that the tech support guy I talked to knows more about it than I do, but not enough to explain everything clearly. He said that their router isn't intended to be the primary router for anything beyond a simple network, and it will let "everything" through in its current configuration. I don't think I'll have a full answer until I just experiment around to see what I can do.

bp2008 · Oct 28, 2016

I've gone through two modem/router combo devices with the ISP that monopolizes my area, and both times they've had no problem with setting it up in bridge mode. Though I've also seen modemrouters that don't have a bridge mode and you just have to configure a DMZ host and double-nat like nayr said.

alastairstevenson · Oct 28, 2016

He said that their router isn't intended to be the primary router for anything beyond a simple network, and it will let "everything" through in its current configuration.

Presumably not "everything" from outside in. That would expose your whole network to the entire world.
Check there is nothing being allowed in using services such as https://www.grc.com/shieldsup or http://canyouseeme.org/
And you are not going beyond a 'simple network', nothing like.

What a load of tosh.
Does the ISP have a monpoly in your area? Hopefully not.

nayr · Oct 28, 2016

He's on a WiSP, they often small run of the mill operations in places with good RF coverage (valley communities, remote lakes, etc).. kinda like how bp2008 got his internet out in the middle of nowhere just being very creative.. network robustness often largely depends on how good of a network can even be had.

He probably has very limited options, and the WiSP has to operate on very limited infrastructure.. so im sure he's just happy to be online w/broadband.

WiSP's rarely survive anywhere with better options... Ive worked for and setup a few; moonlighting.

Hotelone · Oct 28, 2016

Now I'm really curious, are you on DSL or a WiSP?

tigerwillow1 said:
The ISP is not going to change a thing on my router. For customers that don't pay extra for a static IP address, there's one configuration, period. I have a feeling that the tech support guy I talked to knows more about it than I do, but not enough to explain everything clearly. He said that their router isn't intended to be the primary router for anything beyond a simple network, and it will let "everything" through in its current configuration. I don't think I'll have a full answer until I just experiment around to see what I can do.

nayr · Oct 28, 2016

tigerwillow1 said:
The Internet connection is wireless and the router is integrated with a wireless receiver.

im basing that conclusion off the very last sentence in his original post

Hotelone · Oct 28, 2016

Yeah, I missed that.

nayr said:
im basing that conclusion off the very last sentence in his original post

tigerwillow1 · Oct 28, 2016

I'm on a WiSP, but for anything other than this router issue (and one other thing) I give them high praise. Their service is very reliable, much more so than Century Link DSL, which along with one other WiSP are the only other options. It's a rural area with lots of hills and valleys and both of the WiSPs have transmitters on a dozen or so hilltops. The only other thing I don't like about them is they do packet inspection to throttle video. The service tiers are based entirely on what bandwidth is available for video. In spite of these two issues, I think they're a quite good ISP. Just FYI, the receiver/router is a Cambium Networks 3.6GHz MIMO OFDM Subscriber Module. I have access only to its "General Status" page which gives info about the RF part and nothing at all about the router configuration. I downloaded a manual for it, ~600 pages, and didn't get very far before giving up. I did succeed in learning the DHCP address range the router assigns. It's 100 to 150, so I've got plenty of space to assign static addresses.

nayr · Oct 28, 2016

if you manage a VPN connection they wont know its video your transmitting via DPI; but they may still throttle you back anyhow if you are using too much bandwidth.

Search

Search

Router questions

tigerwillow1

Known around here

nayr

alastairstevenson

Hotelone

Getting the hang of it

tigerwillow1

Known around here

Hotelone

Getting the hang of it

nayr

tigerwillow1

Known around here

bp2008

alastairstevenson

nayr

Hotelone

Getting the hang of it

nayr

Hotelone

Getting the hang of it

tigerwillow1

Known around here

nayr