Running VPN on home router for PC

PSPCommOp · Jun 27, 2016

Anyone have experience running their home system on a VPN on an Asus router? I'd like to set my system up to connect on a VPN but don't know much about them and was curious if all devices would have to run thru the VPN or if you could just use the Camera PC on the VPN.

fenderman · Jun 27, 2016

PSPCommOp said:
Anyone have experience running their home system on a VPN on an Asus router? I'd like to set my system up to connect on a VPN but don't know much about them and was curious if all devices would have to run thru the VPN or if you could just use the Camera PC on the VPN.

You are misunderstanding how the vpn works. It only affects remote access. When you want to view your cameras remotely you create a vpn connection between your device and the network. At that point your device acts like you were connected locally.

PSPCommOp · Jun 27, 2016

Yeah I'm really not familiar with VPN's to be honest which is why I was asking. I've been reading more and more about security and cameras on your network so I'm trying to iron it all out now.

nayr · Jun 27, 2016

Biggest point of confusion are all these paid VPN Services that people use to watch video/music from a foreign country, or to hide there piracy from there internet provider.. these are paid services to connect to other people's networks to hide your origins.. not useful for video Surveillance normally.

Running it on your router is the best place for it, if its online so is your VPN.. think of it like a virtual network cable to your home network, when your half way across the country on a public wifi when you enable the VPN link its like your at home.. all your internet traffic is sent through your home router, and all your local cameras, file servers, printers, pc's, etc will be accessible just like you were on your home WiFi.

PSPCommOp · Jun 27, 2016

nayr said:
Biggest point of confusion are all these paid VPN Services that people use to watch video/music from a foreign country, or to hide there piracy from there internet provider.. these are paid services to connect to other people's networks to hide your origins.. not useful for video Surveillance normally.

Running it on your router is the best place for it, if its online so is your VPN.. think of it like a virtual network cable to your home network, when your half way across the country on a public wifi when you enable the VPN link its like your at home.. all your internet traffic is sent through your home router, and all your local cameras, file servers, printers, pc's, etc will be accessible just like you were on your home WiFi.

That makes more sense, I was just curious because i've heard a few people talking about running their systems on a home VPN for more security. So basically that is what they are doing, running the system while a VPN is running on their router?

And just one more question... Does running a VPN on your router slow overall bandwidth down?

nayr · Jun 27, 2016

PSPCommOp said:
So basically that is what they are doing, running the system while a VPN is running on their router?

And just one more question... Does running a VPN on your router slow overall bandwidth down?

1. Yes, they configure there mobiles/tablets/laptops to connect to local IP address and display the cameras.. when these devices are outside your network, you connect the VPN Client (mobile) to the VPN Server (router) and then everything connects just like it did at home.
2. Not in any meaningful way, the overhead when in use is very minimal.. if you have enough bandwidth for live video you have enough bandwidth for VPN.

pozzello · Jun 27, 2016

"Does running a VPN on your router slow overall bandwidth down?"

no. The traffic between your remote VPN client and your local LAN resources (like your NVR, BI PC, or cameras) will be encrypted,
so there is some CPU cost associated with with it, but does not affect your total bandwidth or traffic NOT being VPN'd (surfing
the net from the LAN).

If you are accessing the VPN from outside, and then use it to surf back to the internet, things may be more sluggish
than if using split-horizon DNS to only send traffic destined for the LAN over the VPN, but that's a bit of a corner case...

PSPCommOp · Jun 27, 2016

Ok so to make sure i'm getting this correctly, the VPN run thru the router doesn't actually provide more security for the things connected to the home network... It just allows me to basically connect to my home LAN while I'm out and about and remotely access the network and other devices in a secure way?

nayr · Jun 27, 2016

the vpn is completely transparent to your network when its established.. it uses strong encryption and as long as you use secure credentials (good passwords) it will be very difficult to penetrate it externally.. much harder than penetrating your cameras if you just forward ports to em.. if setup correctly, the only way in to the local network from outside is through the VPN Server, and its been hardened and designed to be exposed to the internet, unlike your Cameras/NVR.

If you just forwarded ports, then opened up a camera at a Coffee shop, I could intercept the traffic and steal your logins and video feeds if I was also in the coffee shop.. but if you did it over a VPN link, it would all be encrypted and I would be unable to decipher it.

kimix · Jun 27, 2016

Yep, and further to nayr's comment, it's rather easy to set up too!

Network is interesting, and I read nayr's posts with big interest. Learning every day.

fbnoise · Jun 27, 2016

Nayr, I'm wondering if connecting to Blue Iris or other surveillance software is the only concern, is VPN really that necessary if a secure connection can be established. For example, I use stunnel: https://www.ipcamtalk.com/showthread.php/2131-stunnel

nayr · Jun 27, 2016

I would suggest a better alternative of doing a nginx reverse proxy with X509 TLS Certs for authentication if you have a NVR capable of delivering everything out a HTTP connection... (ie not using RTSP for video)..

Nginx w/X509 Certs will act as the border guard, nothing can connect to your BI process unless it has a valid certificate you signed.. which is basically some of the best security you can get..

Interpon · Jun 27, 2016

kimix said:
Yep, and further to nayr's comment, it's rather easy to set up too!

Network is interesting, and I read nayr's posts with big interest. Learning every day.

me too.. wrt 1900AC.. it walks you through it from the router.. you do have to download app they have for phones/ Ipad.. works great!!! even control PTZ and watch stored video from onboard cams.

chippy · Jun 28, 2016

Setting up a VPN is easy? That's not my experience. I managed to get dd-wrt flashed to my Asus rt-n66u. Been reading for the last two days how to set up the VPN. I find all the steps a pain in the ass. Is there a short, "easy" version somewhere? Am I missing something?

Download the OpenVPN software, authenticate via OpenPGP (or something) which requires another download and a keyring(?) and another authentication. Then, download an rst(is that the right acronym) to manage the PKI and generate the public and private keys.... But, before you do that, download and authenticate all the software to build the previous application because it has to be compiled... All this before you actually set up anything? So, if there's an "easy" guide to help setup a VPN I'd be eternally grateful for a link.

fenderman · Jun 28, 2016

chippy said:
Setting up a VPN is easy? That's not my experience. I managed to get dd-wrt flashed to my Asus rt-n66u. Been reading for the last two days how to set up the VPN. I find all the steps a pain in the ass. Is there a short, "easy" version somewhere? Am I missing something?

Download the OpenVPN software, authenticate via OpenPGP (or something) which requires another download and a keyring(?) and another authentication. Then, download an rst(is that the right acronym) to manage the PKI and generate the public and private keys.... But, before you do that, download and authenticate all the software to build the previous application because it has to be compiled... All this before you actually set up anything? So, if there's an "easy" guide to help setup a VPN I'd be eternally grateful for a link.

the n66u has built in vpn from asus. Setting that up is easy. There should be youtube guides.

PSPCommOp · Jun 28, 2016

https://vpntips.com/vpn-router-install/

I used this as a guide... I have the AC68P. Needed to flash the firmware to merlin but once i did that it worked like a charm. I'm also using PIA as the service.

Just a little disappointed how low it throttled by speeds. I'm on Comcast Internet so its nothing for me to hit 150-170 mbs download and 20 upload. Under the VPN it drops the network download speed to 20mbs. Not really good when there are 5 other people in the house using multiple Roku's, and xbox and PS4 at night. I've noticed the quality of the Roku streams drop because the bandwidth is getting swamped. I'm gonna try and use the Policy Rules function and prob keep the PC and Cameras under the VPN so i can remote into them and leave the rest of the connections off of it.

fenderman · Jun 29, 2016

PSPCommOp said:
https://vpntips.com/vpn-router-install/

I used this as a guide... I have the AC68P. Needed to flash the firmware to merlin but once i did that it worked like a charm. I'm also using PIA as the service.

Just a little disappointed how low it throttled by speeds. I'm on Comcast Internet so its nothing for me to hit 150-170 mbs download and 20 upload. Under the VPN it drops the network download speed to 20mbs. Not really good when there are 5 other people in the house using multiple Roku's, and xbox and PS4 at night. I've noticed the quality of the Roku streams drop because the bandwidth is getting swamped. I'm gonna try and use the Policy Rules function and prob keep the PC and Cameras under the VPN so i can remote into them and leave the rest of the connections off of it.

PIA is not the type of VPN the you need. PIA does nothing to secure your remote connection. It is simply designed to mask your ip when using the internet. You are drastically reducing your bandwidth and paying for the service for nothing.

PSPCommOp · Jun 29, 2016

fenderman said:
PIA is not the type of VPN the you need. PIA does nothing to secure your remote connection. It is simply designed to mask your ip when using the internet.

Is there a particular type of VPN then? Its obvious i'm not familiar with this VPN stuff lol

fenderman · Jun 29, 2016

PSPCommOp said:
Is there a particular type of VPN then? Its obvious i'm not familiar with this VPN stuff lol

Your router already supports openvpn...simply configure the vpn SERVER not the client. Disable the client and cancel your PIA account.

Search

Running VPN on home router for PC

PSPCommOp

Getting the hang of it

fenderman

PSPCommOp

Getting the hang of it

nayr

PSPCommOp

Getting the hang of it

nayr

pozzello

Known around here

PSPCommOp

Getting the hang of it

nayr

kimix

n3wb

fbnoise

Getting the hang of it

nayr

Interpon

Getting the hang of it

chippy

Young grasshopper

fenderman

PSPCommOp

Getting the hang of it

fenderman

PSPCommOp

Getting the hang of it

fenderman