Setting up a VPN

Popeye · Jul 18, 2016

I have read a little on VPN"S but wanted to get some advise from those of you that know a little about them. I want to set up a new Security camera in my apartment, but I heard that you have to have some type of secure connection to keep anyone on the internet from hacking into it. Is a VPN secure enough to be able to remotely view my camera or would I need something else? Any information will be greatly appreciated. Thanks

bp2008 · Jul 18, 2016

There are several different types of VPN. Unfortunately, the most common (PPTP) was cracked years ago and can no longer be considered secure. So if you have to choose between PPTP VPN and simply opening ports to your camera, it is hard to say which is the better option. If someone gets into your camera, then how much access they have to your network depends on how they got into the camera. If they break in to your VPN, they might as well be plugged in to your router directly because they have full access to your network.

You could try using a more secure option such as OpenVPN, but most routers don't have an OpenVPN server built in so you'd have to run it on a computer in your apartment. It can be tricky to set up because it is not very user-friendly in my experience. And then no computer or mobile device I know of has an OpenVPN client built in. You have to download that separately on every device you want to connect from. And regardless of VPN type, you always have to connect to the VPN before you can access your cameras. All this makes it inconvenient to view your cameras, especially if you have never done it before on a particular device.

What I do myself is I run video management software that I trust (Blue Iris) on a PC at home, and I choose a port number over 10000 to forward to it. I don't have to deal with a VPN this way, and my definitely insecure cameras aren't exposed to the internet.

Also, since you are concerned with security, check if your router has UPnP enabled. If so, disable it. UPnP is a feature that allows devices on your network to automatically open ports through your router without your knowledge. Until I discovered this lurking on my router, I unknowingly had dozens of ports open to my very insecure cameras. Not cool.

nayr · Jul 18, 2016

Setup and run a VPN Server on your router, and the VPN Clients on your phone.. it will effectively be like your on your local wifi when your away from home, all your LAN devices will be accessible when the VPN is established

its as secure as your login credentials, yet the best available solution by a very large margin.

PPTP+IPSec is perfectly secure, I've not seen anything that defaults to only PPTP in eons.. pptp is just an encapsulation method, its built in security is flawed but anymore its simply the transport layer.. not security.. dont let PPTP scare you off, anymore its synonymous with IPSec unless your on 15 year old operating systems.

Popeye · Jul 19, 2016

bp2008 said:
There are several different types of VPN. Unfortunately, the most common (PPTP) was cracked years ago and can no longer be considered secure. So if you have to choose between PPTP VPN and simply opening ports to your camera, it is hard to say which is the better option. If someone gets into your camera, then how much access they have to your network depends on how they got into the camera. If they break in to your VPN, they might as well be plugged in to your router directly because they have full access to your network.

You could try using a more secure option such as OpenVPN, but most routers don't have an OpenVPN server built in so you'd have to run it on a computer in your apartment. It can be tricky to set up because it is not very user-friendly in my experience. And then no computer or mobile device I know of has an OpenVPN client built in. You have to download that separately on every device you want to connect from. And regardless of VPN type, you always have to connect to the VPN before you can access your cameras. All this makes it inconvenient to view your cameras, especially if you have never done it before on a particular device.

What I do myself is I run video management software that I trust (Blue Iris) on a PC at home, and I choose a port number over 10000 to forward to it. I don't have to deal with a VPN this way, and my definitely insecure cameras aren't exposed to the internet.

Also, since you are concerned with security, check if your router has UPnP enabled. If so, disable it. UPnP is a feature that allows devices on your network to automatically open ports through your router without your knowledge. Until I discovered this lurking on my router, I unknowingly had dozens of ports open to my very insecure cameras. Not cool.

Thanks for the help.. Great information. I will try to put this to use. So if my router does not support Openvpn then I would have to purchase a separate router? I was burglarized last week so I do not leave my laptop in my apartment anymore, so I guess that option is off the table.

Thank you again for the help, I do appreciate it.

josalamanca007 · Jul 19, 2016

Popeye said:
Thanks for the help.. Great information. I will try to put this to use. So if my router does not support Openvpn then I would have to purchase a separate router? I was burglarized last week so I do not leave my laptop in my apartment anymore, so I guess that option is off the table. Thank you again for the help, I do appreciate it.

Check to see if your current router supports custom firmware such as dd-wrt. If it does, load it and configure OpenVPN on it.

If you have an old computer you could run pfSense(https://goo.gl/m4tglS), setting up OpenVPN on pfSense is not difficult.

Popeye · Jul 19, 2016

Do I have to actually be on my own network at home to install the firmware? DUmb question I know but I really have no clue about this stuff. LOL! Thank you though for the advise.

bp2008 · Jul 19, 2016

Popeye said:
Do I have to actually be on my own network at home to install the firmware? DUmb question I know but I really have no clue about this stuff. LOL! Thank you though for the advise.

You need access to a computer at your home to do it, unless you have enabled remote access on your router. It is unwise to attempt it remotely in case you need to reconfigure the router after installing firmware.

josalamanca007 · Jul 19, 2016

Popeye said:
Do I have to actually be on my own network at home to install the firmware? DUmb question I know but I really have no clue about this stuff. LOL! Thank you though for the advise.

I perform all firmware updates via wired LAN. It's my preference.
What is the model of your router? Are you using your internet provider's gateway?

Popeye · Jul 19, 2016

UBEE by time warner

josalamanca007 · Jul 20, 2016

Popeye said:
UBEE by time warner

That appears to be the internet provider's gateway, you can't really install custom firmware on those.

mycoma · Jul 20, 2016

You need a router that supports vpn like netgear r7000 or some asus routers or run Pfsense on a pc or a device with 2 network interfaces.

PSPCommOp · Jul 20, 2016

https://diysecurityguy.wordpress.com/2016/04/14/tip-setting-up-openvpn/

This helped me a bit setting up my Asus router. I have a slightly different model but it was very easy to set up once I read up on them a little.

Search

Setting up a VPN

Popeye

n3wb

bp2008

nayr

Popeye

n3wb

josalamanca007

Young grasshopper

Popeye

n3wb

bp2008

josalamanca007

Young grasshopper

Popeye

n3wb

josalamanca007

Young grasshopper

mycoma

BIT Beta Team

PSPCommOp

Getting the hang of it