To VPN or not to VPN

Discussion in 'Cyber Security' started by lane, Jan 14, 2019 at 8:49 AM.

Share This Page

  1. lane

    lane n3wb

    Joined:
    Dec 27, 2018
    Messages:
    28
    Likes Received:
    5
    Location:
    GA
    Wondering how many of you that connect to your systems remotely are using a VPN?

    If so, what method are you using? Vpn capable router, third party software, or built in like windows 10?

    Thinking of whether or not to set up one and just wondering what percentage of users are going that route.
     
  2. t84a

    t84a Getting the hang of it

    Joined:
    Oct 10, 2014
    Messages:
    187
    Likes Received:
    35
    Location:
    Maryland
    VPN Primer for Noobs

    Long read but very valuable.

    TLDR: I use OpenVPN. My home router is an Untangle and my beach condo is ASUS. Both support OpenVPN.
     
  3. c hris527

    c hris527 Known around here

    Joined:
    Oct 12, 2015
    Messages:
    795
    Likes Received:
    465
    Location:
    NY
    If you are the kind of person that is still leaving the house key under the front door mat, than a vpn is not for you. To answer your question, if you are remoting in without one, it will just be a matter of time. That being said, I cannot say the percentage of people using one but since its hammered home here I feel it more than less at this point.

    ->>>VPN Primer for Noobs
     
    looney2ns likes this.
  4. crw030

    crw030 Getting comfortable

    Joined:
    Apr 26, 2016
    Messages:
    374
    Likes Received:
    185
    Location:
    Colorado
    I feel like the vast majority here use VPN, the only ones that aren’t are possibly using something else like SSH, or just refuse to follow guidance here thinking they know better.

    If you don’t setup access via VPN, and instead choose to open ports and expose your cameras to the internet, you will eventually be responsible in part for some DDoS attack that makes the news or you will make the news (or be freaked out) when some hacker is talking to you through your camera. But why trust anyone here, just google search for “security camera hacked” and you’ll have millions of reasons both 1) not use cloud services and 2) use VPN instead of port forwarding, like:
    Another baby monitor camera hacked | CSO Online
    Is someone spying on you through your webcam?
    https://www.cnet.com/google-amp/news/how-to-prevent-your-security-camera-from-being-hacked/
     
  5. Whoaru99

    Whoaru99 Getting the hang of it

    Joined:
    Dec 22, 2018
    Messages:
    114
    Likes Received:
    33
    Location:
    MN
    Linksys LRT214 VPN router using OpenVPN.

    I would like to give it a shot with IPSec/IKE but on a couple half-hearted efforts didn't get it working.
     
  6. lane

    lane n3wb

    Joined:
    Dec 27, 2018
    Messages:
    28
    Likes Received:
    5
    Location:
    GA
    I have a ATT router, don't know if it has built in VPN capability. Can check into that later but can another router that has built in VPN be plugged into my main router and then to the NVR?
     
  7. psycik

    psycik Young grasshopper

    Joined:
    Dec 9, 2015
    Messages:
    88
    Likes Received:
    8
    Location:
    Wellington, New Zealand
  8. Whoaru99

    Whoaru99 Getting the hang of it

    Joined:
    Dec 22, 2018
    Messages:
    114
    Likes Received:
    33
    Location:
    MN
    If the ATT modem/router combo unit does not support a workable VPN solution then usually it's best to have it in bridge mode, not stack two routers, per se.

    The ISP may need to do that configuration to bridge mode. Sorta depends on the hardware and their policies if you can or if they must do it.
     
  9. SouthernYankee

    SouthernYankee IPCT Contributor

    Joined:
    Feb 15, 2018
    Messages:
    939
    Likes Received:
    412
    Location:
    Houston Tx
    I use openvpn with an Asus router. Easy to use easy to set up.

    Only setup problem was placing the ISP Comcast authorization modem/ router in bridge / pass thru modem.
     
  10. nbstl68

    nbstl68 Getting comfortable

    Joined:
    Dec 15, 2015
    Messages:
    1,035
    Likes Received:
    146
    If you put your ISP's router in bridge mode and connect another modem for the purposes described above, would that mean it could no longer be used to broadcast a Wi-Fi signal?

    I have an older ASUS RT-N56U but I am not sure how to tell if it is compatible with loading OpenVPN (or use any VPN) on it or not. The site specs do not mention VPN anyhwere so their chat support just referenced that it did not say so that must mean no. Any way to know for sure? Is there a list of OpenVPN compatible routers? Mine works fine for my needs so I'd rather not buy a new one.
     
  11. stratfordwill

    stratfordwill Getting the hang of it

    Joined:
    Jun 29, 2014
    Messages:
    17
    Likes Received:
    29
    If I didn't have a unifi USG that has the capability to VPN, I'd probably be doing a pivpn on a raspberry pi.
     
  12. Whoaru99

    Whoaru99 Getting the hang of it

    Joined:
    Dec 22, 2018
    Messages:
    114
    Likes Received:
    33
    Location:
    MN

    No. Putting the ISP combo unit in bridge mode basically turns it into modem only. Your router then assumes the duty of routing, WiFi, etc.

    Another possibility in some cases is to trade out the ISP combo unit for a plain old modem. In some areas, like around here, you still have a choice to get a plain old (cable) modem or combo unit (modem/router). I always pick the plain old modem. Just get me a public IP/Internet connection...I'll take care of the rest.
     
    nbstl68 likes this.
  13. Whoaru99

    Whoaru99 Getting the hang of it

    Joined:
    Dec 22, 2018
    Messages:
    114
    Likes Received:
    33
    Location:
    MN
    As far as the Asus supporting OpenVPN, if not inherent in the factory firmware, sometimes reflashing it with 3rd party firmware opens up or adds additional features/functions.
     
  14. lane

    lane n3wb

    Joined:
    Dec 27, 2018
    Messages:
    28
    Likes Received:
    5
    Location:
    GA
    Checked my router and it's a Arris model nvg589. Logged into it and don't see any built in VPN settings. Saw online where someone was wanting to bridge theirs and use a Asus router with VPN. I'll check with ATT and see if they have another router avail with VPN. My current guess is that whatever I do it will have to involve the router I am currently using, meaning adding an additional device or online service.

    I do have a new Windows 10 machine that I think can be set for VPN but that won't help me with the NVR.
     
  15. lane

    lane n3wb

    Joined:
    Dec 27, 2018
    Messages:
    28
    Likes Received:
    5
    Location:
    GA
    The raspberry looks like an interesting option.

    Can it be put in line between the NVR and router port?

    I'm assuming there is an open source application?

    How easy or complicated would this be to get working? Would it require changes to be made on my isp router? Certainly cost effective .
     
  16. Whoaru99

    Whoaru99 Getting the hang of it

    Joined:
    Dec 22, 2018
    Messages:
    114
    Likes Received:
    33
    Location:
    MN
    @lane

    Well, I think any time you daisy chain routers it can be problematic. Can it be overcome? Probably, but how I don't know.

    Have you checked with your ISP to see if they will (or if you can) put their combo unit in bridge mode? Or, if you can get it swapped out with a plain old modem-only unit?
     
  17. Tinman

    Tinman Getting comfortable

    Joined:
    Nov 2, 2015
    Messages:
    467
    Likes Received:
    261
    The W10 machine would have to run 24/7. Now if you use BlueIris you could run OpenVPN on that machine with very little overhead and is more configurable than most VPN's built into routers, but does involve more work to get it setup. In your case using a NVR I would go the router VPN method.
     
  18. lane

    lane n3wb

    Joined:
    Dec 27, 2018
    Messages:
    28
    Likes Received:
    5
    Location:
    GA
    I just read on one website that says P2P is the current recommend way to keep your security system safe.

    I am currently running that with the NVR generated QR code.

    Is this not reasonably secure?
     
  19. mat200

    mat200 IPCT Contributor

    Joined:
    Jan 17, 2017
    Messages:
    3,543
    Likes Received:
    1,780
    Hi @lane

    P2P - actually is not about security, so it is possible to have a P2P product which is fairly secure and another P2P product which is full of holes and completely insecure.

    In general, since you do not know which it is - do not trust P2P.
     
  20. looney2ns

    looney2ns IPCT Contributor

    Joined:
    Sep 25, 2016
    Messages:
    5,874
    Likes Received:
    3,905
    Location:
    Evansville, Indiana