UPNP keeps disappearing

[CedarTree]

okay so I enabled VPN on the router.
It has UDP checked for TUN and TAP and I didn't change the port.
Then I uploaded config file to my iPhone. OV app on phone imports the profile fine. But then it says There was an error trying to connect to server.

 

[CedarTree]

I'm using a host username for my WAN IP, via DDNS.net

 

[wittaj]

You need to take your phone off wifi and try it with cellular data.

 

[CedarTree]

(Should have thought of that!) Still no luck. PS As I understand it, the profile key is my "password" and I don't need another password on top of that.
It is a work phone but nowhere was I warned that I can't use open VPN during the set up so I'm presuming my work phone isn't disabled from doing such a thing?

PPS When I look at open VPN log, it refers to an IP address that is nothing like my Comcast IP.

 

[wittaj]

When working right the IP address will be your internal IP address range - not your Comcast IP.

Did you create a user/PW when setting up OpenVPN and then typed that into OpenVPN on your phone when first logging in?

Who is your cellular provider - some block ports and you need to change it.

 

[CedarTree]

When open VPN Connect app installed on my phone, I was never prompted to create an account. Just to import the files that I downloaded from the Router "website". Cellular = AT&T.

 

[wittaj]

It has been awhile, so maybe the certificate was enough, but I thought I had created user/pw for first login.

See this post about AT&T

Blue Iris working on Iphone wifi but not 4g LTE

Hi Folks, I'm new to Blue Iris software but it is working amazing. I downloaded the mobile app on my Iphone and it works great with wifi but not on 4G LTE. I have watched every tutorial on youtube, and saw some threads here and tried those suggestions with no luck. My router is a Netgear...

ipcamtalk.com

 

[CedarTree]

And so it begins... more complexity!
Am I opening these posts on my Router? Looks like there's 20 ports I need to open! Isn't this defeating the purpose of not port forwarding?

 

[CedarTree]

Also, I just tried my wife's phone on Xfinity / Verizon and not a work phone - still no luck.

 

[wittaj]

Nope just one port. Router is listening for your VPN connection on port 443 by default, so change it to a number that AT&T doesn't block. Many ports are open by default on the router - to allow email and stuff to work LOL. It is opening a port for a camera or NVR and/or using UPNP that opens up the router for attack.

 

[CedarTree]

I presume opening a port is same as port forwarding? I am trying to do it but will specify the internal IP of the computer that has BI on it.

And still no luck, assuming I did that right.

 

[wittaj]

People use the terms interchangeably, but there are some differences. By default routers won't let unsolicited incoming requests to get into the network through an open port (as I said many ports are open), basically because it wouldn't know where to send it to. In this context forwarding a port means configuring the router to pass incoming requests to a device that can handle those, so then it allows the cams to phone home or allows someone to bypass the router security to get into the camera and then attack the router.

 

[CedarTree]

I must be doing something wrong b/c I can't see myself on canyouseeme using port 443.

EDIT: I changed external port to 443 and internal to 81, and you I can see myself on canyouseeme.org. However, still no luck with iPhone.

 

[wittaj]

I'm walking through my mind trying to figure out the issue, but hopefully someone more versed than me can be like "oh with an iPhone you need to..." or something like that.

 

[CedarTree]

Thanks for the help so far. Any takers (please ?!?!?) to maybe get over the VPN hump? Thanks in advance.

 

[CedarTree]

Let me go back to port forwarding for a second. If I port forward Blue Iris using a relatively unique external port (so presumably no other app on my PC at that IP is using that port), and Blue Iris has a username / password AND key, how can someone realistically hack me? I'm not (I think?) opening up my Cams to the WWW, but Blue Iris is negotiating the Cams and using password protection. I'm thinking the practical risk is small?

 

[wittaj]

You would be better off to use STUNNEL in Blue Iris than to port forward.

 

[CedarTree]

I'll check it out thanks. Hard / Easy to set up?

 

[Mike A.]

Not all that hard but kind of another rabbit hole to go down. lol

Forwarding BI isn't as bad as forwarding the cams. The cameras tend to be full of all kinds of holes and exploits. But still not really all that great of an idea if you can avoid it.

Keep trying to get the VPN to work. That's a better way and gives you access to cams, router, etc., as well once connected in case you need to do other things remotely.

Can you connect to your VPN at all? Or just not able to get to the BI server once you are connected?

 

[CedarTree]

And who doesn't love a rabbit hole!
I couldn't get VPN to work at all... with or without BI.