VLAN and OpnVpn

[ispookie666]

Hello, I'm new to the forum and need some help.
I have a Hikvision dome camera (4 MP Pro) which is on a separate VLAN and have been unable to use OpnVPN to access it remotely.
Home network is - Asus DSL-68 U as master (192.168.1.1) and Asus RT-68U (to create mesh).
Cisco SG500-28P acts as a switch and POE for a few cameras including the above. Only the above camera is on a separate VLAN (192.168.100.X) along with a home server (which records from the various Hikvisions).
Using OpnVPN server on Asus DSL68U, I am able to access the home network remotely but not the devices behind the VLAN.

Is there a way to access the above IP camera through OpnVPN ?

 

[DG99]

I not sure if the Asus 68 supports vlans, do you have the vlan setup in the router? something need to route the vlan to router. How the the switch setup, just tagging?

 

[ispookie666]

I do not think Asus 68 supports VLAN, at least I cannot see the tab. The VLANs are setup on the switch and have routing setup on the Asus and inter vlan routing on the switch. I can access the Hikvision and the server(both on VLAN 100) from any device on the home network.
The hikvision port is untagged for VLAN100

 

[alastairstevenson]

I can access the Hikvision and the server(both on VLAN 100) from any device on the home network.

That has me wondering what the purpose of the VLAN is, unless I've missed something.

 

[ispookie666]

Good point. I was messing around and trying to see if VLAN would help me segregate things and it has to an extent.
I hope I wont have to remove the VLAN, saving to the network drive from Hikvision was a pain to setup!

 

[samplenhold]

You have segregated the LAN into two separate virtual LANs. The one LAN that has the cam on it has no connection to the LAN that has internet connection. That is the whole purpose of segregating the LAN.

You will not be able to access the cam directly from the internet. The way around that is to access the video on the recording server through the internet. That requires you to place the server on BOTH VLANs.

 

[alastairstevenson]

The one LAN that has the cam on it has no connection to the LAN that has internet connection.

Unless I've misread this,

I can access the Hikvision and the server(both on VLAN 100) from any device on the home network.

it suggests there is no segregation between the LANs.

 

[ispookie666]

From my home network, I'm able to ping the devices in the VLAN100
The devices in VLAN 100, can access internet.
When I use IP scanner on home network, it cannot find the VLAN 100 devices. I have routing enabled on the L3 switch and the same for the Asus router.
Think I have reached the limit of my capabilities, the options would be to remove the VLAN 100 or setup dynamic DNS.

Sent from my XQ-AS52 using Tapatalk

 

[DG99]

If you want Vlan's you need a router that has Vlan capabilities, it does not matter that you have setup L3 on the switch, it still needs to be routed to something and the Asus does not support Vlan tagging, You would be better off using 2 nics setup

 

[catcamstar]

Some of the Asus RT-XX routers do support vlans, but you have to read the small prints on the Rmerlin forum (Home | Asuswrt-Merlin): my last Asus did have 2 networking chips, one for the hard wired and one for the wifi "wired" connections. One did support vlans, the other not. Even entering the correct commands, this thing didn't fly. In the end, I added an Ubiquity who has everything I needed. Edgerouter X costs almost nothing.

 

[alastairstevenson]

With the proviso that I haven't checked the specs for the switch - if it is a L3 switch, it will have a routing interface that will define access rules between subnets.
That's what layer 3 is, after all.

 

[catcamstar]

Also mind the gap: a L3 switch càn do routing (but at poor performance), where-as a router (like an Edgerouter) is good in routing, however they often fail in "switching". Look for terms like "switch-offload".

 

[OICU2]

Can you create a static route on the router from your OpenVPN subnet to your camera subnet?

 

[ispookie666]

The switch is Cisco SG500-28P, it does inter vlan routing.
I have specified the routes on the router. I'll probably add the specific path to the camera and see.

Sent from my XQ-AS52 using Tapatalk

 

[DG99]

Yes the cisco can do inter routing, but your Asus router will not know anything about the vlan to pass to the switch from WAN or VPN

 

[The Automation Guy]

You also have to specify which network addresses/segments will be available over the VPN tunnel. It's possible that the software defaults to the network segment that the router is on and doesn't allow you to specify any other segments - or perhaps they do and you just haven't specified what other segments should be allowed to be accessed over the VPN tunnel