Getting the hang of it
- Dec 18, 2020
- Reaction score
- United States
This made a lot of sense! Thank you. Site to Site VPN's could be established with ASUS routers VPN options and then a local VPN server could be PiVPN?I agree with Biggen and user8963 about the use of "site to site" VPN tunnels.
There are two steps that you need to do to make this as easy as possible for your users. First, establish "site to site" VPN tunnels from your house (VPN server running on a router/firewall) to the other locations you have cameras at (VPN client running on a router/firewall at each site). This will allow you from your house to "see" any device connected at any of the sites (home or remote sites). These tunnels will be operational 24/7. Once they are set up, there is nothing that needs to be logged into or changed or maintained. As long as you have internet at the sites, the sites will be connected. If you lose internet at either end, the connection will automatically come back online whenever the internet service is restored. I've done this between my parents house and my house and it works great. (We use it to be able to backup important data "offsite" by sending the backups to the other location through the tunnel. The "offsite" storage locations simply appear as networked drives available on both networks).
Second, you need to set up another VPN server at you home that will be used for people to connect to while away from the house to view devices on the network, Keep in mind that devices at the remote sites will appear as regular devices on the home network because of the site to site tunnels, so you will be able to view everything at the remote site as if it was a device on the home network. This is how you can get away with using just one VPN setup for people to be able to log into your home network and view devices at all the remote sites too.
The only potential downside to this setup is that it requires internet to be working at all the locations. If the internet is working at the remote sites, but not at your home, you will loose the ability to view the remote sites. You might want to create "backup" VPN connections (ie have the remote site will run a VPN server on the router in addition to the VPN client) that you can use to connect directly to each remote site while away from home in case this happens. You don't need to let everyone have access to these backup connections (just to cut down on the confusion factor), but you'll know they are there and be able to access them in a situation where the home internet goes down.
Hopefully that makes sense.