VPN noob looking for clarification/help

M

msquared

Pulling my weight
Oct 15, 2016
164
125
I've read assorted links, web pages, wiki, etc, but I hope forum members are gracious enough to offer more information so I am clear on what I need for what I want to accomplish.

When I am away from home, I access my cameras thru my phone thru the LTE connection.

I am already aware that my current method of accessing my Blue Iris server via port forwarding is at risk, so I started reading about how to set up OpenVPN,

I understand the concept of using OpenVPN to set up my Asus router as the server, and my phone gets a certficate for the client, and I can access my Blue Iris server at home thru a tunnel. This does not cost anything.

Where I am losing my train of thought, is that in a month, I have to go on a business trip. On this trip I was planning to use my phone to again access to my cameras on the Blue Iris pc...BUT my plan was also use this phone to provide a hotspot for my laptop, so I can do online gaming, view my cameras, Teamviewer into my home PC's if needed.

This is all under the general assumption that an LTE connection is more secure than any wifi other than my own.

So as I started reading about the VPN and trying to decide what was best to fit my needs, I did a test. I turned on the hotspot on my phone, and the connection speed was horrible. I realized that I have no guarantee of connection quality when I am on this trip. So that's when I had another realization that I will probably have to use the hotel wifi to connect to the internet.

If I want a secure connection to the internet, I would need a VPN service, since I have expanded what I want to to beyond just creating a tunnel to see my cameras from my phone.

So if I understand correctly, now instead of creating an OpenVPN server on my router, and accessing with an OpenVPN client on my phone, I need a VPN service, and my home router, phone, laptop are all clients, that connect to the VPN servers.

Since I will be needing to use the hotel wifi, and wanting a secure connection, wouldn't subscribing to a VPN service supercede setting up my router as a VPN server, since all my devices will be considered clients?

As my devices will be clients, with the VPN being the server, will I still be able to access my cameras and home network?

I want a secure connection to my cameras and home network, using a hotel wifi.
 
I am curious as to this question as well. I was at a location with spotty cell service but had a unsecured guest network available. Even if I’m using a vpn to get into my network the host still gets the IP of the network I’m connecting to?
 
If I have interpreted correctly what I have read so far, the VPN service being used has to know where to send the traffic to, but the traffic should be encrypted. I am just unsure of the relationship between the VPN service and being able to access my cameras. So I was hoping someone who has put this into actual practice could share a success story or pitfalls of my original post questions.
 
If you can access your cameras via WiFi on the home network, with openvpn you access them the same exact way. With open VPN you are on your home network.
 
  • Like
Reactions: msquared
Thank you sir. And this would be applicable if I have a VPN service so I can use the hotel wifi safely, rather than only my router as server and phone as client?
 
The 'VPN Service' is just a mechanism to funnel your outbound traffic via a 3rd party's services, yeah it'll be encrypted traffic, but won't help you get into your 'home' network without your OpenVPN configuration. Subscribing to a VPN service has nothing to do with getting into your 'home' network.

You'll sill need the OpenVPN client and certificates in place on your end device that you're wanting to 'see' your cameras on, as they're the bits that will allow you to get inside without any port forwarding.
 
  • Like
Reactions: msquared
So each device of my devices (Blue Iris server pc/phone/etc) would be a client, each needing a certificate to be accessible (gate/key analogy), using the VPN service as the encrypted tunnel between them?
And my laptop, also a client, with a certificate, can use a VPN service to securely use hotel wifi?
I'm trying to fully understand, so I know before I take any action or spend any money, so I can fully test what I do to be sure everything works before I will be away from home.
 
No, the VPN allows access to remote devices, that have the proper security credentials, to access your local network. When you use the VPN to access from outside, anywhere, whether through a hotspot, guest WiFI or cell connection, the VPN allows your remote device onto your local network as if you were plugged into the swiitch at your home or connected by your home WiFi. That means you an access every device on your network exactly the same way that you do when you're home, IE IP addresses will need to be the same as when you are home. The beauty of it is that all the communications, both directions to and from the network to the remote device, are encrypted with pretty robust encryption.
 
  • Like
Reactions: msquared, CCTVCam and Riclyo
My general VPN post
There are two types of VPN, do not get them confused.

The type depends on where the traffic conversation originates

1) origination: local home network, destination the internet.
This type of VPN purpose to hides your activity from the internet, it is outbound, it normally costs a monthly fee to use. Direction is from your home PC to the internet, going to your bank, google, porn sites,,,, this not what you want

2) Origination: the internet world wide web, destination: your home network
This VPN type is used to provide a secure connection onto your local network, in bound to you local home network, from your office computer, your cell phone in your car, tablet at the coffee shop.. This is what you want, it does not have a monthly fee and is normally completely free. OpenVPN is this type of VPN.
If you home internet provider is a cellular network, then DDNS (dynamic Domain Name System) may not work, the DDNS is needed for most Inbound VPN services (OpenVpn), so OpenVPN may not work for you.


msquared
what VPN are you talking about ?
 
I have Spectrum internet at home, with an Asus router. Because I am becoming more unsure if I have presented my topic correctly, let me ask to the forum how I asked to myself.

I have to go on a business trip. I was going to use my cell phone as a hot spot for internet service, including online gaming and remote viewing of my cameras on Blue Iris server. I did a test with my laptop connected to the hotspot, and it was abysmal. Since I have no guarantee of connection quality when I travel, I will probably have to rely on the hotel wifi.

What do I need in place to securely use the hotel wifi to securely use the internet, online gaming, and remove viewing of my cameras?
 
When you are using the phone as a hotspot. For the laptop to play games. The openvpn is turned off. use the openvpn on to access the cameras.
 
Same scenario, but remove the option of using the phone for anything and replace with hotel/public wifi? I'm simulating a worst case scenario, where the connection quality is so bad that using the phone as a hotspot isn't realistic.
 
OpenVPN is not used for gameplaying. OpenVPN is used to access your home network to view the cameras. You can place OpenVPN client on your phone or laptop. I will work over a cell network or over a remote Wifi if you have enough bandwidth.
 
Therefore setup my Asus router as OpenVPN server, laptop as client with certificate. Use the hotel wifi for online gaming, no VPN. When I want to connect to my cameras, initiate OpenVPN from my client laptop to my Asus router server.
Do I have this correct so far?
 
  • Like
Reactions: CCTVCam
msquared said:
Therefore setup my Asus router as OpenVPN server, laptop as client with certificate. Use the hotel wifi for online gaming, no VPN. When I want to connect to my cameras, initiate OpenVPN from my client laptop to my Asus router server.
Do I have this correct so far?
Click to expand...
You do not need a paid VPN service of any sort.
Setup OPNVPN server on an Asus router such as this one: See router here.
In the router, you will see this option in the openvpn setup. "Client will use VPN to access".
The default is LAN only. Instead choose Both.
Now when you connect while away from home to the vpn, this gives your client vpn access to the internet, through your home ISP.
So, when you are on a hotel WiFi, your connect is secure from the computer to your router at home.
Note, some public WIFi systems block VPN. Your mileage may vary.
1581971229483.png
 
As an Amazon Associate IPCamTalk earns from qualifying purchases.
  • Like
Reactions: Hammerhead786, msquared and sebastiantombs
Interesting....I actually use my home ISP thru the VPN, so everything I do will be like I am at home. I understand this better now, and anxious to test. Thank you everyone!
 
It's a matter of where the OpenVPN server is running...

If the ASUS router is the server, then using an OpenVPN client to create a tunnel you are, in effect, a client on you home network. Full access to all local systems, devices, etc. You can connect to any local device as well as re-enter the WWW to surf the net.

Depending on the speed when you enter the WWW, hotel Wi-Fi, Cellular, or Cellular Wi-Fi, the connection via WWW to you home (ISP download), and back to your client (ISP upload) you may have a great, good, fair, or bad "browsing" experience.

If on the other hand, the home PC serving BI is your OpenVPN server you have access only to BI's web pages; i.e. cameras which are being webcast. Same connectivity restrictions/performance applies.

Current ASUS routers have support for DDNS, you have a pick of several providers, to use a name rather then specific ISP IP address of your router.

===
OBTW

Some hotels, and other Wi-Fi hotspots, are getting more controlling of which ports are enabled/blocked. Free Wi-Fi will have the most ports blocked, while business (paid) Wi-Fi will have fewer blocked. What this means is that a VPN may or may not work as their required port(s) are being blocked.


1581984291699.png
 
  • Like
Reactions: msquared and sebastiantombs
Riclyo said:
I am curious as to this question as well. I was at a location with spotty cell service but had a unsecured guest network available. Even if I’m using a vpn to get into my network the host still gets the IP of the network I’m connecting to?
Click to expand...

Correct.

The destination address will be known, but all data exchanged will be encrypted.

Everyone's modem/router connected to the WWW has its IP address readily available; tons of programs that will ping/poke/prod/track IP addresses with an attempt to identify who/what is connected. (hence why it is important not to open ports or enable a DMZ address)


This is were a paid VPN service would come into play. Using the paid service's client you would connect to their network (their IP Address) and pop out of their network at a different location than where you entered (typically). The destination address is not encrypted, rather it is simply "lost" in the crowd and unlikely to be associated with how/where you entered the VPN provider's network.
 
  • Like
Reactions: msquared
That's a great diagram! Thank you!

So if the hotel wifi has these ports blocked, then this VPN plan would not work?

What is the Home PC "Stunnel"?

I was going to set up OpenVPN on my Asus router, setup OpenVPN client on my laptop. Then when on hotel wifi, after signing in to portal page, open and connect on laptop using OpenVPN client software. That creates a secure tunnel to my router, therefore my network, where I can enter the LAN (local) IP of my BI server, which will open the UI3 interface.

All of my online activity goes thru this tunnel, over the hotel wifi, to my router, then out to the WWW thru my ISP, so I can do online gaming, Netflix, see my cameras, etc. and it all looks like coming from my own home network.

I've had the same IP from ISP for as long as I've had service with them, so I am classifying my IP changing as low risk. I prioritized creating a secure connection when using wifi that isn't my own. I'm not as worried about anonymity as I am things like man-in-the-middle atttacks or access point spoofing capturing passwords and such.
 
msquared said:
All of my online activity goes thru this tunnel, over the hotel wifi, to my router, then out to the WWW thru my ISP, so I can do online gaming, Netflix, see my cameras, etc. and it all looks like coming from my own home network.
Click to expand...
That might not be strictly correct. I'm not familiar with the setup on the Asus. There are options to either pass all traffic, or some traffic back your OpenVPN server. Think the option of 'Both' on the screenshot above might indicate that.

With my setup, I've 'published' the network, (subnet), which the OpenVPN will service, so all other activity on the interwebs goes direct, but any activity directed to my home network would be picked up by the OpenVPN client and funneled over to my router.

Another thing to be aware of is if you have the latter configured, as per my setup, if the hotel's WiFi uses the same network range as your home network, then your OpenVPN client will think its at home and not intervene; so your PC will try going direct thinking that your BI sever is on the hotel's network where it'll obviously fail.

Hope I haven't added any confusion.
 
You must log in or register to reply here.
Top Bottom