VPN Primer for Noobs

[rnatalli]

What, no Tomato on the poll list?

 

[nayr]

What, no Tomato on the poll list?

Tomato would be a WRT Flashed Router, just like DDWRT, OpenWRT, FreeWRT, HyperWRT, XWrt, etc..

 

[rnatalli]

Tomato would be a WRT Flashed Router, just like DDWRT, OpenWRT, FreeWRT, HyperWRT, XWrt, etc..

Doh! I thought I read DD-WRT.

 

[mmdb]

With the VPN enabled, you should be able to connect to your NVR and cameras using their local IPs, i.e. 192.168.x.x or similar when you're at work. I'm not sure what you mean by "turn on nvr to router". You can connect it to your local network, but you should still not forward any ports, all access happen through the VPN where you connect your VPN and then connect to your NVR as if you were on the local network.

No need to turn on "Direct clients to redirect Internet Traffic" for this.

thx cb8...what i meant to say by (turn on nvr to router) i still heaven t plugged nvr cable to router ,because i want to make sure i got all the settings correct ,ive only plug it for half hour to see if it works

 

[bug99]

After VPN is up and working, what is the best way to configure the ASUS (or other) router or camera or both to prevent it from talking out to the internet (making a connection)? Some of the things that come to mind are setting up firewall rules for IP ranges and ports, and changing the gateway on the cameras themselves. I am concerned that the low end router might not allow for more than a small number of line entries to block.

 

[Cupofschmoe]

Do you have a vlan set up for your cameras? I imagine if your router or switch has the capability you can control traffic by ip or subnet.

For VPN server, is using a RPi3 fast enough for video streaming? I see that it has a fast ethernet port. I have an old dlink router(dir-850L) that is not compatible for VPN use. I'm trying to see if it's cost effective to either get a new router with enough power and bandwidth vs using the RPi3 with old router.

 

[bug99]

I use the RPi3 on one of my networks attached to an Ubiquity edge router light for OVPN support. It works fairly well so far, even without a GE port or a dedicated SSL processor, although i so far have only pushed three 5Mb feeds through it at once. I am expecting Ubiquty to eventually add the OpenVPN config to the GUI vs dealing with the CLI, and will move to that implementation if done soon.

I only use VLAN for my demo network, not my camera network so far. I personally see little value in VLANS today as they basically just shrink broadcast domains in the network, making requests across VLANS go through the router default routes. With small networks (<254 devices class C) and modern switches, i just don't see the point.

 

[CaliGirl]

How do you got about checking the speed of the remote VPN site via you computer when on the VPN? When I run a speed test while connected it shows much higher then what I know my remote site is capable of, thus it must be testing the speed of my local internet connection. Thanks, trying to determine where my bottle neck is sometimes.

 

[Cupofschmoe]

There's a program called Iperf that you could try. Personally I would send a compressed file across the VPN and off it and see. Also look at the taskbar network usage too.

This is per Google fu

 

[CaliGirl]

I don't have a computer on the other end to send a file. Just an NVR. Can someone interpret these numbers for me to mb/s and whether this is poor, fair or good?

main stream (very very choppy playback)

sub stream (fairly choppy playback but can see motion)


Asus Router running Open VPN with main stream:

SubStream Feed and Asus:

 

[cb8]

Do you have a vlan set up for your cameras? I imagine if your router or switch has the capability you can control traffic by ip or subnet.

For VPN server, is using a RPi3 fast enough for video streaming? I see that it has a fast ethernet port. I have an old dlink router(dir-850L) that is not compatible for VPN use. I'm trying to see if it's cost effective to either get a new router with enough power and bandwidth vs using the RPi3 with old router.

Yes, a RPi3 is plenty fast for OpenVPN. With my current config, using UDP with AES-256-CBC for the cipher and TLS auth enabled, I can push it to 50 Mbits per second for a single VPN connection at which point it maxes out one of the CPU cores on the RPi3 while the remaining three are idle.

 

[Cupofschmoe]

I don't have a computer on the other end to send a file. Just an NVR. Can someone interpret these numbers for me to mb/s and whether this is poor, fair or good?

main stream (very very choppy playback)

sub stream (fairly choppy playback but can see motion)

Asus Router running Open VPN with main stream:

SubStream Feed and Asus:

Disclaimer: I'm still new to networking and ip cam setup so it may not make sense.

Generally you want to get a baseline without VPN running to see what you're starting with. Then run the same configuration with open VPN enabled.

Not sure, but you're showing two different screen shots-- main stream and sub which are operating at different bit rates and resolutions. Main stream is pushing a larger file vs a smaller file in the sub stream which explains your choppy playback. I do not know what your video recording settings are set at and I'm still new to this so take it with a grain of salt.

Larger file takes more time to encrypt. Also have you checked your latency between sites? Long latencies may contribute to your playback/stream issues.

 

[Cupofschmoe]

Yes, a RPi3 is plenty fast for OpenVPN. With my current config, using UDP with AES-256-CBC for the cipher and TLS auth enabled, I can push it to 50 Mbits per second for a single VPN connection at which point it maxes out one of the CPU cores on the RPi3 while the remaining three are idle.

That is good to know. It would be nice if OpenVPN could utilize multicore. Using the RPi3 would should free up overhead from the router. Should I connect the RPi3 to the router or the switch or does it not matter?

Planned setup is
cable modem > WiFi router
smart switch > unmanaged poe switch

 

[CaliGirl]

Ok, googling how to do this. I don't have access to the remote site other then through the VPN.

I included two sets of screen shots. One pushing main stream and one to push sub stream. Because I wanted to know the difference in how hard it makes the VPN connection work. I don't know how to check latency, googling how to do that as well...

Right now, when I run a speed test and I am connected trough my VPN, I get the same results as if that VPN is not running. How do you know that ALL THE DATA is going over the VPN and not just some>?

 

[Cupofschmoe]

Right now you are just measuring your platform's connection speed that you are on which is not what you are trying to find out regarding your remote site's connectivity latency.
You could try Pinging your remote site and see how long it takes to get a response back and compare it to your ping/response time you got with speed test. This should show you if you have a networking issue.

Test Network Connection with Ping and PathPing

I've seen people on here link the bandwidth calculator to figure out the theoretical amount being used/transmitted and then you can compare that number with what you are receiving from your streams.
Your NVR has a fast Ethernet port so it'll max out at theoretical 100 Mb/s

If it's a hardware issue, it could be that the stream is producing too large of a file for the server to process fast enough for you to stream it live hence the choppy playback.

 

[Cupofschmoe]

Some other quick reads for you

Optimize Connections With a VPN Speed Test
How To Run A VPN Speed Test (Check your Speed) - VPN Freaks

 

[DavidDavid]

Should you be able to remotely ssh into the device that is running your VPN server?

Situation: I tried using JuiceSSH on my phone (from work while connected to my VPN) to access my NAS which is running my VPN server, but it flat out isn't working.

I can access the files on my NAS just fine with their app, and I ssh into my raspberry pi from my phone and can ping the NAS from that no problem.

Im wondering if there's an issue with what im trying to do or if something is screwed up.

Thanks

 

[looney2ns]

Ok, googling how to do this. I don't have access to the remote site other then through the VPN.

I included two sets of screen shots. One pushing main stream and one to push sub stream. Because I wanted to know the difference in how hard it makes the VPN connection work. I don't know how to check latency, googling how to do that as well...

Right now, when I run a speed test and I am connected trough my VPN, I get the same results as if that VPN is not running. How do you know that ALL THE DATA is going over the VPN and not just some>?

@CaliGirl I assume the capability exists for you to download a video file from your NVR at the remote site to your home?
Do that, if so and measure the download speed.
Data rate units - Wikipedia

 

[Cupofschmoe]

Should you be able to remotely ssh into the device that is running your VPN server?

Situation: I tried using JuiceSSH on my phone (from work while connected to my VPN) to access my NAS which is running my VPN server, but it flat out isn't working.

I can access the files on my NAS just fine with their app, and I ssh into my raspberry pi from my phone and can ping the NAS from that no problem.

Im wondering if there's an issue with what im trying to do or if something is screwed up.

Thanks

SSH port forwarding

 

[DavidDavid]

SSH port forwarding

Most of that is jibberish to me, but I'll take that as a no... As its set up right now i can't do it.

And i cant because when i VPN in, my phone given an ip address on the nas that's different from my home ip address range and hopefully (already ran into this once at an airport) not in the ip address of whatever wifi network I'm physically on.

I couldn't realistically explain that to someone... And i certainly don't care enough to bother doing something about it to make it work, but thank you for that link. I couldn't even string together enough words to successfully Google search that problem haha.