VPN Primer for Noobs
- Thread starter nayr
- Start date
it! Very easy to setup the openvpn...mbmango
n3wb
I tried a DDWRT-flashed R6400, but the range was disappointing with stock fw config. I then tried the Asus AC66U and it had good enough range and the OpenVPN configuration was simple enough to setup, with enough room to grow into for a noob like me.
A question for those using vpn, nvr, and are 'blocking your cameras' (firewall rules or vlan to isolate them from wan). How do you get your event notifications?
...open up smtp for the nvr? I hope that isn't the only way. I suppose blueiris can do this securely, but I was hoping to go with an 'isolated nvr' approach. I am curious what options ppl here are using.
I currently use custom rules on my router for other devices; they could be easily applied to cams+nvr. My mind remains open while I plan out my cams. I may get an L3 managed poe switch to play with. My kids are getting older, they need more network stuffs, and they have smarter friends hanging out (ie, need vlans soon). So I'm all ears to advice along those lines as well.
On a side note: Is anyone else here using the new tls-crypt method with openvpn? I am and it is the bomb. My 30/30mb connection yields 28/28mb with sha512/4kbit certs and keys, AND it is more secure than tls-auth methods (when configured properly). Did I mention that is with an ancient n66u?
Kev
...open up smtp for the nvr? I hope that isn't the only way. I suppose blueiris can do this securely, but I was hoping to go with an 'isolated nvr' approach. I am curious what options ppl here are using.
I currently use custom rules on my router for other devices; they could be easily applied to cams+nvr. My mind remains open while I plan out my cams. I may get an L3 managed poe switch to play with. My kids are getting older, they need more network stuffs, and they have smarter friends hanging out (ie, need vlans soon). So I'm all ears to advice along those lines as well.
On a side note: Is anyone else here using the new tls-crypt method with openvpn? I am and it is the bomb. My 30/30mb connection yields 28/28mb with sha512/4kbit certs and keys, AND it is more secure than tls-auth methods (when configured properly). Did I mention that is with an ancient n66u?
Kev
DavidDavid
Getting comfortable
My phone is connected to my VPN 100% of the time that I'm away from home. That's how I get the notifications.
That is until they stopped working all together....
https://ipcamtalk.com/threads/idmss-push-notifications-failed
That is until they stopped working all together....
https://ipcamtalk.com/threads/idmss-push-notifications-failed
Just getting to this as I have 7 Hik's on 5.3.33 (or thereabouts) hooked up to a Hik NVR but port forwarded. Just want to confirm I have this right. I'm using a Netgear R7000 router running Xwrt-Vortex firmware (essentially Asus firmware). Assume I remove the port forwarding rules after setting up the OpenVPN server in the router's firmware (using the video and other comments on page 3 of this thread)?
Then presumably have to change how my iVMS-4500 phone app connects to view my cameras remotely.
Then presumably have to change how my iVMS-4500 phone app connects to view my cameras remotely.
Yes you should disable port forwards after the vpn is setup.
You shouldn't have to do anything else. Just connect your remote device via vpn, and it should act as if it is at home on your lan. The only caveat is you need to make sure your cam app isn't blocked by the vpn client app you use (openvpn doesn't block any apps by default).
It's super easy and convenient using asus style firmware (I use merlin). Slightly ot... once your vpn is going you might want to look into ad blocking and ipset scripts for your router. With those you can have more security than stock, and no ads in any apps everywhere you go (at the coffee shop connected through vpn for example).
Kev
You shouldn't have to do anything else. Just connect your remote device via vpn, and it should act as if it is at home on your lan. The only caveat is you need to make sure your cam app isn't blocked by the vpn client app you use (openvpn doesn't block any apps by default).
It's super easy and convenient using asus style firmware (I use merlin). Slightly ot... once your vpn is going you might want to look into ad blocking and ipset scripts for your router. With those you can have more security than stock, and no ads in any apps everywhere you go (at the coffee shop connected through vpn for example).
Kev
Thx...will see if I can get around to setting it up tonight or tomorrow. Then also look into how the heck to update the firmware on my Hik DS-2CD2142-FWD-IS. Have one that I can experiment on since I haven't installed it yet and not overly concerned if I brick it since I need to buy a couple cams with much better low light capabilities.
DavidDavid
Getting comfortable
Good call about whole network ad blocking. I run Pi-hole®: A black hole for Internet advertisements on my Raspberry PI at home and it blocks all ads at home computers and also on my phone when connected.
(my VPN isn't on the PI.... pihole will work just as long as you have any Raspberry pi at home)
(my VPN isn't on the PI.... pihole will work just as long as you have any Raspberry pi at home)
Pbc, I also should mention that some vpn client setups may have problems with Wi-Fi tethering. For example my non rooted android won't allow tethered devices to connect through a vpn. I can still use tethering, but I had to figure out what subnet my tethering used and 'exclude' it from the vpn.
David, yeah pihole is the shizzle! I use their test page to test my setup. I may add a pi-hole setup if my aging router starts to bog down.
Kev
David, yeah pihole is the shizzle! I use their test page to test my setup. I may add a pi-hole setup if my aging router starts to bog down.
Kev
Well, that was simple enough, seems to be working fine (used this tutorial... Randy : OpenVPN on a Asus router). So on my phones, I need to run OpenVPN and keep it running all the time, or open it just before opening iVMS-4500? I'm okay with it, more an issue of training my wife if that's the case.
Interested in the ad-blocking, looks like I have to have a permanent USB though on my router to use say ab-solution.
Interested in the ad-blocking, looks like I have to have a permanent USB though on my router to use say ab-solution.
looney2ns
IPCT Contributor
Okay, seems to be an issue. If I disable wifi on my phone, launch OpenVPN and then iVMS-4500, I have setup a device that uses my internal IP address, user name and password and can view my cameras just fine.
However, I can't seem to use iVMS-4500 when I'm actually connected via wifi? Get a timeout error.
However, I can't seem to use iVMS-4500 when I'm actually connected via wifi? Get a timeout error.
When you are at home connected to your WiFi, you can turn off your vpn client to save a little battery (the client does use a little more juice than 'o natural). However you it isn't required... everything will work the same if you just turn on the vpn and forget it (other than the battery drain). For me the battery thing isn't much an issue, but might be for older or abused phones with tired batteries.
Yeah ab-solution requires entware, which means you will need a permanent usb stick. I use a cheapo 4gb, but the setup requires next to nothing (<1MB iirc?). Most ppl have spare usb sticks collecting dust in a catch all drawer or something. I guess if your router is prominently displayed in a finely furnished room the usb requirement might be an issue... but there are some sehksee sticks available lol. Beware, you'll have to format it to ext2 before using it for entware (requires linux, or a suitable 'partition manager' program on win... free programs are available).
To keep this thread on topic... I suggest posting questions at snbforums... that's where merlin and the rest of the extremely helpful asus gang hang out.
Kev
Yeah ab-solution requires entware, which means you will need a permanent usb stick. I use a cheapo 4gb, but the setup requires next to nothing (<1MB iirc?). Most ppl have spare usb sticks collecting dust in a catch all drawer or something. I guess if your router is prominently displayed in a finely furnished room the usb requirement might be an issue... but there are some sehksee sticks available lol. Beware, you'll have to format it to ext2 before using it for entware (requires linux, or a suitable 'partition manager' program on win... free programs are available).
To keep this thread on topic... I suggest posting questions at snbforums... that's where merlin and the rest of the extremely helpful asus gang hang out.
Kev
Last edited:
That's the issue. I'm at home, and if I have OpenVPN running and my phone is not connected to wifi, iVMS-4500 works properly. I've setup a device using IP/Domain with my internal IP address (192.168.1.XX). However, if I disconnect from OpenVPN, then connect my phone to my home wifi, iVMS-4500 no longer works and I get a timeout error.
... and on my wife's phone, neither setup works. Wifi or externally. Exact same settings as my phone (only diff is her phone is a Galaxy S6, mine is an S8). Live view in iVMS-4500 just keeps hanging on her phone. OpenVPN seems to imply it's connected.
Knew it seemed too easy!
Knew it seemed too easy!
Occasionally when I get home and the phone connects to Wi-Fi while vpn is on, I have to cycle my phone Wi-Fi and when it reconnects it is fine. Not sure but I think it has to do with the routes on my phone getting misconfigured.
Also, software firewalls can create issues transitioning from mobile apn to Wi-Fi and vs versa, since the client lan ip changes (ex, 10.8.0.10 through vpn, and 192.168.54.10 through wifi). Not sure about your exact setup, but for example samba through vpn gets blocked by default windows 10 firewall settings.
Also, software firewalls can create issues transitioning from mobile apn to Wi-Fi and vs versa, since the client lan ip changes (ex, 10.8.0.10 through vpn, and 192.168.54.10 through wifi). Not sure about your exact setup, but for example samba through vpn gets blocked by default windows 10 firewall settings.
Silas
Pulling my weight
[QUOTE="pbc, post: 209869, member: 702"
Then presumably have to change how my iVMS-4500 phone app connects to view my cameras remotely.[/QUOTE]
Just use the local ip settings on Device
Then presumably have to change how my iVMS-4500 phone app connects to view my cameras remotely.[/QUOTE]
Just use the local ip settings on Device
Yes, have done that per my note above. Setup a local ip on both phones. My S8 is now working fine.
My Galaxy S6 however, will not work on iVMS-4500. OpenVPN connects just fine. On the iVMS-4500 I performed the exact same device setup, when I save the device it recognizes that I have 7 cameras so no issues with IP address or password.
However, when I click on Live View, I get the spinning circle for about a minute, then eventually an "error 8200" code shows up.
Have tried reinstalling iVMS-4500 on that particular phone, didn't work.
Another thing I've seen is to disable "video encryption" on the NVR, but I don't see that option anywhere on my Hik 7616. Plus, it's odd that it works on one phone, and not the other?
Kind of useless if I can't use the phone app to view. Maybe I'll try another app in the mean time like TinyCam, but would like to get this to work somehow on iVMS-4500 as I find that app to be the best to simply view cameras live.
My Galaxy S6 however, will not work on iVMS-4500. OpenVPN connects just fine. On the iVMS-4500 I performed the exact same device setup, when I save the device it recognizes that I have 7 cameras so no issues with IP address or password.
However, when I click on Live View, I get the spinning circle for about a minute, then eventually an "error 8200" code shows up.
Have tried reinstalling iVMS-4500 on that particular phone, didn't work.
Another thing I've seen is to disable "video encryption" on the NVR, but I don't see that option anywhere on my Hik 7616. Plus, it's odd that it works on one phone, and not the other?
Kind of useless if I can't use the phone app to view. Maybe I'll try another app in the mean time like TinyCam, but would like to get this to work somehow on iVMS-4500 as I find that app to be the best to simply view cameras live.
Yes, have done that per my note above. Setup a local ip on both phones. My S8 is now working fine.
My Galaxy S6 however, will not work on iVMS-4500. OpenVPN connects just fine. On the iVMS-4500 I performed the exact same device setup, when I save the device it recognizes that I have 7 cameras so no issues with IP address or password.
However, when I click on Live View, I get the spinning circle for about a minute, then eventually an "error 8200" code shows up.
Have tried reinstalling iVMS-4500 on that particular phone, didn't work.
Another thing I've seen is to disable "video encryption" on the NVR, but I don't see that option anywhere on my Hik 7616. Plus, it's odd that it works on one phone, and not the other?
Kind of useless if I can't use the phone app to view. Maybe I'll try another app in the mean time like TinyCam, but would like to get this to work somehow on iVMS-4500 as I find that app to be the best to simply view cameras live.
Edit: Found the video encryption setting in the NVR, it was already disabled so that's not causing the 8200 error on my wife's phone.
My Galaxy S6 however, will not work on iVMS-4500. OpenVPN connects just fine. On the iVMS-4500 I performed the exact same device setup, when I save the device it recognizes that I have 7 cameras so no issues with IP address or password.
However, when I click on Live View, I get the spinning circle for about a minute, then eventually an "error 8200" code shows up.
Have tried reinstalling iVMS-4500 on that particular phone, didn't work.
Another thing I've seen is to disable "video encryption" on the NVR, but I don't see that option anywhere on my Hik 7616. Plus, it's odd that it works on one phone, and not the other?
Kind of useless if I can't use the phone app to view. Maybe I'll try another app in the mean time like TinyCam, but would like to get this to work somehow on iVMS-4500 as I find that app to be the best to simply view cameras live.
Edit: Found the video encryption setting in the NVR, it was already disabled so that's not causing the 8200 error on my wife's phone.
Last edited: