Menu
What's new

VPN Primer for Noobs

What VPN Solution are you using?

  • Total voters
    839
MrRalphMan

MrRalphMan

Getting the hang of it
Joined
Jan 20, 2016
Messages
309
Reaction score
72
I know on my VPN Server (Synology NAS Package) that there is an option to allow remote connections to connect to the LAN. I wonder if this is your issue? You're connecting in, but don't have access to the LAN machines.
 
bigredfish

bigredfish

Known around here
Joined
Sep 5, 2016
Messages
17,334
Reaction score
48,402
Location
Floriduh
Appreciate it, but Nope. Its connecting to the LAN. Router shows this and assigns an internal IP. Just in the wrong range... Same device in use for 2 years connecting via Port forwarding from remote. Also tried another PC outside my network that I routinely use to connect to that DVR with, same thing. Its not the device, its the router assigning a different subnet address to anything connecting via OpenVPN than the established 192.168.1.X range..
 
looney2ns

looney2ns

IPCT Contributor
Joined
Sep 25, 2016
Messages
15,609
Reaction score
22,835
Location
Evansville, In. USA
No expert here, but my two cents. In my Asus router's setup for Open VPN, It doles out the IP address in the 10.8.x.x range to the client/phone. This is changeable in the router setup. So, when I connect with my phone, it gives the phone 10.8.0.8 address.

My home network is 192.168.1.x

But the key in my case is that you have to make certain that "Push Lan to Clients" is turned on. Otherwise I get the same situation as you.

Of course wording my be different in your netgear.

This might help: Randy : OpenVPN on a Asus router

VPN.png
 
bigredfish

bigredfish

Known around here
Joined
Sep 5, 2016
Messages
17,334
Reaction score
48,402
Location
Floriduh
Thanks Looney, that makes perfect sense, and same thing @MrRalphMan advised, I just have not yet discovered that magic button on the Netgear 7000.
I will search for it again tonight, perhaps something like that exists in their Genie app vs the direct router web interface...I don't get near the level of detail control you do on the VPN config
 
MrRalphMan

MrRalphMan

Getting the hang of it
Joined
Jan 20, 2016
Messages
309
Reaction score
72
I had a quick look at the manual online, does this section help?

4. Select ADVANCED > Advanced Setup > VPN Service.
The VPN Service page displays.
5. Select the Enable VPN Service check box.
6. Scroll down to the Clients will use this VPN connection to access section, and select the All
sites on the Internet & Home Network radio button.
When you access the Internet with the VPN connection, instead of using a local Internet
service, you use the Internet service from your home network.
7. Click the Apply button.
Your settings are saved.

This is for the Netgear r7000, which I hope is yours.

Sent from my Nexus 10 using Tapatalk
 
Last edited:
looney2ns

looney2ns

IPCT Contributor
Joined
Sep 25, 2016
Messages
15,609
Reaction score
22,835
Location
Evansville, In. USA
MrRalphMan said:
I had a quick look at the manual online, does this section help?

4. Select ADVANCED > Advanced Setup > VPN Service.
The VPN Service page displays.
5. Select the Enable VPN Service check box.
6. Scroll down to the Clients will use this VPN connection to access section, and select the All
sites on the Internet & Home Network radio button.
When you access the Internet with the VPN connection, instead of using a local Internet
service, you use the Internet service from your home network.
7. Click the Apply button.
Your settings are saved.

This is for the Netgear 47000, which I hope is yours.

Sent from my Nexus 10 using Tapatalk
Click to expand...
I just saw the same thing looking at the 7000 faq on Vpn. "May" be the issue.
 
bigredfish

bigredfish

Known around here
Joined
Sep 5, 2016
Messages
17,334
Reaction score
48,402
Location
Floriduh
I did see that, it is one of 3 choices, the other ones being "Home Network Only" and 'Auto" which was the default. I left it on "Auto" assuming someone wayyyyyy smarter than me had figured that out so us IP networking idiots didnt have to ;) I will try that! Thanks for pointing that out.!

By default, the Auto radio button is selected. The Auto option uses an automatic
detection system that enables VPN access only for necessary services and sites
and might not include full Internet access
 
bigredfish

bigredfish

Known around here
Joined
Sep 5, 2016
Messages
17,334
Reaction score
48,402
Location
Floriduh
So It works!

Problem is I'm not sure what I did to make it work :banghead:

I did try a profile with Home Network only, no joy. Then tried a 3rd new profile "All sites on the Internet & Home Network" and still no joy. Same results, connect fine to router but not able to connect to DVR via iDMSS...

So I tried two things:

1- Set subnet mask on the DVR to 255.255.0.0 to encompass the 192.168.254.2 IP that the router was assigning via VPN, rebooted DVR, but that seemed to have no affect so I changed it back - without rebooting... DVR shows the change but I have to wonder if it really took without the reboot?

2- I opened the VPN again and tried to browse the Interwebs with my phones Safari browser..and WAlla! I was surfing the Interwebs via VPN. So I then opened iDMSS again and poof, connected right to the DVR as desired

So either jump starting the DVR did it (Or with no DVR reboot my subnet mask change worked and the DVR just isnt showing it?) OR by first making a connection out via the browser before trying iDMSS somehow woke up something?

I know both sound far fetched, but nothing else changed....

Thanks to all who helped. Wish I had better documentation for the next guy..
 
U

username

Getting the hang of it
Joined
Feb 7, 2016
Messages
116
Reaction score
18
bigredfish said:
So It works!
1- Set subnet mask on the DVR to 255.255.0.0 to encompass the 192.168.254.2 IP that the router was assigning via VPN, rebooted DVR, but that seemed to have no affect so I changed it back - without rebooting... DVR shows the change but I have to wonder if it really took without the reboot?
Click to expand...
Actually, 255.255.255.0 is the correct subnet mask for 192.168.254.2.
And 254 in the 3rd octant means it is a non-routable address, this is a good thing, it means that the address won't advertise itself to the world.

Although my nvr is set to 192.168.1.x, all my cameras are 192.168.254.x with nvr & cameras on subnet 255.255.255.0. I can access the camera's at home over the lan from a browser by pointing the url to 192.168.254.x, I forget exactly what I have in the nvr but presume the same no-routable ip's are entered into the nvr table. I did have to add a specific command to the router so that it would talk to the non-routable ip's

With openvpn, I can access the nvr but not the cameras directly. I have to access the cameras through the nvr software, which on my ipad is iVMS4500. The ip addr handed out to my mobile device is 10.x.x.x depending on which network I wind up connecting through.

So the sum it up, I start openvpn on the iPad, it connects to my firewall/router in seconds (with a 10.x.x.x ip), then I start iVMS4500 on iPad and fiddle around with whatever I'm trying to see.
 
bigredfish

bigredfish

Known around here
Joined
Sep 5, 2016
Messages
17,334
Reaction score
48,402
Location
Floriduh
Thanks for explaining that.

So apparently the "switch" on the Netgear 7000 router to allow OpenVPN enabled devices with a 192.168.254.X address to talk to others on the 192.168.1.X range must be the setting choice "All sites on the Internet & Home Network" on the VPN setup screen
 
MrRalphMan

MrRalphMan

Getting the hang of it
Joined
Jan 20, 2016
Messages
309
Reaction score
72
bigredfish said:
Thanks for explaining that.

So apparently the "switch" on the Netgear 7000 router to allow OpenVPN enabled devices with a 192.168.254.X address to talk to others on the 192.168.1.X range must be the setting choice "All sites on the Internet & Home Network" on the VPN setup screen
Click to expand...
Glad it's working now.

Sent from my ONEPLUS A3003 using Tapatalk
 
T

themow

Young grasshopper
Joined
Sep 4, 2014
Messages
67
Reaction score
7
Hoping to get a bit of advice here. Running a r7000 with advanced tomato. Been at this for 2+ days. All started when my Hik cam's name was changed to HACKED. HA. Been looking for a decent guide but theyre all old. I still followed them all and came up empty handed.
Im Considering flashing the merlin firmware onto my router. Randys guide makes it sound easy.
I have installed openvpn gui on my PC and created a static key 2048 bit.
Not sure how to get

Just realized easy rsa was not installed when I installed openvpn. I will post back after I give this a go. Eating my mistakes one bite at a time
 
Last edited:
Chase

Chase

Getting the hang of it
Joined
Feb 12, 2017
Messages
146
Reaction score
28
Location
Ohio
I have open VPN running on my asus router. I connect and view my cameras fine from my phone away from the house... however I notice when I try to view from someone else's wifi network that it won't let me view the cameras... VPN connects but when I go to idmss to view the cameras it won't open the stream for me.

Any idea why I can't? Is there a setting I need to change somewhere?
 
Silas

Silas

Pulling my weight
Joined
Jan 6, 2017
Messages
328
Reaction score
121
Location
Down Under
Might have something to do with the ip that your given on the wifi ;-)
 
Chase

Chase

Getting the hang of it
Joined
Feb 12, 2017
Messages
146
Reaction score
28
Location
Ohio
I'll add that it's happened on multiple different wifi networks away from my house.
 
You must log in or register to reply here.
Top