Wanted to add to my post below, from what I read in the forum that "port forwarding" is not recommended so I have that off (see screen shots below and let me know if anything might need adjusted, remember, I am new at IP cameras and vpn stuff)
Most of that looks as it should but you'll need to turn OpenVPN on. That's your VPN server. Can't see how that's set from your pic.
UPnP should be turned off at the router. That will prevent anything like your cams from forcing things open on their own. You should turn it off on the devices as well but some don't necessarily follow what you set so killing it at the router makes sure. Also turn off any P2P-type functions in the cams (unless you're using it) to keep things from 'phoning home.' Again, some try to even when you've turned such things off on the cam.
Port Forwarding should be off as you have it unless you have some specific need. Coming in via VPN typically not. Also check that Port Trigger and DMZ are turned off.
You can use the Asus DDNS instead of No-IP. Either works. No-IP will work in some cases where the Asus DDNS doesn't (double NAT behind another router) but otherwise basically the same.
Under Administration > System, make sure that "Enable Web access from WAN" is turned off (permits remote access to the same pages that you're looking at). Also check that telnet is turned off. You can flip it on/off as you need it.
Under IPv6 set that to disabled unless you have some reason to enable it.
Under Firewall, it should be set on. DDOS doesn't matter much but generally I'll leave that turned on. Respond to ICMP doesn't matter much but generally I turn it off just so that there' s not an immediate ping picked up by port scanners. Harder scans still will pick up that there's something there.
Separate consideration but under Wireless make sure that WPS is set to off.
Depending on how you're set up, some other things that you can do to harden it a little more and you also can block Internet access for specific devices, either erase or plug with nonsense values the gateway and DNS server settings on the devices, set up VLANs, etc., to keep things segregated and from getting in/out but that's kind of a next step. Get the basics working first.