VPN Primer for Noobs

What VPN Solution are you using?


  • Total voters
    671

nayr

IPCT Contributor
Joined
Jul 16, 2014
Messages
9,343
Reaction score
5,283
Location
Denver, CO
NVR's sync the cameras times using onvif and not ntp.. if you enable both NTP and configure NVR to set time on cameras they fight each other.

but yeah its possible to setup NVR to sync NTP time and then push it out to all the cameras..
 

RickM

n3wb
Joined
Dec 25, 2016
Messages
2
Reaction score
0
Location
West Central Florida
Loads of good information in the original post in this thread. A lot of folks don't think about network security until after the damage has been done. Thanks for sharing!
 

istreich

Young grasshopper
Joined
Mar 23, 2015
Messages
30
Reaction score
1
Thanks Nayr for these great directions. One thing I can't find though.
I use Blue Iris to connect to my cameras from my iPhone and it is great. Right now via port forwarding, it is immediate.
going forward, I will use a VPN but I don't want any lag when I click on my Blue Iris icon nor do I want to have to open the VPN separately.
I don't believe there is a way to have Blue Iris starting the VPN connection every time you click on it. Correct? If so, would still be a lag but maybe acceptable.
As an alternative and probably better option, I could have an always open VPN on my iPhone but I have not found a way to do this. Any suggestion? Either OpenVPN or L2TP.
THANKS!
 

pal251

Getting comfortable
Joined
Mar 15, 2014
Messages
1,011
Reaction score
124
@nayr. What do you think of the online cloud based vpn services where you pay per month.
 

nayr

IPCT Contributor
Joined
Jul 16, 2014
Messages
9,343
Reaction score
5,283
Location
Denver, CO
those are for hiding your IP from tracking services, few if any will allow you to remote access your network
 

pal251

Getting comfortable
Joined
Mar 15, 2014
Messages
1,011
Reaction score
124
Ahhh gotcha.


I may try to use a raspberry pi to create a server. I got a location with open camera ports that people keep trying to access...
 

bug99

Pulling my weight
Joined
Dec 27, 2016
Messages
333
Reaction score
116
Nice guide @nayr .

I am wondering about router support and ease of use of OpenVPN with internal server. Apparently my new TP-Link wireless router (Archer C7) does not have its own server. I think it supports having one on the LAN (maybe up to 10), but that would be a pain. I think my other router/AP Netgear (R7000) does. Does anyone know if the Ubiquity Edge series (X or Lite) support OpenVPN? I am fairly sure they support PPTP and L2 ipsec, but supect that getting thoes to work with an android cell phone on LTE reliably might be a heavy lift. If it is easy however, they might be a good choice for the router between the cable modem and one or two LANs where the APs reside. Otherwise i think putin an ASUS wireless there (ex RT-AC66U B1) and using the other wireless routers as APs would be the easiest way to go. It is not that I think i will ever have more than 30,000 pps, so that is likely not really a decision. My gut tells me that the Ubiquity products are more resilient, for little or no added cost.

One suggestion for an added point. I think that to use VPN, a token is needed to be exchanged (one time). In general the server will create this and the clients will have their half to encrypt/de-crypt the tunnel traffic. What this means is their needs to be a vpn server process (in the router maybe), a client (ex android client tunnel app) and a set of tokens (one needs to be made and copied to the client in all cases). I think this minor point is missing.
 
Last edited:

nayr

IPCT Contributor
Joined
Jul 16, 2014
Messages
9,343
Reaction score
5,283
Location
Denver, CO
Ive got a UBNT EdgeRouter and it dont have OpenVPN; im using IPSec off a freeradisus server I installed on the egdrouter.. If you are familiar w/linux command line you can install OpenVPN on it im sure.

tokens are not always used w/VPN, its just suggested because brute forcing a token is pretty much not going to happen.. its just a form of authentication and VPN can use all sorts of methods of auth.
 

bug99

Pulling my weight
Joined
Dec 27, 2016
Messages
333
Reaction score
116
@nayr, Does your IPSec system work well with android phones? what app do you use? i assume that it woks well with the built in security of modern computer OSes, but not sure how easy that would be for phone camera monitoring, my primary usage case right now.
 

nayr

IPCT Contributor
Joined
Jul 16, 2014
Messages
9,343
Reaction score
5,283
Location
Denver, CO
yeah works really well cause my router has ipsec crypto acceleration; im using the native android VPN client thats built in.
 

bug99

Pulling my weight
Joined
Dec 27, 2016
Messages
333
Reaction score
116
well lookie there. i did not know VPN was native to android. are you able to use port 443 with ipsec? I will be looking at this setup a bit more soon.
 

nayr

IPCT Contributor
Joined
Jul 16, 2014
Messages
9,343
Reaction score
5,283
Location
Denver, CO
no ipsec requires specific protocols (not tcp/udp, IKE, ESP, etc) to be allowed, so trying to run it only over tcp/443 isint gonna fly
 

redfive

Pulling my weight
Joined
Apr 13, 2016
Messages
429
Reaction score
167
Nice post, @nayr !!, I saw it only now... ;)
Agree on all, my cameras and NVR are on their own VLAN, and are accessible via VPN or from my lan, but they cannot initiate connections by themselves (fw rules, internal NTP and so on), it's funny seeing, in the firewall's logs, how many sessions these devices try to initiate to some external ip addresses (mostly amazonaws) .....
Cheers,
jonatha
P.S. I mean ... these devices try to connect the internet .....when actually they shouldn't (with all internet services disabled)
 
Last edited:

Dytryn

Young grasshopper
Joined
Nov 28, 2016
Messages
31
Reaction score
2
I have an Asus RT-AC88U router and cannot get the VPN to allow me access. Is anyone familiar with that router and willing to help? My IT guy has already spent 2 hours and researched issues on his forums and still nothing.
 

fenderman

Staff member
Joined
Mar 9, 2014
Messages
33,917
Reaction score
13,638
I have an Asus RT-AC88U router and cannot get the VPN to allow me access. Is anyone familiar with that router and willing to help? My IT guy has already spent 2 hours and researched issues on his forums and still nothing.
asus has the easiest vpn implementation...something either wrong with your router or it guy...
youtube has a bunch of tutorials
 

username

Getting the hang of it
Joined
Feb 7, 2016
Messages
107
Reaction score
17
I run PFSense as my firewall and am looking to access it via IOS and am having a heck of a time getting it setup so I'm watching this with interest.
Did you get that sorted out? I can access my NVR via pfSense using "openVPN Connect" running iVMS-4500 on iOS. It took awhile but I finally got it.
 
Top