VPN Primer for Noobs

What VPN Solution are you using?

  • Total voters
    855
MrRalphMan said:
Yes, you have to have one external link through to your VPN server. The software 'should' be robust enough to keep the bad guys it's, that's it's some purpose really.

Sent from my ONEPLUS A3003 using Tapatalk
Click to expand...

Got it, so....what is he referring to when simply "forwarding ports" to an NVR or Cameras?

Just to be clear, with what I have setup, I am NOT doing that, correct?
 
EmptyWallet said:
Got it, so....what is he referring to when simply "forwarding ports" to an NVR or Cameras?

Just to be clear, with what I have setup, I am NOT doing that, correct?
Click to expand...
Port forwarding to your VPN server will not expose your Cameras etc to the Internet.
Just ensure you have UPNP turned off on your router, otherwise devices can open their own ports.

Sent from my ONEPLUS A3003 using Tapatalk
 
MrRalphMan said:
Port forwarding to your VPN server will not expose your Cameras etc to the Internet.
Just ensure you have UPNP turned off on your router, otherwise devices can open their own ports.

Sent from my ONEPLUS A3003 using Tapatalk
Click to expand...

UPnP and NAT-PMP are off in pfSense by default, so none of my devices can do that currently.
 
This list doesn't match what I thought I saw in the manual for your device.
You should only need to complete the following:
Name: Your choice - something to remind you what the port forward is for.
Source Port: The port incoming
Destination IP: Your laptop you are running SoftEther on
Destination port: Same as the source port in this application
Protocol: UDP or TCP
 
  • Like
Reactions: GKL
Roger said:
This list doesn't match what I thought I saw in the manual for your device.
You should only need to complete the following:
Name: Your choice - something to remind you what the port forward is for.
Source Port: The port incoming
Destination IP: Your laptop you are running SoftEther on
Destination port: Same as the source port in this application
Protocol: UDP or TCP
Click to expand...

Thanks, but still not 100% clear, here is info from the following page -

Setup L2TP/IPsec VPN Server on SoftEther VPN Server - SoftEther VPN Project

If your SoftEther VPN Server is behind the NAT or firewall, you have to expose the UDP port 500 and 4500. On the NAT, UDP 500 and 4500 should be transferred to the VPN Server. If any packet filters or firewalls are existing, open UDP 500 and 4500 ports. (end of quote)

......so would the 500 and 4500 be the source port or destination port ?

Would the destination IP be the actual laptop ip or the address that the softether VPN uses ?

Thanks for your patience, eventually this stuff will finally "click" :confused::lol:
 
Source and destination port are the same in this case. Destination IP is the laptop
 
  • Like
Reactions: GKL
Roger said:
Source and destination port are the same in this case. Destination IP is the laptop
Click to expand...

Okay, thanks, I'll mess with it some more tomorrow, you've helped me fill in some of the blanks ! I'll let you know how it goes.
 
Roger said:
This list doesn't match what I thought I saw in the manual for your device.
You should only need to complete the following:
Name: Your choice - something to remind you what the port forward is for.
Source Port: The port incoming
Destination IP: Your laptop you are running SoftEther on
Destination port: Same as the source port in this application
Protocol: UDP or TCP
Click to expand...

Here is a screenshot so you can tell me if I'm in the right section or not -

portforward3.jpg
 
That looks correct. In Port range, you will just have the single port that matches the destination port. You will have about 6 entries.
 
  • Like
Reactions: GKL
Roger said:
That looks correct. In Port range, you will just have the single port that matches the destination port. You will have about 6 entries.
Click to expand...

Okay, thanks, being a noob at this at least I'll know I'll be in the right section when I mess with it tomorrow :lol:
 
other than exposing your entire network to hackers, I don't think you can break much in the section. :rofl:
 
  • Like
Reactions: GKL
Roger said:
other than exposing your entire network to hackers, I don't think you can break much in the section. :rofl:
Click to expand...

:lol::lol:

After I set it up I should be able to use this online open port check tool and it should give the same message I'm getting now showing no ports are visible to the internet, right ?

Open Port Check Tool

Error: I could not see your service on (my ip was here) on port (500)
Reason: Connection timed out

........or should it be saying something else ?
 
So I have a static IP address, but my ISP modem routes a private (172.16.xxx.xxx) ip address to my ASUS router.

I guess I'll need to ask if they'll bridge the ISP modem so it will send the static IP address direct to my ASUS router?

Also, since I have a static IP address, I assume that I don't need to have "respond to DNS" and "advertise DNS to clients" enabled?

P.S. FYI, ASUS just published an updated firmware which fixes the KRACK exploit, at least for the RT-AC66U routers
 
Probird79 said:
I setup an OpenVPN server on my Asus AC68U router. I can connect with my Android phone perfectly fine. The only problem is that I can't access my computer on my LAN unless I disable the computer's firewall. I've searched but haven't found a solution. I know I can add a rule so I tried to open the port that is used but I still can't connect and would this still be secure even though the port is open behind the VPN?
Click to expand...
Update: I got it working. A firewall rule needs to be created for the VPN port and subnet. Here is a great write-up for setting up OpenVPN on ASUS' gui: How to setup a VPN Server with Asus routers 380.68 updated 08.24
 
Roger said:
This list doesn't match what I thought I saw in the manual for your device.
You should only need to complete the following:
Name: Your choice - something to remind you what the port forward is for.
Source Port: The port incoming
Destination IP: Your laptop you are running SoftEther on
Destination port: Same as the source port in this application
Protocol: UDP or TCP
Click to expand...

Tried adjusting those settings, still can't connect to my windows phone L2TP client, I was getting error 720 before adjusting those settings, now I'm getting error 1460 (on my phone).

I'm not giving up on VPN, I'll keep researching and trying different settings, but this seems like it might be something that might take me weeks or even months before I finally get it working, if I cant get it working soon I might have to settle for using Hikvision's Hik-connect and their iVMS-4500 phone app until I can eventually figure out how to get a VPN connection to my phone.
 
Ok, I am very new to VPNs

I think i need to be setting this up. I have two IP Cams, a Synology NAS (which may run surveillance station), a Qnap NAS and various other networked items.

I have a Virgin Media router (superhub 3 which I believe doesn't do VPN), and a dynamic IP.

I currently using ddns to access the NAS on the network and port forwarding for the cam's. I also.use tinycam to view the cam's. Its only from my phone and laptop that the LAN is ever accessed remotely.

If I simply turn on a VPN server on either the synology and qnap, will I still be able to access things as now? Will the ddns still be ok?
 
Superdon said:
Ok, I am very new to VPNs

I think i need to be setting this up. I have two IP Cams, a Synology NAS (which may run surveillance station), a Qnap NAS and various other networked items.

I have a Virgin Media router (superhub 3 which I believe doesn't do VPN), and a dynamic IP.

I currently using ddns to access the NAS on the network and port forwarding for the cam's. I also.use tinycam to view the cam's. Its only from my phone and laptop that the LAN is ever accessed remotely.

If I simply turn on a VPN server on either the synology and qnap, will I still be able to access things as now? Will the ddns still be ok?
Click to expand...
Yep, I run my VPN server on my Synology NAS. Just make sure you disable the current port forwarding for the cameras once the VPN is set up.

Sent from my ONEPLUS A3003 using Tapatalk
 
  • Like
Reactions: Superdon
MrRalphMan said:
Yep, I run my VPN server on my Synology NAS. Just make sure you disable the current port forwarding for the cameras once the VPN is set up.

Sent from my ONEPLUS A3003 using Tapatalk
Click to expand...

Thanks. Do you use synologys DDNS (myds.me)? Does that all still work?

All sounds straightforward....almost.too much so!
 
Superdon said:
Thanks. Do you use synologys DDNS (myds.me)? Does that all still work?

All sounds straightforward....almost.too much so!
Click to expand...
Hi, no I have a static ip with Plusnet, but I was using no-ip before that.

Sent from my ONEPLUS A3003 using Tapatalk
 
I'm running the QVPN app on my qnap NAS....works wonderfully.

Be sure to create a different VPN login for each device so if you lose a phone or tablet you can just delete that specific account and not have to reset everything back up on all your devices.
 
You must log in or register to reply here.
Top Bottom