VPN Primer for Noobs

What VPN Solution are you using?


  • Total voters
    857
Maybe I don’t understand enough. I spent part of the weekend googling “how to use a vpn” and the only thing people write about is how to set one up.

When my phone is connected to the vpn is all of my traffic that I do then secure and encrypted automatically? Like when I use safari or any browser. Or any apps like banking or sensitive material.

Or is the only thing the vpn being used for is the security cameras? Is the vpn only active when they are open?

Noob questions but I can’t be the only person with these.
 
When your phone is connected, everything you do on your phone runs thru it, so yes it's encrypted between you're phone and your server (in your case, your router at home) then it goes out of your house unencrypted. So your ISP knows what your doing, just as much as they would know what you are doing if you were at home sitting on your couch connected to your WiFi.
 
As far as security is concerned, the main thing is that any random wifi network that you're connected to outside of home (work, Starbucks, Lowe's, hospital, hotel or airport) as long as you're connected to your VPN, nobody else on that random WiFi network can Snoop on you, because it's encrypted between your phone and your server.
 
Another way to look at this is: Your on your laptop with open VPN loaded and configured back to your house. Your sitting at Micky Ds and using their open WiFi. No one can see your user name and password to your bank account while your transferring money from one account to another. So, here is another example of how you can use VPN. Or you setup an account with your work. Cause you have to be able to access your work servers while on the road. Whole purpose of VPN is to encrypt data that could be sniffed out of the air while on a WiFi connection.
 
Here is a link to a PDF on how to change the VPN config files within a Netgear 7000 router or other Netgear models. I found this article while searching for a "How to" on generating new OpenVpn keys using Sha256 instead of MD-5 because my IOS OpenVpn client kept warning me the MD5 will NOT be supported after April 30.

If you DL the PDF and look at section 3-c the author explains how to edit the files so this can be done. I do not use the Netgear OpenVpn built in my Netgear router, but run my OpenVpn server on my BI machine.

I can confirm that after generating my new files I no longer get the MD5 error on my IOS client.

Link to article and file: Solved: Re: Netgear R7000 and OpenVPN for Android App - Page 3 - NETGEAR Communities
 
Here is a link to a PDF on how to change the VPN config files within a Netgear 7000 router or other Netgear models. I found this article while searching for a "How to" on generating new OpenVpn keys using Sha256 instead of MD-5 because my IOS OpenVpn client kept warning me the MD5 will NOT be supported after April 30.

If you DL the PDF and look at section 3-c the author explains how to edit the files so this can be done. I do not use the Netgear OpenVpn built in my Netgear router, but run my OpenVpn server on my BI machine.

I can confirm that after generating my new files I no longer get the MD5 error on my IOS client.

Link to article and file: Solved: Re: Netgear R7000 and OpenVPN for Android App - Page 3 - NETGEAR Communities
Thanks Tinman I will check that out. I have an Apple Extreme Router so I can not use it for my VPN I thought about putting the server on my BI machine but I thought it might be easier to set up a Pi instead. I tried using an old Linksys router I have but could never get the OpenVPN to start. I changed the firmware to DD-WRT and everything but could not get it to work.
 
Thanks Tinman I will check that out. I have an Apple Extreme Router so I can not use it for my VPN I thought about putting the server on my BI machine but I thought it might be easier to set up a Pi instead. I tried using an old Linksys router I have but could never get the OpenVPN to start. I changed the firmware to DD-WRT and everything but could not get it to work.

This was the best guide I could find to use...just be sure you edit the files that are listed in the pdf I posted above before you generate keys. The router method is by far the easiest to setup, but Netgear is really made for a one client setup.

Easy_Windows_Guide – OpenVPN Community
 
Hello,

I am thankful I came across Nayr's post titled, "VPN Primer for Noobs." I am very grateful as I am learning alot about protecting myself on the internet without having to pay for a vpn subscription & I never knew how much you can learn/stats about your network when you start using a good router.

Asus RT-AC86U/AC2900 Router
1 Hikvision DS-2CD2142FWD-I camera with a static IP address (DHCP is disabled in the SADP tool)
Also, DDNS is not enabled & the preferred DNS server is 8.8.8.8 under this Camera's Internet explorer configuration page
PCNVR storage server running IVMS-4200 recording to local HD with a static IP address (DHCP is immutable and disabled)
Android Note 4 smartphone running IVMS-4500 app

After installing OpenVPN, I am able to live view my camera from the smartphone IVMS-4500 app using mobile data but I can remotely playback clips when using mobile data.

Asus Router VPN setup:
I purchased an Asus RT-AC86U/AC2900 Router and set up openvpn on my router under the VPN Server tab.
I created a username and password.
I exported the openvpn profile file.
I did not input anything under VPN client tab.
I installed the openvpn profile onto my android phone.

Enable NTP on camera and storage server. I was having issues with this step with my ISP router. Since I upgraded to the ASUS router and enabled VPN, I am able to enable NTP succesfully and it is the reason why I am currently able to live stream my camera on my vpn using mobile data.

I contacted hikvision technical support but they were unable to solve my gmail issues. After installing this new router and allowing my gmail to allow less secure apps, I was able to run a successful email test.
 
I got only one question about this ovpn article that Randy wrote up. I see that he leaves the protocol set to UDP not TCP. Thought that nayr said to not use any UDP settings. Or is this ok cause your not going beyond the router into your internet. UDP is on the WAN side?

thanks
 
@Paulx ,
You sure Nayr said UDP and not uPNP?

I went back and did not find UDP in a search of the page.

Most common VPN Setup mistakes:
  • Not disabling uPNP and shutting down old port forwards after having VPN Setup.
 
58chev,
well now that you mention it and back that up with a quote. It appears I got my alphabet soup mixed up some. Thanks for setting that straight in my mind.
 
I am another very grateful member. Thanks again to Nayr and all of the other members who have contributed to this thread. I went from a CenturyLink DSL Modem/Router/WiFi/Switch. To a transparent bridge modem that put the public IP on the Lan Side. Now have a Asus RT66U_B1 with OpenVPN server. And using the ASUS DDNS cause my ISP is sending me a Dynamic IP address.
 
Planning to purchase a new router today that is compatible for VPN use. It would appear the preferred router here is the Asus units, is the Asus RT-AC68U that much better than the Asus RT-AC66U_B1? Should I be looking at something else?
 
Last edited:
Planning to purchase a new router today that is compatible for VPN use. It would appear the preferred router here is the Asus units, is the Asus RT-AC68U that much better than the Asus RT-AC66U_B1? Should I be looking at something else?

There really is not a very big difference in the two. 1750 / 1900 does not really matter.
I have also installed the Merlin firmware on my router.

Both have 1Gig dual core, same ram. Compare the specs side by side for both on Asus site.

I have the _B1 only because NewEGG had them on sale. It was a huge improvement over my aged Linksys WRT model.
 
Last edited:
Any pointers on using Ubiquiti USG firewall rules and VLANs? I would like to forego port-forwarding.

My mobile devices can connect to the VPN, but cannot connect to the BI PC's webserver. The VPN comes in on 192.168.60.1/24, while the BI PC and cameras are on VLAN 50 (192.168.50.1/24). The radius user is set to connect to VLAN 50.

Update: I found the rule I needed here: Ubiquiti Networks Community
 
Last edited: