VPN Primer for Noobs

What VPN Solution are you using?


  • Total voters
    857
Yes. Gargoyle is running the WNDR3800 as a gateway. It's plugged into a LAN port of the ISP combo device, and my POE switch into it. I run a totally different IP range for the surveillance system.

It's not fancy, but it was cheap
 
Well, hate to say this, but I give up for now. Going back to port forwarding unfortunately, not much point in securing my cameras with OpenVPN if I can't view them. Maybe if I have time next weekend I'll try using DD-WRT or some other firmware to see if the XWRT-Vortex firmware was causing the issue somehow.
 
Ok. I was confusing VLANs with VPN. I re-read about them.

Let me try summarizing the situation. Please correct me if I'm wrong.

* Can I configure a VPN with my existing Arris Interactive, L.L.C. TG862G router? Or do I have to have a new router for any VPN, because by definition, it needs its own router?
How can I tell if it supports a VPN?

* If I need a new dedicated router for the VPN, I can get a "like new" Netgear WNDR3800 N600 for $55 - $70.

* Once I know which router to use, I can download OpenVPN and configure it.

OpenVPN - Open Source VPN

It is free with no license?

* There will still be port forwarding, but only the port that is configured on OpenVPN.

Let me see if I understand this much, before asking more questions.

I'll try to answer some of your questions
TG862? I don't think it supports on openvpn server, did a search and could not find anything to say it does. In general, these all in one devices have limited router capabilities.
So in this case, you need some other device (router, pi or pc) to act as the openvpn server. Note that you need a openvpn server, not a client. There are many vpn services out there, but they act as the server and you would need a client to support them, but that is NOT what you want, won't help you for what we are trying to do.
I don't have any experience running a 2nd router to your TG862 or similar. Seems like you will need to port forward one port to the 2nd router, but maybe someone with more experience can chime in.

Based on barboots post, the netgear will support openvpn. In my asus, you don't need to download anything, just need to enable openvpn server. Not sure about the netgear, google is your friend, there should be instructions for setup out there.
openvpn is free, no cost to use.

Randy

I have comcast as my internet provider. I use the Arris Interactive, L.L.C. TG1862G as a modem with is connected to my Asus Rt-AC66U router. The arris 1862G also provides my internet phone service. The Asus Rt-AC66U router is configured for OPENVPN. Also on the Asus Rt-AC66U I use parental controls to prevent the cameras from accessing the internet. I use ASUSCOMM.COM for my DDNS.

Ok, let's see if I understand the situation better now.

* I cannot set up a openvpn server with the Arris TG862G.

* I can get the Netgear WNDR3800 N600, and enable open vpn server.

I log into the router and enable VPN server.

How do I enable the VPN feature on my NETGEAR router using a Windows computer? | Answer | NETGEAR Support

* I would connect one port from my Arris to this Netgear router (incoming port). Then I'd connect one port from the NVR into this Netgear router.

* I then need to download OpenVPN client for each device that I want to remotely view my cameras.

So let's say one Windows PC, and one Android phone.

I can download the clients from here:

OpenVPN - Open Source VPN

If my understanding of all of this is correct, then one more question.

Can I set up this VPN and test it before I have any of my cameras or NVR installed?

How would I test that the VPN is working?

Can my Windows PC remain connected to the Arris, or does it have to be connected to the Netgear (which I haven't bought yet)?

If I can have the VPN set up and tested before any of the cameras or NVR are installed, I would feel a lot better about this setup.
 
The other question I have, is what does it mean for a camera to be hacked? What happens? What would I see?
 
I can get the Netgear WNDR3800 N600, and enable open vpn server.

I log into the router and enable VPN server.

How do I enable the VPN feature on my NETGEAR router using a Windows computer? | Answer | NETGEAR Support
Maybe, but this may not be possible with the older Netgear. I installed an alternate firmware in the device. There have been several suggestions... I have only used Gargoyle as it touted a simple set-up.

Gargoyle creates the credentials for your client devices.

You did not mention setting up a DDNS address using a service like No-IP. This is essential unless your ISP offers you a fixed IP, which usually costs.
 
From your home network, access a service like Whatismyip and get your current IP address. Connect via your VPN and repeat... it should be the same.

So to connect to the VPN, I download OpenVPN client on my Windows PC, then connect, and go to Whatismyip again?

Maybe, but this may not be possible with the older Netgear. I installed an alternate firmware in the device. There have been several suggestions... I have only used Gargoyle as it touted a simple set-up.

Gargoyle creates the credentials for your client devices.

You did not mention setting up a DDNS address using a service like No-IP. This is essential unless your ISP offers you a fixed IP, which usually costs.

So I can get the Netgear WNDR3800 N600, but install Gargoyle to create credentials for each client device?

How difficult of a password should I choose for each client device? As in, should the password contain a mix of upper case, lower case, numbers, and special characters?

If I forget the password for a client device, would I log into the router via Gargoyle and reset the password for a client device? Is there a password for the router, then?

At what point in the process so I set up No-IP?

Is No-IP free? Why is this necessary?

It says it's free at the bottom, but I wanted to check.

About Us - Free Dynamic DNS - No-IP
 
Gargoyle, as an example of open-source firmwares available, replaces the "operating system" of the router. It does everything... and an advantage is it will generate the credentials it will require from your clients to allow them to connect.

Your home internet IP address most likely "changes" routinely. You can't rely on it to find your connection. DDNS provides a way of always finding the new address. Set up it up before you start.

I think you need to start. Unless you are experienced you will run into hurdles as you go, irrespective of how many questions you ask beforehand. Grab that Netgear and flash it with a compatible open source firmware. Plug it in. Connect a computer directly to it. I temporarily enabled WiFi to allow me to move between networks easily. Have a look around and move forward.

Remember to keep notes of everything you do.

Cheers, Steve
 
  • Like
Reactions: m4paws
Gargoyle, as an example of open-source firmwares available, replaces the "operating system" of the router. It does everything... and an advantage is it will generate the credentials it will require from your clients to allow them to connect.

Your home internet IP address most likely "changes" routinely. You can't rely on it to find your connection. DDNS provides a way of always finding the new address. Set up it up before you start.

I think you need to start. Unless you are experienced you will run into hurdles as you go, irrespective of how many questions you ask beforehand. Grab that Netgear and flash it with a compatible open source firmware. Plug it in. Connect a computer directly to it. I temporarily enabled WiFi to allow me to move between networks easily. Have a look around and move forward.

Remember to keep notes of everything you do.

Cheers, Steve

Thanks.

At some point, after my VPN is set up, do I have to have my PC directly connected to the Netgear? Or will it be sufficient to only have my NVR connected to it (after that is set up too?)

Will there be some kind of port forwarding enabled on that VPN, through the Netgear router?

See @randytsuch's post:

#831
 
No you do not need your PC to remain connected. It's for initial configuration only. Given your situation, that may take a few re-visits... this is where being able to "WiFi in" to the Netgear will be convenient.

You will need to forward ports in your main router to your VPN router. In Gargoyle it reminds you at the appropriate time during VPN set up, and provides the relevant numbers.

I'm out until you have the requisite stuff.

Cheers, Steve
 
@pbc,
Have you exported the client file from your router? That is what the app is looking for.
I have OpenVPN Connect on Samsung S7 no issues, has worked from the moment I installed it.
 
@pbc,
Have you exported the client file from your router? That is what the app is looking for.
I have OpenVPN Connect on Samsung S7 no issues, has worked from the moment I installed it.

Yeah, had it working perfectly for months, until last week on my S8. Still works fine on my Samsung S6. Pretty sure it has something to do with the UDPv4 vs v6 protocal conflict between my XWRT-Vortex based Asus firmware and my S8. My S6 still uses UDPv4 and works fine.
 
No you do not need your PC to remain connected. It's for initial configuration only. Given your situation, that may take a few re-visits... this is where being able to "WiFi in" to the Netgear will be convenient.

You will need to forward ports in your main router to your VPN router. In Gargoyle it reminds you at the appropriate time during VPN set up, and provides the relevant numbers.

I'm out until you have the requisite stuff.

Cheers, Steve

Ok, I had been researching what routers to get for the past few days.

I had settled in on the Linksys WRT32x, when I noticed that Asus routers have VPN server and client setup, as well as DDNS, in their stock firmware.

So then I looked at the Asus AC2900, for a router.

https://www.amazon.com/Dual-band-Du...0752FD3XJ/ref=cm_cr_arp_d_product_top?ie=UTF8

I also thought that this would be a good time to replace my Comcast Arris gateway, and drop the $11 monthly rental fee. So I looked into a cable modem, the TP Link 7620.

https://www.amazon.com/TP-Link-Cable-Download-680Mbps-Certified/dp/B01CVOLKKQ/ref=cm_wl_huc_item

So, if I set up a VPN service on the Asus router, does that mean all connected devices will be on the VPN?

Will this impact any devices connected via Wi Fi, such as my printer or my Flame Boss? Do they need anything on the client to connect through normal Wi Fi?

What about other devices connected via a hardwire, such as my Ooma or Tivo? Do they need anything on the client, or can I just plug them in as normal and they will work?

I have also been reading this.

How to install a VPN on your router | TechRadar
 
As an Amazon Associate IPCamTalk earns from qualifying purchases.
Nothing on your internal network should be effected. Only from outside via your external IP into your network
 
probably a dumb question, but Ill ask it anyway.
I already have NordVPN for my phone and home pc.
Should setup NordVPN on my ASUS openvpn, or just do the plain Asus OpenVPN using the VPN server option.
 
I don't know anything about NordVPN but looking online it appears to be an VPN connection to external ISPs to spoof your IP in order to hide your identity when surfing. OpenVPN is to allow your OpenVPN client on your phone access to your internal network so you can access your BI server and cameras securely. So I would guess you still would need OpenVPN and have it setup on your router if you want to close all port forwarding you may have setup for external access.
 
probably a dumb question, but Ill ask it anyway.
I already have NordVPN for my phone and home pc.
Should setup NordVPN on my ASUS openvpn, or just do the plain Asus OpenVPN using the VPN server option.
First thing you should do is disable Nord... As noted all it does is mask your current ip address and hide your browsing info from your ISP and instead is available to a third party who is no better than your ISP and likely worse.... It also slows you down...
 
First thing you should do is disable Nord... As noted all it does is mask your current ip address and hide your browsing info from your ISP and instead is available to a third party who is no better than your ISP and likely worse.... It also slows you down...
Ok, I think I get it now.
What I did was setup my Asus router as a VPN client, and I was accessing their server.
I need to set the Asus up as a Server, and make my mobile device the client.
No I am having issues accessing my cameras when my phone is on LTE.
My Asus is behind my regular home router (eero pro).
I can turn on the VPN client on my phone when on my home WiFi, and access my cameras no problem.
When I am on WiFi, the VPN wont connect to my cameras.
I know I am missing something here, like having the access first go through my regular router then to my Asus and cameras.