I'd really appreciate some advice on what would be the cheapest and easiest option for me to set up an always on vpn at home for my IP cam?
My router is a BT Home Hub and doesn't support vpn and I wouldn't want all my home Internet routed through a VPN, I only want the VPN for accessing my IP cam when away from home. I don't currently have a NVR. I have a PC but I don't want to leave that on all the time. I know you can use Rasp Pi's but I have no experience with those or Linux.
The OpenVPN Connect iOS app released a new update today, you may have better luck, but when I updated it on my phone I could no longer connect using the profile in the app I have been using for the last many months and I had to re-import the .ovpn file again and overwrite the existing profile. After re-importing the profile it is working once more. I also don't see the same options as before for the connection like save password.
Edit: You can still save your password for those who want to by clicking the arrow next to the profile before initiating the connection
The OpenVPN Connect iOS app released a new update today, you may have better luck, but when I updated it on my phone I could no longer connect using the profile in the app I have been using for the last many months and I had to re-import the .ovpn file again and overwrite the existing profile. After re-importing the profile it is working once more. I also don't see the same options as before for the connection like save password.
I see a notice to update OpenVPN connect from 1.2.9 to 3.0.0
Just based on the version numbers, must be a significant update.
Even though its working for you, I think I'll wait a little bit before I push the update button.
It's been working well for me for a while on my iphone.
I must say this is an impressive article.
But pardon my question (I am new) :
1. I have a network that is protected by a passphrase
2. I protected my camera (Dahua A46 H.265 WiFi PT) with a long and complicated password.
I do not understand why I should create a VPN for shielding off that camera. Are these two passwords not sufficiënt ?
Can I use e.g. HideFree VPN Proxy on my iMac ?
WWW
password do not work as a protection.
Assume the enemy is already inside the wall (your network), because they are.
Look at the number of services that go outbound, that do not need a password.
Get the current time NTP.
Any of the program update services.
Automatic email notification services.
Once inside your home network the major defence is to prevent them from getting out.
That is why no P2P. No cloud services.
WWW
password do not work as a protection.
Assume the enemy is already inside the wall (your network), because they are.
Look at the number of services that go outbound, that do not need a password.
Get the current time NTP.
Any of the program update services.
Automatic email notification services.
Once inside your home network the major defence is to prevent them from getting out.
That is why no P2P. No cloud services.
Thank you, SouthernYankee, but you are scaring me.
I already registered my Dahua with Dahua, and today, just for fun, I recorded during 3 hours. I then disconnected my camera.
I hope they didn't install malware into my camera.
But anyway, thanks to everybody for replying to my thread. With every answer, things are getting a little bit cleaner.
For me this is a very good site, with many patiënt and helpful contributors.
Installed a Netgear R7800 router over the weekend.
My boss was having connection and wifi calling problems with her iphone.
So openVPN instructions for a netgear router here OpenVPN on Netgear R7800
Its pretty simple, easier than Asus, but that's because it doesn't offer all the options.
But it works fine.
FYI, I am running alternative firmware on the netgear, but its based on the standard netgear firmware, but improves on it.
So I think the setup is the same, please let me know if you find a problem with the instructions.
I also wrote up instructions for installing and setting up the firmware here
You don't need to do most of the instructions, everything after and including telnet is optional, but they are nice to have.
a vlan wont protect anything without a vlan capable router/firewall to filter the traffic; this is a highly advanced configuration and way beyond the scope of this article.. buying a bunch of advanced networking gear without understanding how to configure and set things up is just far more likely to be less secure than if you just kept it simple.. adding complexity dont nessicary increase security; espcially if you dont know what your doing.
there are far better places on the internet to learn about advanced networking technology and how to deploy it than this forum.. use your google fu
Very useful information. I've been reading about all these back-doors and followed the advice to setup a VPN. I have an ASUS-AC68U and got my VPN going. I also do have DDNS via no-ip setup to get the vpn going. I can now connect remotely to my home network. I looked up my IP address while connected to 4G and it is working displaying my local WAN address. I can also hit the router at 192.168.1.1 while on 4g on the vpn. When I am at home I can view the Hikvision camera's I have setup over my Local network. However when on the vpn I can not view the camera's. When setting up the cameras I disabled UPnP, DDNS via the NVR and I did not setup a default gateway IP address. Could not setting up the default gateway cause my issue ? Do I need to input 192.168.1.1 there? I left it out thinking this would definitely prevent any non local network communication. Also, any way to use the ASUS router firewall/firmware to block the cameras from sending any info outside the local network? Any advice is appreciated.
When I am at home I can view the Hikvision camera's I have setup over my Local network. However when on the vpn I can not view the camera's. When setting up the cameras I disabled UPnP, DDNS via the NVR and I did not setup a default gateway IP address. Could not setting up the default gateway cause my issue ? Do I need to input 192.168.1.1 there? I left it out thinking this would definitely prevent any non local network communication. Also, any way to use the ASUS router firewall/firmware to block the cameras from sending any info outside the local network?
I don't know if leaving out the gateway is limiting your VPN access. I've never considered doing that before. When you are accessing via VPN can you access any other devices inside your network? The VPN should let your remote device appear as if it is on your network. I am able to access computers on my local network from VPN.
Are you using Hikvision app to view remotely? When I connect via VPN I then open the HikVision app (I'm using iOS, not Android). My NVR has the gateway set. I presume you can set the ASUS firewall to block but I use a separate firewall so have not messed with ASUS's firewall. I do not try to access my camera's remotely, except through the app which is accessing through the NVR.
For checking your exposure to the 'world' you could check outside access by going to Gibson's Shields Up site and authorizing him to scan your WAN IP address. There are a variety of scans you can request. The scan tells you which ports are open. Steve Gibson has been active since at least the early 90's when I first started using his software. I don't think you need to worry about using his site to scan your IP address. Based on the results of the scan you can set firewall rules to harden your system. There are a variety of other sites that can do this also but I trust Gibson.
I don't know if leaving out the gateway is limiting your VPN access. I've never considered doing that before. When you are accessing via VPN can you access any other devices inside your network? The VPN should let your remote device appear as if it is on your network. I am able to access computers on my local network from VPN.
Are you using Hikvision app to view remotely? When I connect via VPN I then open the HikVision app (I'm using iOS, not Android). My NVR has the gateway set. I presume you can set the ASUS firewall to block but I use a separate firewall so have not messed with ASUS's firewall. I do not try to access my camera's remotely, except through the app which is accessing through the NVR.
For checking your exposure to the 'world' you could check outside access by going to Gibson's Shields Up site and authorizing him to scan your WAN IP address. There are a variety of scans you can request. The scan tells you which ports are open. Steve Gibson has been active since at least the early 90's when I first started using his software. I don't think you need to worry about using his site to scan your IP address. Based on the results of the scan you can set firewall rules to harden your system. There are a variety of other sites that can do this also but I trust Gibson.
Thanks for the information. Yup on the VPN I can connect to my router at 192.168.1.1 through a web browser so I know it's connected. I thought leaving the default gateway unfilled would save me the headache from trying to configure the Asus firewall. I'm using the HikVision app or ivms 4500.
You don't have anything else on your network you can connect to in order to test going beyond the router?
An are you saying that when your are connected to your VPN and open the HikVision app on your mobile device you cannot view the live stream from the cameras?
If you cannot view that way then you need to try it with the gateway configured on NVR. If you then succeed then you will have answered your question.
If it doesn't make any difference then you have another problem.
