VPN Primer for Noobs

What VPN Solution are you using?


  • Total voters
    622

58chev

Pulling my weight
Joined
Aug 30, 2017
Messages
301
Reaction score
138
Location
Etobi, Ontario
Thanks for the information. Yup on the VPN I can connect to my router at 192.168.1.1 through a web browser so I know it's connected. I thought leaving the default gateway unfilled would save me the headache from trying to configure the Asus firewall. I'm using the HikVision app or ivms 4500.

Sent from my SM-N950U using Tapatalk
@narutoninjakid,
Can you connect VPN to your NVR?

Are your cameras on a different subnet? 192.168.x.x?

Also, any way to use the ASUS router firewall/firmware to block the cameras from sending any info outside the local network? Any advice is appreciated.
There is a script that can be inserted onto your ASUS router to block cameras from getting out, but at the moment it also stops all email alerts from going out also.

Info found here. Help Please..Need assistance stopping outbound connections!
 
Joined
Sep 12, 2018
Messages
7
Reaction score
0
Location
USA
You don't have anything else on your network you can connect to in order to test going beyond the router?
An are you saying that when your are connected to your VPN and open the HikVision app on your mobile device you cannot view the live stream from the cameras?
If you cannot view that way then you need to try it with the gateway configured on NVR. If you then succeed then you will have answered your question.
If it doesn't make any difference then you have another problem.
I don't know if leaving out the gateway is limiting your VPN access. I've never considered doing that before. When you are accessing via VPN can you access any other devices inside your network? The VPN should let your remote device appear as if it is on your network. I am able to access computers on my local network from VPN.

Are you using Hikvision app to view remotely? When I connect via VPN I then open the HikVision app (I'm using iOS, not Android). My NVR has the gateway set. I presume you can set the ASUS firewall to block but I use a separate firewall so have not messed with ASUS's firewall. I do not try to access my camera's remotely, except through the app which is accessing through the NVR.

For checking your exposure to the 'world' you could check outside access by going to Gibson's Shields Up site and authorizing him to scan your WAN IP address. There are a variety of scans you can request. The scan tells you which ports are open. Steve Gibson has been active since at least the early 90's when I first started using his software. I don't think you need to worry about using his site to scan your IP address. Based on the results of the scan you can set firewall rules to harden your system. There are a variety of other sites that can do this also but I trust Gibson.
I was able to get the VPN to work by setting dns servers and a default gateway. Now I have to work on restricting the cameras on the LAN.

Sent from my SM-N950U using Tapatalk
 

AIS

n3wb
Joined
Jan 14, 2018
Messages
22
Reaction score
1
Is there any possibility of installing a VPN supported router where port forwarding is not done on modem. But somehow client can still connect to vpn server router? The public IP address is dynamic not static.


Sent from my iPhone using Tapatalk
 

58chev

Pulling my weight
Joined
Aug 30, 2017
Messages
301
Reaction score
138
Location
Etobi, Ontario
Is there any possibility of installing a VPN supported router where port forwarding is not done on modem. But somehow client can still connect to vpn server router? The public IP address is dynamic not static.


Sent from my iPhone using Tapatalk
Is the modem in question, supplied by your internet provider? Can it be setup in bridge mode?

ASUS Routers are capable of being your VPN Server, even while your IP is dynamic.

With an ASUS router, they give you a DDNS Name (sign up is free) so that part is taken care of and it monitors your IP address.

This is how m setup is.
 

nuraman00

Getting the hang of it
Joined
Aug 6, 2017
Messages
352
Reaction score
13
Is the modem in question, supplied by your internet provider? Can it be setup in bridge mode?

ASUS Routers are capable of being your VPN Server, even while your IP is dynamic.

With an ASUS router, they give you a DDNS Name (sign up is free) so that part is taken care of and it monitors your IP address.

This is how m setup is.
Agree. I set up the VPN on my Asus router a few months ago.

I described the steps I took here:

#881
 

nuraman00

Getting the hang of it
Joined
Aug 6, 2017
Messages
352
Reaction score
13
I connected to my camera streams today for the first time, remotely.

It worked perfectly on my Android phone.

When I wasn't connected to the VPN, I got "couldn't connect" when I tried through Gdmss Plus.

After connecting to the VPN, I could pull up the streams.
 

crw030

Known around here
Joined
Apr 26, 2016
Messages
795
Reaction score
450
Location
Colorado
@nuraman00 if I read correctly, that is the desired and expected behavior for VPN. You have to establish the VPN connection, effectively tunneling into your network. The fact it cannot connect when you aren't connected by VPN is desirable because if you could connect without establishing the secure tunnel you probably have ports forwarded.
 

nuraman00

Getting the hang of it
Joined
Aug 6, 2017
Messages
352
Reaction score
13
@nuraman00 if I read correctly, that is the desired and expected behavior for VPN. You have to establish the VPN connection, effectively tunneling into your network. The fact it cannot connect when you aren't connected by VPN is desirable because if you could connect without establishing the secure tunnel you probably have ports forwarded.
Yes, agree. I just wanted to post that things were expected as I wanted them to. Since it was my first time remotely connecting.

Also, to anyone else who is doing the VPN for the first time, or if anyone had questions, I could share my experience that it worked for me.
 

AIS

n3wb
Joined
Jan 14, 2018
Messages
22
Reaction score
1
Is the modem in question, supplied by your internet provider? Can it be setup in bridge mode?

ASUS Routers are capable of being your VPN Server, even while your IP is dynamic.

With an ASUS router, they give you a DDNS Name (sign up is free) so that part is taken care of and it monitors your IP address.

This is how m setup is.
Thank you for your response. Yes my modem is provided by ISP. Its HG8246 ONT and I dont see bridge mode in it. Does that mean I cant use Secondary router (under modem) as VPN server without port forwarding?
I bought a TP-Link and it also has DDNS setup but it doesn’t seem to be working behind primary modem. Is ASUS any different? Can work behind modem without bridge mode or port forward?


Sent from my iPhone using Tapatalk
 

nuraman00

Getting the hang of it
Joined
Aug 6, 2017
Messages
352
Reaction score
13
Thank you for your response. Yes my modem is provided by ISP. Its HG8246 ONT and I dont see bridge mode in it. Does that mean I cant use Secondary router (under modem) as VPN server without port forwarding?
I bought a TP-Link and it also has DDNS setup but it doesn’t seem to be working behind primary modem. Is ASUS any different? Can work behind modem without bridge mode or port forward?


Sent from my iPhone using Tapatalk
I have my ASUS router working behind my modem. I didn't do any bridge mode or port forward.

I followed the instructions in this guide (which I linked to in post # 881):

Randy : OpenVPN on a Asus router
 

randytsuch

Pulling my weight
Joined
Oct 1, 2016
Messages
476
Reaction score
153
Thank you for your response. Yes my modem is provided by ISP. Its HG8246 ONT and I dont see bridge mode in it. Does that mean I cant use Secondary router (under modem) as VPN server without port forwarding?
I bought a TP-Link and it also has DDNS setup but it doesn’t seem to be working behind primary modem. Is ASUS any different? Can work behind modem without bridge mode or port forward?


Sent from my iPhone using Tapatalk
Think the part number has a typo, doesn't show up in a google search, but there are ones that are close to it.

If its a combined modem/router, you may need to port forward it. I have separate modem and router, so didn't have to deal with a combined unit.
 

AIS

n3wb
Joined
Jan 14, 2018
Messages
22
Reaction score
1
@nuraman00
@randytsuch
Thank you very much for your response. My apology, yes there was a typo. Its actually HG8245.
And I cant change it to any other model from my side as my telephone line is voip and setup/ modem is restricted by ISP.

Regarding VPN, if i use DDNS on secondary router behind modem, I think reason its not working is that secondary router WAN side IP is not public IP as its controlled by modem’s router and thats why It wont work in normal circumstances. Am I right?
Was wondering if there is any other setup where a secondary router can somehow identify itself to be accessible from outside world to establish VPN connection.
By the way I already tested VPN, it works perfectly if I am able to port forward on modem for VPN. Issue is just if modem has restrictions of DDNS or port forwarding.


Sent from my iPhone using Tapatalk
 

nuraman00

Getting the hang of it
Joined
Aug 6, 2017
Messages
352
Reaction score
13
@nuraman00
@randytsuch
Thank you very much for your response. My apology, yes there was a typo. Its actually HG8245.
And I cant change it to any other model from my side as my telephone line is voip and setup/ modem is restricted by ISP.

Regarding VPN, if i use DDNS on secondary router behind modem, I think reason its not working is that secondary router WAN side IP is not public IP as its controlled by modem’s router and thats why It wont work in normal circumstances. Am I right?
Was wondering if there is any other setup where a secondary router can somehow identify itself to be accessible from outside world to establish VPN connection.
By the way I already tested VPN, it works perfectly if I am able to port forward on modem for VPN. Issue is just if modem has restrictions of DDNS or port forwarding.


Sent from my iPhone using Tapatalk
I can't answer the part about the secondary router, because I don't know.

But I just thought I'd suggest an alternative. I was like you, and I had the combined router/modem from my ISP. I also use it for VOIP.

Then in 2015, I dropped the voice from my ISP, and switched to Ooma. I bought their VOIP device. I only pay $4.47 a month for my land line. I was also able to port my current number, although it cost $40.

I saved at last $20 a month by dropping the voice from my ISP, as well as a few more dollars in sales tax a month.

Then, this past June, when I realized I needed a new router if I wanted to set up a VPN, I bought my own cable modem and Asus router. I saved $11 a month in the rental fee after returning the combined router/modem, and another $1 in sales tax.

For you, that would mean changing a lot of equipment. And it would mean seeing if there's a compatible modem that you can buy. But if so, it's an idea.

Is your ISP, or TP-Link, able to provide support? Did you try calling either one, to explain your setup? Maybe TP-Link, since that's the router company for your 2nd router?

I called TP-Link recently, and their support is ok.
 

crw030

Known around here
Joined
Apr 26, 2016
Messages
795
Reaction score
450
Location
Colorado
The ISP might make a big deal about how your personally owned modem isn't covered or protected, and if they identify your modem is the problem they will "charge you for the service call", what they won't say is the cost of their equipment rental "insurance" pays for 1.5 new modems every year, I've replaced mine 3 times in 20 years (mostly due to reliability or technology/speed changes). I put my "personally owned" modem on a UPS though so YMMV.
 

randytsuch

Pulling my weight
Joined
Oct 1, 2016
Messages
476
Reaction score
153
@nuraman00
@randytsuch
Thank you very much for your response. My apology, yes there was a typo. Its actually HG8245.
And I cant change it to any other model from my side as my telephone line is voip and setup/ modem is restricted by ISP.

Regarding VPN, if i use DDNS on secondary router behind modem, I think reason its not working is that secondary router WAN side IP is not public IP as its controlled by modem’s router and thats why It wont work in normal circumstances. Am I right?
Was wondering if there is any other setup where a secondary router can somehow identify itself to be accessible from outside world to establish VPN connection.
By the way I already tested VPN, it works perfectly if I am able to port forward on modem for VPN. Issue is just if modem has restrictions of DDNS or port forwarding.


Sent from my iPhone using Tapatalk
You might have to use a ddns service like noip.
I just switched to a netgear router, and their ddns is through noip, working fine so far.

Randy
 

AIS

n3wb
Joined
Jan 14, 2018
Messages
22
Reaction score
1
You might have to use a ddns service like noip.
I just switched to a netgear router, and their ddns is through noip, working fine so far.

Randy
You mean your router is behind a modem or primary router?


Sent from my iPhone using Tapatalk
 

randytsuch

Pulling my weight
Joined
Oct 1, 2016
Messages
476
Reaction score
153
My router is behind my modem, so a standard configuration.
But people run openvpn on pi's, by opening a port from the router to the pi. If you have a combined router/modem, and then a router behind that through an open port running openvpn, I think its a similar situation.
I'm pretty sure if you went through this thread, you'd find people with combined router/modems.

Randy
 

nuraman00

Getting the hang of it
Joined
Aug 6, 2017
Messages
352
Reaction score
13
My router is behind my modem, so a standard configuration.
But people run openvpn on pi's, by opening a port from the router to the pi. If you have a combined router/modem, and then a router behind that through an open port running openvpn, I think its a similar situation.
I'm pretty sure if you went through this thread, you'd find people with combined router/modems.

Randy
What does pi stand for?
 
Top