VPN Primer for Noobs

[SouthernYankee]

You are getting connected to the NVR. so the VPN connection is working. I assume that you have full local access from your phone when you are home.

What is your internet providers uplink speed ?
Who is your internet provider.
Have you tested the uplink speed from home with SPEEDTEST.NET ? Test from a hardwired connection. Test from your phone.

Test do not guess !!!!!!!!!!!!!

 

[pbc]

You mean the up link speed when connected via VPN I assume?

 

[pbc]

speedtest.net won't even connect when I have OpenVPN connected..."test failed to complete". Should have the Asus router tomorrow or Thursday. Maybe it's the answer. Odd that the netgear was working fine though. Maybe the firmware changes messed it up somewhere (going back and forth between stock and DD-WRT or XWRT).

 

[SouthernYankee]

from home, run the speedtest.net. Not with openvpn. You need to know the uplink (upload) speed.

 

[pbc]

Oh, not home right now but run that test at home quite often. It's around 50mbps, consistently. Give or take 5mbps.

 

[SouthernYankee]

I do not think you have 50 mb up. Test it.

 

[pbc]

330 down.. 37 up on my phone right now. I'm a bit further from my AP though.

 

[pbc]

... Wired it is just under 800 down and 55 up.

 

[SouthernYankee]

If your up speed is 55 mb up that is very good. So up load speed is not you problem.
Set up the Asus router next.

 

[pbc]

Wow, swapped back to a port forward for a day, didn't see any illegal logins. Decided to change the password on my NVR, and almost immediately the illegal logins started over and over again every few seconds. This time from 31.132.225.166.

Which probably tells me they've been in my NVR and the lack of illegal logins the last 24 hours or so was because they were authorized logins.

Pretty scary. This Asus router can't coe soon enough. Guess I need to run a bunch of malware tests on all my computers at home.

Why wouldn't Hikvision put in protection against x many login attempts to prevent brute force attacks?? Pretty basic.

 

[Mike A.]

Why wouldn't Hikvision put in protection against x many login attempts to prevent brute force attacks?? Pretty basic.

They do in the cameras. Think that it's 6 tries and then locked out. Don't know about the NVRs.

But most hacks don't rely on brute force. Typically they just go around access controls entirely by exploiting some vulnerability. As was the case for the last several big Hikvision exploits (and many others).

 

[pbc]

Thx...I don't see any unusual "authorized logins", or unusual activity (or malware..tried a few different scanners). Wondering if there's other ways to check whether there are keep alives or any unusual queries coming from my NVR out to the internet. Or queries from my NVR into my home network?

As for the NVR, I saw about 30 consecutive (every second or so) login attempts from that particular address, so unless the numer of tries is much higher, doesn't look like they have this.

Fascinating stuff, and certainly points to why this thread is a must read. Really hoping when I get the new Asus router it solves my OpenVPN issues.

 

[pbc]

Okay, new router, exact same issue. Going to lose my mind at this point as this worked fine the first time around.

Setup my xxx.asuscomm.com DDNS. Unlike No-IP I don't seem to need to insert a user name and password for it?? Get a registration complete notification on my router's GUI. Not sure if I need to export the free certificate, presumably this is only where I want to use https.

Setup OpenVPN using Randy's guide above, downloaded the OpenVPN Connect file to my phone. Success in connecting to OpenVPN, and it says I'm connected to xxx.asuscomm.com.

Can't connect to anything in ivms-4500. If I select IP Address and insert my xxx.asuscomm.com one, it just says "Connection Failed".

If instead I insert my 192.168.1.xx local address of my NVR. It does the same thing as before, either hangs, or recognizes I have 7 cameras, then I click Live view and it gives me an 8200 error. Clearly nothing to do with the router (so at least I can probably save the $200 I just spent on the 86U given wired speeds are no faster than the r7000 from what I can tell and I use EAP225v2 AP's for wireless).

Seriously, I'm losing it. Just trying to protect my friggin network.

Edit: VPN Subnet mask and subnet, do I need to change these in OpenVPN? VPN Subnet defaults to some 10.8.x.x address while subnet is 255.255.255.0.

 

[SouthernYankee]

start simple
1)Turn off the cell data service on your phone. Run ivms-4500 on your phone on your home wifi, does this work ?
2) if yes, go to an external wifi (coffee shop..) turn off the cell service on you phone, connect to your home network with openVPN , provide a screen shot from your phone. any error messages ?
3) using the same exact method as in step one to run ivms-4500. provide a screen shot and errors.
4) what is the internal IP address of your router ?
5) what is the internal IP address of your cameras ?

 

[pbc]

1) yes.
2) Will have to go somewhere to try this. But when I was at work yesterday and hooked up to wifi, it worked without an issue.
3) same as 2. Yesterday, received an 8200 error message on phone.
4) 192.168.1.1
5) 192.168.1.21

 

[SouthernYankee]

1) your phone works with openVPN and ivms-4500 when on a remote wifi (coffee shop, work.... ) ?
2) your phone does not work with openVPN and ivms-4500 when on the cell network ?

 

[pbc]

I'm at home (not sure when I can get to a coffee shop). I mean when I was on my work's wifi network yesterday, OpenVPN connected just fine, but I was getting 8200 errors on 4500.

Right now however, at home and connected to my phone's data (so "off" my home network), I'm getting connection failed in ivms-4500 when trying to connect to my DDNS server. My DDNS service is running fine (as per my router, and my NVR also shows status of my DDNS as "normal"). I have selected IP/Domain, inserted my DDNS address xxx.mynetgear.com, port 8000, user name admin and my NVR's password correctly.

 

[pbc]

Also, even though I connect fine to OpenVPN, I can't get to anything on my phone as it fails to connect. E.g., for the speedtest.net app, it fails to connect to a server now.

 

[pbc]

MIND BOGGLING. So I adjusted my OpenVPN to "auto" for this setting: "Clients will use this VPN connection to access o All sites on the Internet & Home Network o Home Network only o Auto".

I connect my phone via OpenVPN.

I go to my phone's chrome web browser while not connected via wifi (so I'm on an external mobile network on my phone). I hit 192.168.1.21, and it brings up my NVR's log in page. I enter my user name and password, takes me into my NVR. Go to Config, or whatever page, works fine.

ivms-4500, setup device to my xxx.mynetgear.com page that my NVR is set to for DDNS. Failed to connect. I'm using the IP/Domain mode, which I think is correct mode to choose for DDNS??

Then instead I insert 192.168.1.21 into the IP address for ivms-4500. It connects and recognizes 7 cameras.

Hit Live view.... after a while, 8200 error.

This can't be that hard can it??

Edit: I don't think I need to go to a coffee shop, given OpenVPN connects to my local network when I'm on mobile data and I can get into my NVR's web GUI?? I actually don't recall anymore, what is the point of using a DDNS service again?

 

[SouthernYankee]

I have no idea what you are doing. I never do anything with my ASUS DDNS. I use the client.ovpn file to set up the client openVPN on my phone. Everything is in that file. open the openVPN client app on the phone and it connects. that is all there is. After the openvpn client is up and running on android there should be a green and white horseshoe in the upper left corner of your phone screen.

I have two short cuts on my phone home screen one for connect (xxxxxx.asuscomm.com) and one for disconnect.