If the ISP requires using their router (ie no to swapping routers), and you are not responsible/allowed to access it for administration, then it seems the responsibility for configuring the vpn falls on their lap. I'm guessing you'll get told you can use your own router if you like... and they should be forthcoming with any vlan id's, gateway ip's, etc info that you might need to configure it. Alternatively, if they could forward your ovpn port you could setup ovpn server (with firewall) behind their router.
VPN Primer for Noobs
- Thread starter nayr
- Start date
The problem is that my internet service provider, also is responsible for my telephone and cable television.
In my country we only have two ISP’s who adhere to the same policy, so, no real choice as a matter of fact.
In my country we only have two ISP’s who adhere to the same policy, so, no real choice as a matter of fact.
justabeginner
Getting comfortable
Truglo, thanks for your post. I called my ISP and they said I can use my own router or they can open a port for me. So can I set up OpenVPN server on an Asus router and plug it behind their router?
Barboots
Pulling my weight
IMO, using just the one router would be a better option.
So thanks everyone for helping me get my system up and running!
These things only happen to me! So when I setup OpenVPN on the router, I did it without the DDNS just to keep it simple for testing.
So my IP changed. I went in to the router and turned on the DDNS and set that up and then went back into the VPN section and exported out another .ovpn file.
Load that on the phone and I connect via OpenVPN. I can log into the router just like when on home wifi and I can get into the computer via Remote Desktop app.
When I select the UI3 bookmark, I either get an Access denied "You don't have authorization to view this page. HTTP ERROR 403" OR it let's me see the UI3 login screen and when I attempt to login, I get a "LAN Access Only" error message.
I didn't change any other setting in the router. What am I missing?
These things only happen to me! So when I setup OpenVPN on the router, I did it without the DDNS just to keep it simple for testing.
So my IP changed. I went in to the router and turned on the DDNS and set that up and then went back into the VPN section and exported out another .ovpn file.
Load that on the phone and I connect via OpenVPN. I can log into the router just like when on home wifi and I can get into the computer via Remote Desktop app.
When I select the UI3 bookmark, I either get an Access denied "You don't have authorization to view this page. HTTP ERROR 403" OR it let's me see the UI3 login screen and when I attempt to login, I get a "LAN Access Only" error message.
I didn't change any other setting in the router. What am I missing?
Taking a stab in the dark here, but check in BlueIris > Settings > Users, select the user you are logging in as and click EDIT. Make sure there is not a check mark in LAN ONLY
Glad I could help. You are a step ahead of me as I still haven't tackled the VPN setup yet
Darn - I was hoping you could help me tackle how to make it faster over cellular service - it just sits there trying to load...
Hello all, any recommended tutorials on how to set up a VPN specifically OpenVPN? Kind of surprised at all the guides here telling you to use one and why you should use one but none actually showing you how. Hopefully it won't be too hard lol. I know I could google it but I feel like I could get better response here than anywhere else. My set up right now is I have 1 router which is my ISP's router that I can't get rid of so I'm forced to bridge it to another 1 so I went out can got a 2nd router that supported dd-wrt.
The 2nd router I got was a Linksys EA6700 due to how cheap(I think the price jumped up, I got it new for 50-60$ a few weeks ago but you can still get it new/used at that price) it was and how crazy easy it was to install dd-wrt and was a whole lot better than the one my ISP's gave me, especially hardware wise. I definitely recommend it for newbies who never modded their router before like me, guide here . Since I went ahead and got a 2nd router I decided to let the newer and better Linksys router be my main router while my ISP's router stay in wired bridge mode(which I had to manually set this up myself) and with dd-wrt installed I now have access to OpenVPN and a whole bunch of other features that I don't know where to begin.
I already have a NVR + IP cameras and I also have a set of analog cameras+DVR that I would also like to put behind a VPN. I'd like to know what the process on getting this all set up will be like.
The 2nd router I got was a Linksys EA6700 due to how cheap(I think the price jumped up, I got it new for 50-60$ a few weeks ago but you can still get it new/used at that price) it was and how crazy easy it was to install dd-wrt and was a whole lot better than the one my ISP's gave me, especially hardware wise. I definitely recommend it for newbies who never modded their router before like me, guide here . Since I went ahead and got a 2nd router I decided to let the newer and better Linksys router be my main router while my ISP's router stay in wired bridge mode(which I had to manually set this up myself) and with dd-wrt installed I now have access to OpenVPN and a whole bunch of other features that I don't know where to begin.
I already have a NVR + IP cameras and I also have a set of analog cameras+DVR that I would also like to put behind a VPN. I'd like to know what the process on getting this all set up will be like.
As an Amazon Associate IPCamTalk earns from qualifying purchases.
SouthernYankee
IPCT Contributor
Look at dd-wrt on how to set up OpneVPN. You will need a DDNS service to proved your IP lookup. Each hardware software combination is different. so you will only find specific directions for specific situations. There is no good general documentation.
A little late but thanks. In the meantime, how safe is it in keeping my IP cameras from accessing the internet if I only browse them at home/ LAN(phone, browser, etc.) and nowhere else basically, set up for no way for it to connect online? The only time I really look at my cameras is at home and was wondering if I would still need a VPN.
We are talking about "security probabilities". Some tips to make up your mind:
- even if you say: "the only time I look at the cameras is at home" - imagine you'll receive a call from your neighbours that someone is probably breaking in, and you are shopping 20 miles away. Wouldn't you wish that you had VPN access to simply assure yourself nothing is wrong?
- when you say: "safe to keep your cameras from accessing the internet": you mean: access FROM the internet to the camera's: that you will NEVER ever want. Then everybody (goodwill or bad will) can take over/hack/abuse/.. your infrastructure (not even your cam, but also your NAS etc etc). If you meant access TO the internet FROM the camera's: if you want them to synchronize their clock, that would be an acceptable excuse, however ample home routers can run an NTPd server for local clock synchronisation with your internal devices, in other words: there is absolutely no reason (excuse?) for having your camera's call home for whatever reason (except push notifications eg TCP2195 for Dahua cams).
- which brings me neatly to the last point: if you take @SouthernYankee s advice: deploy OpenVPN on DD-WRT, and you eliminate previous bullet points, and you are good to go when being at home and away.
Happy Camming!
CC
This is Just temporary until I figure this networking stuff out some more. My ISP's had to give me a slightly newer router a few days ago because the old 1 they gave me had become so old that they couldn't even identify it on their systems so now I want to rethink my network a bit as I still haven't bridged the Linksys dd-wrt router to it yet. Originally I was going to bridge the ISP's router and forward all my traffic to the dd-wrt router but since my ISP's gave me a new router I was thinking about setting the ISP's router to cascade(since it doesn't have a normal bridge mode and have to manually shutdown certain areas of the router myself) and only have all my camera on the dd-wrt router. MY ISP's were also looking at me funny and didn't know what I was talking about when I tried to explain VPNs, custom firmware, and the importance of securing my network, so I'm pretty much on my own trying to learn this myself. I mean I spent the last few months reading and learning networking tutorials and these guys don't know shit making me seem like I'm the professional
. As forlol my neighbors should be calling the police and not me, its not like I can do anything even if I saw the indecent on my phone but I get what you're saying. Like I said earlier, this would only be temporary.
I meant not letting it take in both WAN traffic nor send out WAN traffic at the same time, just until I set up OpenVPN.
This is Just temporary until I figure this networking stuff out some more. My ISP's had to give me a slightly newer router a few days ago because the old 1 they gave me had become so old that they couldn't even identify it on their systems so now I want to rethink my network a bit as I still haven't bridged the Linksys dd-wrt router to it yet. Originally I was going to bridge the ISP's router and forward all my traffic to the dd-wrt router but since my ISP's gave me a new router I was thinking about setting the ISP's router to cascade(since it doesn't have a normal bridge mode and have to manually shutdown certain areas of the router myself) and only have all my camera on the dd-wrt router. MY ISP's were also looking at me funny and didn't know what I was talking about when I tried to explain VPNs, custom firmware, and the importance of securing my network, so I'm pretty much on my own trying to learn this myself. I mean I spent the last few months reading and learning networking tutorials and these guys don't know shit making me seem like I'm the professional
Yes 98% of the time isp tech don't know anything beyond the bare essentials to get internet working through their router, nothing more, nothing less. 1% they don't even know that and are reading from a computer prompt, the other 1% actually do know some intermediate networking stuff. That latter knowledgeable 1% from my personal experiences with several isp companies, is never found through a phone call... rather once in a while a geeky tech will show up to do an install/upgrade on your house, and he'll actually be able to answer things like, "Do you guys offer ipv6, and if so what methods is it delivered?". Even then, when it comes to slightly more advanced networking topics like router scriptsing, personal vpn, vlan, and firewall setup, like mentioned above the conversation becomes very specific to the hardware and the application... no good general guides I can point to, rather specific methods that use specific hardware that can fit your application (for now, and hopefully a bit into the future). That's where I mentioned asus routers and openvpn... this world has more info/forums/help available than others imho.
It's true, just because you can see it doesn't mean you can stop it. OTOH, there are exceptions to that... like asking the neighbor to grab an amazon box on your step while you are out to work... etc... it's not all essential to living, but when you are confident how everything works together to create secured remote access.
Asus routers can use scripts to do this. I use a script called 'ipcamblocker.sh' (from a user at snbforums.com) on my asus router, which blocks a range of lan IP's from in/out wan access. Whenever I setup any camera (and some IOT devices too), I just configure my router dhcp so those devices have static ip's within the blocked range. This security works independent of the router ovpn server features, and should be done even if you don't use a vpn to access the lan remotely. As mentioned above, you also need to setup an ntp server on your router so these blocked devices can still update their clocks (I use the 'ntp-merlin' script for that).
I should also mention many other benefits to becoming 'router savvy' (with context to learning router commonly available router scripts)...
1- With the 'diversion' script, you can add whole lan ad blocking that will make pages load way faster, works flawlessly with tls ads (almost all these days), stop website tracking, etc... and with ovpn you can have that ad blocking available anywhere you go with your phone as well.
2- With the 'skynet' script, you can have a powerful firewall that uses many frequently updated 'bad actors lists' to block access to/from hacked IP's everywhere... you can also block entire countries (yes, you can still see 99.9% of international sites if you block the known bad countries).
I have a Synology RT 2600AC router that I am about to throw out the window on trying to get the VPN server working. I am a networking newb and have read through a bunch of their tech articles, have done 2 extended live chats, and have opened a support ticket with 2 lengthy replies and nothing. This is very frustrating
Edit
It would be helpful if the information below could be added to the first post in this thread. I've been going nuts for 2 weeks after watching video after video, reading post after post here, going through a bunch of tech articles from Synology for my Rt2600ac, 2 live chats with their support, 2 support ticket conversations, and on their recommendation finally a chat with my ISP support to find out why I haven't been able to connect. My ISP support let me know my IP was being natted. They changed me over to a static IP for no charge and now viola, VPN using Openvpn with the Openvpn for Android app connects. It would have been helpful to be aware of this potential issue as it would have saved me a lot of head scratching wondering what was going on. From what I've seen online, some Isp's won't do this at all or will charge extra for it.
Edit
It would be helpful if the information below could be added to the first post in this thread. I've been going nuts for 2 weeks after watching video after video, reading post after post here, going through a bunch of tech articles from Synology for my Rt2600ac, 2 live chats with their support, 2 support ticket conversations, and on their recommendation finally a chat with my ISP support to find out why I haven't been able to connect. My ISP support let me know my IP was being natted. They changed me over to a static IP for no charge and now viola, VPN using Openvpn with the Openvpn for Android app connects. It would have been helpful to be aware of this potential issue as it would have saved me a lot of head scratching wondering what was going on. From what I've seen online, some Isp's won't do this at all or will charge extra for it.
Last edited:
Barboots
Pulling my weight
Giving your ISP support team an earful is probably due, because as you soon as you said "VPN" they should have identified the issue. They are clearly inept tech-tarded script readers.
From my recollection of when this was applied unannounced on my service, doing an online test via a "what is my IP" type service will also flag the issue of CG NAT. I can't confirm this with a screenshot now of course.
Anyway, trials like these improve our knowledge and make us more capable in the future. Good that you have it sorted.
Cheers, Steve
I looked at whatsmyip and I don't recall anything about CG NAT being identified. The ISP tech did immediately mention that my IP was natted when I said I was having problems with setting up VPN. My ISP is a city owned Fiber Optics provider through our electric power board, and their tech support is actually excellent. In like 3 minutes you are in contact with a local person who knows what they are talking about, not a screen reader.
The "externally routable ip" bit on the first page mentioned for mobile or satellite may make sense for those who eat networking for breakfast, but that didn't at all translate into my problem for me. My concern is that for many people, being able to even setup a VPN server might be a problem due to ISP limitations. There may be some technical workarounds, but for us trying to learn this it may be a brick wall. It would really suck to have $1500 worth of camera/Blue Iris computer and not be able to get a VPN setup to securely access it.
wepee
Getting the hang of it
- Jul 16, 2016
- 255
- 59
Hi,
Anyone has tried wireguard server running in your Windows 10 PC?
Use wireguard app on your android phone to access BI ui3.htm web server?
I have found in this article written by Henry:
Wireguard Server running on Windows 10
The article will teach you how to set it up from A-Z.
The guy has come out his own findings and share it to the world to enjoy.
As of now, there is no actual official wireguard software that can run
in Windows 10 as a wireguard server. The article will teach you the workaround.
I must admit, even though Wireguard VPN is not regarded as the defacto VPN standard,
like OPENVPN does. The speed of transferring data will eventually win your heart,
although, I have not prove it within my testing yet.
Setting up and getting it running did not break a sweat.
Because, I did not like the idea of messing router to get VPN working.
Or need to buy a Asus router to get its build in OPENVPN working.
Or even mess with dd-wrt router to set up VPN.
I have sought out a solution and resorted to opensource path.
I have come across another solution in setting VPN at home.
It can all done within your Windows 10 PC.
Try: Softether VPN: Setting up Softether VPN Server in Windows
Warning: setting up this server could be lengthy, depends how much
you understand, your mileage can be varied.
I Just want to share something that I learned during the COV19 lockdown.
Anyone has tried wireguard server running in your Windows 10 PC?
Use wireguard app on your android phone to access BI ui3.htm web server?
I have found in this article written by Henry:
Wireguard Server running on Windows 10
The article will teach you how to set it up from A-Z.
The guy has come out his own findings and share it to the world to enjoy.
As of now, there is no actual official wireguard software that can run
in Windows 10 as a wireguard server. The article will teach you the workaround.
I must admit, even though Wireguard VPN is not regarded as the defacto VPN standard,
like OPENVPN does. The speed of transferring data will eventually win your heart,
although, I have not prove it within my testing yet.
Setting up and getting it running did not break a sweat.
Because, I did not like the idea of messing router to get VPN working.
Or need to buy a Asus router to get its build in OPENVPN working.
Or even mess with dd-wrt router to set up VPN.
I have sought out a solution and resorted to opensource path.
I have come across another solution in setting VPN at home.
It can all done within your Windows 10 PC.
Try: Softether VPN: Setting up Softether VPN Server in Windows
Warning: setting up this server could be lengthy, depends how much
you understand, your mileage can be varied.
I Just want to share something that I learned during the COV19 lockdown.
Last edited:
Hi Nayr,
I've been reading this thread for a while; this is the first post I think I have found that relates to my problem accessing my VPN that I recently set up on my home Nighthawk router running DD-WRT.
I have the VPN 'working' - that is, I can connect to my router login page and Hikvision NVR login page from my Android phone running OpenVPN when I type the appropriate IP address, example 192.168.1.140. If I turn off OpenVPN then these IP's are no longer accessible.
I configured the VPN using several guides because understanding how to generate certificates etc was difficult at the start and several ways of explanation helped me to grasp the setup process.
I don't have any ports forwarded and uPNP is disabled.
When OpenVPN is turned on on my Android phone, I can view my Hikvision camera using the iVMS app (Hikvision) however I don't want to use this application to view my cameras. I would like to use Tinycam Pro, of which I have purchased.
For the life of me I cannot figure out how to connect Tinycam Pro to see my camera connected to my NVR (IP 192.168.1.140).
I have the following in the firewall section of my router:
iptables -I INPUT 1 -p udp --dport 1194 -j ACCEPT
iptables -I FORWARD 1 --source 192.168.1.0/24 -j ACCEPT
# These next two lines may or may not be necessary.
# I (dereks) did not need them, but bmatthewshea did.
# Thus, we include them so that this works for more people:
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT
I have the following under the OpenVPN server settings:
push "dhcp-option DNS 192.168.88.1"
push "dhcp-option DOMAIN HOME"
push "route 192.168.1.0 255.255.255.0"
Would you at all have any ideas please?
Thank you!