VPN Primer for Noobs

What VPN Solution are you using?


  • Total voters
    764

opus too

Getting the hang of it
Joined
Nov 25, 2018
Messages
42
Reaction score
34
Location
usa
As a newbie to CCTV and networking, I've read pages and pages and then discover to my surprise (page 65 of this thread) that a VPN won't work on my 4G wireless modem. Is this correct? Maybe in my ignorance I misread something or misunderstood something.
I'm considering installing a Dahua CCTV / NVR system here at home that I can access remotely and the only home internet access I have is via a wireless modem. No wires around in this rural area!
The only thing I found that works on cellular modems or routers is Tailscale. My brother is using it at his cabin with a 4G modem.
John
 

RIPE

Young grasshopper
Joined
Jun 19, 2017
Messages
41
Reaction score
5
I run a commercially available OpenVPN client on my router. It changes my IP address. Is that enough?
 

sebastiantombs

Known around here
Joined
Dec 28, 2019
Messages
9,338
Reaction score
21,130
Location
New Jersey
You don't need a client on your router, you need a VPN host on your router. The client hides your IP address when you're surfing and offers no protection when accessing your LAN from outside to view cameras.
 
Last edited:

wittaj

IPCT Contributor
Joined
Apr 28, 2019
Messages
11,114
Reaction score
19,590
Location
USA
You want a VPN that puts you back onto YOUR network, not a VPN that changes or masks your IP address - that is for illegal streaming and porn addictions LOL.
 

HomieTheClown

Young grasshopper
Joined
Nov 10, 2020
Messages
38
Reaction score
17
Location
USA
I’ve been putting this stuff for a year now. I finally got some more cameras (TY WittAJ and others for suggestions) and now I’m trying to:
Find a app that I can use either on my android phone and IPad (if possible) when I am home and when I amon the road traveling. I haven’t found a program yet for the record. I heard about tiny cam…

anyway I’ve heard about a VPN and am probably in over my head on trying to tackle this latest mission impossible home project of mine. I’m desperate for guidance or recommendations if anyone has any… (except for just give up kid or pay a professional already heh)
Here’s my setup: I have 4 IP cameras (3 Dahua, 1 Hik) hooked into a POE switch. That switch is connected to an my BI computer via a secondary NIC. I read some guide about changing the the gateway or subnet on the secondary card which I did. The primary NIC (the one that’s part of the motherboard) is connected an old ASus RT-N66U that I haven’t used I a while. It has WW-DRT which has options for OpenVPN on it.
The Asus router (wan port?) is connected to my actual internet router. I hope this made sense cuz it’s confusing as Shi! to me.

‘Finally my question is in regards to setting up a VPN. I saw quite a few guides on running OpenVPN server from a computer but I don’t understand how that works. I’m assuming I can’t run this software on a computer in my house on my home network. My friend says he uses Nord for like $70 very 3 years. If I don’t have to pay money than that’s the route I rather go unless paying for a dedicated server is the way to go. Any thoughts. Sorry y’all long winded post.
 

wittaj

IPCT Contributor
Joined
Apr 28, 2019
Messages
11,114
Reaction score
19,590
Location
USA
NORD VPN hides your IP address for porno and illegal streaming - that is useless for what you are trying to do. You need your device to see your IP address, not hide it. You are the VPN and it is free.

You have an ASUS router with OpenVPN on it, so you do not need a server. You are overthinking it.

You have BI, so use the native UI3 to view it or buy the BI app ($10). Why go to Tiny Pro or something else. UI3 is great. Simply type in the IP address of your BI computer and the port number and you are in while home or OpenVPN while away.

OpenVPN is simple, but we make it way more difficult than it needs to be lol.

I was there too once with OpenVPN...tried to do all this research to find directions and got to the point I said screw it and just enabled it and kinda of followed what it was asking and it worked.

You will need a DDNS as your WAN IP address is subject to change at anytime by your ISP (although most do not change often) or you are paying for a static IP address. You can use the ASUS router to set up a DDNS or use the free one here.

Just log in to your router and enable OpenVPN and see what it says - probably asks you to create a user/PW, DDNS name, encryption method, and create certificate. Then email that certificate to you and save the certificate on your mobile device (or copy it and move it to your device). Then install the OpenVPN app and select the certificate and then connect and you are on your home network.

It really is simpler than our minds make it out to be.

 

SouthernYankee

IPCT Contributor
Joined
Feb 15, 2018
Messages
5,123
Reaction score
5,108
Location
Houston Tx
-----------------------------------------------
My general VPN post
There are two types of VPN, do not get them confused.
The type depends on where the traffic conversation originates

1) origination: local home network, destination the internet.
This type of VPN is purpose to hides your activity from the internet, it is outbound, it normally costs a monthly fee to use. Direction is from your home PC to the internet, going to your bank, google, porn sites,,,, this not what you want. This VPN uses a VPN server that is in the middle of your communications.

2) Origination: the internet world wide web, destination: your home network.
This VPN type is used to provide a secure connection onto your local network, in bound to you local home network, from your office computer, your cell phone in your car, tablet at the coffee shop.. This is what you want, it does not have a monthly fee and is normally completely free. OpenVPN is this type of VPN.

If you home internet provider is a cellular network, then DDNS (dynamic Domain Name System) may not work, the DDNS is needed for most Inbound VPN services (OpenVpn) to get your home IP address (it is not static) so OpenVPN may not work for you.
Look at ngok or Hamachi for remote access to a home cellular network (I have NOT used these)

A video on the paid VPN.
------------------------------------------------------
 

youscott

n3wb
Joined
Nov 12, 2019
Messages
25
Reaction score
4
Location
Houston, Texas
When turning off port forwarding and using the VPN, do you still get push notifications/messages/alerts that someone is at the door or it detects motion? And if you wanted to view who was at the door, you would quickly have to turn on the VPN to view the cameras?
 

Mike A.

Known around here
Joined
May 6, 2017
Messages
1,872
Reaction score
2,291
When turning off port forwarding and using the VPN, do you still get push notifications/messages/alerts that someone is at the door or it detects motion? And if you wanted to view who was at the door, you would quickly have to turn on the VPN to view the cameras?
You do receive push notifications. Moving previews will not be received unless the VPN is active on the client device. Yes, in order to connect to the system VPN needs to be turned on.

There are various ways to work with things to make that easier/more convenient. You can simply enable VPN all the time. At a practical level it's not much of a hit to performance for most typical uses. You can enable VPN selectively using various utilities based on geolocation, WiFi not connected to your local network, by app use, etc. You can receive the moving alerts via text/PushBullet. Etc...
 

dockdoc

n3wb
Joined
Dec 27, 2021
Messages
13
Reaction score
14
Location
Charlotte NC
Spent this evening setting up open VPN on my router and getting all that working... Just looking for clarification on the settings in BI. Does this look right? Seems like I can't broadcast it ONLY on the LAN, I have to have the WAN option enabled as well. The part I drew over is my IP address, doesn't this mean I'm still broadcasting video out publicly which could make me susceptible to attack?

On the iPhone app side I configured it only with my LAN address on the server (using port 4880) and it works beautifully as long as the VPN as activated, and not when the VPN is off (as expected).

Confirm this sounds right?

Screenshot 2022-02-24 014006.png
 

Dave Lonsdale

Pulling my weight
Joined
Dec 3, 2015
Messages
392
Reaction score
170
Location
Congleton Edge, UK
No idea dockdoc. I have my own VPN queries:-

Having taken notice of the dangers of forwarding ports, I bought an ASUS AC88U to tunnel through to my BI PC when I'm away from home. Even though my networking knowledge is almost non existant, it seemed to be easy to configure an OpenVPN server in the router, send the OpenVPN file and then use vpn connect client with 4G both in my iPad and Windows laptop (using the iPad's Personal Hotspot). Both the iPad and laptop appear to connect no problem and I can access the router using its local IP address 192.168.1.1 with 4G in a browser.

Now the problems start. BI's web server (in my case 192.168.1.100:8020) only works using wifi. I've taken a picture of the vpn connect settings (below). The port number seems to be the default in the router but what's this "your private IP 10.8.0.2" got to do with anything? And then there's the public IP address. When VPN is not connected, the router, iPad and phone all have the same external IP address but the BI PC is different and the laptop is different again.

If you guys can sort me out please, I also use RDP with the laptop locally to BI's headless PC. Now that I don't forward ports, is there a way to use RDP over 4G or else some other way?



VPN connected (1).jpgVPN connected (2).jpg
 

Mike A.

Known around here
Joined
May 6, 2017
Messages
1,872
Reaction score
2,291
The 10.8.0.2 address is assigned by OpenVPN. What happens is that when connected via the VPN you don't truly receive an IP address on your local network as you would from DHCP connecting locally. You'll have the 10.8.0.x address which is then routed internally over to a local address within 192.168.x.x (or whatever). That's all typical and as it should be. If you look on the Asus under the advanced settings for the VPN, then you'll see where that's set up. You can change it if you want but not necessary unless you have some particular need. Might seem like you should, but you don't want to change it to a 192.168.x.x address (or whatever is used internally). That will cause troubles.

Not sure that I follow "only works using wifi" and all machines have the same external address. Your image looks OK. 1194 is the default port for OpenVPN.

Yes, you can use RDP over the VPN. Get a VPN client from the App Store (or as appropriate for whatever). Connect via VPN. Launch the RDP client and connect to whatever local host IP. Kind of tough to use on a phone since it's so tiny but can be done in a pinch.
 

Dave Lonsdale

Pulling my weight
Joined
Dec 3, 2015
Messages
392
Reaction score
170
Location
Congleton Edge, UK
The 10.8.0.2 address is assigned by OpenVPN. What happens is that when connected via the VPN you don't truly receive an IP address on your local network as you would from DHCP connecting locally. You'll have the 10.8.0.x address which is then routed internally over to a local address within 192.168.x.x (or whatever). That's all typical and as it should be. If you look on the Asus under the advanced settings for the VPN, then you'll see where that's set up. You can change it if you want but not necessary unless you have some particular need. Might seem like you should, but you don't want to change it to a 192.168.x.x address (or whatever is used internally). That will cause troubles.

Not sure that I follow "only works using wifi" and all machines have the same external address. Your image looks OK. 1194 is the default port for OpenVPN.

Yes, you can use RDP over the VPN. Get a VPN client from the App Store (or as appropriate for whatever). Connect via VPN. Launch the RDP client and connect to whatever local host IP. Kind of tough to use on a phone since it's so tiny but can be done in a pinch.
Hello Mike A. Many thanks for your reply. I think I understand your first paragraph and am happy to leave the 10…., 192….. and default openVPN port as they are now.

What I meant by “only works with wifi” is, when at home and using wifi, I can enter 192.168.1.100:8020 in my iPad browser to connect with BI’s web server. However, if I switch wifi off and instead use openVPN with 4G, entering 192.168.1.100:8020 no longer connects with BI’s web server. I am only able to connect to the router on 192.168.1.1 From what you say, I suspect that if you can help me fix this problem, then RDP would also start to work via openVPN and 4G.

Best to not confuse me by also explaining about external addresses just now.
 

HomieTheClown

Young grasshopper
Joined
Nov 10, 2020
Messages
38
Reaction score
17
Location
USA
Hey guys, Just wanted to say a big thank you for all the info. Been dealing with first world problems but I"m finally able to devote my full attention to finding a VPN and software\program that can allow me to hopefully check my cameras anytime on my phone\ipad at home or away on the road when I travel. Again TY!

Also @wittaj I'm trying to follow Randy's guide but running into issues. It's a little unclear but does my Asus router that I'm setting up the VPN on have to be my main router that all my devices in my tablets\computers\phones. I took the time to make an illustration so it makes more sense.
I was under the impression that I could use the ASUS as a VPN router that doesn't have to be my main router that I use for everything else in the house. The ASUS is connected to the BIue Iris computer's secondary (PCI) Nic card. Hope this made sense cuz it's making my head spin
 

Attachments

Last edited:

The Automation Guy

Getting comfortable
Joined
Feb 7, 2019
Messages
682
Reaction score
1,147
Location
USA
What I meant by “only works with wifi” is, when at home and using wifi, I can enter 192.168.1.100:8020 in my iPad browser to connect with BI’s web server. However, if I switch wifi off and instead use openVPN with 4G, entering 192.168.1.100:8020 no longer connects with BI’s web server. I am only able to connect to the router on 192.168.1.1
Have you limited the "local access" on BI to just the 192.168.1.X network? You probably need to allow access from 10.8.0.x as well.
 

Dave Lonsdale

Pulling my weight
Joined
Dec 3, 2015
Messages
392
Reaction score
170
Location
Congleton Edge, UK
Have you limited the "local access" on BI to just the 192.168.1.X network? You probably need to allow access from 10.8.0.x as well.
Hi The Automation Guy
Thanks for replying, I appreciate you trying to help. I decided that perhaps this thread was now a bit long in the tooth to solve my problem and started a new thread in “Networking” and am pleased to report that my problem has been resolved. Take a look, the post title is “Multiple Public IP addresses”. Multiple Public IP addresses Take a look.

Maybe it would also be helpful for you HomieTheClown.

Cheers
 
Top