The only thing I found that works on cellular modems or routers is Tailscale. My brother is using it at his cabin with a 4G modem.
John
VPN Primer for Noobs
- Thread starter nayr
- Start date
John
I run a commercially available OpenVPN client on my router. It changes my IP address. Is that enough?
sebastiantombs
Known around here
You don't need a client on your router, you need a VPN host on your router. The client hides your IP address when you're surfing and offers no protection when accessing your LAN from outside to view cameras.
Last edited:
You want a VPN that puts you back onto YOUR network, not a VPN that changes or masks your IP address - that is for illegal streaming and porn addictions LOL.
user8963
Known around here
I’ve been putting this stuff for a year now. I finally got some more cameras (TY WittAJ and others for suggestions) and now I’m trying to:
Find a app that I can use either on my android phone and IPad (if possible) when I am home and when I amon the road traveling. I haven’t found a program yet for the record. I heard about tiny cam…
anyway I’ve heard about a VPN and am probably in over my head on trying to tackle this latest mission impossible home project of mine. I’m desperate for guidance or recommendations if anyone has any… (except for just give up kid or pay a professional already heh)
Here’s my setup: I have 4 IP cameras (3 Dahua, 1 Hik) hooked into a POE switch. That switch is connected to an my BI computer via a secondary NIC. I read some guide about changing the the gateway or subnet on the secondary card which I did. The primary NIC (the one that’s part of the motherboard) is connected an old ASus RT-N66U that I haven’t used I a while. It has WW-DRT which has options for OpenVPN on it.
The Asus router (wan port?) is connected to my actual internet router. I hope this made sense cuz it’s confusing as Shi! to me.
‘Finally my question is in regards to setting up a VPN. I saw quite a few guides on running OpenVPN server from a computer but I don’t understand how that works. I’m assuming I can’t run this software on a computer in my house on my home network. My friend says he uses Nord for like $70 very 3 years. If I don’t have to pay money than that’s the route I rather go unless paying for a dedicated server is the way to go. Any thoughts. Sorry y’all long winded post.
Find a app that I can use either on my android phone and IPad (if possible) when I am home and when I amon the road traveling. I haven’t found a program yet for the record. I heard about tiny cam…
anyway I’ve heard about a VPN and am probably in over my head on trying to tackle this latest mission impossible home project of mine. I’m desperate for guidance or recommendations if anyone has any… (except for just give up kid or pay a professional already heh)
Here’s my setup: I have 4 IP cameras (3 Dahua, 1 Hik) hooked into a POE switch. That switch is connected to an my BI computer via a secondary NIC. I read some guide about changing the the gateway or subnet on the secondary card which I did. The primary NIC (the one that’s part of the motherboard) is connected an old ASus RT-N66U that I haven’t used I a while. It has WW-DRT which has options for OpenVPN on it.
The Asus router (wan port?) is connected to my actual internet router. I hope this made sense cuz it’s confusing as Shi! to me.
‘Finally my question is in regards to setting up a VPN. I saw quite a few guides on running OpenVPN server from a computer but I don’t understand how that works. I’m assuming I can’t run this software on a computer in my house on my home network. My friend says he uses Nord for like $70 very 3 years. If I don’t have to pay money than that’s the route I rather go unless paying for a dedicated server is the way to go. Any thoughts. Sorry y’all long winded post.
NORD VPN hides your IP address for porno and illegal streaming - that is useless for what you are trying to do. You need your device to see your IP address, not hide it. You are the VPN and it is free.
You have an ASUS router with OpenVPN on it, so you do not need a server. You are overthinking it.
You have BI, so use the native UI3 to view it or buy the BI app ($10). Why go to Tiny Pro or something else. UI3 is great. Simply type in the IP address of your BI computer and the port number and you are in while home or OpenVPN while away.
OpenVPN is simple, but we make it way more difficult than it needs to be lol.
I was there too once with OpenVPN...tried to do all this research to find directions and got to the point I said screw it and just enabled it and kinda of followed what it was asking and it worked.
You will need a DDNS as your WAN IP address is subject to change at anytime by your ISP (although most do not change often) or you are paying for a static IP address. You can use the ASUS router to set up a DDNS or use the free one here.
Just log in to your router and enable OpenVPN and see what it says - probably asks you to create a user/PW, DDNS name, encryption method, and create certificate. Then email that certificate to you and save the certificate on your mobile device (or copy it and move it to your device). Then install the OpenVPN app and select the certificate and then connect and you are on your home network.
It really is simpler than our minds make it out to be.
randyshomeprojects.blogspot.com
You have an ASUS router with OpenVPN on it, so you do not need a server. You are overthinking it.
You have BI, so use the native UI3 to view it or buy the BI app ($10). Why go to Tiny Pro or something else. UI3 is great. Simply type in the IP address of your BI computer and the port number and you are in while home or OpenVPN while away.
OpenVPN is simple, but we make it way more difficult than it needs to be lol.
I was there too once with OpenVPN...tried to do all this research to find directions and got to the point I said screw it and just enabled it and kinda of followed what it was asking and it worked.
You will need a DDNS as your WAN IP address is subject to change at anytime by your ISP (although most do not change often) or you are paying for a static IP address. You can use the ASUS router to set up a DDNS or use the free one here.
Just log in to your router and enable OpenVPN and see what it says - probably asks you to create a user/PW, DDNS name, encryption method, and create certificate. Then email that certificate to you and save the certificate on your mobile device (or copy it and move it to your device). Then install the OpenVPN app and select the certificate and then connect and you are on your home network.
It really is simpler than our minds make it out to be.
OpenVPN on a Asus router
Sept 2021 Turned off comments because of ads July 2021 Bought a new Asus router, an RT-AX86U. Loaded it right away with Merlin firmware, s...
randyshomeprojects.blogspot.com
SouthernYankee
IPCT Contributor
-----------------------------------------------
My general VPN post
There are two types of VPN, do not get them confused.
The type depends on where the traffic conversation originates
1) origination: local home network, destination the internet.
This type of VPN is purpose to hides your activity from the internet, it is outbound, it normally costs a monthly fee to use. Direction is from your home PC to the internet, going to your bank, google, porn sites,,,, this not what you want. This VPN uses a VPN server that is in the middle of your communications.
2) Origination: the internet world wide web, destination: your home network.
This VPN type is used to provide a secure connection onto your local network, in bound to you local home network, from your office computer, your cell phone in your car, tablet at the coffee shop.. This is what you want, it does not have a monthly fee and is normally completely free. OpenVPN is this type of VPN.
If you home internet provider is a cellular network, then DDNS (dynamic Domain Name System) may not work, the DDNS is needed for most Inbound VPN services (OpenVpn) to get your home IP address (it is not static) so OpenVPN may not work for you.
Look at ngok or Hamachi for remote access to a home cellular network (I have NOT used these)
A video on the paid VPN.
------------------------------------------------------
My general VPN post
There are two types of VPN, do not get them confused.
The type depends on where the traffic conversation originates
1) origination: local home network, destination the internet.
This type of VPN is purpose to hides your activity from the internet, it is outbound, it normally costs a monthly fee to use. Direction is from your home PC to the internet, going to your bank, google, porn sites,,,, this not what you want. This VPN uses a VPN server that is in the middle of your communications.
2) Origination: the internet world wide web, destination: your home network.
This VPN type is used to provide a secure connection onto your local network, in bound to you local home network, from your office computer, your cell phone in your car, tablet at the coffee shop.. This is what you want, it does not have a monthly fee and is normally completely free. OpenVPN is this type of VPN.
If you home internet provider is a cellular network, then DDNS (dynamic Domain Name System) may not work, the DDNS is needed for most Inbound VPN services (OpenVpn) to get your home IP address (it is not static) so OpenVPN may not work for you.
Look at ngok or Hamachi for remote access to a home cellular network (I have NOT used these)
A video on the paid VPN.
------------------------------------------------------
When turning off port forwarding and using the VPN, do you still get push notifications/messages/alerts that someone is at the door or it detects motion? And if you wanted to view who was at the door, you would quickly have to turn on the VPN to view the cameras?
Mike A.
Known around here
- May 6, 2017
- 4,139
- 6,943
You do receive push notifications. Moving previews will not be received unless the VPN is active on the client device. Yes, in order to connect to the system VPN needs to be turned on.
There are various ways to work with things to make that easier/more convenient. You can simply enable VPN all the time. At a practical level it's not much of a hit to performance for most typical uses. You can enable VPN selectively using various utilities based on geolocation, WiFi not connected to your local network, by app use, etc. You can receive the moving alerts via text/PushBullet. Etc...
Spent this evening setting up open VPN on my router and getting all that working... Just looking for clarification on the settings in BI. Does this look right? Seems like I can't broadcast it ONLY on the LAN, I have to have the WAN option enabled as well. The part I drew over is my IP address, doesn't this mean I'm still broadcasting video out publicly which could make me susceptible to attack?
On the iPhone app side I configured it only with my LAN address on the server (using port 4880) and it works beautifully as long as the VPN as activated, and not when the VPN is off (as expected).
Confirm this sounds right?
On the iPhone app side I configured it only with my LAN address on the server (using port 4880) and it works beautifully as long as the VPN as activated, and not when the VPN is off (as expected).
Confirm this sounds right?
No idea dockdoc. I have my own VPN queries:-
Having taken notice of the dangers of forwarding ports, I bought an ASUS AC88U to tunnel through to my BI PC when I'm away from home. Even though my networking knowledge is almost non existant, it seemed to be easy to configure an OpenVPN server in the router, send the OpenVPN file and then use vpn connect client with 4G both in my iPad and Windows laptop (using the iPad's Personal Hotspot). Both the iPad and laptop appear to connect no problem and I can access the router using its local IP address 192.168.1.1 with 4G in a browser.
Now the problems start. BI's web server (in my case 192.168.1.100:8020) only works using wifi. I've taken a picture of the vpn connect settings (below). The port number seems to be the default in the router but what's this "your private IP 10.8.0.2" got to do with anything? And then there's the public IP address. When VPN is not connected, the router, iPad and phone all have the same external IP address but the BI PC is different and the laptop is different again.
If you guys can sort me out please, I also use RDP with the laptop locally to BI's headless PC. Now that I don't forward ports, is there a way to use RDP over 4G or else some other way?
Having taken notice of the dangers of forwarding ports, I bought an ASUS AC88U to tunnel through to my BI PC when I'm away from home. Even though my networking knowledge is almost non existant, it seemed to be easy to configure an OpenVPN server in the router, send the OpenVPN file and then use vpn connect client with 4G both in my iPad and Windows laptop (using the iPad's Personal Hotspot). Both the iPad and laptop appear to connect no problem and I can access the router using its local IP address 192.168.1.1 with 4G in a browser.
Now the problems start. BI's web server (in my case 192.168.1.100:8020) only works using wifi. I've taken a picture of the vpn connect settings (below). The port number seems to be the default in the router but what's this "your private IP 10.8.0.2" got to do with anything? And then there's the public IP address. When VPN is not connected, the router, iPad and phone all have the same external IP address but the BI PC is different and the laptop is different again.
If you guys can sort me out please, I also use RDP with the laptop locally to BI's headless PC. Now that I don't forward ports, is there a way to use RDP over 4G or else some other way?
Mike A.
Known around here
- May 6, 2017
- 4,139
- 6,943
The 10.8.0.2 address is assigned by OpenVPN. What happens is that when connected via the VPN you don't truly receive an IP address on your local network as you would from DHCP connecting locally. You'll have the 10.8.0.x address which is then routed internally over to a local address within 192.168.x.x (or whatever). That's all typical and as it should be. If you look on the Asus under the advanced settings for the VPN, then you'll see where that's set up. You can change it if you want but not necessary unless you have some particular need. Might seem like you should, but you don't want to change it to a 192.168.x.x address (or whatever is used internally). That will cause troubles.
Not sure that I follow "only works using wifi" and all machines have the same external address. Your image looks OK. 1194 is the default port for OpenVPN.
Yes, you can use RDP over the VPN. Get a VPN client from the App Store (or as appropriate for whatever). Connect via VPN. Launch the RDP client and connect to whatever local host IP. Kind of tough to use on a phone since it's so tiny but can be done in a pinch.
Not sure that I follow "only works using wifi" and all machines have the same external address. Your image looks OK. 1194 is the default port for OpenVPN.
Yes, you can use RDP over the VPN. Get a VPN client from the App Store (or as appropriate for whatever). Connect via VPN. Launch the RDP client and connect to whatever local host IP. Kind of tough to use on a phone since it's so tiny but can be done in a pinch.
Hello Mike A. Many thanks for your reply. I think I understand your first paragraph and am happy to leave the 10…., 192….. and default openVPN port as they are now.
What I meant by “only works with wifi” is, when at home and using wifi, I can enter 192.168.1.100:8020 in my iPad browser to connect with BI’s web server. However, if I switch wifi off and instead use openVPN with 4G, entering 192.168.1.100:8020 no longer connects with BI’s web server. I am only able to connect to the router on 192.168.1.1 From what you say, I suspect that if you can help me fix this problem, then RDP would also start to work via openVPN and 4G.
Best to not confuse me by also explaining about external addresses just now.
Hey guys, Just wanted to say a big thank you for all the info. Been dealing with first world problems but I"m finally able to devote my full attention to finding a VPN and software\program that can allow me to hopefully check my cameras anytime on my phone\ipad at home or away on the road when I travel. Again TY!
Also @wittaj I'm trying to follow Randy's guide but running into issues. It's a little unclear but does my Asus router that I'm setting up the VPN on have to be my main router that all my devices in my tablets\computers\phones. I took the time to make an illustration so it makes more sense.
I was under the impression that I could use the ASUS as a VPN router that doesn't have to be my main router that I use for everything else in the house. The ASUS is connected to the BIue Iris computer's secondary (PCI) Nic card. Hope this made sense cuz it's making my head spin
Also @wittaj I'm trying to follow Randy's guide but running into issues. It's a little unclear but does my Asus router that I'm setting up the VPN on have to be my main router that all my devices in my tablets\computers\phones. I took the time to make an illustration so it makes more sense.
I was under the impression that I could use the ASUS as a VPN router that doesn't have to be my main router that I use for everything else in the house. The ASUS is connected to the BIue Iris computer's secondary (PCI) Nic card. Hope this made sense cuz it's making my head spin
Attachments
Last edited:
Have you limited the "local access" on BI to just the 192.168.1.X network? You probably need to allow access from 10.8.0.x as well.
Hi The Automation Guy
Thanks for replying, I appreciate you trying to help. I decided that perhaps this thread was now a bit long in the tooth to solve my problem and started a new thread in “Networking” and am pleased to report that my problem has been resolved. Take a look, the post title is “Multiple Public IP addresses”. Multiple Public IP addresses Take a look.
Maybe it would also be helpful for you HomieTheClown.
Cheers
My router only offers L2TP or PPTP for VPN (no open VPN). I cant simply buy one of the Asus routers with OpenVPN because it wont provide sufficient wifi coverage for my house like my Mesh network so for now im stuck with my current router.
I also recently bought a dedicated Dell Optiplex running Win 10 pro that i will be putting BI on. I saw in the VPN sticky that you can run VPN service from a dedicated NVR. I might have missed it but how do you set up the VPN on the dedicated NVR windows box? Ive found many references to PiVPN but thats for linux not windows. Am i supposed to run a VM on the dedicated NVR thats running linux to set up the vpn? Am i better to try and get L2TP set up on my router or getting vpn running on my NVR box?
My router doesnt have a built in firewall so i assume id still need dual nics since i cant write firewall rules to block the cams from getting out to the net. Is that true? I tried to look around for a dedicated firewall box but they are expensive and feels like it may be overkill.
I hope my questions make sense, i have some networking experience but im rusty since its been about a decade since i worked in the field. Thanks.
I also recently bought a dedicated Dell Optiplex running Win 10 pro that i will be putting BI on. I saw in the VPN sticky that you can run VPN service from a dedicated NVR. I might have missed it but how do you set up the VPN on the dedicated NVR windows box? Ive found many references to PiVPN but thats for linux not windows. Am i supposed to run a VM on the dedicated NVR thats running linux to set up the vpn? Am i better to try and get L2TP set up on my router or getting vpn running on my NVR box?
My router doesnt have a built in firewall so i assume id still need dual nics since i cant write firewall rules to block the cams from getting out to the net. Is that true? I tried to look around for a dedicated firewall box but they are expensive and feels like it may be overkill.
I hope my questions make sense, i have some networking experience but im rusty since its been about a decade since i worked in the field. Thanks.
flynreelow
Known around here
- Dec 12, 2016
- 1,349
- 1,235
u can run Open VPN on a cheap RasPi and just put that on your network.. that may be the easiest.
I did see that but sadly it looks like raspberry pis arent readily available to purchase right now. I could buy another dell box for like $100 i guess but if i can run my cams and vpn on the same box it would be more convenient and be less of a power draw.
For the record the dell i got is the i7-6700 @ 3.4GHZ w 16gb ddr4 memory. So not sure if that will be enough fire power or not. At max im prob looking at 6-8 cameras.