VPN Primer for Noobs

Parley · Apr 15, 2023

By the way, I have not seen nayr around for a number of years now. He is the OP and used to be on the forum quite often.

truglo · Apr 17, 2023

Barboots said:
If I have OpenVPN server running at home on an Asus router, and a remote client connected. Is it possible (within the VPN framework) to view the client device from the home network... or would this require the server/client roles to be reversed?

I have set up a remote site with a few cams and was hoping to be able to tunnel into the site. I can access my home network from the remote site, but can't seem to "look the other way". Is my realisation that this is due to the server/client relationship correct?

The current network devices at the remote site do not have OpenVPN server capabilities.
The 5G modem is Android based, and apparently Android requires Root to perform as server. The POE switch is dumb. I'm curious if anyone has any alternative (secure) solutions for me to consider.

AFAIK there's no way to "invert" the server/client as you mention using openvpn. You would need a server at your remote site as well if you want to access using a client from home. I'm not familiar with 5G modems, or what options you have to get this working. I know asus routers do have the capability to run a 5g modem as a "backup connection". Not sure if it's possible to get that working with your 5G modem for openvpn.

staind204 · Apr 17, 2023

staind204 said:
Alright so I am about ready to put this WW-DRT Netgear in my network. Since I currently have a mesh network I need to put the Netgear/OpenVPN in front of my topology.

Current:
Modem -> Main Mesh Router/AP -> Switch -> Additional Mesh Routers/APs

New:
Modem -> Netgear/OpenVPN -> Mesh Router/AP -> Switch -> Additional Mesh Routers/APs

Do I need to put the Netgear into bridge mode?

Now that it's warmer I've started mounting my cams and using them in BI. However I need my VPN set up to access away from home. Is the "new" topology I mentioned above the correct way to wire my netgear OpenVPN router? Thank you.

flynreelow · Apr 17, 2023

staind204 said:
Now that it's warmer I've started mounting my cams and using them in BI. However I need my VPN set up to access away from home. Is the "new" topology I mentioned above the correct way to wire my Asus OpenVPN router? Thank you.

no .

duckdns and rasberri pi with PiVPN and wireguard

just set this up today. had never uses a pi before but i was up and running in about an hr.

works great, and a lot faster than open vpn I used to use running on my router

staind204 · Apr 18, 2023

flynreelow said:
no .

duckdns and rasberri pi with PiVPN and wireguard

just set this up today. had never uses a pi before but i was up and running in about an hr.

works great, and a lot faster than open vpn I used to use running on my router

Edit: figured out the physical wiring.

agarb · May 2, 2023

Was going to setup OpenVPN on my Asus router tonight. But I get this message... am I out of luck?

I'm in a rural area and my internet is provided wirelessly by a local company who installed Ubiquiti equipment in my yard pointing at a farmer's grain leg several miles away. My current WAN address is 10.115.214.208

fenderman · May 2, 2023

agarb said:
Was going to setup OpenVPN on my Asus router tonight. But I get this message... am I out of luck?

I'm in a rural area and my internet is provided wirelessly by a local company who installed Ubiquiti equipment in my yard pointing at a farmer's grain leg several miles away. My current WAN address is 10.115.214.208

View attachment 161737

use zerotier or tailscale - there are many threads on how to set them up

agarb · May 4, 2023

So I tried zerotier and failed. It was odd because from the Blue Iris PC to my phone or the Blue Iris PC to a 2nd PC, the pings would fail about 25% of the time. But when I tried the 2nd PC to my phone, it never failed to ping.

My experience with tailscale, however, was flawless. Connected right away with no issue.

Ollie · Jul 23, 2023

Hi,
I would like to concatenate two routers.
An ISP (fyber) router to my vpn router.
The isp router has also wifi connectivity.
The ISP router is the first in order and will have the wan input. The vpn router will be connected to one of its ports.
Does my vpn network becomes vulnerable to traffic that arrives from other ports of the ISP router (or from wifi traffic, assuming that wifi is vulnerable by itself)?
Thanks.

bp2008 · Jul 24, 2023

Ollie said:
Hi,
I would like to concatenate two routers.
An ISP (fyber) router to my vpn router.
The isp router has also wifi connectivity.
The ISP router is the first in order and will have the wan input. The vpn router will be connected to one of its ports.
Does my vpn network becomes vulnerable to traffic that arrives from other ports of the ISP router (or from wifi traffic, assuming that wifi is vulnerable by itself)?
Thanks.

That depends on how you set it up. Any consumer router has a built in firewall and IPv4 NAT which together should prevent unauthorized traffic from coming into the "LAN" from the "WAN". But that requires the untrusted network to be plugged into the router's WAN port. There are many other considerations of course, because computer networking is complex.

Ollie · Jul 24, 2023

bp2008 said:
That depends on how you set it up. Any consumer router has a built in firewall and IPv4 NAT which together should prevent unauthorized traffic from coming into the "LAN" from the "WAN". But that requires the untrusted network to be plugged into the router's WAN port. There are many other considerations of course, because computer networking is complex.
[

bp2008 said:
That depends on how you set it up. Any consumer router has a built in firewall and IPv4 NAT which together should prevent unauthorized traffic from coming into the "LAN" from the "WAN". But that requires the untrusted network to be plugged into the router's WAN port. There are many other considerations of course, because computer networking is complex.

I'm not sure, that i've described the issue correctly.
My configuration should look like that:

Wan -> (in) router1
Router1 (port1) -> vpn-router

Now, if there are other devices which are connected to the other ports of router.
Can their traffic go through the vpn tunnel (at the vpn router), though they don't have the vpn password?
Does traffic that reach from the other router1 ports consider as coming from outside and will be filtered by the vpn at the way as traffic that reaches from the wan?
I want the traffic which comes from the other router1 ports will be blocked by the thr vpn router and won't reach its network.

bp2008 · Jul 24, 2023

Ollie said:
Can their traffic go through the vpn tunnel (at the vpn router), though they don't have the vpn password?

If you connect WAN port of vpn-router to Router1 (port1), then the answer is NO.

Ollie said:
Does traffic that reach from the other router1 ports consider as coming from outside and will be filtered by the vpn at the way as traffic that reaches from the wan?

If you connect WAN port of vpn-router to Router1 (port1), then ... YES. But the traffic will be blocked regardless of whether you run a VPN or not.

Ollie · Jul 24, 2023

bp2008 said:
If you connect WAN port of vpn-router to Router1 (port1), then the answer is NO.

If you connect WAN port of vpn-router to Router1 (port1), then ... YES. But the traffic will be blocked regardless of whether you run a VPN or not.

but traffic can go between different ports of the home router as it functions as a switch.

biggen · Jul 25, 2023

Ollie said:
but traffic can go between different ports of the home router as it functions as a switch.

You will have to use VLANS and firewall rules if you want to prevent traffic from traversing one port to another.

TwoDollarBlue · Aug 11, 2023

Is there a recommended router for setting up a VPN that is compatible with OpenVPN and doesn't require Omada SDN Controller? Prefer wired only as BI machine will be the only item on the VPN. Thank you in advance for any suggestions.

Ollie · Aug 11, 2023

TwoDollarBlue said:
Is there a recommended router for setting up a VPN that is compatible with OpenVPN and doesn't require Omada SDN Controller? Prefer wired only as BI machine will be the only item on the VPN. Thank you in advance for any suggestions.

I'm using a Tp-Link Omada ER605 V2 router.
I've defined there a vpn and I don't use a controller.

SodFather09 · Aug 11, 2023

Parley said:
By the way, I have not seen nayr around for a number of years now. He is the OP and used to be on the forum quite often.

Same here wonder what happen to him ?

TonyR · Aug 14, 2023

SodFather09 said:
Same here wonder what happen to him ?

I've thought about him also, off and on since last year. His last visit was May of 2017! :idk:

Jim I. · Aug 14, 2023

TonyR said:
I've thought about him also, off and on since last year. His last visit was May of 2017!

I stumbled on a post on a different forum a few months ago where he stated he was a former member of IPCamtalk. He said he had his reasons but didn't elaborate.

wpiman · Aug 14, 2023

Wireguard is the current way to go...

VPN Primer for Noobs

What VPN Solution are you using?

OpenVPN

IPSec/L2TP

on an OEM Asus Router

on a WRT flashed Router

on a pfSense Router

on my PC NVR (BlueIris, Milestone, etc)

on a dedicated device (Raspbery Pi, VPN Concentrator, etc)

ssh tunnels are the only way to roll

on my NAS (Synology, FreeNAS, etc)

on a OEM Netgear Router

Known around here

Pulling my weight

Getting the hang of it

Known around here

Getting the hang of it

Getting the hang of it

Getting the hang of it

Young grasshopper

Young grasshopper

Young grasshopper

Known around here

n3wb

Young grasshopper

Getting the hang of it

Getting comfortable

Pulling my weight