VPN Primer for Noobs

What VPN Solution are you using?


  • Total voters
    836

mudflap5

Pulling my weight
Joined
Oct 19, 2014
Messages
143
Reaction score
198
Location
96598
Looking for a little guidance on setting up OpenVPN on an Asus router connected an AT&T Pace 5031NV-030 gateway. The goal is to use only one computer (PC) on the network to connect. (Andriod Phone - Pace gateway - Asus router/OpenVPN - PC). Followed this guide to setup the Asus router:


Randy : OpenVPN on a Asus router

I assume that I will need to port forward 1194 on the Pace gateway.

Opened 1194, but an online port checker says it is closed.

Previously had port 80 open, and the online port checker said 80 was open. (it has since been closed).

Has anyone had any success setting up OpenVPN / Asus router with the Pace 5031NV gateway?
 

grcgto

n3wb
Joined
Nov 5, 2015
Messages
12
Reaction score
3
Looking for a little guidance on setting up OpenVPN on an Asus router connected an AT&T Pace 5031NV-030 gateway. The goal is to use only one computer (PC) on the network to connect. (Andriod Phone - Pace gateway - Asus router/OpenVPN - PC). Followed this guide to setup the Asus router:


Randy : OpenVPN on a Asus router

I assume that I will need to port forward 1194 on the Pace gateway.

Opened 1194, but an online port checker says it is closed.

Previously had port 80 open, and the online port checker said 80 was open. (it has since been closed).

Has anyone had any success setting up OpenVPN / Asus router with the Pace 5031NV gateway?

Not with that particular gateway, no. However Randy's guide is pretty much spot on (I have the same router) and I did not have to do any port forwarding, his guide says nothing about that either. I did have to update my Asus router firmware.
 

mudflap5

Pulling my weight
Joined
Oct 19, 2014
Messages
143
Reaction score
198
Location
96598
Tried it without the port forward, but noticed on the Asus when DDNS was set up, it came up with this message:


"The wireless router currently uses a private WAN IP address."

"This router may be in the multiple-NAT environment and DDNS service cannot work in this environment."



Not sure what this means or if this may be why it will not connect.
 

grcgto

n3wb
Joined
Nov 5, 2015
Messages
12
Reaction score
3
Tried it without the port forward, but noticed on the Asus when DDNS was set up, it came up with this message:


"The wireless router currently uses a private WAN IP address."

"This router may be in the multiple-NAT environment and DDNS service cannot work in this environment."



Not sure what this means or if this may be why it will not connect.
Wish I could help but that is not something I have seen and would be beyond my (limited) expertise.....
 

DavidDavid

Getting comfortable
Joined
Jan 29, 2017
Messages
605
Reaction score
267
Location
Ohio
My guess is that your pace gateway is acting as a modem/router and your Asus behind it is a second router which is no good. Can you get to the admin page of the pace? You would have to disable NAT and DHCP on that then have your Asus act as your only router, and the pace acting as the modem.

Been a long time since I did that with my setup, but it went something like that I think?

Just make note of anything you change so if it gets messed up and you lose internet connection you can get it back quickly.
 

mudflap5

Pulling my weight
Joined
Oct 19, 2014
Messages
143
Reaction score
198
Location
96598
Router behind a router is the problem, and unfortunately there is no way to disable NAT and DHCP in the Pace 5031NV-030!
 

DavidDavid

Getting comfortable
Joined
Jan 29, 2017
Messages
605
Reaction score
267
Location
Ohio
I don't know how it would work since you're trying to do the VPN, but I've installed plenty of routers behind the main ISP provided router also. Mainly as AP's or as a cheap switch, so I just disabled NAT and DHCP on those.

Maybe try doing that on your Asus? And port forward 1194 from the pace to the IP address of the Asus?

That way you would essentially be using the Asus as a device on the network that (along with having a static IP address) only does WiFi and VPN for you.
 

mudflap5

Pulling my weight
Joined
Oct 19, 2014
Messages
143
Reaction score
198
Location
96598
Could not get the Asus working, so now I will will try to install OpenVPN on the camera computer.(which is what I should of done in the first place!)

During the setup it is asking for information:

set KEY_CN=changeme
set KEY_NAME=changeme
set KEY_OU=changeme
set PKCS11_MODULE_PATH=changeme

What do the 4 "changeme" values need to be?

Using this guide to set it up:

Easy_Windows_Guide – OpenVPN Community


Thanks

(fixed link)
 
Last edited:

mudflap5

Pulling my weight
Joined
Oct 19, 2014
Messages
143
Reaction score
198
Location
96598
Ya, that is the one I am using, just posted the wrong link! I still does not say specifically what to do with "changeme".
Sorry for the basic questions, this vpn stuff is new to me.
 

Tinman

Known around here
Joined
Nov 2, 2015
Messages
1,209
Reaction score
1,473
Location
USA
I do not see those in the guide I posted....just follow the guide step by step....do not overlook ANY step. The only thing I see "set" is where you put your country and state ??
 

himey97

n3wb
Joined
Nov 4, 2015
Messages
16
Reaction score
8
Location
Yorktown, VA
VPN newb question:
When enabling the VPN server on the (netgear) router in order to secure the IP cameras from the internet and allow secure remote access, will the family with tablet devices and phones still have normal (as in before the vpn was enabled) wifi internet access or must these devices now be running a vpn client app?
 

DavidDavid

Getting comfortable
Joined
Jan 29, 2017
Messages
605
Reaction score
267
Location
Ohio
The VPN itself on the router won't do anything to block the cameras from the internet. You must do that with the routers firewall rules.

Any devices connected to your home WiFi network will not need a VPN connection to see the cameras. It's only for securely viewing them when you're away from your home network.
 

Bigboboz

Young grasshopper
Joined
Apr 28, 2016
Messages
34
Reaction score
0
With iOS devices it's possible to configure them to connect to the VPN on demand (IPSec/L2TP only). Meaning you can set it so whenever you try to access your cams it will automatically connect. This takes a few more steps but is worth considering.
I'm keen but how do I do this?

Thanks,
Rob
 

tangent

IPCT Contributor
Joined
May 12, 2016
Messages
4,342
Reaction score
3,525
I'm keen but how do I do this?

Thanks,
Rob
Easiest way involves Apple Configurator 2 on the Mac App Store and requires a mac. I haven't used it in a while, but I remember reading it doesn't work as well as it used to. The other option would involve deploying an MDM policy to your device using some other service.
Some links to more information:
Create a Configuration Profile to Simplify VPN Setup on iPhones and iPads
Configuration Profile Reference
Auto-Connect your iOS-Device to a VPN when joining an unknown WiFi
VPN On Demand Payload
 

RicRat2009

Getting the hang of it
Joined
Jan 8, 2018
Messages
123
Reaction score
84
Location
Tejas
Trying to set this up on a always on PC. Not sure what to set the subnet IP to. Any suggestions? My eyes are bleeding from the reading.
 

RicRat2009

Getting the hang of it
Joined
Jan 8, 2018
Messages
123
Reaction score
84
Location
Tejas
This IP setting is driving me !
I got the vpn server set up on a pc and got a iPhone to connect to the vpn server, but the iPhone could not see or connect to the lan, so could not connect to the cameras.
My router ip is 192.168.1.1, what should be setting the vpn server ip to?
 

Probird79

Getting the hang of it
Joined
Aug 23, 2017
Messages
161
Reaction score
51
This IP setting is driving me !
I got the vpn server set up on a pc and got a iPhone to connect to the vpn server, but the iPhone could not see or connect to the lan, so could not connect to the cameras.
My router ip is 192.168.1.1, what should be setting the vpn server ip to?
My VPN Subnet is 10.8.0.0 & Netmask is 255.255.255.0 while my gateway is the same as yours (192.168.1.1).
 
Top