VPn recommendations.

mcdye

n3wb
Jul 28, 2021
12
5
Central, USA
Getting ready to pull the trigger on a Andy setup, (nvr,cameras). I have an att modem and gather I need to get a router with vpn so I can access the nvr for viewing remotely on mobile and computer.
 
If you need to get a router, most would suggest ASUS as they have OpenVPN built-in. Some others do as well, but that seems to be the common one.
 
  • Like
Reactions: mattp and Old Timer
TY, "If you need to get a router " according to specs my att modem does not have any vpn server built-in.
Is there an app for mobile and/or pc that will remote connect to the nvr so I would not need a vpn router behind the modem?
 
Yes there is an app available that doesn't require VPN, but then you are sending your stuff to offsite servers and opening up your system to be hacked.

I know we had someone here in the past 6 months or so that had his NVR attacked by Bots doing DoS attacks because he didn't go the VPN route. He couldn't log into his own NVR because they were hitting it so hard.

Keep in mind, nobody is hacking into the NVR to see your cams - ironically these security devices are not very secure and are ripe with security vulnerabilities and it is an easy way to get into your network and then steal bank info and use your internet to do DoS attacks.


 
  • Like
Reactions: Lincos
Here are my recommendations..

Option 1 - If you enjoy setting stuff up like this (but don't have to be IT proficient) and want to get the best "bang for the buck" - use pfSense (or OPNsense) - pfSense is available as a free firewall/router app (they also have paid versions as well as hardware devices that they sell). It is 1000 times more robust than any residential router you can buy. Personally I use an older thin client device (a HP T620+ with a 4 port Intel network card) that I got used off EBay to run this software. While I haven't looked at devices recently, I'd expect you can get something off EBay for around $150 to run the software and this solution would beat any residential router regardless of price. Although using a very robust software like this might seem overwhelming, there are plenty of Youtube videos and other resources dedicated to the pfSense software which make it very easy to set up and get running even if you know nothing about firewalls. OPNsense is similar to pfSense. In fact many years ago the two started from the same project, but split off from one another. Keep in mind that this solution is just a firewall however. You will need to add a Wifi access point which can be an old Wifi router with the DHCP service turned off, or a dedicated Wifi acess point like those sold by Ubiquity, TP-Link, Ruckus, etc.

Option #2 - if you are looking for a turnkey solution but want something that is going to be robust and allow VPNs, VLANs, etc - I would highly recommend you step up to something like the Ubiquity Unifi systems. I'll compare Ubiquity offerings to those from Apple. They make good products that work reliably and have a beautiful GUI, but are generally more expensive than other options. Still, if you want something designed to work together and have a beautify interface, Ubiquity can definitely meet those needs.

Option #3 - You don't enjoy stuff like this, you don't need anything more complicated than what you already have and just want something simple - Use a residential router that is compatible with OpenWRT - OpenWRT is custom firmware that you can flash on many popular residential grade routers. I use to run this before moving to pfSense, but it has been years since I made the switch and I haven't really kept up with it to know what devices it works on currently, etc.
 
  • Like
  • Love
Reactions: Lincos and jrbeddow
I went the Asus router route (pun intended).
Here are the pros:
  1. Regular security updates from Asus
  2. Streamlined installation and maintenance process
  3. Already baked into your router (no extra hardware or software)
  4. Free (comes with the router)
  5. Simple
Here are some cons:
  1. AFAIK, you can't automatically have the router update. You have to log in either via computer or from your phone (though the app on the phone makes this dirt simple, you still have to remember to do this periodically).
  2. Not as secure, full-featured as a standalone unit or PC (This doesn't matter for my needs).
To be fair part of the decision was already made for me. I've had a lot of trouble getting coverage in my house. So, I had already bought an Asus mesh network system. So, I had the capability to use the VPN functionality available with my existing setup. That being said, if I didn't already own the Asus router, knowing what I know now, I'd purchase it for the VPN functionality for the above reasons.
 
I went the Asus router route (pun intended).
Here are the pros:
  1. Regular security updates from Asus
  2. Streamlined installation and maintenance process
  3. Already baked into your router (no extra hardware or software)
  4. Free (comes with the router)
  5. Simple
Here are some cons:
  1. AFAIK, you can't automatically have the router update. You have to log in either via computer or from your phone (though the app on the phone makes this dirt simple, you still have to remember to do this periodically).
  2. Not as secure, full-featured as a standalone unit or PC (This doesn't matter for my needs).
To be fair part of the decision was already made for me. I've had a lot of trouble getting coverage in my house. So, I had already bought an Asus mesh network system. So, I had the capability to use the VPN functionality available with my existing setup. That being said, if I didn't already own the Asus router, knowing what I know now, I'd purchase it for the VPN functionality for the above reasons.
Very good points, and I also went the Asus route, mostly because I know it quite well (I have been a fan of open-source router firmware going way, way, back into the very early days of DD-WRT and the Linksys WRT-54G, but have been using Asus routers for at least 10 years, much of that due to the development of the "enhanced" Asus-WRT firmware of RMerlin.

That being said, there are some trends that could eventually move me to look at alternatives like pfSense (or OPNsense) running on more "robust" hardware. For those interested, you might want to read this message and the following roughly 6 or so messages over on the SNBForums site (where all things small business/home networking are discussed).
 
Last edited:
I personally use WireGuard on my Untangle box. Took me less than 5 minutes to set up WireGuard, which surprised me it was that easy.

I also have a Asus router for my backup internet. You can have Asus automatically update firmware, but I personally prefer to manually update things on my schedule.