VPN SETUP

Discussion in 'General BI Talk' started by Tyyees, Nov 1, 2018.

Share This Page

  1. Tyyees

    Tyyees Young grasshopper

    Joined:
    Oct 31, 2018
    Messages:
    32
    Likes Received:
    3
    Location:
    Northeast
    ***This post started out as VPN VENTURE it is NOT. It turned into a post about setting IP addresses when two routers are involved. With the help of several learned members especially CATCAMSTAR I can now work on the VPN. Nothing to learn about a VPN in this post.

    In the process of setting up my VPN on my Asus router and ran into this problem:

    Noted: If the wireless is using a private WAN IP address (192.168.x.x, 10.x.x.x, or 172.16.x.x), this router may under a multi-layer NAT network. The DDNS service is not able to work under this environment.
    If you have any doubt with your IP, Please refer your ISP for detail information.

    Apparently I fall under that rule. Can anyone tell me how to circumvent this issue? I have a dsl/router, service providers equipment, and a Asus ac1900 dual band gigabit router. The setup seems not that difficult but I don’t know what to do about this issue.
     
    Last edited: Nov 10, 2018 at 3:06 PM
  2. SouthernYankee

    SouthernYankee Pulling my weight

    Joined:
    Feb 15, 2018
    Messages:
    420
    Likes Received:
    124
    Location:
    Houston Tx
    How is the Asus connect to the internet. Be specific. Who is your internet provider.
    If the DSL/ROUTER is not in passthru mode, the asus router will not work for OPENVPN.
     
  3. Tyyees

    Tyyees Young grasshopper

    Joined:
    Oct 31, 2018
    Messages:
    32
    Likes Received:
    3
    Location:
    Northeast
    Southern Yankee my Asus is connected to the internet via the dsl modem. Cable from dsl modem to Asus modem. I have the Asus set in wireless router mode. According to my provider the visionnet modem/router can’t be set as pass thru, bridge, etc and the wireless can’t be disabled. I can set up a VPN in the visionnet but I haven’t researched that yet. My provider tech strongly suggested using the Asus if possible. According to the tech they can’t provide advice on how to set up their modem. I quest what you saying is I must set this up on the visionnet? Thanks
     
  4. catcamstar

    catcamstar Pulling my weight

    Joined:
    Jan 28, 2018
    Messages:
    349
    Likes Received:
    135
    Yes, at least you have to setup port forwarding FROM your visionnet modem TOWARDS your ASUS router. eg if you have configured UDP 1194 on your asus, that port needs to be forwarded to your asus IN your visionnet thing. Otherwise you cannot connect. But then you have to include your WAN IP address within the ovpn profile, and cannot work with the (handy) ddns service within your asus router. But there are ample services (eg no-ip.com) in which you can manually setup and maintain dns hostnames. And then you can include that DNS name within your ovpn profile.

    Hope this helps!
    CC
     
    drrich1101 likes this.
  5. Tyyees

    Tyyees Young grasshopper

    Joined:
    Oct 31, 2018
    Messages:
    32
    Likes Received:
    3
    Location:
    Northeast
    Catcamstar thanks for the advice. I somewhat understand what you’d saying, not having my provider modem/router being able to be used as a pass thru; that’s about it. The rest I have no clue what your talking about. More researched needed I guess.
     
  6. looney2ns

    looney2ns Known around here

    Joined:
    Sep 25, 2016
    Messages:
    5,351
    Likes Received:
    3,314
    Location:
    Evansville, Indiana
    What is the exact model number of the dsl modem. Should be a sticker on it to tell you.
     
  7. Tyyees

    Tyyees Young grasshopper

    Joined:
    Oct 31, 2018
    Messages:
    32
    Likes Received:
    3
    Location:
    Northeast
    Looney2ns the model is M505N the only modem they supply. My provider stated they have disable some of the functions of the routers when installed. They charge a fee of $5.00 per month for a static IP address if that is an issue here. I’d just like to know if this is possible to do before spending to much time on something that can’t be done.

    catcamstar indicates it can be done, I think. He also suggested a service like no-ip.com which is a paid service after free trail. Checking into his portforwarding suggestion but I think there’s a monthly cost there also?
     
  8. Tyyees

    Tyyees Young grasshopper

    Joined:
    Oct 31, 2018
    Messages:
    32
    Likes Received:
    3
    Location:
    Northeast
    I contacted my service provider several more times and came across a tech that said modem bridging could only be done at the main office not at tech level support. He transferred my request to them and I’m waiting for a call. Hopefully that solves a few problems.
     
  9. catcamstar

    catcamstar Pulling my weight

    Joined:
    Jan 28, 2018
    Messages:
    349
    Likes Received:
    135
    I never had to pay a buck for no-ip.com. But I don't need it anymore, as my ISP also charges $$$ for fixed IPs, but mine never changed in the past 4 years... Even with power cuts, the modem receives the same IP over and over again (which has its advantages and disadvantages). So my .ovpn profiles are hardcoded on IP address, not a DNS. But if you do it the same way like I did, you must built-in a safeline where you have some sort of trail on "discovering" the newly received IP address when your ISP drops you a new IP address. Whether or not it is worth the $5/m, that's up to you.

    Port forwarding within your ISP modem/router shouldn't be a chargeable component either, but better be sure to ask it when they call you back. It's either port forwarding to your VPN server infrastructure, OR alternatively, have them deploy a DMZ on your modem, in which your ASUS gets fully "exposed" on the internet (which it is fully capable of handling, both security and performance wise).

    Hope this helps a bit more!
    CC
     
  10. drrich1101

    drrich1101 Getting the hang of it

    Joined:
    Oct 16, 2018
    Messages:
    115
    Likes Received:
    37
    Location:
    Usa, New York
    I pay for a dyndns account for my office, which allows up to 30 hosts, so I use that account, but I tried no-ip.com recently as a test for a different piece of hardware.
    Just wanted to say that the “free” no-ip account hosrname expires every 30 days, which almost makes it worthless.
     
  11. J Sigmo

    J Sigmo Getting comfortable

    Joined:
    Feb 5, 2018
    Messages:
    381
    Likes Received:
    280
    I believe that when you set up the VPN in an Asus router, Asus provides the DNS to track your IP if it changes. What gets coded into the .OVPN files is a URL (yourname.asuscomm.com) that points to the account Asus maintains for you, and they resolve that to your actual IP.

    This is free since you bought your router from Asus. So you shouldn't need to worry about the IP address your ISP assigns. Static, changing, whatever, as long as you're setting this up on an Asus router.
     
    looney2ns and icecoffee like this.
  12. drrich1101

    drrich1101 Getting the hang of it

    Joined:
    Oct 16, 2018
    Messages:
    115
    Likes Received:
    37
    Location:
    Usa, New York
    Thanks you are definitely right about that. I set up the dyndns account many years ago for my office, so I merely added a host name I use the Asus router to check in with dyndns periodically to update my IP if it changed. There was no need to set up another dynamic act with Asus.
    But you are correct and thank u. (No Asus router at my office so I need the paid service there plus they do webhops etc
     
  13. catcamstar

    catcamstar Pulling my weight

    Joined:
    Jan 28, 2018
    Messages:
    349
    Likes Received:
    135
    But back to the OP: if your asus is on an internal lan (behind another router/gateway) like 192.x, 10.x, your dyndns agent running on your asus isn't able to send out its "real" WAN ipaddress to the DNS system, which renders it useless.
     
  14. drrich1101

    drrich1101 Getting the hang of it

    Joined:
    Oct 16, 2018
    Messages:
    115
    Likes Received:
    37
    Location:
    Usa, New York
    How might that happen? I only have one router, the Asus and its wired to my modem.
    Why would I want a second router? I do have multiple switches though
     
  15. catcamstar

    catcamstar Pulling my weight

    Joined:
    Jan 28, 2018
    Messages:
    349
    Likes Received:
    135
    I referred to the 1st post (@Tyyees ) which noted:
    Your Asus is "first in line", then dyndns (and others) work, because your router knows the WAN IP. If you ain't (because you are behind a 1st router, nat, gateway,...) these services tend to fail.
     
    icecoffee likes this.
  16. Tyyees

    Tyyees Young grasshopper

    Joined:
    Oct 31, 2018
    Messages:
    32
    Likes Received:
    3
    Location:
    Northeast
    Catcamstar I called my isp internet support one more time and spoke to a very knowledgeable tech. I explained again what I was trying to accomplish and he was more than willing to help resolve my issue. He in fact had the same set up as mine, same provider, but different coverage area. That turned out to be a key issue. Short story after 1 1/2 hours trying we had no success, with a work around. Not matter what he tried he could not get the two routers to communicate with each other. Because of the isp’s set up it requires a change to the dsl modem/router for my situation to work, password and user name not available to them because of regional restrictions. He said he has had several other customers call about the same problems and has been able help but not in my case. The bottom line is without being able to bridge this modem nothing can be done period, and no matter what you try, NO work arounds. Of course there is going to be a fee for the bridging.

    What I’m going to do,at his suggestion, have my modem Bridged at my isp main office. Instead I’m going to purchase a new modem from them and have it bridged and keep the other modem in reserve in case I fail at setting up a a VPN and screw up my setting.

    All of this has nothing to do with setting up a VPN on a second router. Catcamstar and a few other are well aware of what I’m talking about. I really still don’t understand but I’ll spent a few more dollars and see what happens.
     
  17. SouthernYankee

    SouthernYankee Pulling my weight

    Joined:
    Feb 15, 2018
    Messages:
    420
    Likes Received:
    124
    Location:
    Houston Tx
    Is it possible with your service provider to purchase your own modem, that will work with your service and provided the needed bridge to the ASUS router ?
    Who is your service provider ?
    What is the make and model number of your modem/router ?
     
  18. Tyyees

    Tyyees Young grasshopper

    Joined:
    Oct 31, 2018
    Messages:
    32
    Likes Received:
    3
    Location:
    Northeast
    Southern Yankee: yes they will allow you to buy whatever modem, modem/router you want but it has to be set up by them ie: password and username to access their network. They modify the software settings, at least in their modems and I assume any modem you give them for bridging. Tech support says they do this so customers don’t fiddle with the settings. It cuts down on service calls when a customer changes settings they shouldn’t. I’m guilty of that myself. The only modem they supply is a Visionnet. You can buy the same modem from other sources but the software will NOT be the same. Their modems are about $60.00. Don’t know what they charge for bridging hopefully nothing if I buy from them. On Monday I will have my answers to all these questions. There are the only game in town so I don’t want to piss them off.
     
    catcamstar likes this.
  19. looney2ns

    looney2ns Known around here

    Joined:
    Sep 25, 2016
    Messages:
    5,351
    Likes Received:
    3,314
    Location:
    Evansville, Indiana
    Have you tried logging into your modem and looked to see if you indeed have access to set bridge mode or a DMZ.
    http://crc.visionnetusa.com/Support...M505N_R3-1/VNET_S3Manual_M505N_R3-1_v0_1f.pdf
     
    Tyyees likes this.
  20. Tyyees

    Tyyees Young grasshopper

    Joined:
    Oct 31, 2018
    Messages:
    32
    Likes Received:
    3
    Location:
    Northeast
    Looney2ns thanks for the information. I have spent hours researching this problem and I have a copy of the modem manual, specifically mine, but as I stated in previous posts the software is altered, for my isp. There is no problem logging into the modem software. The problem is the needed software enteries aren’t there as shown in the manual. Even if they were there several key ingridents are missing, company sign in authorization and password. Not my passwords the companies internal passwords. It’s difficult to explain but this project is at a standstill until they decided to help me. Like other isp’s they live up to there reputation on being difficult and slow to respond. I’m not going to push the issue. So it’s just a wait and see game at the moment.
     
    catcamstar and looney2ns like this.
  21. Tyyees

    Tyyees Young grasshopper

    Joined:
    Oct 31, 2018
    Messages:
    32
    Likes Received:
    3
    Location:
    Northeast
    My Isp tech arrived later yesterday afternoon and worked on my problem. He told me that for some reason all their new visionnet routers had no capability of being bridged, a fault he’s trying to correct with visionnet with a firmware up grade. This guy is the top tech from their main office. My particular router is an older on one that he said he might be able to get working but not in bridge mode, that wasn’t possible. As far as me purchasing a modem myself he said that would be difficult to find and it must support PPoa even then he wasnt sure if they could get it to work.

    First he turned off the wi-fi capability of the visionnet then made adjustment in an area customers don’t have access, via his laptop computer? He said the dsl signal was now set to pass directly to my Asus router and none of the network ports would function except the one connecting the visionnet to the Asus. This apparently wasn’t true but I’ll get back to that and the problems encounter after he left. He suggested a static IP address for the VPN as he has set up many. The problem with this is $15.00 per month for a static IP and $50.00 setup fee.

    So on with the present problem. I connected my cameras to the Asus router no signal. So on the off chance the visionnet router was still functioning I plugged in the cameras. They worked but a short time later my internet was disconnected. After a few more trial and error attempts it appears the visionnet is still operating but stops shortly after when the cameras are plugged in. I disconnected the cameras from the visionnet and all is well except no cameras.

    What to do next? Should I reinstall BI, Asus firewall issue, etc.? I don’t want to start changing things without some advice first. Thanks for all the help so far.
     
  22. catcamstar

    catcamstar Pulling my weight

    Joined:
    Jan 28, 2018
    Messages:
    349
    Likes Received:
    135
    What I don't deduct from your story: if you don't connect your ASUS to the internet, but BI & cams all connected: are the cams then working or not? With your mobile you should be able to connect, right? Or were you connecting cams directly into the visionnet device? Maybe a drawing would help us out too.

    Thanks!
    CC
     
  23. fenderman

    fenderman Staff Member

    Joined:
    Mar 9, 2014
    Messages:
    26,767
    Likes Received:
    7,036
    You don't need a static IP...use a ddns service
     
    Tyyees and J Sigmo like this.
  24. Tyyees

    Tyyees Young grasshopper

    Joined:
    Oct 31, 2018
    Messages:
    32
    Likes Received:
    3
    Location:
    Northeast
    Catcamstar

    I’ll work on a diagram but this is what I have setup now. The original setup was one cable from switch to computer, one cable from switch to visionnet router/modem and one cable from visionnet to ASUS router. This was the way it was setup prior to having tech change settings in the visionnet. Everything worked as it should.

    When he changed settings on the visionnet the only thing I changed was to move the cable from the switch that when to the visionnet to the Asus. Nothing else. Cameras did not work but internet was fine and all wireless worked on the network.

    As I stated when he changed the setting and I moved the cable the cameras didn’t work. I just moved the cable back to the visionnet and that’s when things went bad. Cameras work for a while then the entire network crashed taking the wireless with it and no internet connection. I removed camera cable from visionnet and rebooted everything and things went back to normal. Of course the cameras were disconnected. There are no problems with the cameras only the setup I assume. Hope that helps a bit. I was waiting for some comments before called tech support and no sounding total like a nimwhit.
     
    Last edited: Nov 7, 2018 at 3:18 PM
  25. Tyyees

    Tyyees Young grasshopper

    Joined:
    Oct 31, 2018
    Messages:
    32
    Likes Received:
    3
    Location:
    Northeast
    Thanks Fenderman but I back to square one trying to get the cameras working again. I was waiting to setup the vpn until I solve this problem.
     
  26. catcamstar

    catcamstar Pulling my weight

    Joined:
    Jan 28, 2018
    Messages:
    349
    Likes Received:
    135
    Hang on there, do you have something similar like [​IMG] or more like [​IMG]

    If you describe you had one cable from this vissionnetthing to your switch AND one from that visionnetthing to your ASUS, I suspect you have the first. Which means, it's a router (not a modem) to start with. So when you took the cable from the switch to the visionnet and put that one in the asus, you debranched your network. When your asus is distributing different subnets, you already ran into a mess (like you described).

    So first things first: draw the AS-IS situation (which was working, except for the VPN): draw all PHYSICAL lines and indicate which ip ranges were used (by visionnet, asus, ipc's, BI pc etc).
    Then draw your TO-BE situation.

    And it will quickly become clear where your root cause lies.
    Hope this helps!
    CC
     
    Tyyees likes this.
  27. looney2ns

    looney2ns Known around here

    Joined:
    Sep 25, 2016
    Messages:
    5,351
    Likes Received:
    3,314
    Location:
    Evansville, Indiana
    The only cable that should connect to the vissionnet is the cable from the Asus. That has to be plugged into WAN port on the Asus.

    Then one cable from the Asus to the Poe switch your cameras are plugged into.

    The blue Iris computer should also be connected to the same switch the cameras are connected to.
     
    Tyyees, SouthernYankee and catcamstar like this.
  28. Tyyees

    Tyyees Young grasshopper

    Joined:
    Oct 31, 2018
    Messages:
    32
    Likes Received:
    3
    Location:
    Northeast
    Thanks Looney2ns that is the way my system is setup. Fenderman explained that to me in another post as my system was setup incorrectly. But that part has been straighten out. It’s changing routers that caused the problem.

    I use SADP tool to setup the cameras originally and I can’t quite remember how to use it as it’s been so long ago that I used it. What it does show, I think, is that the cameras are trying to connect to IPv4 gateway 192.168.10.254. That is the address of the Vinsonnet router I no longer want to use. That’s probably why the cameras work when I switch the cable back into the visionnet router, from the Asus. Trying now to figure out how to change this to the Asus routers IP address if possible. Don’t know if this change will accomplish anything though.
     
  29. Tyyees

    Tyyees Young grasshopper

    Joined:
    Oct 31, 2018
    Messages:
    32
    Likes Received:
    3
    Location:
    Northeast
    I added a camera to my system and used the SADP tool for configuration. It configured to 192.168.10.254. All the cameras configure this way. This is the address of the modem/router that was supposed to be set to send all signals to the new router, Asus. This is what is causing my camera problems. Is there a way of setting the Asus router so that it excepts the signal from the other modem/router? What I think I have are two local IP addresses.
     
    Last edited: Nov 8, 2018 at 9:27 PM
  30. catcamstar

    catcamstar Pulling my weight

    Joined:
    Jan 28, 2018
    Messages:
    349
    Likes Received:
    135
    Either you have a look in your ASUS WAN configuration which IP range he received from the visionnet (see my post VPN SETUP), or plug a pc directly in the visionnet, so you discover quickly which ip range is distributed. Step 2: configure another range at the LAN side of your ASUS router. Then you should be fine!