VPN's for multiple cameras at multiple houses

jwadsley

Getting the hang of it
Joined
Dec 18, 2020
Messages
191
Reaction score
45
Location
California
I hear everyone say not to open ports on the router as its insecure. However, my question is if I've got multiple cameras at multiple different sites, and I use an app like IPCentCom to watch them all at once, I can only do this if I open ports, because i would need to have multiple VPN connections running to different subnets for each set of cameras at a particular house correct?

I don't see how this is remotely simple or easy to do. I know port forwarding is supposedly "insecure" but whats a better safe easy way?
 

The Automation Guy

Known around here
Joined
Feb 7, 2019
Messages
1,376
Reaction score
2,735
Location
USA
Didn't you already ask this question?

Use a "hub and spoke" VPN architecture. Your main location will be the hub. You will run the VPN server from this location. You will create full time "VPN tunnels" from the hub to each offsite location (at least to the CCTV portion/VLan of the remote site). This results in the hub having the ability to see every device at the remote sites in addition to everything at the hub site. While you are on the hub's network, you will simply use the app like normal and all the devices should appear as long as the IP addresses are entered correctly.

Once you leave the hub and you want to use the app, you only need to VPN into the hub to use it. This connection is not on full time (unlike the full time tunnels). You will connect to the hub via your mobile device and hub VPN only when you need to. When you are connected, you use the app like normal and you should be able to see all the devices at all the locations just like you would if you were at the hub location.

So yes, your overall system will have several VPNs set up. But because of the way the system is set up, the connections between the hub and remote sites are running 24/7 and don't need any maintenance. You only have to worry about the single connection you will use to get into the hub while away from the hub. Setting it up this way means your mobile devices only use one VPN connection - a VPN connection into the hub. You don't need a VPN to each remote location because the full time tunnel connections (from the hub to each remote location) handles this for you.
 
Last edited:

wittaj

IPCT Contributor
Joined
Apr 28, 2019
Messages
24,430
Reaction score
47,551
Location
USA
Try this thread :cool:

 

jwadsley

Getting the hang of it
Joined
Dec 18, 2020
Messages
191
Reaction score
45
Location
California
But if I have cameras at a site that do not have a VPN server setup, how do I tunnel into them? From what you are saying only one site needs to be the server, the others can be clients....unless I"m misunderstanding...
 

biggen

Known around here
Joined
May 6, 2018
Messages
2,539
Reaction score
2,765
Same as before. Site-to-site VPNs. I use Peplink Balance 20X's for this work: 900Mbps Dual-WAN Router Balance 20X- Peplink

I have three of those Balance 20X at three sites and have the PepVPNs (Peplink proprietary VPN) activated so all three sites are connected. Makes camera work pretty easy. Could do the same thing with IPSEC tunnels as well if your router supports them.
 

TVille

Getting comfortable
Joined
Apr 26, 2014
Messages
672
Reaction score
1,639
Location
Virginia
I find that much of the "higher end" network stuff is challenging to grasp without doing it. There are two basic ways to do it. Hire someone who knows what they are doing, and do it your self. This is well within the do-it-yourself range. If that is your route, you need to get the equipment to set p a pair, in your house/business and use it! No doubt you will have some hiccups, but by having everything right there, it is much, MUCH easier to fix either end. Then, once you have it figured out as much as you need to deploy, it will be much easier.
 

user8963

Known around here
Joined
Nov 26, 2018
Messages
1,465
Reaction score
2,315
Location
Christmas Island
But if I have cameras at a site that do not have a VPN server setup, how do I tunnel into them? From what you are saying only one site needs to be the server, the others can be clients....unless I"m misunderstanding...
so you have two options... contact someone who have an idea what he is doing and pay him... or use port forwarding

you are asking the same questions as last month and the answers will be the same. without EXTRA hardware you will be not able to setup anything... and without knowledge about basic network you are lost.
if you have the time to read through the internet... then you will only have to cover hardware.. if you dont have the time, then you have to add the installation costs.

:idk:
 
Last edited:

jwadsley

Getting the hang of it
Joined
Dec 18, 2020
Messages
191
Reaction score
45
Location
California
I forgot how many jerks and unhelpful people are on this forum.

I'm actually an IT admin for a site, but we don't have PTP VPN's so I'm not as familiar with this part of the process.

Seems like I need to get three routers that support OpenVPN and then have them always be connected via a server at home one and then a client at home two and three....
 

user8963

Known around here
Joined
Nov 26, 2018
Messages
1,465
Reaction score
2,315
Location
Christmas Island
I forgot how many jerks and unhelpful people are on this forum.
haha... you are asking here for a setup howto for your problem, dont want to pay anything, dont want to invest in hardware... i mean ... why ?! open another thread and ask the same questions because you didnt wanted to invest time to understand the answers in the old thread

I'm actually an IT admin for a site, but we don't have PTP VPN's so I'm not as familiar with this part of the process.
an IT admin who have no idea how basic static routes work ?
an IT admin who can not follow the tutorials on the openvpn site (which where posted in the last thread) ?

ANY vpn connection is a PTP connection... one point is the client and another the server ... they connect together ?? i dont understand

the problem with IT is ... there are many handymans who are watching youtube videos and can setup a printer... now they are IT specialists.

when its over your head you have to pay someone.. thats the true .. :idk:
there is a good reason why many car forums (here in europe) are now paid membership forums... they were sick off all people who wanted knowledge for free and leave after.. :wave:
 

wittaj

IPCT Contributor
Joined
Apr 28, 2019
Messages
24,430
Reaction score
47,551
Location
USA
Don't forget to add to your list the people that ask the same question over and over again....you have started 4 thread topics (VPNs, OpenMediaVault, Powerline adaptors, and Port Forwarding) and created an additional thread for each topic to re-ask your question from an earlier thread you started. The answer isn't going to change a month later by creating a new thread asking the same thing...

Just because you do not like the options suggested doesn't mean it wasn't helpful. The options suggested would accomplish what you are trying to do.

You have been given sound advice and options, all of which is free advice given by people that have been there/done that. If you do not like it or do not want to implement it, then go to a paid site and ask for help there and see if you get any better advice...
 

mat200

IPCT Contributor
Joined
Jan 17, 2017
Messages
13,655
Reaction score
22,747
I forgot how many jerks and unhelpful people are on this forum.

I'm actually an IT admin for a site, but we don't have PTP VPN's so I'm not as familiar with this part of the process.

Seems like I need to get three routers that support OpenVPN and then have them always be connected via a server at home one and then a client at home two and three....
Hi @jwadsley

As an IT admin you probably should know how to search youtube for tutorials .. suggest starting with pfsense searches ..

fwiw: there have been a number of good replies to your posts .. not certain why you are stating people are not being helpful ..



 
Last edited:

jwadsley

Getting the hang of it
Joined
Dec 18, 2020
Messages
191
Reaction score
45
Location
California
Hi @jwadsley

As an IT admin you probably should know how to search youtube for tutorials .. suggest starting with pfsense searches ..

fwiw: there have been a number of good replies to your posts .. not certain why you are stating people are not being helpful ..



This is the first I've heard of using PFsense...so thats what threw me for a loop suddenly I need a new piece of software..

Yes there are some great people on this forum who have helped me a lot, there are also some people who think they can't be bothered to help a newbie.

It was my understanding that I could use OpenVPN as a server at one site and a client at others to make this work...never mentioned PFSense...
 

wittaj

IPCT Contributor
Joined
Apr 28, 2019
Messages
24,430
Reaction score
47,551
Location
USA
Looking thru this thread and the other one, every post provided helpful information, including my "try this thread" where I had provided helpful input in your previous thread.

Even the folks that said you already asked this question then proceeded to provide a response...
 

mat200

IPCT Contributor
Joined
Jan 17, 2017
Messages
13,655
Reaction score
22,747
This is the first I've heard of using PFsense...so thats what threw me for a loop suddenly I need a new piece of software..

Yes there are some great people on this forum who have helped me a lot, there are also some people who think they can't be bothered to help a newbie.

It was my understanding that I could use OpenVPN as a server at one site and a client at others to make this work...never mentioned PFSense...
Hi @jwadsley

"This is the first I've heard of using PFsense...so thats what threw me for a loop suddenly I need a new piece of software.." - Jwadsley IT Admin

Now I am very curious as to what type of IT admin you are?




FWIW -

If you go to the OpenVPN Wikipedia page you will see various firmware packages that include OpenVPN, one of those is pfSense

Firmware implementations
OpenVPN has been integrated into several router firmware packages allowing users to run OpenVPN in client or server mode from their network routers. A router running OpenVPN in client mode, for example, allows any device on a network to access a VPN without needing the capability to install OpenVPN.
Notable firmware packages with OpenVPN integration include:
Notable firmware packages with OpenVPN integration
Firmware package Cost Developer References
DD-WRT Free NewMedia-NET GmbH [35]
Gargoyle Free Eric Bishop [36]
OpenWrt Free Community driven development [37]
OPNsense Free Deciso BV [38]
pfSense Free Rubicon Communications, LLC (Netgate)
Tomato Free Keith Moyer [39][40]
OpenVPN has also been implemented in some manufacturer router firmware.


1629420490725.png

Ref:
 

biggen

Known around here
Joined
May 6, 2018
Messages
2,539
Reaction score
2,765
I don’t understand what the problem is at this point. You have been given some choices. You will have to do some research to determine what’s best/easiest.

Im a fan of site to site tunnels which is why I recommended and use Peplink routers because it’s like three clicks and you’re done to setup the site to site vpn with them. So simple. But you can get similar functionality using IPSEC in other routers. Look up some YouTube tutorials. They can assist.
 

The Automation Guy

Known around here
Joined
Feb 7, 2019
Messages
1,376
Reaction score
2,735
Location
USA
But if I have cameras at a site that do not have a VPN server setup, how do I tunnel into them? From what you are saying only one site needs to be the server, the others can be clients....unless I"m misunderstanding...
Hopefully your router/firewall at the hub (VPN server) and each remote site (VPN client) can support the VPN connection. Personally I use pfSense for firewalls and it handles these types of connections just fine.
 

iwanttosee

Pulling my weight
Joined
Dec 27, 2020
Messages
203
Reaction score
186
Location
US
This Pi Zero W host my OpenVPN server, DNS server (pi hole), NTP server, and DDNS client (update my public IP to my domain number). But hey, three OpenVPN capable router will work too, just be sure your public IP is static or you'll need a DDNS client.

1629756552176.png
 
Last edited:

Kk9

n3wb
Joined
Oct 21, 2021
Messages
12
Reaction score
6
Location
US
This is the first I've heard of using PFsense...so thats what threw me for a loop suddenly I need a new piece of software..

Yes there are some great people on this forum who have helped me a lot, there are also some people who think they can't be bothered to help a newbie.

It was my understanding that I could use OpenVPN as a server at one site and a client at others to make this work...never mentioned PFSense...
OPNsense, not pfsense
 
Top