Complete NOOB security question

W

wwseb72

n3wb
Jan 23, 2025
12
10
Alabama
Hi all first post here, and first of probably many questions lol.
Starting from scratch on my first camera setup. Haven't purchased anything yet as I'm still in the research phase. I'm having trouble sorting out all the options on setting up my network. If I get a PC to run BlueIris, can I just install a VPN on that PC without needing any additional software on my router? Would I need a separate hardware firewall of any kind? If someone could point me to a basic tutorial that would be fantastic! I'm starting from zero in learning what I need to know, but I'm confident I can learn. With all the different options and suggestions floating on the Internet I'm just having a little trouble sorting things out.
 
The VPN you want is free that YOU host.

Paid VPN is for illegal streaming and porno LOL as they hide your IP. You want to be ON your IP.

Many routers have OpenVPN or some other VPN pre-installed - it isn't something you can install on a router as it comes with it.

So the first question is who makes your router?

If it is on the router, that is the easiest and fastest way to get one going.

The next option would be install OpenVPN on the PC and run it that way, but that requires opening a port to your PC. Or use Tailscale, Wireguard, or Zerotier.

As far as cameras, without knowing what your goals of the camera is, this thread is used as the go to for the new person here outlining the commonly recommended cameras (along with Amazon links) based on distance to IDENTIFY that represent the overall best value/best bang for the buck in terms of price and performance day and night. It might be a 2MP camera in some instances.

The Importance of Focal Length over MP in camera selection

And coupled with that thread is this great thread which will show why all of the same 2.8 or 3.6mm cameras is the wrong choice:

i-want-2-8mm-cameras-everywhere-to-see-everything-this-is-why-you-need-specific-fovs-with-purposeful-focal-lengths.70053/

We would encourage you to look at those threads in detail.

It will probably raise more questions than answers LOL.
 
  • Like
Reactions: wwseb72
wittaj said:
The VPN you want is free that YOU host.

Paid VPN is for illegal streaming and porno LOL as they hide your IP. You want to be ON your IP.

Many routers have OpenVPN or some other VPN pre-installed - it isn't something you can install on a router as it comes with it.

So the first question is who makes your router?

If it is on the router, that is the easiest and fastest way to get one going.

The next option would be install OpenVPN on the PC and run it that way, but that requires opening a port to your PC. Or use Tailscale, Wireguard, or Zerotier.

As far as cameras, without knowing what your goals of the camera is, this thread is used as the go to for the new person here outlining the commonly recommended cameras (along with Amazon links) based on distance to IDENTIFY that represent the overall best value/best bang for the buck in terms of price and performance day and night. It might be a 2MP camera in some instances.

The Importance of Focal Length over MP in camera selection

And coupled with that thread is this great thread which will show why all of the same 2.8 or 3.6mm cameras is the wrong choice:

i-want-2-8mm-cameras-everywhere-to-see-everything-this-is-why-you-need-specific-fovs-with-purposeful-focal-lengths.70053/

We would encourage you to look at those threads in detail.

It will probably raise more questions than answers LOL.
Click to expand...
Hey thanks for the quick response! I've actually done a good bit of lurking on here before I finally made an account. I think I have a reasonable grasp on camera dori options. I'll start with just one or two cameras from Andy and build from there. Probably a two lens 180° camera for a general overview on front of house and maybe a starlight varifocal so I can play with focal lengths in different locations so I know which fixed lengths to buy later.

On the router and VPN I'm probably not versed enough yet to accurately describe things. My understanding is that the router has to support VPN, then you go through the router settings to download the script for the VPN you want to use. Is this correct? I currently have a Linksys EA7500 which I know does not natively support VPN. I read that you can get it working by flashing DD-WRT, but I'm not interested in doing that.

So from what you are saying if I understand, it would be faster and easier for for me to put the cameras on a second router with VPN functionality, or I guess replace my current router, than it would be to just run the VPN on the PC? This would be more secure than opening a port on the PC I would guess? I assume this would be the same setup if I went with one of Andy's nvr's wouldn't it? I think adding something in like tailscale or similar would be beyond me at the moment because that's yet something else I know nothing about. I'm developing a basic understanding of the individual parts. I'm just struggling still on the best way to put it all together. I'm looking for the easiest and cheapest way to keep the cameras off the Internet while still being able to view them remotely.
 
  • Like
Reactions: Flintstone61
Keep in mind starlight is just a marketing phrase, but yes a varifocal is a good start.

Since you have browsed here, you should then know that DORI is best case and you would realistically cut the numbers in half during the day and cut that half number at least in half for night distance.

You are confused about VPN, which is easy to be, I was once too LOL.

We make it way harder in our minds than it needs to be. It is simply enable it and follow the simple instructions that pop up.

You do not want to put your cameras on a second router - that just complicates the situation.

If the router has VPN native to it, there is no script to download and all that junk. You simply check the box to use it/turn it on. Then it will have you create DDNS, set a username and password and you export out the certificate to go onto your mobile device. It is literally that simple.

As you said, your Linksys doesn't have OpenVPN native to it. You would have to flash it with OpenWrt, which is recommended regardless as it builds upon your router firmware and is way more updated/supported than your router firmware from the manufacturer.

Or you buy a router that has OpenVPN native to it.

Or you keep your existing router and simply setup up Tailscale or Wireguard or ZeroTier on the BI computer. It is literally go to say tailscale website and create an account and follow the simple directions (add device, create DDNS, etc.)

These are much simpler than a managed switch and VLANs.

Best practice is to add another ethernet port to the BI computer, at which point you are considered dual NIC - the internet goes to one port and all the cameras go to the other port. This keeps the cameras off the internet.

When we VPN - we are VPNing into the BI computer and BI and the video feed, not the camera themselves. Although you can access the cameras remotely this way, but that is a different discussion LOL.

TL : DR - you said you are looking for the easiest and cheapest way to keep the cameras off the internet while still being able to view them remotely - use Tailscale, ZeroTier or Wireguard - free and nothing else to buy or add as it relates to that. Then add the 2nd ethernet card for the cameras to the BI computer to isolate them from the internet.
 
wittaj said:
Keep in mind starlight is just a marketing phrase, but yes a varifocal is a good start.

Since you have browsed here, you should then know that DORI is best case and you would realistically cut the numbers in half during the day and cut that half number at least in half for night distance.

You are confused about VPN, which is easy to be, I was once too LOL.

We make it way harder in our minds than it needs to be. It is simply enable it and follow the simple instructions that pop up.

You do not want to put your cameras on a second router - that just complicates the situation.

If the router has VPN native to it, there is no script to download and all that junk. You simply check the box to use it/turn it on. Then it will have you create DDNS, set a username and password and you export out the certificate to go onto your mobile device. It is literally that simple.

As you said, your Linksys doesn't have OpenVPN native to it. You would have to flash it with OpenWrt, which is recommended regardless as it builds upon your router firmware and is way more updated/supported than your router firmware from the manufacturer.

Or you buy a router that has OpenVPN native to it.

Or you keep your existing router and simply setup up Tailscale or Wireguard or ZeroTier on the BI computer. It is literally go to say tailscale website and create an account and follow the simple directions (add device, create DDNS, etc.)

These are much simpler than a managed switch and VLANs.

Best practice is to add another ethernet port to the BI computer, at which point you are considered dual NIC - the internet goes to one port and all the cameras go to the other port. This keeps the cameras off the internet.

When we VPN - we are VPNing into the BI computer and BI and the video feed, not the camera themselves. Although you can access the cameras remotely this way, but that is a different discussion LOL.

TL : DR - you said you are looking for the easiest and cheapest way to keep the cameras off the internet while still being able to view them remotely - use Tailscale, ZeroTier or Wireguard - free and nothing else to buy or add as it relates to that. Then add the 2nd ethernet card for the cameras to the BI computer to isolate them from the internet.
Click to expand...
Wow I didn't even know what I thought I knew lol.
I haven't browsed enough to know to cut the dori numbers in half like that. Thank you that is good info to know. I'll definitely be getting a good varifocal to start.

Thank you for explaining about VPN. I thought from what I've been reading online you actually downloaded something through the router web interface. I understand now that downloading anything just to flashing firmware. I think I now understand you enable VPN in a supported router and I guess just input credentials that were set up online?

Just a couple more questions for now:
1. If I go with the dual NIC option on BI PC and tailscale etc, does that mean I wouldn't need to worry about a VPN on my router at all? If I understand correctly tailscale, wireguard, zerotier are alternatives to openVPN, and I assume better to run on the PC?

2. If I decided to go with one of Andy's nvr's would I need to do anything beyond replacing my current router with a good VPN supported router? And do you have any suggestions on a good router if I went that route?

I really appreciate the good information. You're definitely helping me get on track a lot faster.
 
Last edited:
You must log in or register to reply here.
Top Bottom