A single P2P device on its own subnet vlan network?

Joined
May 1, 2019
Messages
2,215
Reaction score
3,504
Location
Reno, NV
With my week being dedicated to dabbling more and more understanding and making things better with my Dahua villa intercom system (1 VTO and so far 3 VTH's), one thing that still mystifies me.
1.) I am no power user when out and about on cellular wifi. I still need to figure out how to keep VPN on for 24 hours a day for a full week (minus being in home/work local WiFi environment). I have to see the bandwidth used because I'm on a lower mobile internet plan with charter spectrum. Right now, my Android VPN client connecting to my ubiquiti UDM's radius vpn server times out when the smartphone's screen goes dark idle. I have dynamic IP at home and I know I have to do....something to get that pseudo static IP (had to do so when using OpenVPN on my old Netgear nighthawk router). But luckily, for testing purposes my dynamic IP stays the same for the last couple months.
2.). I know there is debate about the use of Dahua P2P since going through Dahua/Chinese govt servers. What would happen if I created a dedicated vlan subnet just for a single VTO for use of P2P? I know I would have to open a couple ports in the firewall to talk to both blue iris and home assistant.
3.). I'd like to get doorbell alerts and see/talk to someone who buzz the VTO when I'm out at work or grocery shopping on cellular WiFi. If P2P in this layout is still as bad as port forwarding, I guess I best figure out this VPN stuff quickly
 
Joined
May 1, 2019
Messages
2,215
Reaction score
3,504
Location
Reno, NV
I'll keep this going as future notes or if anyone else encounters these issues.

I have a Pixel 4 Android (latest greatest firmware).
I use the built-in RADIUS VPN server on my Ubiquiti UDM router.
The Pixel 4 Android VPN built-in application is easy to setup. I have dynamic IP at home (like 90% of the folks at home).
To enable the 'always on' feature of the VPN app, for security reasoning, the "server address" MUST be the VPN server IP address (example: 45.128.32.200), not hostname (example of NO-IP hostname: Johnsmith.ddns.net). This kinda of defeats the purpose of using dynamic DNS hostnames such as NO-IP. I do not know if other free DDNS folks offer IP's instead of hostname domans (DuckDNS is the only other I looked at....not sure who is actually better in the DNS game but maybe I should of went with Duck instead of NO-IP since with NO-IP you have to log in once a month).
You also have to put in a DNS server such a googles 8.8.8.8 or your preferred DNS server (I am starting to get away from Google so will look for alternative DNS servers).
Now, your 'always on' will no longer be greyed out.
I will run this for 7 days to see how much bandwidth I use for normal operations. I am no super user.
 
Joined
Oct 16, 2018
Messages
1,659
Reaction score
5,465
Location
Florida, USA
Dynu is what I use and registered a domain name with them because it is so cheap to do so.

We have iPhones that point to our domain name and the VPN is “always on”.

Some good DNS servers are 1.1.1.1 and 9.9.9.9
 
Joined
May 1, 2019
Messages
2,215
Reaction score
3,504
Location
Reno, NV
abandoning this thought for time being. even if on their own vlan/subnet...the credentials (username/password) can be intercepted. With the use of always-on VPN, no need for P2P.
 
Top