Adding VPN Router

On the Asus line, look at the 68P (1900P), bestbuy exclusive. Same as the U but has 1.4GHz chip.

I had one as a primary and it was awesome. Ended up scoring an 88U which is now my primary and use the 1900P as an access point in the garage.

Both are fantastic routers, super simple user interface and way more capable than most people need. Cant go wrong with either one.
 
  • Like
Reactions: J Sigmo
Thanks for the info.. I'll have to get my nephew to help me with this!

Joe
Hello Joe, I recently installed my Lechange NVR and configured a VPN for remote viewing from my phone. It is not terribly difficult, but just remember to set up a rule to deny all inbound/outbound traffic to the NVR from the WAN interface.

Let me know if you run into any issues. I'd be happy to help!
 
ubiware... I'm sure I'll have questions... Thanks

Within ASUS you have "parental controls" which is one way to "block" the NVR/cams from phoning home. Or you work directly in the iptables and block (all) access (except NTP for example).

Good Luck!
CC
 
You can actually block any client from the main screen on the Asus GUI. Click your device or client list and a list of connected clients will come up. Click the world looking icon next to the client and a window will pop up and a sliding switch will appear, it will give you the option to turn it on or off.

asus.jpg
 
You can actually block any client from the main screen on the Asus GUI. Click your device or client list and a list of connected clients will come up. Click the world looking icon next to the client and a window will pop up and a sliding switch will appear, it will give you the option to turn it on or off.
Affirmative, but keep in mind that all other requests (eg NTP) are blocked too (all-or-nothing), with the parental controls, you are able to "filter" all services (except NTP) so at least timingwise your NVRs/IPCs are synced.
 
  • Like
Reactions: c hris527
The ntp ( time service) should be run on the local network for your cameras. I run an ntp service on my BI computer, or any other 24/7 computer.
Network Time Protocol (NTP)
 
Affirmative, but keep in mind that all other requests (eg NTP) are blocked too (all-or-nothing), with the parental controls, you are able to "filter" all services (except NTP) so at least timingwise your NVRs/IPCs are synced.
You are right, If you have a VPN to your NVR or other device it will block it. I use it to block cams on my network from calling home. And one more thing its handy for, When my 8 year old pisses me off I can easily block her I pad and that goes for the wife also.
 
Last edited:
So how do you guys recommend locking down an nvr connected to a router? I have an Asus RT-AC68U, and if I block all WAN traffic for the NVR's IP it won't be able to get the network time.. is this a problem? Does the NVR need to make requests to fetch the time or anything else? I figure when I need to upgrade firmware on the router I'll need to temporarily disable this rule In parental controls I don't see the option to only allow NTP requests. Anyone who has any advice on setting this up please let me know. I've been running the vpn software and using openvpn on my phone to remotely access the nvr which is great, but I'm not sure how to lock down the NVR.

Edit: So I am blocking the traffic via the firewall->networkservicesfilter option and blacklisting the IP of the router and port range (1:65535). I didn't even realize you could do it right from the device list..? I'm not sure what the preferred/better option is. TIA!
 
Last edited:
So how do you guys recommend locking down an nvr connected to a router? I have an Asus RT-AC68U, and if I block all WAN traffic for the NVR's IP it won't be able to get the network time.. is this a problem? Does the NVR need to make requests to fetch the time or anything else? I figure when I need to upgrade firmware on the router I'll need to temporarily disable this rule In parental controls I don't see the option to only allow NTP requests. Anyone who has any advice on setting this up please let me know. I've been running the vpn software and using openvpn on my phone to remotely access the nvr which is great, but I'm not sure how to lock down the NVR.

Edit: So I am blocking the traffic via the firewall->networkservicesfilter option and blacklisting the IP of the router and port range (1:65535). I didn't even realize you could do it right from the device list..? I'm not sure what the preferred/better option is. TIA!

If your router supports actual firewall rules, you can put a rule allowing NTP access above a rule denying all access. This is what I do with my cameras.
 
If your router supports actual firewall rules, you can put a rule allowing NTP access above a rule denying all access. This is what I do with my cameras.

Thanks.. the issue is it looks like I can only have a blacklist OR whitelist. So, I can't block the WAN access for one IP address on my LAN (the NVR box) and make an exception for the external NTP server.. If you have any ideas I'm all ears. Thanks!
 
Thanks.. the issue is it looks like I can only have a blacklist OR whitelist. So, I can't block the WAN access for one IP address on my LAN (the NVR box) and make an exception for the external NTP server.. If you have any ideas I'm all ears. Thanks!
Howdy Mike,
Are you running stock firmware on your RT-AC68U? If so, then you can probably experiment with the blacklist and whitelist. Eg: Have blacklists for UPD port ranges (1:122) and then another blacklist rule for (124:65535) if that is the range you want to block. NTP uses UDP port 123 for two-way communication I believe.

You should be able to do it. It might just take a bit of research and experimentation.

Alternatively, you may want to look into a custom firmware like Asuswrt Merlin (very similar to stock with a couple of added features) or DDWRT. DDWRT will have firewall rules, like Mr_D mentioned. In which case you would just add a permit rule for NTP (UDP 123), then a deny all rule after that rule for your DVRs IP address.
 
I finally had a day off, AND got my various domestic chores finished, so I followed this guide, and everything worked like a charm on my setup.

I'm running the Blue Iris app on my phone, and it works dandy through the VPN setup. Now I need to set my wife's phone up with the Blue Iris app and the OpenVPN app as well, so she can monitor things from wherever she is, too.

While I was in the router's setup, I also used some of the other security suggestions in that guide.

Thanks for posting that link. I'd seen a reference to that guide in another thread on here, too, and it really was helpful.