Going to BI4 and VPN

Tacoman

Young grasshopper
Joined
Oct 5, 2015
Messages
74
Reaction score
12
Hi
I am thinking of installing a VPN, mainly for secure/anonymous internet browsing, on my home machine and want to make sure I know what I am getting into. I am running BI4 on that machine and it has been flawless for a few years. I am using it for remote monitoring from an android smart phone. Keeping that running is my biggest concern. Will I screw things up if I go for a VPN service? Is there anything else I need to know before I proceed. Also I plan on upgrading my computer and upgrading to BI5 in the over the winter. I keep seeing references to openVPN. I am not sure if that is stand alone encrytion software for p2p or a VPN service with servers etc. I am more than a little confused.

The explaination is probably much too complicated for a reply on a forum. Does anyone know of to a current, how-to reference, that would help me get started? There is "VPN for Dummies" book availabe, but it is 20 years old. Something similar, but current, may fit the bill. I am willing to take the time to learn.

Thanks for any help.
John
 

SouthernYankee

IPCT Contributor
Joined
Feb 15, 2018
Messages
5,170
Reaction score
5,320
Location
Houston Tx
i would strongly recommend AGAINST getting a VPN for secure/anonymous internet browsing . see the bottom of my post

-----------------------------------------------
My general VPN post
There are two types of VPN, do not get them confused.
The type depends on where the traffic conversation (traffic) originates

1) origination: local home network, destination the internet.
This type of VPN is purpose to hides your activity from the internet, it is outbound, it normally costs a monthly fee to use. Direction is from your home PC to the internet, going to your bank, google, porn sites,,,, this not what you want. This VPN uses a VPN server that is in the middle of your communications.

2) Origination: the internet world wide web, destination: your home network.
This VPN type is used to provide a secure connection onto your local network, in bound to you local home network, from your office computer, your cell phone in your car, tablet at the coffee shop.. This is what you want, it does not have a monthly fee and is normally completely free. OpenVPN is this type of VPN.

If you home internet provider is a cellular network, then DDNS (dynamic Domain Name System) may not work, the DDNS is needed for most Inbound VPN services (OpenVpn) to get your home IP address (it is not static) so OpenVPN may not work for you.

A video on the paid VPN.
------------------------------------------------------
Hacked VPNs
-----------------------------------------------------
 

Tacoman

Young grasshopper
Joined
Oct 5, 2015
Messages
74
Reaction score
12
That cleared up a lot of my confusion. Actually I may want both types. I took a look at the links you provided. I am still not entirely clear what the problems with the home network VPN services are. If I understand it the problems are that they keep logs that can be leaked and some have unsecured servers. It seems like these are problems with some rouge VPN services not with a well managed, honest VPN service. It's pretty clear that a bad VPN service is much worse than nothing at all. Is the real problem finding a trustworthy VPN service or is there some systemic drawback to ANY and all VPNs?

Thanks for the help. I think I will set up with openVPN when I upgrade to BI5. That really cleared up a lot of things. Your response was very helpful.
 

CAL7

Getting the hang of it
Joined
Nov 26, 2020
Messages
64
Reaction score
26
Location
Florida
If you home internet provider is a cellular network, then DDNS (dynamic Domain Name System) may not work, the DDNS is needed for most Inbound VPN services (OpenVpn) to get your home IP address (it is not static) so OpenVPN may not work for you.
This caught my attention. Maybe you can explain something that is bewildering me?

I have a PiVPN running Wireguard at home. My home network uses a Sprint cell phone hotspot that feeds my local wired network (with the Pi and everything else). The cell phone has a routable APN. Dynamic DNS through a free service is configured on my OpenWRT router.

1) Working case: Using another hotspot from Sprint, my phone or tablet connects with the Android Wireguard app.

2) Failing case: Same phone or tablet with Wireguard connects via a public network or a friend's home network (likely a cable company).

Would you know why that is? More importantly, is there a way to route through public networks to reach my internal network?
 

SouthernYankee

IPCT Contributor
Joined
Feb 15, 2018
Messages
5,170
Reaction score
5,320
Location
Houston Tx
Not exactly sure of your configuration, not familiar with PiVPN. The problem with a cell network for IPV4 inbound traffic is that the IP address keeps changing. It changes so fast that DDNS can not keep up. It can change multiple times during a session.

Look at Hamachi or ngrok can but I have not tested these.
 

Nunofya

Getting comfortable
Joined
Nov 8, 2021
Messages
356
Reaction score
274
Location
USA
i would strongly recommend AGAINST getting a VPN for secure/anonymous internet browsing . see the bottom of my post

-----------------------------------------------
My general VPN post
There are two types of VPN, do not get them confused.
The type depends on where the traffic conversation (traffic) originates

1) origination: local home network, destination the internet.
This type of VPN is purpose to hides your activity from the internet, it is outbound, it normally costs a monthly fee to use. Direction is from your home PC to the internet, going to your bank, google, porn sites,,,, this not what you want. This VPN uses a VPN server that is in the middle of your communications.

2) Origination: the internet world wide web, destination: your home network.
This VPN type is used to provide a secure connection onto your local network, in bound to you local home network, from your office computer, your cell phone in your car, tablet at the coffee shop.. This is what you want, it does not have a monthly fee and is normally completely free. OpenVPN is this type of VPN.

If you home internet provider is a cellular network, then DDNS (dynamic Domain Name System) may not work, the DDNS is needed for most Inbound VPN services (OpenVpn) to get your home IP address (it is not static) so OpenVPN may not work for you.

A video on the paid VPN.
------------------------------------------------------
Hacked VPNs
-----------------------------------------------------
So, with T-Mobile 5g home internet, I can't do a VPN as you stated in #2. How do you keep the camera's off the internet and still be able to acess BI when away from home?
 

SouthernYankee

IPCT Contributor
Joined
Feb 15, 2018
Messages
5,170
Reaction score
5,320
Location
Houston Tx
The cameras can be kept off the internet by using a second NIC card in you BI PC. The second NIC Is connected to the cameras but not to the internet. The first nic connects to your router, which connects to the internet. There are a number of detailed posts on setting up the second NIC.

The problem that you need to solve is how to securely remotely connect to the BI PC, using a VPN. I start with contacting T-MOBIL and ask them.
 
Last edited:

Nunofya

Getting comfortable
Joined
Nov 8, 2021
Messages
356
Reaction score
274
Location
USA
If you can't set up something like openvpn, then try Teamviewer. I have been using it for a few years now. I travel a lot and log in twice a day to check on things.

TeamViewer: The Remote Desktop Software
What would be the difference between TeamViewer and using windows remote desktop. I have windows 10 pro, think it was recommended when putting together a BI computer cause of the RDP. Haven't tried using it yet.
 
Joined
Aug 8, 2018
Messages
7,386
Reaction score
25,889
Location
Spring, Texas
What would be the difference between TeamViewer and using windows remote desktop. I have windows 10 pro, think it was recommended when putting together a BI computer cause of the RDP. Haven't tried using it yet.
I am not sure if RDP works from outside of your home LAN. If it does it would require you to open ports, which is what most here would say not to do. That is why they say to set up a VPN for secure access. Teamviewer is similar to setting up a VPN. But not being a IT expert, I really can't answer that question. All I know is that several years ago when I first joined, I could not get my IP provider's installed modem/router to work with a VPN. It was @fenderman that suggested Teamviewer to me. It has worked for me ever since. Looking at my cams is the only thing I need to do away from home, so logging into Teamviewer just to do that is no problem for me.
 

Wen

Getting the hang of it
Joined
Aug 24, 2015
Messages
80
Reaction score
25
I have a Teamviewer "non commercial use only" license and have used it for years, it's a great program but very expensive per month to license. The "free" license works great, except that Teamviewer will occasionally cancel the free license and require that you complete a signed statement that you're not using the software for commercial use. The process takes about three days, give or take.

I also have Chrome RDP installed and use that when Teamviewer poops the bed.

Teamviewer works from all over the world. Great software.
 

Nunofya

Getting comfortable
Joined
Nov 8, 2021
Messages
356
Reaction score
274
Location
USA
I am not sure if RDP works from outside of your home LAN. If it does it would require you to open ports, which is what most here would say not to do. That is why they say to set up a VPN for secure access. Teamviewer is similar to setting up a VPN. But not being a IT expert, I really can't answer that question. All I know is that several years ago when I first joined, I could not get my IP provider's installed modem/router to work with a VPN. It was @fenderman that suggested Teamviewer to me. It has worked for me ever since. Looking at my cams is the only thing I need to do away from home, so logging into Teamviewer just to do that is no problem for me.
Didn't know that about RDP. Not a computer guy, learning a lot in this forum. Changing out my cameras based on advice from @wittaj and @sebastiantombs. Getting my stuff from Andy too. Read an earlier thread where @fenderman hammered a guy's question:oops:. Don't want to be called a dumbass or low IQ. This stuff is hard for people like me, have ADD and other learning disabilities. Think my nephew took advantage of me, building a computer for BI with 12th gen processor and ddr 5 ram, having me buy the latest hardware. But I Love Blue Iris and like tinkering. Have T-Mobile home internet, so can't do the vpn thing. Working with zerotier from talking with people here, but think I've got that messed up too.
 

fenderman

Staff member
Joined
Mar 9, 2014
Messages
36,897
Reaction score
21,250
Didn't know that about RDP. Not a computer guy, learning a lot in this forum. Changing out my cameras based on advice from @wittaj and @sebastiantombs. Getting my stuff from Andy too. Read an earlier thread where @fenderman hammered a guy's question:oops:. Don't want to be called a dumbass or low IQ. This stuff is hard for people like me, have ADD and other learning disabilities. Think my nephew took advantage of me, building a computer for BI with 12th gen processor and ddr 5 ram, having me buy the latest hardware. But I Love Blue Iris and like tinkering. Have T-Mobile home internet, so can't do the vpn thing. Working with zerotier from talking with people here, but think I've got that messed up too.
The guy got hammered because of the way he posed the question. Go back and read the tread. Dont come to a forum and act like an asshole. He was and is a low iq dumbass. There have been many, and I dont shy away from calling them out. Your nephew didnt take advantage of you. Next time read before you buy. He just built it to specification.
 

Nunofya

Getting comfortable
Joined
Nov 8, 2021
Messages
356
Reaction score
274
Location
USA
The guy got hammered because of the way he posed the question. Go back and read the tread. Dont come to a forum and act like an asshole. He was and is a low iq dumbass. There have been many, and I dont shy away from calling them out. Your nephew didnt take advantage of you. Next time read before you buy. He just built it to specification.
:wow:, but I'm ok, right:smash:
 

wittaj

IPCT Contributor
Joined
Apr 28, 2019
Messages
24,438
Reaction score
47,563
Location
USA
I am not sure if RDP works from outside of your home LAN. If it does it would require you to open ports, which is what most here would say not to do. That is why they say to set up a VPN for secure access. Teamviewer is similar to setting up a VPN. But not being a IT expert, I really can't answer that question. All I know is that several years ago when I first joined, I could not get my IP provider's installed modem/router to work with a VPN. It was @fenderman that suggested Teamviewer to me. It has worked for me ever since. Looking at my cams is the only thing I need to do away from home, so logging into Teamviewer just to do that is no problem for me.
You can use RDP after you VPN back into your home network.
 

wittaj

IPCT Contributor
Joined
Apr 28, 2019
Messages
24,438
Reaction score
47,563
Location
USA
I haven't tried it with zerotier, but maybe someone with that can try?

I do find UI3 or the BI app sufficient when away over 99% of the time, but occasionally there is something you need to do that is only available in the console.
 
Joined
Aug 8, 2018
Messages
7,386
Reaction score
25,889
Location
Spring, Texas
When I log in via Teamviewer, the entire desktop from my BI PC is now a window on my remote laptop. It is just as if I am sitting at the BI PC with keyboard and mouse. No UI3 or RDP necessary. I do not understand the issue?
 
Top