Help a Noobie understand VPN and the best route to take

boosted_turd · Aug 15, 2016

Hey Everyone!

im a new member and to be honest, I only signed up in hopes you all could share your expertise with me. I'm a bit of a newb so please bear with me. So I've had my cams for a year now but recently have become more avid about being more secure when viewing them remotely. Currently using the port forwarding method but from the research and reading I've done, it definitely isn't the most secure way to do so. It seems like from my research on the forums as well as the Internet in general, setting up a VPN is my best bet. Now here is where my questions starts and hoping that you could assist me. Currently using an Apple AirPort Extreme which doesn't support VPN. Wondering which is my best route to go. Use my Mac Mini and connect to the AirPort Extreme and setup it up as a VPN Server, but how would I connect to my cameras remotely? Or get a modem from flashrouters and sign up for a Vpn service? What is there difference between the two and what would be the best and most secure route in your opinion? Is there another alternative? All this reading and I am thoroughly confused lol, so any helpful input and direction would be so greatly appreciated! Thanks so much in advance for your time! If this has been covered please feel free to link me so I can do more reading and hopefully not get more confused! :rapture:

Q™ · Aug 15, 2016

Have you used the Forum search function to look for related topics and answers, or are we going to review VPN 101 all over? Again.

boosted_turd · Aug 15, 2016

Yes I did, but still unsure of the process and the hardware needed. No offense intended but if you didn't feel like helping out, then what was the purpose of commenting? But thank you for bumping my thread. And yes, I've googled it too. Just looking for the "VPN for dummies version that isn't so technical." Lol

Have done a lot of reading and still lots left to do as I've bookmarked a bunch of pages.

Q™ · Aug 15, 2016

Because I get tired of lazy people looking for handouts without trying to do any work for themselves. But this doesn't apply to you apparently...and no need to thank me for the 2nd bump mate.

boosted_turd · Aug 15, 2016

Q, definitely not looking for a handout as I'm doing as much research as I can, even before coming on here asking the question I did. It just seems like the more I read, the more confused I get as to which route to take. For example using a VPN Service vs creating a VPN Server within a capable router. From my reading, both from google searches and here in the forum, based on some of the things
Nayr recommended...I'm thinking creating a VPN Server within a capable router would be my best bet. But not being too knowledgable about networking, I was just looking for suggestions whether it be links to read or otherwise. I wonder what a good router would be (talked to a flashrouter sales person and got a couple of suggestions but they don't really support creating a VPN Server within the router), what software do I need to load onto the router, and what do I need to do to setup remote access.

From a post from Nayr in a thread, he stated that setup should be easier than port forwarding but the more I read, the technical lingo gets in the way and I get a little confused.

So if there is anybody who can't point in me in the right direction, it would be greatly appreciated vs telling me to use the search feature which I did prior to posting. I don't mind reading and researching but it seems the more research I do and more info I intake, the less clear I am about the process to set things up correctly, what hardware (router and other things I would need) to make it work with my Apple AirPort Extreme, and software I will need both on the router and any iOS devices to access the network remotely through the VPN.

I know my first port wasn't as clear but I'm hoping that this better clarifies things. Thanks in advance for anyone's time and input.

PSPCommOp · Aug 15, 2016

VPN Services that you pay for are clients. They mask the location of your IP and in turn, any internet traffic using the IP. U don't want this. I made the mistake too so no biggie. U want an VPN Server.

Given what you're working with, go out and get a brand new router. Asus are known for the easiest VPN to set up. Netgear Nighthawk is good. Linksys has good ones as well. Look to spend in the 140-180 range for one with reliability and good features. Use the airport as a file server.

Once you decide on the router, which i recommend Asus, google or YouTube search for VPN Setup on that particular model. If you're somewhat inclined, google OpenVPN and read up on that. I'm not gonna type all the info on how to set it up, that'll be on you and its particular to what you want but its also very easy to learn. Heres a good website to read...

http://www.smallnetbuilder.com/other/security/security-howto/32538-setting-up-and-using-openvpn-on-asus-routers

If your using Airport, i'm assuming your an iPhone user. Once you get the VPN Server up and running on the router, you can plug the VPN settings into the phone and it'll connect for you. Or if you go the OpenVPN route, theres an app that you fire up, check the tab and then open BI and boom, you're in. The VPN server is on the router, your phone or tablet or whatever you use to monitor BI via the app or web browser is the client. Also, once you set up the VPN, make sure you disable port forwarding on the new Router otherwise the security benefits you gain from a VPN are null and void.

So in a nutshell, whenever you set the VPN Server up, and then set up your phone to connect to the VPN, its like connecting a secure pipe between the phone and everything on your home network. Whereas port forwarding is like an always open door to your crib. Just takes some asshole to start looking for it and when they do, your network security is gonzo.

boosted_turd · Aug 16, 2016

PSPCommOp said:
VPN Services that you pay for are clients. They mask the location of your IP and in turn, any internet traffic using the IP. U don't want this. I made the mistake too so no biggie. U want an VPN Server.

Given what you're working with, go out and get a brand new router. Asus are known for the easiest VPN to set up. Netgear Nighthawk is good. Linksys has good ones as well. Look to spend in the 140-180 range for one with reliability and good features. Use the airport as a file server.

Once you decide on the router, which i recommend Asus, google or YouTube search for VPN Setup on that particular model. If you're somewhat inclined, google OpenVPN and read up on that. I'm not gonna type all the info on how to set it up, that'll be on you and its particular to what you want but its also very easy to learn. Heres a good website to read...

http://www.smallnetbuilder.com/other/security/security-howto/32538-setting-up-and-using-openvpn-on-asus-routers

If your using Airport, i'm assuming your an iPhone user. Once you get the VPN Server up and running on the router, you can plug the VPN settings into the phone and it'll connect for you. Or if you go the OpenVPN route, theres an app that you fire up, check the tab and then open BI and boom, you're in. The VPN server is on the router, your phone or tablet or whatever you use to monitor BI via the app or web browser is the client. Also, once you set up the VPN, make sure you disable port forwarding on the new Router otherwise the security benefits you gain from a VPN are null and void.

So in a nutshell, whenever you set the VPN Server up, and then set up your phone to connect to the VPN, its like connecting a secure pipe between the phone and everything on your home network. Whereas port forwarding is like an always open door to your crib. Just takes some asshole to start looking for it and when they do, your network security is gonzo.

Thank you so much for the helpful info PSP. I will definitely do some reading on the link you provided and I did Google OpenVPN and was thinking about going that route as well. Being a total newb to this, I just don't want to botch anything up royally.

I know I'm probably making this harder than it really is. Kind of like when I first got my cams and was reading on port forwarding. Seemed complicated when reading but in practice not so much. Was way easier than I thought it to be. Now that I'm familiar with it, I just laugh at myself. I'm sure I'm doing it again but would rather go on the side of caution since this is all new to me.

Again, thank you so much for the help and for your time! It is greatly appreciated!

Kitsap · Aug 16, 2016

When you have your replacement router in hand and before you install it, take a minute to review the IP numbering scheme you have setup for the private side of your LAN where the cameras are connected. Then go to the OpenVPN site and review their recommendations on avoiding IP address conflicts. OpenVPN

I took delivery of a new Netgear Nighthawk router several days ago. Personal choice only, nothing wrong with ASUS. I have the VPN feature activated on the router and have configured the VPN client on one Windows laptop computer. After having stumbled around with port forwarding for several months I am impressed with the reliability and ease of connection with the VPN. The connection is solid and responsive compared to port forwarding but I do notice a slight lag when I send commands to a PTZ camera.

The VPN option appears to be both secure and good for the long haul. I do not expect the internet environment to become any less hostile anytime soon.

I have to work on configuring a client for an Android phone or two and a desktop computer in another city where I do not have ready access.

Good luck.

spork · Aug 16, 2016

I've heard some of the vpn setups can be exploited and then your entire network is open to them? OpenVPN was the recommended setup last time I checked. Having to click through the app every time you want to view cams from your phone is annoying though. I don't want to leave it connected as that uses data. Its nice that some routers have this built in though.

I use stunnel on my blue iris machine but as a alternative I wonder if stunnel would work well on a raspberry pi for direct viewing of ipcams? I would rather do this than mess around with the vpn.

boosted_turd · Aug 16, 2016

Kitsap said:
When you have your replacement router in hand and before you install it, take a minute to review the IP numbering scheme you have setup for the private side of your LAN where the cameras are connected. Then go to the OpenVPN site and review their recommendations on avoiding IP address conflicts. OpenVPN

I took delivery of a new Netgear Nighthawk router several days ago. Personal choice only, nothing wrong with ASUS. I have the VPN feature activated on the router and have configured the VPN client on one Windows laptop computer. After having stumbled around with port forwarding for several months I am impressed with the reliability and ease of connection with the VPN. The connection is solid and responsive compared to port forwarding but I do notice a slight lag when I send commands to a PTZ camera.

The VPN option appears to be both secure and good for the long haul. I do not expect the internet environment to become any less hostile anytime soon.

I have to work on configuring a client for an Android phone or two and a desktop computer in another city where I do not have ready access.

Good luck.

I appreciate the response! Any reason you went with the NightHawk over the Asus? Now that I'm onto picking out hardware, just wondering which would best suit my needs. The router needs to penetrate through 4 levels in our home. Also when setting things up on the router, will I need to install OpenVPN as well as the dd-wrt firmware onto the new router?

Kitsap · Aug 16, 2016

boosted_turd said:
Any reason you went with the NightHawk over the Asus?

Also when setting things up on the router, will I need to install OpenVPN as well as the dd-wrt firmware onto the new router?

I bought the Nighthawk R7000 because of a past positive history with Netgear equipment and budget. In my opinion you can really overspend on a new wireless router with all of the latest bells and whistles.

Nothing to actually install on the router. In advanced settings you simply enable the VPN services. Once enabled there are several steps to establish a DDNS account and download the client installation programs and configuration files.

fenderman · Aug 16, 2016

JohnnyC said:
Q2U - You are one miserable s.o.b. I deal with a-holes like you at work - You think you know it all and will not lend a helping hand when needed. There are many others that will run rings around you, but people like you think your superior to everyone. Thank you for your help and contribution.

Have you bothered reading Q2U's contribution to this forum before running your mouth? Didnt think so.

Q™ · Aug 17, 2016

Thanks Fenderman and thanks to @boosted_turd for his level-headed and reasoned response to my arrows.

Search

Help a Noobie understand VPN and the best route to take

boosted_turd

n3wb

Q™

boosted_turd

n3wb

Q™

boosted_turd

n3wb

PSPCommOp

Getting the hang of it

boosted_turd

n3wb

Kitsap

Getting the hang of it

spork

Young grasshopper

boosted_turd

n3wb

Kitsap

Getting the hang of it

fenderman

Q™