Help setting up this VPN!

Jhonyquest97

Young grasshopper
Joined
Feb 21, 2021
Messages
41
Reaction score
22
Location
USA
I'm Running Windows 10 with a nitehawk r6900 Router.
In windows I set up the VPN connection but i'm confused as to what i should be putting in the "server name or address" Line.

On my routers advanced settings i've enabled VPN, Installed the configuration files and copied them to the "openvpn\config" folder.
I changed the TAP-Windows adapter name to NETGEAR-VPN

What do i do to get it all connected? I've seen using vpnbook.com but do I use an open VPN or a PPTP? I'm not a networking guy...
 

The Automation Guy

Known around here
Joined
Feb 7, 2019
Messages
1,375
Reaction score
2,735
Location
USA
When you set up a VPN on your router, it is designed to work with remote connections coming into your home network. This way you can access your network when you are not home. You do not need to change any settings on any devices that are on the home network. In other words, if this computer is a desktop that stays in your home, you don't use the VPN.

On the other hand, if this is a laptop that you want to carry away from the house and be able to connect to your home network via the VPN, this is when you would use the VPN software on your laptop. Which brings me to the next step. Once you have the VPN server set up on the router, hopefully there is a method of downloading an encryption file from the router. You also need to install VPN client software on your laptop. I would suggest OpenVPN for this, but there are other alternatives. Open the software and "import" that encryption file. That will hopefully set up the connection automatically (although you probably will still need to enter your username and password). When you are away from home and want to connect the laptop to the home network, you first connect the laptop to a network that has internet access and then you start the VPN client software on the laptop and "connect" to your home VPN server. This will create the encrypted connection from the laptop to the home network.
 

Jhonyquest97

Young grasshopper
Joined
Feb 21, 2021
Messages
41
Reaction score
22
Location
USA
So if I just get the BI app I wouldn’t need the vpn…

but above was a very good explination thank you so much. I was thinking the cpu the cameras are on needed thier own vpn to make them more secure?
 

wittaj

IPCT Contributor
Joined
Apr 28, 2019
Messages
24,429
Reaction score
47,550
Location
USA
Nope, with the app you would still need VPN unless you are port forwarding (not advised).

Setting up the VPN within the router is fine and secure.
 

Jhonyquest97

Young grasshopper
Joined
Feb 21, 2021
Messages
41
Reaction score
22
Location
USA
Nope, with the app you would still need VPN unless you are port forwarding (not advised).

Setting up the VPN within the router is fine and secure.
Okay gotcha. Use an openvpn vs pptp?
 

Jhonyquest97

Young grasshopper
Joined
Feb 21, 2021
Messages
41
Reaction score
22
Location
USA
Okay so I've connected via an openvpn.

Is there a port i should use over another that would be less likely to flag as suspicious? Google thought i was a robot when i checked my ip. My router has TAP mode-service type and a line for the port. Should i check off TCP and use port 443?

Edit: also BI utilized a port forwarding tool for app remote access, You said thats not recommended? If i turn off port forwarding the test fails for setting up my remote access via the wizard so i cant get the qr to scan.
 
Last edited:

The Automation Guy

Known around here
Joined
Feb 7, 2019
Messages
1,375
Reaction score
2,735
Location
USA
Is there a port i should use over another that would be less likely to flag as suspicious?
I'd just use the standard port (or whatever was suggested in the setup). The beauty of a VPN server is that without the added encryption pack, no one can connect. So the fact that this one port is open to the VPN server isn't unsecure like a normal port forwarding situation.
 

Mike A.

Known around here
Joined
May 6, 2017
Messages
3,825
Reaction score
6,377
I'd argue for (and do) use another port. VPNs are very secure but there are exploits at times most of which, like most good hacks, just bypass the authorization/encryption. Also, most home routers tend not to get updated often so vulnerabilities can be out there for a relatively long time. Makes things a little harder to target on a mass basis at least. Not something that most probably need to worry all that much but just as a matter of good practice I generally try to avoid defaults for anything that may be exposed in some way.

Recent Openvpn Security Vulnerabilities
OpenVPN 3 Core Library version 3.6 and 3.6.1

CVE-2021-3547 7.4 - High - July 12, 2021

OpenVPN 3 Core Library version 3.6 and 3.6.1 allows a man-in-the-middle attacker to bypass the certificate authentication by issuing an unrelated server certificate using the same hostname found in the verify-x509-name option in a client configuration.
authentification

OpenVPN 2.5.1 and earlier versions

CVE-2020-15078 7.5 - High - April 26, 2021

OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks.
 

Jhonyquest97

Young grasshopper
Joined
Feb 21, 2021
Messages
41
Reaction score
22
Location
USA
I’m just having a hard time getting blue iris to communicate through the vpn. I use the remote connection wizard and it stalls at the UPNP screen. Even when I try to have the wizard open the port it won’t work. It asks if UPNP is on, which it is. It works without being connected to the vpn and I can get full access via my phone, push alerts etc.
 

wittaj

IPCT Contributor
Joined
Apr 28, 2019
Messages
24,429
Reaction score
47,550
Location
USA
With VPN you do not go thru the BI wizard and UPNP.

If it works without VPN being on, then you are using port forwarding or stunnel or some other method.

VPN puts you back on your home network just like you are sitting on your couch. So the exact same way you see BI on your tablet or phone is the same whether you are at home or away. You simply have to connect to VPN first when remote.

You simply point UI3 or the BI app to your LAN IP address for your BI computer. Just like at home. I type in the same LAN IP address whether home or away, obviously it doesn't work away unless I have VPN'd in first.
 

Jhonyquest97

Young grasshopper
Joined
Feb 21, 2021
Messages
41
Reaction score
22
Location
USA
I’ve read the wiki and so many other things I’ think I’m confused.

So my settings in bi
LAN router ip
WAN vpn ip
Port is related to the connected vnp (443)?

then in BI app input the same info?
connect to same vpn on iPhone andit should connect?
Thanks for you patience, I know this is simple stuff for most of you lol.
 

user8963

Known around here
Joined
Nov 26, 2018
Messages
1,465
Reaction score
2,315
Location
Christmas Island
the number of open blue iris servers is rising :) there are some who uses indoor cameras ... creepy as hell !

use vpn ! even when its a pain to set it up
 
Last edited:

wittaj

IPCT Contributor
Joined
Apr 28, 2019
Messages
24,429
Reaction score
47,550
Location
USA
That port is only if you are doing stunnel. You either do stunnel (not as secure but better than Port Forwarding) or you do VPN. But since you said previously you used the wizard and you can see BI without VPN, that tells me you are probably using stunnel.

LAN should be the IP address of your BI computer with the port # after so something like 192.168.1.150:81 (81 is the default BI port unless you changed it) - obviously the IP address is whatever your IP address is.

WAN is your IP address out to the public (what shows up in whatismyaddress website)

Can you see BI on your phone right now using either UI3 or the BI app? If so, then there is nothing else to do than to connect to your VPN when away.

With UI3, you simply open a browser and type in the LAN with : and port # like above into the address and it pulls up the BI login screen.

With the BI app you simply put in the LAN address with : and port # into the LAN and WAN location.
 
Last edited:

Jhonyquest97

Young grasshopper
Joined
Feb 21, 2021
Messages
41
Reaction score
22
Location
USA
I
That port is only if you are doing stunnel. You either do stunnel (not as secure but better than Port Forwarding) or you do VPN. But since you said previously you used the wizard and you can see BI without VPN, that tells me you are probably using stunnel.

LAN should be the IP address of your BI computer with the port # after so something like 192.168.1.150:81 (81 is the default BI port unless you changed it) - obviously the IP address is whatever your IP address is.

WAN is your IP address out to the public (what shows up in whatismyaddress website)

Can you see BI on your phone right now using either UI3 or the BI app? If so, then there is nothing else to do than to connect to your VPN when away.

With UI3, you simply open a browser and type in the LAN with : and port # like above into the address and it pulls up the BI login screen.

With the BI app you simply put in the LAN address with : and port # into the LAN and WAN location.
ll have to give it a try when I get home. I believe once the pc is connected to the vpn is when I can’t connect to BI. I’ll double check though
 

Jhonyquest97

Young grasshopper
Joined
Feb 21, 2021
Messages
41
Reaction score
22
Location
USA
okay.. I cannot connect with BI app when i'm not on the wifi. Even without a vpn I cannot connect outside of the wifi network.

I'm not using stunnel and there is no port forwarding.

Do i need to start with router changes? VPN is enabled and the picture shows settings. Ive installed the openVPN GUI and copied the "windows" files into the Config folder. Changed the adapter name to netgear-vpn

Second image is what is in the openVPN config folder. Top three from the router VPN setup and the bottom 4 from the vpnbook.com. Is this incorect? Should i wipe it all clean and start over?
 

Attachments

wittaj

IPCT Contributor
Joined
Apr 28, 2019
Messages
24,429
Reaction score
47,550
Location
USA
So OpenVPN is on your router.

Are you trying to use a computer to log in remotely or a tablet or a phone?

The BI app is either Apple or Android, so you need to export the OpenVPN config file and install it on your device and download the OpenVPN app and then open up the config file.

If it is a Windows computer, then you need to install OpenVPN on the computer and then open up the config file that you exported from the router.
 

Jhonyquest97

Young grasshopper
Joined
Feb 21, 2021
Messages
41
Reaction score
22
Location
USA
So OpenVPN is on your router
The program is installed on the ox that BI runs on.

Are you trying to use a computer to log in remotely or a tablet or a phone?
Iphone

The BI app is either Apple or Android, so you need to export the OpenVPN config file and install it on your device and download the OpenVPN app and then open up the config file.

Did this also. Pluged the iPhone into the cpu running BI and transferred confit files in openvpn app files.

If it is a Windows computer, then you need to install OpenVPN on the computer and then open up the config file that you exported from the router.
open the files or copy the files into the openvpn confit folder?

should I just start over. I feel likeit’s something simple that I got mixed up.
 

user8963

Known around here
Joined
Nov 26, 2018
Messages
1,465
Reaction score
2,315
Location
Christmas Island
i am not sure what you want to do.
vpnbook is a vpn service for hiding yourself. it has nothing to do with access your bi server..

I changed the TAP-Windows adapter name to NETGEAR-VPN
not sure if this is good. you dont have to change something. windows is only able to connect to PPTP or L2TP(IPsec) ...

you are trying to connect to a openVPN server... so you NEED openvpn gui (community edition) which you can download here Community Downloads | OpenVPN

if you have installed it and copy the files to the config folder, you should see a little symbol (computer with lock) right in the taskbar.
you click with right mouse on it, then a menu should pop up and you see your netgear vpn (if config copied to right place). just connect... not vpnbook ! your OWN netgear vpn.

the picture shows settings
you should set it to homenetwork only. not sure what "auto" does, but you dont want that all traffic from the connected device goes through the vpn... if your home connection is not good (low upload/download), then you will have a bad time on your device while surfing on the internet...
 

Jhonyquest97

Young grasshopper
Joined
Feb 21, 2021
Messages
41
Reaction score
22
Location
USA
Initially I went through the router and followed the directions (that’s where it said change the name of the TAP -just the name). Then when I was in windows trying to set up a vpn connection I didn’t have a server or address so that led me to the vpnbook. I didn’t realize windows won’t work with openvpns. Then I think I just got confused. Im going to start over
 
Top