Menu
What's new

New internet service coming - VPN options

T

The Automation Guy

Known around here
Joined
Feb 7, 2019
Messages
1,413
Reaction score
2,808
Location
USA
Self hosted VPNs require a "service" to be running on the network. This is a small software application that handles the VPN connections. IMHO, it's easiest to run this service on your firewall/router (because it's already on 24/7 and the routing is easier since it's the first device on the network), but you can actually run it on just about any machine on your network. Most modern firewall/routers have this service available in their software. You'll just need to turn it on and then set it up correctly to work. It doesn't require a IT professional to set up, but there are a lot of "moving parts" (ie different addresses, settings, encryption keys, etc) to set a VPN up and I wouldn't say the process is very intuitive - at least it wasn't for me. It took me watching/reading a lot of "how to" guides to get mine set up the first time.

There is no problem in having your cameras on a separate VLAN/subnet and still be able to access if over the VPN, but it does require that you include that set of network addresses in your VPN setup. By default, a VPN connection will only be able to access the network subnets that you specify. If you don't specifically include the camera subnet in the VPN setup, you won't be able to access it over the VPN connection. (This is part of the "moving parts" that can complicate the VPN setup process).

Again, none of this is rocket science, but I also don't want to give you the false impression that it will take just 5 minutes to implement a VPN connection your first time out. It will probably take much longer than that and there may be a lot of colorful language spoken while you figure it out. At least that was my experience...... ;)
 
wittaj

wittaj

IPCT Contributor
Joined
Apr 28, 2019
Messages
24,983
Reaction score
48,722
Location
USA
OpenVPN is simple, but we make it way more difficult than it needs to be lol.

I was there too once with OpenVPN...tried to do all this research to find directions and got to the point I said screw it and just enabled it and kinda of followed what it was asking and it worked.

Just go to OpenVPN and enable it and see what it says - probably asks you to create a user/PW, DDNS name, encryption method, and create certificate. Then copy and paste that certificate on your mobile device. Then install the OpenVPN app and select the certificate and then connect and you are on your home network.

It really is simpler than our minds make it out to be.

A big mistake people make is installing OpenVPN on their computer and trying to host it there, yet they are trying to follow the steps on enabling it on a router and screw it all up. Only install it on the computer to host if your router does not have it built-in.

This is for an Asus router, but the steps are kinda the same.

randyshomeprojects.blogspot.com

OpenVPN on a Asus router

Sept 2021 Turned off comments because of ads July 2021 Bought a new Asus router, an RT-AX86U. Loaded it right away with Merlin firmware, s...
randyshomeprojects.blogspot.com randyshomeprojects.blogspot.com
 
V

Virga

Getting the hang of it
Joined
Feb 13, 2023
Messages
125
Reaction score
84
Location
USA
If it were easy, where would be the fun in it. Hanging out in this forum is not for the faint of heart.

To get started on a VLAN, I started to follow this ink:
How to Setup and Secure UniFi VLAN — LazyAdmin
After setting up the first firewall rule as described, took a pause.
Now wondering if it is smart to blindly follow directions, and hope for the best.
A leap of faith will be involved for sure, how much is another matter.
It would be unrealistic for me to hope to have an IT level understanding of the topic.
 
wittaj

wittaj

IPCT Contributor
Joined
Apr 28, 2019
Messages
24,983
Reaction score
48,722
Location
USA
builder said:
If it were easy, where would be the fun in it. Hanging out in this forum is not for the faint of heart.

To get started on a VLAN, I started to follow this ink:
How to Setup and Secure UniFi VLAN — LazyAdmin
After setting up the first firewall rule as described, took a pause.
Now wondering if it is smart to blindly follow directions, and hope for the best.
A leap of faith will be involved for sure, how much is another matter.
It would be unrealistic for me to hope to have an IT level understanding of the topic.
Click to expand...
VLANs can be a whole different animal LOL.

Dual NIC in the BI machine is much simply and cheaper LOL.
 
V

Virga

Getting the hang of it
Joined
Feb 13, 2023
Messages
125
Reaction score
84
Location
USA
If dual NIC moves the cause forward I could go for it, because current hardware will eventually need a re-build (same case and power supply, new mobo, CPU & cooler, memory and perhaps video card, OS license transfers).
Would appreciate if someone can point me to a reading on how to deploy dual NICs for a BI PC.
 
Last edited:
wittaj

wittaj

IPCT Contributor
Joined
Apr 28, 2019
Messages
24,983
Reaction score
48,722
Location
USA
Buy another NIC (under $20ish)

Turn off Computer

Open up computer

Insert new NIC

Put case back on computer

Turn on computer

Assign it an IP address that is different than you LAN and assign your cameras the IP address subnet of this NIC and plug into this NIC.

Dual NIC setup on your Blue Iris Machine

In making your system more secure this is a great option to eliminate your cameras calling home / connecting to the internet This is a great place to start to setup a bit more secure network and learn more about IP/Subnets etc. before adding dual NICs: Router Security - Subnets and IP addresses...
ipcamtalk.com ipcamtalk.com
 
V

Virga

Getting the hang of it
Joined
Feb 13, 2023
Messages
125
Reaction score
84
Location
USA
Perfect, thank you.
If I can simplify things with a hardware solution, I am for it.
Aside: in my (BI PC) case, there is a mini-ITX motherboard which has the solitary PCI slot used for the video card, and a mini-PCI slot used for the Wi-Fi module (came that way).
Possibly I could extract the Wi-Fi module since I don't use it, and find a suitable NIC to install in it's place.
A new mobo may be the only way to get dual NICs, and that is not out of the question in time.
Its a sixth-gen CPU, and with the 14th coming out this year, an excuse to re-build the PC.
Near-term goal is more cameras.
 
Last edited:
wittaj

wittaj

IPCT Contributor
Joined
Apr 28, 2019
Messages
24,983
Reaction score
48,722
Location
USA
Oh in that case use the wifi for the internet connection and use the port for the cameras.
 
tangent

tangent

IPCT Contributor
Joined
May 12, 2016
Messages
4,422
Reaction score
3,656
wittaj said:
A big mistake people make is installing OpenVPN on their computer and trying to host it there, yet they are trying to follow the steps on enabling it on a router and screw it all up. Only install it on the computer to host if your router does not have it built-in.
Click to expand...
The caveat being that consumer routers often don't get security updates automatically and remain in service after EOL'd by the mfg. If there's ever a vulnerability in their implementation of OpenVPN or their key generation you won't be a happy camper.

Personally I'm kind of on the fence as to which is more desirable from a security standpoint: a vpn server on a consumer router or a service like zero tier / tail scale.
 
V

Virga

Getting the hang of it
Joined
Feb 13, 2023
Messages
125
Reaction score
84
Location
USA
Once I implement two NICs (one ethernet@cameras one WiFi@internet) and zerotier (done), should I be looking at additional layers?
Ubiquiti router (UDM), WAPs, and PoE switch, all update periodically.
 
You must log in or register to reply here.
Top