Separate NICs vs NIC with two IP addresses

[Optimus Prime]

Hiya. I've managed to get OpenVPN setup and are ready to take of some more housekeeping. I noticed in the Wiki it said there should be two separate NICs. I currently have one NIC, but it has 2 IP addresses - the local network, and machines on the same network with a different IP scheme for the cameras. E.g., the internet connected network is xxx.xxx.3.xxx and the non internet connected network are xxx.xxx.4.xxx. All devices are talking on the same unmanaged switch.

Is this sufficient? Or do I need to completely physically separate?

 

[crw030]

The objective is to prevent the cameras from having any access to reach out to the internet. Without know more, it feels like you may not have that separation as an unmanaged switch would probably just push the traffic thru to your router.

What device(s) are between the unmanaged switch and your internet connection from your ISP ?

 

[Optimus Prime]

Just my router. I’ve programmed the cameras with a gateway address that doesn’t exist, and the router’s address is not the same scheme as the cameras. Address-wise, the only shared configuration is the multiple IPs assigned to the Blue Iris computer. I cannot reach the cameras otherwise.

 

[SouthernYankee]

Does the NIC have two RJ45 connectors. If not, then use two network cards. You want two physical networks. There is no traffic that flows from one network to the other network, physical separation.

IP addresses and routing can be spoofed.

 

[bp2008]

The main concern is that a device could not follow the IP addressing rules you specified, and get to the internet or other LAN devices that way. It is unlikely, but possible, and therefore the main reason for separate physical networks.

I don't let that concern me at home

 

[crw030]

What router are you using, does it support logging traffic? Also have you disabled uPNP in the router & cameras?