VPN Primer - or answers to questions you dare not ask....

[Silas]

For the ease of information to some...

Consider there are TWO types of VPN's that you would be likley to use.

1. The VPN where you want to browse the internet and not be observed, be that porn, torrents or anime, Consider this as OUTGOING-VPN

2. The VPN that only YOU need to be able to use to get to equipment that YOU require to be secure at YOUR location, as in YOUR Cameras or anime stash, Consider this as INCOMING-VPN


OUTGOING-VPN requires you to connect to a server/portal/gateway (call it what you will) and there is often a charge for this by the party involved, the likes of NordVPN, ExpressVPN, Tunnelbear, etc etc, you install a specific client (usually provided by them) enter authentication credentials and you can then browse in private.

INCOMING-VPN is where YOU setup the service on YOUR equipment, be that dedicated or an add on to a suitable router (ASUS) and create YOUR own authentication credentials that YOU then need to use on YOUR own remote access solution (Mobile etc)

In my situation I use the ExpressVPN client on my Windows machine for when I wish to browse the internet in private.

When I need to have remote access to my cameras/nvr then I use the OpenVPN client on my mobile to connect to a device running a VPN server on my home network, this involved creating authentication credentials on that device and copying them to the mobile. Once that handshake has successfully taken place, I then have FULL access to the home network, I can check out my cameras/nvr or browse my NAS and view/transfer files if I need to.

Hope this helps a little.

And please note, this is NOT a definative or expansive explanation of VPN's, it is intended as in intro to those that find it confusing....

 

[davekra]

It may be obvious to others but how do you find your 'incoming-vpn' address when you're out in the wild?
The cable company dynamically assigns an address to the external port on my firewall and occasionally changes it.
I could look at it when I'm at home but it could change and I'd have no way of knowing it till I got home again to look at it.
Is this a potential problem or do I not understand how it works?
Thanks,
davidk

 

[Silas]

Nope, 100% right, most companies only provide a dynamic address, so you have two choices.

1. Pay them for a static, in Australia that is around $10pm, but some will not do it

2. Use one of the dynamic DNS service providers, they 'manage' the service for you by polling your system and maintaining a current record of the ip, they then provide you with a worded (rather than numeric) address like davekra.dyndns.com or trump.no-ip.com, this is then what you need to enter into your 'device' to get remote access, there is often a cost associated, so you need to either do some research or ask on here for opinions.

I have a static ip assigned by my ISP so I am unable to offer an opinion as to who to use, sorry.

Is that of help?

 

[davekra]

Yes, thanks.
That was the last piece of the puzzle to understanding (at a high level) how this would work.

 

[scquestions]

This is a great post! If forum management doesn't mind, I'd like to suggest that this information be put here too: VPN Primer for Noobs

I've had a lot of trouble trying to understand the whole VPN setup, and with the help of some on here, I've been able to understand it a lot better. Here's the thread where I've been struggling to understand everything: Easiest Way to Secure Camera System

At first, I didn't know the difference between server and client, so I purchased a router from Amazon that had was a client, not knowing what I was looking for was a server. Then, when looking into setting up OpenVPN and getting a certificate I was very overwhelmed and decided it wasn't a project I was up to doing. At that point I was looking for a "simple" solution, and it was suggested that I check out the Asus routers with Asuswrt. I did. And the setup looked incredibly easy. Then, I got the cheapest Asus router with Asuswrt, planning on connecting just the NVR to it (so I wasn't looking for a good router, just a cheap one), with a setup like this: Modem > Current Wireless Router > New Asus Router > NVR. Then I was told that wouldn't work. Basically, it's looking like the VPN will need to connect directly to the Internet, and not pass through anything else. So, I went ahead and ordered a better Asus router to replace my current router so that my whole network has the VPN connected to it. I was a little disappointed because I've heard a VPN can slow down the network, but then it was clarified on here that the internal network won't slow, and there will only be a reduction in speeds when connecting to my home network when away from home, using the VPN client.

So, that's where I'm at now.. It has taken a lot of research and frustration, but with the help of the Internet, and mainly this forum, I think it has mostly been figured out. I was planning on coming back here and typing up something like this in a week or so more clearly but then I saw this post and figured I'd just go ahead and reply now.