I hear everyone say not to open ports on the router as its insecure. However, my question is if I've got multiple cameras at multiple different sites, and I use an app like IPCentCom to watch them all at once, I can only do this if I open ports, because i would need to have multiple VPN connections running to different subnets for each set of cameras at a particular house correct?
I don't see how this is remotely simple or easy to do. I know port forwarding is supposedly "insecure" but whats a better safe easy way?
Use a "hub and spoke" VPN architecture. Your main location will be the hub. You will run the VPN server from this location. You will create full time "VPN tunnels" from the hub to each offsite location (at least to the CCTV portion/VLan of the remote site). This results in the hub having the ability to see every device at the remote sites in addition to everything at the hub site. While you are on the hub's network, you will simply use the app like normal and all the devices should appear as long as the IP addresses are entered correctly.
Once you leave the hub and you want to use the app, you only need to VPN into the hub to use it. This connection is not on full time (unlike the full time tunnels). You will connect to the hub via your mobile device and hub VPN only when you need to. When you are connected, you use the app like normal and you should be able to see all the devices at all the locations just like you would if you were at the hub location.
So yes, your overall system will have several VPNs set up. But because of the way the system is set up, the connections between the hub and remote sites are running 24/7 and don't need any maintenance. You only have to worry about the single connection you will use to get into the hub while away from the hub. Setting it up this way means your mobile devices only use one VPN connection - a VPN connection into the hub. You don't need a VPN to each remote location because the full time tunnel connections (from the hub to each remote location) handles this for you.
Need some help wrapping my head around this> If I have three sites, and multiple cameras at each site, right now I've got ports forwarded in my router which I know isn't the safest thing (10+ years of IT knowledge here) My family uses these cameras to "see what is out there" at our vacation...
But if I have cameras at a site that do not have a VPN server setup, how do I tunnel into them? From what you are saying only one site needs to be the server, the others can be clients....unless I"m misunderstanding...
I have three of those Balance 20X at three sites and have the PepVPNs (Peplink proprietary VPN) activated so all three sites are connected. Makes camera work pretty easy. Could do the same thing with IPSEC tunnels as well if your router supports them.
I find that much of the "higher end" network stuff is challenging to grasp without doing it. There are two basic ways to do it. Hire someone who knows what they are doing, and do it your self. This is well within the do-it-yourself range. If that is your route, you need to get the equipment to set p a pair, in your house/business and use it! No doubt you will have some hiccups, but by having everything right there, it is much, MUCH easier to fix either end. Then, once you have it figured out as much as you need to deploy, it will be much easier.
But if I have cameras at a site that do not have a VPN server setup, how do I tunnel into them? From what you are saying only one site needs to be the server, the others can be clients....unless I"m misunderstanding...
so you have two options... contact someone who have an idea what he is doing and pay him... or use port forwarding
you are asking the same questions as last month and the answers will be the same. without EXTRA hardware you will be not able to setup anything... and without knowledge about basic network you are lost.
if you have the time to read through the internet... then you will only have to cover hardware.. if you dont have the time, then you have to add the installation costs.
I forgot how many jerks and unhelpful people are on this forum.
I'm actually an IT admin for a site, but we don't have PTP VPN's so I'm not as familiar with this part of the process.
Seems like I need to get three routers that support OpenVPN and then have them always be connected via a server at home one and then a client at home two and three....
haha... you are asking here for a setup howto for your problem, dont want to pay anything, dont want to invest in hardware... i mean ... why ?! open another thread and ask the same questions because you didnt wanted to invest time to understand the answers in the old thread
an IT admin who have no idea how basic static routes work ?
an IT admin who can not follow the tutorials on the openvpn site (which where posted in the last thread) ?
ANY vpn connection is a PTP connection... one point is the client and another the server ... they connect together ?? i dont understand
the problem with IT is ... there are many handymans who are watching youtube videos and can setup a printer... now they are IT specialists.
when its over your head you have to pay someone.. thats the true ..
there is a good reason why many car forums (here in europe) are now paid membership forums... they were sick off all people who wanted knowledge for free and leave after..
Don't forget to add to your list the people that ask the same question over and over again....you have started 4 thread topics (VPNs, OpenMediaVault, Powerline adaptors, and Port Forwarding) and created an additional thread for each topic to re-ask your question from an earlier thread you started. The answer isn't going to change a month later by creating a new thread asking the same thing...
Just because you do not like the options suggested doesn't mean it wasn't helpful. The options suggested would accomplish what you are trying to do.
You have been given sound advice and options, all of which is free advice given by people that have been there/done that. If you do not like it or do not want to implement it, then go to a paid site and ask for help there and see if you get any better advice...
I forgot how many jerks and unhelpful people are on this forum.
I'm actually an IT admin for a site, but we don't have PTP VPN's so I'm not as familiar with this part of the process.
Seems like I need to get three routers that support OpenVPN and then have them always be connected via a server at home one and then a client at home two and three....
Anyone have any luck forwarding ports with spectrum internet and their own router? I have a new Asus router with Spectrum Phone / Internet modem and even thought port shows as open on the ASUS router, I'm unable to get to my camera or see that the port is open in a port forward online...
How do you all go about wiring cameras in an existing house? I can't tear all my walls apart, and I've got studs and firebreaks between floors....this seems almost impossible unless you are a drywall expert...
Looking for recommendations that have the following features Outdoor camera Wireless camera NOT POE, I can only run electricity, not RJ45 cable to this camera IP Camera: can call up google or Edge and without a plugin, view the video feed Record to an SD card and a NAS I've looked online...
Anyone have any luck forwarding ports with spectrum internet and their own router? I have a new Asus router with Spectrum Phone / Internet modem and even thought port shows as open on the ASUS router, I'm unable to get to my camera or see that the port is open in a port forward online...
How do you all go about wiring cameras in an existing house? I can't tear all my walls apart, and I've got studs and firebreaks between floors....this seems almost impossible unless you are a drywall expert...
Looking for recommendations that have the following features Outdoor camera Wireless camera NOT POE, I can only run electricity, not RJ45 cable to this camera IP Camera: can call up google or Edge and without a plugin, view the video feed Record to an SD card and a NAS I've looked online...
Looking thru this thread and the other one, every post provided helpful information, including my "try this thread" where I had provided helpful input in your previous thread.
Even the folks that said you already asked this question then proceeded to provide a response...
"This is the first I've heard of using PFsense...so thats what threw me for a loop suddenly I need a new piece of software.." - Jwadsley IT Admin
Now I am very curious as to what type of IT admin you are?
FWIW -
If you go to the OpenVPN Wikipedia page you will see various firmware packages that include OpenVPN, one of those is pfSense
Firmware implementations
OpenVPN has been integrated into several router firmware packages allowing users to run OpenVPN in client or server mode from their network routers. A router running OpenVPN in client mode, for example, allows any device on a network to access a VPN without needing the capability to install OpenVPN.
Notable firmware packages with OpenVPN integration include:
Notable firmware packages with OpenVPN integration
I don’t understand what the problem is at this point. You have been given some choices. You will have to do some research to determine what’s best/easiest.
Im a fan of site to site tunnels which is why I recommended and use Peplink routers because it’s like three clicks and you’re done to setup the site to site vpn with them. So simple. But you can get similar functionality using IPSEC in other routers. Look up some YouTube tutorials. They can assist.
But if I have cameras at a site that do not have a VPN server setup, how do I tunnel into them? From what you are saying only one site needs to be the server, the others can be clients....unless I"m misunderstanding...
Hopefully your router/firewall at the hub (VPN server) and each remote site (VPN client) can support the VPN connection. Personally I use pfSense for firewalls and it handles these types of connections just fine.
This Pi Zero W host my OpenVPN server, DNS server (pi hole), NTP server, and DDNS client (update my public IP to my domain number). But hey, three OpenVPN capable router will work too, just be sure your public IP is static or you'll need a DDNS client.
