Menu
What's new
By:
Filters Better Search

Help a Noob understand how to set up VPN

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

D

D!ngo

New Around Here
Hi SNB members,

I have a home security system at my house that I want to check in with my Android phone and my laptop at work. I have been using port forwarding to look into my NVR, which is where all cameras are connected (16 IP cameras, 2-4MP each). I know that port forwarding is not safe, so to minimize prying eyes, I 'enabled' it in my router when I leave to work in the morning and disabled it when I come home. Sometimes I forgot to do either, and it's getting tedious. This is why I am looking to setup VPN at my house. As a bonus I wanted to use the internet through my VPN when I'm on the road.

After some research I bought an Asus RT-AC68P. At the moment, it's running it's latest Asus firmware. I've been reading on how to set up VPN but was confused on what is needed.

Some sites say I need to subscribe to a VPN provider for a monthly/yearly fee.

Some says I have to use a dedicated always-on server/computer at home, but I need to go through a free VPN provider to do that, like Hamachi Privoxy.

Can't I just setup my router as a VPN server so that I can just log in through my DDNS address, without any extra server/computer (the same DDNS I use to access my router for port forwarding)? I see there are 2 tabs in the router: VPN Server and VPN Client. I tried to setup the VPN Server following some guides on the internet but I need to input some provider's uername and password.

Most of my search, including this site, goes into configuration steps. But before that I wanted to know what I need in order to set up my VPN for my specific needs so I don't end up with a setup like I'm running a corporation. I am VERY new to this and trying to learn all the acronyms and what they do, and at the same time I'm trying learn how networking works. So please bare with me. Any help in assisting me on how best to set up my VPN is very much appreciated.

So in summary, I want to be able log into my home security system and look at the live feed. But also be able to click on each individual camera to show full screen, just like I'm at home (NVR is set to show all 16 cameras on on screen). And if possible, I could use my home internet for browsing when I'm away.

Thank you very much for any help or suggestions.

Derek
 
You need to use search and start reading. Almost every (technical) question you have has been answered here before. ;)

To fully understand it, you need to do it (and fail) a few times and in different ways. Nobody can spoon feed 'understanding' to anyone else.
 
I'm not asking you to spoon feed me.

Like I said, I've done some research but found many different ways of doing things...and hence my confusion, especially what I'm trying to accomplish. I don't want to start putting things together and end up with unnecessary stuffs. I'm not at the 'technical' stage yet...and I know I'll fail at some point when I get there. Then I'll deal with it at that time.

I'm just asking what's the right way to start what I wanted to do. For a non technical person who is just starting to learn how all these things work, it's like trying to learn a new language to a country but you don't know what language they speak.
 
Okay, but nobody would go out and buy stuff just because of something they read on the internet. ;)

Use the equipment and firmware options open to you right now.

Start with what you have and begin by trying to do one thing at a time, only asking questions after you are really stumped (and after a good google search effort too) and you've actually tried something on your own (no matter how basic it may be towards reaching that first goal).

Asking 20 questions and expecting a reply in a single post is too much for most forum users that are doing it voluntarily.

What I can point you towards though is that if you don't get too far with stock Asus firmware, you go to RMerlin's firmware and enjoy the better routing experience there (I would even be trying the Beta firmware in your shoes as it offers enhanced VPN options and enhancements).

http://www.snbforums.com/threads/no...l-and-manual-configuration.27115/#post-205573


You may want to leave this thread as is and post individual questions in separate threads to keep the answers concise and unambiguous.
 
I would have to agree with L&LD - going into a VPN, one needs to understand the utility and risks associated with VPN, so each use case is a bit different...

I'd recommend to OP - do some homework/research as to the "why" to do a VPN, and then perhaps the "how" discussion can happen.
 
Dingo, I'm sympathetic to where you are - I was there, and the problem is that there's no easy explanation of what you're trying to do. If you're wondering why people here seem hostile, let me say they usually aren't - it's just that every couple of days someone comes in asks a variant of this (or so it seems). Why there isn't a wiki or something, I don't know, but let me try to offer a little bit of guidance.

Broadly speaking, you're right: you're trying to set your router up as a VPN server on your router. You need to make a choice between PPTP and OpenVPN - the former is easier to setup, the latter is more secure. Once you decide which to do, then there are guides to help you set up each: PPTP and OpenVPN, respectively. Once you're in, then basically you access your NVR the same way you do from home - you type in 192.168.x.y or http://nvr or however else you do it ... that's it!
 
vnangia said:
Dingo, I'm sympathetic to where you are - I was there, and the problem is that there's no easy explanation of what you're trying to do. If you're wondering why people here seem hostile, let me say they usually aren't - it's just that every couple of days someone comes in asks a variant of this (or so it seems). Why there isn't a wiki or something, I don't know, but let me try to offer a little bit of guidance.

Broadly speaking, you're right: you're trying to set your router up as a VPN server on your router. You need to make a choice between PPTP and OpenVPN - the former is easier to setup, the latter is more secure. Once you decide which to do, then there are guides to help you set up each: PPTP and OpenVPN, respectively. Once you're in, then basically you access your NVR the same way you do from home - you type in 192.168.x.y or http://nvr or however else you do it ... that's it!
Click to expand...

I thought PPTP was deprecated long ago. Did you mean IPSec?
 
L&LD said:
Okay, but nobody would go out and buy stuff just because of something they read on the internet. ;)
Click to expand...

Hehe, well I would probably be the first person to do that. At this point, I'm blind as a bat so I'll believe in snake oil.
 
D!ngo said:
Hi SNB members,

I have a home security system at my house that I want to check in with my Android phone and my laptop at work. I have been using port forwarding to look into my NVR, which is where all cameras are connected (16 IP cameras, 2-4MP each). I know that port forwarding is not safe, so to minimize prying eyes, I 'enabled' it in my router when I leave to work in the morning and disabled it when I come home. Sometimes I forgot to do either, and it's getting tedious. This is why I am looking to setup VPN at my house. As a bonus I wanted to use the internet through my VPN when I'm on the road.

After some research I bought an Asus RT-AC68P. At the moment, it's running it's latest Asus firmware. I've been reading on how to set up VPN but was confused on what is needed.

Some sites say I need to subscribe to a VPN provider for a monthly/yearly fee.

Some says I have to use a dedicated always-on server/computer at home, but I need to go through a free VPN provider to do that, like Hamachi Privoxy.

Can't I just setup my router as a VPN server so that I can just log in through my DDNS address, without any extra server/computer (the same DDNS I use to access my router for port forwarding)? I see there are 2 tabs in the router: VPN Server and VPN Client. I tried to setup the VPN Server following some guides on the internet but I need to input some provider's uername and password.

Most of my search, including this site, goes into configuration steps. But before that I wanted to know what I need in order to set up my VPN for my specific needs so I don't end up with a setup like I'm running a corporation. I am VERY new to this and trying to learn all the acronyms and what they do, and at the same time I'm trying learn how networking works. So please bare with me. Any help in assisting me on how best to set up my VPN is very much appreciated.

So in summary, I want to be able log into my home security system and look at the live feed. But also be able to click on each individual camera to show full screen, just like I'm at home (NVR is set to show all 16 cameras on on screen). And if possible, I could use my home internet for browsing when I'm away.

Thank you very much for any help or suggestions.

Derek
Click to expand...

I understand your impatience, but please... do not rush a VPN setup. If you screw up and open your entire network to the world, well...

Personally, when the topic focuses on network security, I prefer books over forums. To be secure, you need to have some understanding of almost every aspect of networking & related encryption topics that are involved.

If you are in a hurry, you can always hire someone... or just copy & paste until it works. :)
 
vnangia said:
Dingo, I'm sympathetic to where you are - I was there, and the problem is that there's no easy explanation of what you're trying to do. If you're wondering why people here seem hostile, let me say they usually aren't - it's just that every couple of days someone comes in asks a variant of this (or so it seems). Why there isn't a wiki or something, I don't know, but let me try to offer a little bit of guidance.

Broadly speaking, you're right: you're trying to set your router up as a VPN server on your router. You need to make a choice between PPTP and OpenVPN - the former is easier to setup, the latter is more secure. Once you decide which to do, then there are guides to help you set up each: PPTP and OpenVPN, respectively. Once you're in, then basically you access your NVR the same way you do from home - you type in 192.168.x.y or http://nvr or however else you do it ... that's it!
Click to expand...

Thanks vnangia,

That confirms I don't need an extra computer to run as a server. Like you said, there are no explanations for any specific situations. All the info I found were broad and networking based with many options and platforms. I wasn't sure if my VPN variant was doable without setting up a dedicated server and/or signing up for a provider.

There are just so much info out there. But at the same time, the trick is to know what to weed out to find what works for you. It doesn't help if you're a non-techie like me trying to understand all the acronyms and jargons and their purposes. I'm afraid that if I tried to change some settings I don't know about, I'll never be able to re-track....like trying to see what will happen when pushing the big red button.
 
D!ngo said:
Hehe, well I would probably be the first person to do that. At this point, I'm blind as a bat so I'll believe in snake oil.
Click to expand...

And my point was; 'don't'. :)
 
D!ngo said:
There are just so much info out there. But at the same time, the trick is to know what to weed out to find what works for you. It doesn't help if you're a non-techie like me trying to understand all the acronyms and jargons and their purposes. I'm afraid that if I tried to change some settings I don't know about, I'll never be able to re-track....like trying to see what will happen when pushing the big red button.
Click to expand...

You will be able to 'untrack'. See the link I posted for you earlier. If you don't get the expected results, in 5 minutes you can be back to where you are now.

Again; start by having a single specific goal in mind. Let your mind bend (but not break) as you try to achieve that single goal. By the time you get to the 10th item on your initial list; you'll be a pro too and be helping others here too. :D
 
D!ngo said:
Hi SNB members,

I have a home security system at my house that I want to check in with my Android phone and my laptop at work. I have been using port forwarding to look into my NVR, which is where all cameras are connected (16 IP cameras, 2-4MP each). I know that port forwarding is not safe, so to minimize prying eyes, I 'enabled' it in my router when I leave to work in the morning and disabled it when I come home. Sometimes I forgot to do either, and it's getting tedious. This is why I am looking to setup VPN at my house. As a bonus I wanted to use the internet through my VPN when I'm on the road.

After some research I bought an Asus RT-AC68P. At the moment, it's running it's latest Asus firmware. I've been reading on how to set up VPN but was confused on what is needed.

Some sites say I need to subscribe to a VPN provider for a monthly/yearly fee.

Some says I have to use a dedicated always-on server/computer at home, but I need to go through a free VPN provider to do that, like Hamachi Privoxy.

Can't I just setup my router as a VPN server so that I can just log in through my DDNS address, without any extra server/computer (the same DDNS I use to access my router for port forwarding)? I see there are 2 tabs in the router: VPN Server and VPN Client. I tried to setup the VPN Server following some guides on the internet but I need to input some provider's uername and password.

Most of my search, including this site, goes into configuration steps. But before that I wanted to know what I need in order to set up my VPN for my specific needs so I don't end up with a setup like I'm running a corporation. I am VERY new to this and trying to learn all the acronyms and what they do, and at the same time I'm trying learn how networking works. So please bare with me. Any help in assisting me on how best to set up my VPN is very much appreciated.

So in summary, I want to be able log into my home security system and look at the live feed. But also be able to click on each individual camera to show full screen, just like I'm at home (NVR is set to show all 16 cameras on on screen). And if possible, I could use my home internet for browsing when I'm away.

Thank you very much for any help or suggestions.

Derek
Click to expand...

Dingo you don't need a VPN server or port forwarding from your router to do the job your require.
simply setup team viewer as a permanent remote server.
you can then log in anywhere you are in the world and do all your work as if you where at home without having to worry about security
or getting hacked.
You can change the password as often as you like.
its impossible for someone to hack your team viewer.

Its real easy to setup a VPN server but setting up a network through the VPN server to access your cameras etc is not an easy task and like someone said in the thread
unless you really know what you are doing your better off not trying because one mistake and you can expose all your data to anyone.

Keep it simple and this way its safe.
 
One more note. I don't see a big threat if you do a Port forward and put a port range like 40753 and Local Port 3389 and in local IP put the PC you want to access
and simply use Remote Desktop for a perfect experience.
If you use a port in the high ranges you will be under the radar of a port scan.
Remember a hacker goes for easy pray, as soon as you put a few obstacles in their way they move on.
No one has has time to waste on a possibility.
Unless some super hacker really wants to get you then you would start worrying!
even if someone new that port was open and it forwarded to Remote Desktop and tried to get into your PC it would be impossible because remote desktop bumps you off after 3 tries for half hour and you can also set it up to be more intense then that.
I have been using that for Years and never had any issues.

Just because a port is open doesn't mean that a hacker has an easy time getting into your network.
So turning it on and off as you where doing is a little to much.

You now have 2 good options to try to resolve your issue
 
yorgi said:
One more note. I don't see a big threat if you do a Port forward and put a port range like 40753 and Local Port 3389 and in local IP put the PC you want to access
and simply use Remote Desktop for a perfect experience.
If you use a port in the high ranges you will be under the radar of a port scan.
Remember a hacker goes for easy pray, as soon as you put a few obstacles in their way they move on.
No one has has time to waste on a possibility.
Unless some super hacker really wants to get you then you would start worrying!
even if someone new that port was open and it forwarded to Remote Desktop and tried to get into your PC it would be impossible because remote desktop bumps you off after 3 tries for half hour and you can also set it up to be more intense then that.
I have been using that for Years and never had any issues.

Just because a port is open doesn't mean that a hacker has an easy time getting into your network.
So turning it on and off as you where doing is a little to much.

You now have 2 good options to try to resolve your issue
Click to expand...

I agree with you sentiment that low-hanging fruit is the first to be plucked so avoid being said fruit, but saying that anything is "impossible to hack" (Team Viewer) is nonsense.

Did you see the recent VNC Roulette site within the past few days? Thousands of unsecured remote desktops...

Just be careful... A hugely important fact of security is that nothing is completely secure.
 
Nullity said:
I agree with you sentiment that low-hanging fruit is the first to be plucked so avoid being said fruit, but saying that anything is "impossible to hack" (Team Viewer) is nonsense.

Did you see the recent VNC Roulette site within the past few days? Thousands of unsecured remote desktops...

Just be careful... A hugely important fact of security is that nothing is completely secure.
Click to expand...
Ok almost impossible.
and I did say use a good password. The VNC article talk about remote without passwords
Whoever setups Remote desktop without a password has to be a total wanker!
so you are right that nothing is impossible to hack
but a little common sense anything can be safe to use :)
 
Last edited:
Nullity said:
I thought PPTP was deprecated long ago. Did you mean IPSec?
Click to expand...
I wish I did, but no. The Asus routers support PPTP and OpenVPN out of the box. If he wanted IPSec, he'd have to install OptWare/Entware and then compile OpenSwan from scratch, unless it's shown up in stock Merlin since 380.57. That seems to be currently out of reach for him.

PPTP is indeed vulnerable, but many devices - *glares at iPhone* - don't support OpenVPN properly out of the box. To be really effective, you'd have to MITM the initial handshake. And it (probably) beats port-forwarding to a sensitive device that is almost never updated and probably has vulnerabilities. It's six of one, half-dozen of the other.
 
The problem I am having is the openvpn software and instructions referenced in asus support links is not accurate with the software currently offered by openvpn and asus support has been no help.

The software available from openvpn is 2.3 GUI which is server only or must be configured via command line to be a client and the command line instructions on openvpn are not clear: https://openvpn.net/index.php/open-source/downloads.html

link from Asus router: https://www.asus.com/support/Knowledge-Detail/11/2/RTAC68U/1A935B95-C237-4281-AE86-C824737D11F9/

This is the best document I've found for how to set up the openvpn but again it references a "client" openvpn: http://www.smallnetbuilder.com/othe...-up-and-using-openvpn-on-asus-routers?start=1

Asus internal config settings seem pretty easy. I think I have this right: https://www.asus.com/support/FAQ/1008713/

*I did find this site that offers the old client version: http://help.unotelly.com/support/articles/184301-openvpn-desktop-client-setup-windows-


Will try this new client version today after inspecting the download via total virus.
 
Last edited:
No luck.

I think the problem is either with my keys (opvn file) or my ddns
 
Last edited:
OpenVPN GUI is for clients, not for server. No command line work required.

You need to install it, then go to C:\Program Files\OpenVPN\config\ and copy the client1.ovpn file you exported from your router into that folder.

When you run OpenVPN GUI, it will automatically try to use any config in that folder by default. Connect through the system tray icon.

(adjust the path according to your specific OpenVPN location, it will vary depending on the Windows version and whether it's 32-bit or 64-bit).
 
You must log in or register to reply here.

Similar threads

gdgross
Setting up VPN server (router?) for offsite access
Replies
13
Views
907
gdgross
gdgross
A
Best way to set up vpn on router for gaming?
Replies
13
Views
1K
Benbrode
B
M
VPN for a Cruise Ship
Replies
11
Views
671
sfx2000
sfx2000
M
Help Me Understand OpenVPN
Replies
5
Views
564
Tech9
Tech9
F
Router for VPN with AES-NI
Replies
8
Views
833
Tech9
Tech9
Similar threads
Thread starter Title Forum Replies Date
M Help Me Understand OpenVPN VPN 5

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 889 (members: 22, guests: 867)
Top