distilled
Senior Member
This is very probably going to be a dumb, or at least redundant question, but I could not find it addressed anywhere with a few searches. I apologize in advance, but I travel frequently these days, and do not have the time to learn through experimentation, as would be my preference.
As I travel, I keep an eye on my homes using home security cameras that are connected via site-to-site OpenVPN configured in Merlin. This works extremely well, it is fast, and it allows me to easily extend the VPN to various devices within each residence, so I can pull up the cameras on phones, tablets and televisions (TinyCam Pro) and PCs running NVR software (Blue Iris). I have started tweaking things using YazFi to segment camera traffic from "human" internet, and also to compartmentalize "gadget" type IoT traffic (Home Assistant, light switches etc). YazFi sends the groups through different commercial VPN services, to help confound analytics. I would love to be able to selectively route certain groups (like televisions) around the VPN for Netflix, Amazon and the like, but haven't figured out how to do that yet. Time is limited, heck, typing this post is taking more than I have right now, but I am hoping someone might be able to point me in the right direction, thereby lowering the risk that I will crash one of the VPN routers while experimenting. Nothing like sawing off the branch you are sitting on, right?
So. I very much would like to avoid having the cameras leak anything to the net. P2P is disabled, but I would feel even better using the "Block Internet Access" option in the related clients, just to be sure. However, this kills VPN connectivity. Is this because OpenVPN is using interface type TUN, thereby giving the VPN clients a different IP scope, so it sees the VPN's RFC 1918 address as "internet" and blocks it? ? If I set it up in TAP mode so it bridges instead of routing, will Block Internet Access allow me to connect? Would it kill the VPN changing this? The houses are on opposite coasts, so it is a pretty long walk just to undo a little booboo.
I would also like to be able to use the X3mrouting script to selectively route some of the YazFi networks, and at least one thread mentioned using X3mrouting with YazFi, but it was over my head.
I know this post contains more information than is probably necessary, but folks here seem to enjoy a challenge, and I am hoping my verbosity is more likely to engage.
If it matters, two of the VPN endpoints run an 86u and one a 68u.
93's,
As I travel, I keep an eye on my homes using home security cameras that are connected via site-to-site OpenVPN configured in Merlin. This works extremely well, it is fast, and it allows me to easily extend the VPN to various devices within each residence, so I can pull up the cameras on phones, tablets and televisions (TinyCam Pro) and PCs running NVR software (Blue Iris). I have started tweaking things using YazFi to segment camera traffic from "human" internet, and also to compartmentalize "gadget" type IoT traffic (Home Assistant, light switches etc). YazFi sends the groups through different commercial VPN services, to help confound analytics. I would love to be able to selectively route certain groups (like televisions) around the VPN for Netflix, Amazon and the like, but haven't figured out how to do that yet. Time is limited, heck, typing this post is taking more than I have right now, but I am hoping someone might be able to point me in the right direction, thereby lowering the risk that I will crash one of the VPN routers while experimenting. Nothing like sawing off the branch you are sitting on, right?
So. I very much would like to avoid having the cameras leak anything to the net. P2P is disabled, but I would feel even better using the "Block Internet Access" option in the related clients, just to be sure. However, this kills VPN connectivity. Is this because OpenVPN is using interface type TUN, thereby giving the VPN clients a different IP scope, so it sees the VPN's RFC 1918 address as "internet" and blocks it? ? If I set it up in TAP mode so it bridges instead of routing, will Block Internet Access allow me to connect? Would it kill the VPN changing this? The houses are on opposite coasts, so it is a pretty long walk just to undo a little booboo.
I would also like to be able to use the X3mrouting script to selectively route some of the YazFi networks, and at least one thread mentioned using X3mrouting with YazFi, but it was over my head.
I know this post contains more information than is probably necessary, but folks here seem to enjoy a challenge, and I am hoping my verbosity is more likely to engage.
If it matters, two of the VPN endpoints run an 86u and one a 68u.
93's,