Good Sam Community

GordonThree wrote:

dryfly wrote:
I am considering build a Virtual Private Network for remote security camera viewing. I don't want to do basic port forwarding for security reasons.

I have found that VPN's can be hardware such as in the router, software in the computer, or through VPN service providers. As far as I can determine these providers act between a LAN and the ISP.

Question: which would be the most advantageous, and most economical?

VPN endpoint built into a residential router is fine for this purpose. A cloud based VPN provider would make this more complicated. I like DD-WRT based routers, like Linksys, Buffalo, Asus.

You setup your router to accept VPN connections, and then setup your cell phone, tablet, laptop, etc to "dial in" to that VPN.

Once connected, your device is now part of your home network, and can access the cameras and whatever else you have networked back home.

The only difference between a cheap residential router and an expensive commercial unit is the level of support and frequency of updates. They run the exact same VPN software named OpenSSL / OpenVPN. While a $$$$ router might get security updates every few months, a $$ router will likely never get security updates unless something embarrasses the company into a knee-jerk reaction.

While I appreciate the expert advice from Braindead, my research shows most folks are using DD-WRT based routers successfully to secure their IP camera systems. I am recording to my own server and have no interest in cloud based storage of my video clips.

Unfortunately my current router does not support DD-WRT so I just want to make sure that I'm making the right decision on a VPN solution before purchasing a new router.

And, I will probably use a service like noip.com to maintain a static IP address.

I used to do all the port forwarding on my old cameras until they came out with the p2p cameras, use your smart phone to set them up and you can see what the camera see's. Below is a clicky for a website that will explain it better than me, I prefer the wireless ones and all you have to do is make sure you leave your router on.
http://cctvcamerafactory.com/blog/p2p_ip_camera/

Hope all this helps

dryfly wrote:

Mortimer Brewster wrote:
I do have to reset the connection once or twice a day when it loses connectivity. Hope this helps.

Is this normal with PIA? If so, that would rule it out for me, as my objective is remote access. I could not do resets effectively.

It shouldn’t happen but it does. To reset you open the app and touch any location around the country (or world) that you want to be routed through. Normally it will route you through whichever location is quickest. The app is very user friendly.

GordonThree wrote:

magicbus wrote:

GordonThree wrote:

VPN endpoint built into a residential router is fine for this purpose. A cloud based VPN provider would make this more complicated. I like DD-WRT based routers, like Linksys, Buffalo, Asus.

You setup your router to accept VPN connections, and then setup your cell phone, tablet, laptop, etc to "dial in" to that VPN.

Once connected, your device is now part of your home network, and can access the cameras and whatever else you have networked back home.

Seems like this would require a fixed IP address to your home network wouldn't it?

Dave

Not really. Depending on your provider, the IP may not change often (mine hasn't in years). If it does, services like Dyn.com, Noip.com, etc can help keep track. Most mid to high end residential routers have the built in ability to update such services.

Indeed. I (and my empoloyer) use Dyn.com There are other ways you can do this, however a dynamic IP to hostname service is certainly the easiest.

magicbus wrote:

GordonThree wrote:

VPN endpoint built into a residential router is fine for this purpose. A cloud based VPN provider would make this more complicated. I like DD-WRT based routers, like Linksys, Buffalo, Asus.

You setup your router to accept VPN connections, and then setup your cell phone, tablet, laptop, etc to "dial in" to that VPN.

Once connected, your device is now part of your home network, and can access the cameras and whatever else you have networked back home.

Seems like this would require a fixed IP address to your home network wouldn't it?

Dave

Not really. Depending on your provider, the IP may not change often (mine hasn't in years). If it does, services like Dyn.com, Noip.com, etc can help keep track. Most mid to high end residential routers have the built in ability to update such services.

GordonThree wrote:

VPN endpoint built into a residential router is fine for this purpose. A cloud based VPN provider would make this more complicated. I like DD-WRT based routers, like Linksys, Buffalo, Asus.

You setup your router to accept VPN connections, and then setup your cell phone, tablet, laptop, etc to "dial in" to that VPN.

Once connected, your device is now part of your home network, and can access the cameras and whatever else you have networked back home.

Seems like this would require a fixed IP address to your home network wouldn't it?

Dave

dryfly wrote:
I am considering build a Virtual Private Network for remote security camera viewing. I don't want to do basic port forwarding for security reasons.

I have found that VPN's can be hardware such as in the router, software in the computer, or through VPN service providers. As far as I can determine these providers act between a LAN and the ISP.

Question: which would be the most advantageous, and most economical?

VPN endpoint built into a residential router is fine for this purpose. A cloud based VPN provider would make this more complicated. I like DD-WRT based routers, like Linksys, Buffalo, Asus.

You setup your router to accept VPN connections, and then setup your cell phone, tablet, laptop, etc to "dial in" to that VPN.

Once connected, your device is now part of your home network, and can access the cameras and whatever else you have networked back home.

The only difference between a cheap residential router and an expensive commercial unit is the level of support and frequency of updates. They run the exact same VPN software named OpenSSL / OpenVPN. While a $$$$ router might get security updates every few months, a $$ router will likely never get security updates unless something embarrasses the company into a knee-jerk reaction.

braindead0 wrote:
I am an expert. First off you have to understand that VPN doesn't mean much without knowing the points the virtual private network is connecting. VPN services are designed to secure your browsing, not connect you to your home network and will provide no help with accessing your local security cameras (which I believe is what you want to do).

Why do you think VPN should not be used to connect to a remote network?

"not connect you to your home network and will provide no help with accessing your local security cameras"

VPN was designed exactly for this purpose. Securely connect a computer (or site) to another network using the public Internet. Only recently has the use of VPN shifted to obscure browsing habits and cheat media streaming providers.

I am an expert. First off you have to understand that VPN doesn't mean much without knowing the points the virtual private network is connecting. VPN services are designed to secure your browsing, not connect you to your home network and will provide no help with accessing your local security cameras (which I believe is what you want to do).

IMO using any consumer grade router VPN solution is a huge mistake. If you want to access security cameras at your home there are 3 reasonable options:

A) Buy cameras that connect to a service provider that has a means to view remotely. Personally I don't trust any of these providers, however you may find the risk acceptable.

B) run security camera monitoring software that pushes security camera data to the cloud, very similar to above but not built into the cameras. May be more secure that relying on camera manufacturer, typically more likely to patch however you'll need to keep up on your local software patching. iSpy might be useful in this regard: http://www.ispyconnect.com/

C) run a hardened SSH server on your local network, only auth with pre-shared keys, SSH2 run on an odd port and restricted tunnels. There are plenty of resources for SSH server best practices. Doing this can provide easy access to local resources, and depending on how configured can be very secure.

I use method C, however I also live this stuff. Doing anything with a decent level of security requires knowledge and continuing education that most will not be able to manage.

"A" using 'cloud connected' cameras is probably the least work, and least secure due to hardware providers being notoriously lazy about patching as well as often leaving backdoor hard coded passwords.

"B" may be a better choice, your cameras are not connected to the public network only connection is from software to remove server. It will require maintaining a local server 24x7, power backup if you care about downtime..etc...

in short, there is no easy answer 😉

Mortimer Brewster wrote:
I do have to reset the connection once or twice a day when it loses connectivity. Hope this helps.

Is this normal with PIA? If so, that would rule it out for me, as my objective is remote access. I could not do resets effectively.

I’m no expert, so I can’t say what’s best for your personal use. I use a VPN service provider, PIA VPN. It allows me to use public WiFi more securely. Some use it to help watch European sporting events. To do so might require you to set your location somewhere in Europe.
The paid VPNs are supposedly better than the free ones. PIA VPN is normally $40 per year, though it does occasionally go on sale. I do have to reset the connection once or twice a day when it loses connectivity. Hope this helps.

The use of a VPN is to keep the rest of the internet out of your system
A Router etc.. Is still using software, that is built in, to connect to some provider

If this is for security cameras etc..
Then go any which way, it really won't matter too much

If this is security for your pc and your network your browsing

Then Google VPN compare, and choose the service you like the best

There are a lot of options

A good high rated paid service is probably the best