Question VPN question noob

[kater1]

Hey all,

I am completely new to VPNs and am needing some advice on how they would work for me. My home network is as follows.

Edgerouter X 100gb internet
1 NAS
Various android phones
Various security cameras
Smart things hub
5 computers
Computer "A" running a security camera software and a pet grooming store front software. Headless system. Log in with TeamViewer as needed.
Computer "B" is a chrome book that connects to "A" via internet to access grooming software. Uses a app.
Other 3 computers basic web browsing.

All computers access the NAS as file server.

All the android phones access the security cameras directly via a app (Ip Cam Viewer)

If I setup a VPN,

1. Can I have it so that everything on the local network can still see and interact with each other without jumping through hoops?

2. Can I use my Android devices to connect to the cameras without installing any special app?

3. Will TeamViewer be able to be used still from local machine to local machine?

Thanks for any information.

Sent from my Pixel 3 using Tapatalk

 

[mxnerd]

What you need is the client software from VPN providers which supports split tunneling.

What Is VPN Split Tunneling? | ExpressVPN

Learn about VPN split tunneling and how ExpressVPN lets you choose which online traffic to protect. Available for Windows, Mac, and routers.

www.expressvpn.com

 

[WelshBloke]

What are you trying to do? Connect to your router securely from "outside" your network or connect to the Internet securely from "inside" your network?

I couldn't quite work out how all your stuff was arranged. Is all your equipment on your side of your router?

I have two VPNs that I use. My router is set up to be a vpn server so I can connect to it when I'm out and about and use remote desktop on my home PCs.
I have another VPN that I use if I want to connect securely to the Internet and I'm not sure how secure the connection I'm using is. That VPN server is a commercial one that isn't controlled by me.

 

[kater1]

What are you trying to do? Connect to your router securely from "outside" your network or connect to the Internet securely from "inside" your network?

I couldn't quite work out how all your stuff was arranged. Is all your equipment on your side of your router?

.

I am trying to connect to my home network from outside. All the hardware I listed is behind my router. I am worried because I have to open up certain ports for the IP cameras to be accessible from the WAN.

The edge router has L2TP built in. It is just not configured.

"Ubiquiti - EdgeRouter X" https://www.ui.com/edgemax/edgerouter-x/

Sent from my Pixel 3 using Tapatalk

 

[WelshBloke]

OK. I am using an Asus router but I'd imagine the setup is similar. Page 45 in the manual!
You'll need to setup your router as a VPN server and download openVPN on your devices.

 

[mv2devnull]

If you haven't already tried a VPN, you're missing out on some crucial online security and privacy features. In short, a VPN acts as an intermediary during your online activity. Instead of directly accessing a website, a VPN will access that website on your behalf

Not quite.

Lets take (non-VPN) setup (#1):
PC---home router---ISP routers---Anandtech server
The home router does NAT; it masquerades the addresses of PC and other devices.
ISP routers and AT server see that packets originate from the public IP address of the home router, even though they really come from the PC.
Note that your browser connects to AT with HTTPS -- the packets are encrypted.

Lets take almost similar traffic (#2):
PC---home router---ISP routers---VPN server
Now either PC or home router runs a VPN client that connects to server. Traffic is seen as before.
All traffic between VPN client and server is encrypted -- ISP routers see only "VPN traffic", not matter what the actual payload is.

Now we have VPN (as hallacathy sees it, #3):
PC===VPN server---ISP routers---Anandtech server
The === is the connection shown in #2.
The VPN server does NAT; it masquerades the addresses of VPN clients.
ISP routers and AT server see that packets originate from the public IP address of the VPN server, even though they really come from your PC.

The traffic you generate towards AT server can be traced back to VPN server and from VPN server back to your home router. The latter part requires authority to get that from the owner of the VPN server, just like one needs collaboration from your ISP to link the IP address of your home router to you.


What OP was asking is the "traditional VPN":
Roadwarrior (#4):
Laptop---Internet Cafe---ISP routers---home router---home camera
The Laptop is the VPN client. The home router the the VPN server that routes between VPN tunnel and home LAN. The Laptop can connect to camera.

You could get the same without VPN, if you had port forwarding in the home router, but that is less flexible, has no authentication like the VPN has, and does not encrypt all traffic that goes through the --Internet Cafe---ISP routers--.

 

[Fanatical Meat]

Without derail the thread can someone explain the benefit of a pihole based vpn?

 

[fkoehler]

Might not apply or be worth your time, however you might find running your own VPN cheaper at Digital Ocean, https://www.digitalocean.com/solutions/vpn/

Or you might be able to get away with a small SBC/RPi(?) running a firewall like https://forums.raspberrypi.com/viewtopic.php?t=287720

Haven't looked into this fully yet, however if your app supports it you might be able to get away with a SOCKS proxy. Or maybe not.

How To Route Web Traffic Securely Without a VPN Using a SOCKS Tunnel | DigitalOcean

You can browse the web securely using a Droplet with SSH access as a SOCKS 5 proxy end point. In this tutorial we’ll use a Ubuntu 20.04 Droplet as the proxy,…

www.digitalocean.com

In the end, might be easier to keep your VPN if they support split tunneling, or switch to one that does. https://www.comparitech.com/blog/vpn-privacy/best-vpn-split-tunneling/

 

[kater1]

Did you manage to connect your home network from outside? Please give us an update on that.

I have never sat down and even started the process.

Sent from my Pixel 3 using Tapatalk