VPN and Blue Iris

[ennywohn]

so this is very likely the wrong place for this, but it seemed as if it might be 'helped' to the right spot.

it seems a good time to subscribe to a VPN but with some software being so persnickety, i wondered if BI might be problematic with one.

it is on a win11 computer that does nothing but BI.

i want to install a VPN at the gateway level to bypass all the 'extra work' otherwise required.

btw, i know nothing about VPN, so this is new for me.

are there any known problems using a configuration as such? it will probably be expressVPN on the tp-link gateway.

thanks.

 

[David L]

Best setup if you want remote access to your cameras through a VPN is setup a local VPN on your router and use a client VPN, like OpenVPN or Wireguard on your phone or laptop remotely to access Blue Iris Web Server UI3.

I would not trust a paid VPN service when connecting to your home network, they are mainly used when you are traveling and are connecting to a hotspot, like Coffee shop or airport's WiFi router to keep your Internet traffic private you can use ExpressVPN, or I would look at SurfShark they are who I use, NordVPN is too slow...of course VPNs can be used to go out from your network to keep your ISP at bay...

HTH

Thread 'VPN Service'

Dec 22, 2020

So I wanted to share a VPN Service that was brought to my attention. Surfshark

I am presently on ExpressVPN, and though I like the speed and service I had a coworker tell me about Surfshark. He was on ExpressVPN about the same time I have been on, about a year now, I think I bought the 15 month package since my subscription is up in Feb. 2021. Anyway, with their Holiday Special at 27 months for $65 I could not pass it up. Plus it is unlimited connections. Reviews seem to be good. I just tested my speeds and they are very close to or if not even the same as ExpressVPN...

• David L
• vpn service
• Replies: 13
• Forum: Chit-Chat

 

[looney2ns]

How to Secure Your Network (Don't Get Hacked!)

Many camera networks are unsecure, even those installed by professionals. This guide gives basic instruction in how to secure a camera network from the most common types of attacks. Perhaps the most important rule of securing a computer network is to not forward ports to unsecure services...

ipcamtalk.com

 

[ennywohn]

How to Secure Your Network (Don't Get Hacked!)

Many camera networks are unsecure, even those installed by professionals. This guide gives basic instruction in how to secure a camera network from the most common types of attacks. Perhaps the most important rule of securing a computer network is to not forward ports to unsecure services...

ipcamtalk.com

dude, love the 'handle' looney2ns. used to watch them as a kid.

just discovered that there can be 'issues' with StarLink as the broadband provider.

last year, the network was 'improved' by following suggestions made here by those that have expertise as NEs. these were done.

the above link answers some of these questions, as the gateway in use does support wireguard. with linux & windoze boxes & an android SF, it appears that each might require a different configuration since the linux needs .deb, doze needs .exe & SF needs what - app?

 

[elvisimprsntr]

+1 Self hosted TailScale MESH VPN

You only need a single instance running behind your firewall, if you advertise subnet routes. Will traverse any level of NAT, including CGNAT. Price of free tier is exactly right. Clients for every OS on planet earth.

 

[should_have]

I could never successfully get penVPN" to run but was able to install TAILSCALE on my Desktop that runs BlueIris Only.
Tailscale seemed pretty easy to install and set-up on other devices.
Good Luck

 

[Alaska Country]

Give Tail Scale a try and see if it will work for your needs. It is free to use and test.

Is your BI system on the internet or isolated? Tail Scale needs the net to make the connections thus with an isolated BI computer the solution is to install Tail Scale on your router.

 

[ennywohn]

+1 Self hosted TailScale MESH VPN

You only need a single instance running behind your firewall, if you advertise subnets routing. Will traverse any level of NAT, including CGNAT. Price of free tier is exactly right.

actually have done this via hardware. the SL router is in the shed since the trees obscure the house. it connects to the tp-link Gateway which connects to a WiFi bridge to get to the house which connects to an AP in the house for the computers. the IPcams are all outside on one other AP connected to the Gateway. the phone does WiFi calling in the house. (this is a rural area). so each of these really is a subnet & the IPcams all point to an invalid gateway address (as recommended here). so the IPcams remain local.

 

[ennywohn]

Give Tail Scale a try and see if it will work for your needs. It is free to use and test.

Is your BI system on the internet or isolated? Tail Scale needs the net to make the connections thus with an isolated BI computer the solution is to install Tail Scale on your router.

the windoze 11 computer is on an 'appliance' SSID, not isolated. thx.

it does seem 'best practice' to install VPN on the router. tail scale uses wireguard protocol.

 

[Alaska Country]

the windoze 11 computer is on an 'appliance' SSID, not isolated. thx.

it does seem 'best practice' to install VPN on the router. tail scale uses wireguard protocol.

With it having internet then TS is an easy install.

The BI system here has no internet which means no Window's updates which is a good thing! But without a net connection it also a poses more of a challenge to complete certain tasks.

 

[The Automation Guy]

To remotely access your local network, you want a "self hosted VPN service". This will never be a paid service because you are hosting the VPN service on your own hardware. A paid VPN service is used when you want to connect to someone else's VPN service so that it appears you are using their network instead of your own network. This is the obviously not what you want to access your own network while "away from home."

Personally I would recommend using Wireguard as your VPN service. It is pretty universally supported, so it is likely your existing router/firewall appliance can run the VPN service. Not only is Wireguard very "light" and therefore fast, I also really like the Wireguard client app. You can easily select which apps you want data to go through the VPN connection and which apps you don't want the data to go through the VPN connection. This is great on mobile devices where you might want only the BlueIris app to connect through the VPN, but none of your other apps need to be sending all their data through the VPN/home network. It is super easy to set up this way and allows users to leave the VPN connection "on/connected" all the time because the only data actually traversing the VPN tunnel is for the apps (like BlueIris) that you specify. All other mobile data use would go out through the regular cellular/WiFi networks directly to the intended destination without having to travel through the VPN connection to your home network and then to the intended destination. This greatly simplifies the situation because you don't have to manually turn on/off the VPN connection every time you want to check BI at home.