Hello, my network knowledge is limited, as I have scoured the forum here I don’t think I see the answer to my question but it very well could be there and just hidden behind nomenclature which I am not familiar with. I grew up in the DOS era and have built my own PC many times but when it comes to networking I am not the first person anyone would pick.
My end goal as the title suggests is to have a Security Camera on a VPN, tied to my router, so that I can access it at anytime but it cannot “call home” so to speak.
VPN: I have an account with Mullvad VPN and I would like to utilize that but I see I will need an OpenVPN license as well? Do I have to pay monthly for both? Or would it be better to drop Mullvad and just utilize OpenVPN or am I getting this part completely wrong? Please explain this to me in as much detail as you can muster if you don’t mind.
Security Camera: I am aware that I need to limit the inbound and outbound traffic by selecting the IP Address of the said camera and (this next part is a question) restricting all outbound traffic and only letting the inbound traffic reflect the IP of the device I will be using to log into the camera?
Anything Else: Are there any other measures I need to take after this in order to be up and running and fully secure? Boxes I need to check, firewall options, etc. etc.
I really do thank you all for your help, I once used to send people into space and work on space suits but there is no wifi connections there, well…sometimes but I wasn’t concerned with that. Haha so please go easy on me.
Respectfully,
Hectic
Hi!
First on having access to the camera at any time. I believe the two most effective solutions would be:
- Using remote user access - if your device has a WAN with a public IP address, then you can configure access from an end device (laptop, phone, etc) through OpenVPN, L2TP or PPTP. It’s relatively easy to configure and doesn’t require any additional licenses. We previously had a forum post on how to configure it. While it’s somewhat dated, it should provide enough information. Also if the public IP on your WAN interface is dynamic, you could look into getting a Dynamic DNS entry.
- Using InTouch - if you use our InControl2 platform, then you can configure access to the camera via InTouch. One of our certified partners have made a video on it’s configuration.
Now on limiting the camera access. You need to limit the camera to be able to only send/receive traffic inside your network. This can be done with a firewall rule in the outbound firewall rules section. This rule should drop any traffic originating from your camera’s IP. This will still allow the camera to send/receive traffic on your local network or via an OpenVPN connection.
Also you mentioned security measures that could be done, some that come to mind:
- Make sure the Web Admin is only accessible from the LAN side (Under System > Admin Security).
- Make the Default Inbound Firewall Rule to deny all incoming traffic (Under Advanced > Access Rules).
- Enable Intrusion Detection and DoS prevention (Under Advanced > Access Rules).
- Wi-Fi security - make sure that you’re using a strong password with at least WPA2 security (Under AP > Wireless SSID).