[ABANDONED] How do I VPN from Phone to Hardware Router to IP Camera?

[emax4]

Hello. I recently acquired an IP camera from eBay which has both working WiFi and Ethernet connectivity, and both have been tested and are working. What I would like to do is check the activity on the camera remotely from my phone (HTC One M9). I read that it's good to set up a VPN, but since I'm not sure how often I would want to check the camera or if it's worth a monthly cost I decided to forego buying a monthly VPN service and instead purchased a VPN Router; a Linksys (Cisco) RV082 for $20 Here's a diagram of my setup. The steps are boldly numbered in green, the devices are in black, and the IP addresses of each device are in red (hope this shows up):

1. My IP cam is a Floureon model. I have this wired via Ethernet into my...

2. Linksys RV082 VPN Router. The router has two outputs; Internet and DMZ Internet.

3. Because I read that the IP address of the device I want to access has to be in the DMZ (Am I wrong? Please let me know), I attached an Ethernet cable from the DMZ Internet to...

4. My Netis WiFi Extender. While my whole system is connected downstairs, the rest of the system is upstairs which is connected to a...

5. Arris SBG6700AC combination Router and modem.

I've set up my network as far as the passwords and networking capabilities, but networking is not my strong point and I've never set up a VPN before. Just from the reading I've done for general VPN how to, the Linksys manual and remote IP Camera access via a phone, I read that it's best to set up a VPN (which is why I bought the router) but I've never set up a VPN before. I see when accessing the router that I can do tunneling from the router of some sort. On the Linksys, the VPN Passthrough options are enabled, and the PPTP server is enabled as well. On the IP camera I've set it to a static address as I read that it's good to keep it at one address for easier access.

I am basically lost and don't know where to start. I know on the router under Client to Gateway settings I have to put the IP Address of my phone so it knows the device that wants to access the IP camera. I also see there are more settings as far as the remote and local types of connection (IP only, IP + Domain name, IP + Email address, Dynamic IP + Domain name, Dynamic IP + Email address), but again i'm not sure where to go.

Should I be attempting to set up a tunnel between the phone and the Arris, the phone and the Netis WiFi extender, or the phone and the RV082? Or am I (in my history) making this overly complex and unnecessary? Are there proper guides one would recommend or is it better to check the networking books and A+ Cert books I have in my colection?

Thank you for your help and I apologize for the noobish questions

 

[greens]

I think you're way off, it shouldn't be that hard at all.

Your IP camera is given an IP by the router, lets say its 192.168.0.111
Your IP camera software wants to function on a certain port, lets say its 4444.
All you have to do is forward port 4444 to 192.168.0.111. Then all your connections for port 4444 will be forwarded to that specific IP, the IP camera.

a DMZ is a way to forward ALL ports to that IP - you do not want that, very unsafe. You don't want a DMZ anyway. For example, you may want port 3389 to point to your desktop to RDP, 25565 to your minecraft server, etc. You always want to forward ports individually.

then all you need to do is find out your public IP, and connect to it using your phone. Because we forwarded the correct port to your IP camera, when your phone tells your router it wants to connect to the port - your router forwards traffic to the IP camera.

I hope this makes sense A VPN is a terrible way of describing this. It is SORT of a tunnel, but not really. A much better term for accessing an IP camera is called "Port Forwarding"

 

[emax4]

Thank you, greens! It's not 100% done but I'm getting there and feel more confident thanks to your answers. So far I have the ip camera directly plugged into the WiFi extender. I had it without it at first, but when I reset the camera (holding down the reset button underneath the device) and trying to connect the WiFi, it didnt seem to connect at first. So when I bridged it using the WiFi extender, it worked.

So now i have it at a fixed manual address of 192.168.0.42, and it shows up as wired instead of wireless. When I go to the settings of the Arris router I don't see the IP address listed for some reason with all the other IP addresses. But I set up a port forward rule so that the external ip as the starting point is 0.0.0.0 with the port 4444 (The instructions said "0.0.0.0 is the default value (IP Address) that allows packets from any device on the internet to be forwarded to the configured ports"). The end port as the local port I have set to the cam's IP Address of 192.168.0.42 on port 4444. I set the description as IP camera, the protocol type to "both" and turned it on.

I then went to the firewall and added and entry for the cam as IP Camera, entered its MAC address, left the URL blank (since I'll be accessing it from the Sricam app on my phone), set start and end ports to both 4444, then allowed it and enabled it for every day all day.

What's the next step here though? I looked up "whats my IP" so i could find my local public address, so I tried typing that address in with ":4444" at the end in my browser, but no luck.

 

[greens]

We are on a great start!

Odd that your Arris doesn't show .42, it should. Might want to make sure the wifi extender isn't acting as its own router or something maybe. Shit i see now! its that linksys.
You have two routers - that was a mistake, can you return the one you purchased recently? Look closely at your network addresses, see how you have 192.168.0.1 AND 192.168.1.1 That basically means you have two networks - that is where you are getting the problems with your arris. One router per network, period. I would like you to eliminate the linksys for now. and just use the Arris, let the arris assign the camera the IP.

For these things i always like to keep it as simple as possible - for set up lets try just plugging the camera right into your router directly - for testing purposes. Then you know nothing funny is going on with the extender and can eliminate a lot of potential problems.

SO. We have a staticish IP for your camera - great.
We figured out port forwarding - awesome.
The public IP look up was correct, and thank you for not posting it here .

The :4444 thing is on the right track as well! However - i pulled 4444 out of thin air! it is most likely NOT the correct port, i made it up.

Just to test if it is working, on a LOCAL machine you should be able to just navigate right to the ip of the camera.
So going to 192.168.0.1 brings you to the Arris page, 192.168.0.XX should bring you to your camera page. That should work fine without adjusting any settings at all, but doesn't do you a whole lot of good when you're away from home.

That is where port forwarding comes in. What exact model of IP camera do you have? Google "default port for XXXX camera" and it should pop right up. THAT is the port you want to forward. THEN when you log into My.Public.I.PORT it will connect you to the IP camera.

The IP camera software should just require you to give it your public IP, and it should pretty much auto connect.

You have a lot going on here, and doing your own cameras is the way to go. You're doing really well and i know you'll get it set up right here soon.

You're probably learning tons about networking too, which is great.

 

[emax4]

Well, I had disconnected the Cisco RV082 VPN Router, and i also powered down the Wifi extender already before posting the results. But wait, there's more!

I forgot to mention that the upstairs has a Linksys WRT54G router. I had the cable box, Blu-Ray player, and my girlfriend's computer in there, and I had disabled the Wifi when I got it (last week) to avoid any conflicts between it and the Arris. Now I had gone and attached the camera directly. After a few tries I got the camera to connect and work. The settings show it as wired and not wireless, the details are Auto (not manual), but the IP is 192.168.1.104, and the gateway is 192.168.1.1. I know what you're thinking... It's on the Linksys WRT54G. Check this out:

So the Linksys WRT54G is listed there as 0.2, yet when I type it in from my Hackintosh downstairs it doesnt show up. I'm thinking I disabled remote access on it, which I'll check in a bit. Is it likely that the DHCP list here (from the Arris modem) only shows WiFi clients and not connected clients? The oddity is that the device has two Ethernet ports, and one of them is connected to the internet port on the WRT54G. The 0.2 for the WRT54G might be a WAN address but not a LAN address.

I changed the ip cam address from manual to auto and leave it at 192.168.1.104. Should I change it to 0.104 to put it on the same subnet as the Arris or leave it as is for the WRT54G?

EDIT: I was correct in that remote access was disabled. I used an old laptop w Linux to log in to the router to change it, but I also went in to the DHCP list and saw the 1.104 address which was the camera.

 

[emax4]

What's the next step here?

 

[emax4]

I remembered that I have a domain name registered and can use their services so i can access it remotely. I just need to know how.

 

[emax4]

I gave up on this. According to the website, the camera can only be viewed by IE. Generally that shouldn't be true, but even hooked directly up to my Arris SBG6700AC router with one of two Ethernet ports, the IP address nor the MAC address was not listed in the DHCP clients.

I saw an ad on Craigslist for two D-Link IP cams for $20, and one nighttime cam for $30. The software looks promising so I'm going to give that a try. I ended up using the VPN hardware router upstairs in case more devices are needed, so it wasn't a total waste of $20 either.

Greens, thank you again for taking the time out to reply back and help me. It is greatly appreciated!