cancel
Showing results for 
Search instead for 
Did you mean: 

Which VPN - suitable for Hub1 & CCTV?

SCGH
Dabbler
Posts: 16
Registered: 06-03-2017

Which VPN - suitable for Hub1 & CCTV?

Hi.

I have a Hub1 router.  

I also have Hikvision CCTV installed, static IP address and a DMZ assigned to open all of the ports.

Apparently it should not have been set up this way, and I should have a VPN instead.  I have never used a VPN before.

Can anyone recommend a VPN that will work for my setup?  I was thinking of NordVPN, but not sure if that will work with the Hub1 (or with Hikvision).

Please help...  

13 REPLIES
Community Veteran
Posts: 1,555
Thanks: 260
Fixes: 33
Registered: 13-08-2015

Re: Which VPN - suitable for Hub1 & CCTV?

Not sure how a VPN is going to help, and its not mentioned in these instructions?

SCGH
Dabbler
Posts: 16
Registered: 06-03-2017

Re: Which VPN - suitable for Hub1 & CCTV?

Sorry - I should clarify that it all works ok.
But from a security perspective apparently I should use a VPN.
I'm really worried now that my system is "wide open".
SpendLessTime
Aspiring Hero
Posts: 2,600
Thanks: 699
Fixes: 67
Registered: 21-09-2009

Re: Which VPN - suitable for Hub1 & CCTV?

@SCGH

The NordVPN software does not run on the router (any router) as it is computer/tablet/phone software. So it is not a VPN for security cams unless the cams are Android based and let you install software on them.

If you really want to use a VPN that is router based so that all your traffic goes across the VPN then you would need to look at other VPN providers and buy a router that they support. No idea who though.

Community Veteran
Posts: 5,471
Thanks: 1,450
Fixes: 34
Registered: 16-10-2014

Re: Which VPN - suitable for Hub1 & CCTV?

Android already has support for VPN built in using PPTP or L2TP so if the Hub 1 supports the creation of a VPN then this is all you need. I suspect someone here could tell you how to configure a VPN on your hardware.

SCGH
Dabbler
Posts: 16
Registered: 06-03-2017

Re: Which VPN - suitable for Hub1 & CCTV?

Hmmmm.  I have no idea if the cameras are Android based!  They are hikvision cameras - quite common ones.

Community Veteran
Posts: 5,471
Thanks: 1,450
Fixes: 34
Registered: 16-10-2014

Re: Which VPN - suitable for Hub1 & CCTV?

@SCGH - I said that because I (possibly wrongly) assumed that the client you were wanting to use to view them remotely was Android based. I've maybe just confused the issue here. So if you could provide more information as to your intent then that would help us all.

 

SCGH
Dabbler
Posts: 16
Registered: 06-03-2017

Re: Which VPN - suitable for Hub1 & CCTV?

Sure.  At my house I have 5 Hikvision cameras hooked up to a Hikvision NVR.  I have a Windows 10 PC and we have iPhones (which we use to view CCTV when away from home).

I have just upgraded from an old Plusnet Modem + Router to the Plusnet Hub One router.  I replicated the settings, assigned the DMZ, etc.  While trying to do this, I read online that this setup is a security risk doing this, and I should have a VPN.  

 

But I am not sure if it really is necessary, which one would work, etc.  

Community Veteran
Posts: 5,471
Thanks: 1,450
Fixes: 34
Registered: 16-10-2014

Re: Which VPN - suitable for Hub1 & CCTV?

@SCGH - Thanks for that and based on that this PDF may prove very useful to you. It's not specific for your Hub but does tell you what you need to do.

 

RichardB
Pro
Posts: 388
Thanks: 120
Fixes: 4
Registered: 19-11-2008

Re: Which VPN - suitable for Hub1 & CCTV?

Hi SCGH,

I believe the internet guide was suggesting that you do not expose the Hikvision box to the Internet using the DMZ.

Better to hide it behind NAT away from hackers etc.

However, in this setup it would not be accessible for remote viewing of the cameras.

The VPN referred to would be a home VPN server which would allow you to securly access your home LAN including the Hikvision box.

Some routers provide this capability but most do not. I set up a home VPN using a Raspberry PI a bit of a faff but I do like a tech challenge!

THe VPN is considered more secure as the connection from the mobile client to home is encrypted and the authentication is robust.

Richard

SCGH
Dabbler
Posts: 16
Registered: 06-03-2017

Re: Which VPN - suitable for Hub1 & CCTV?

Thanks Richard.  

Can I just double check - are you saying that with a Raspberry PI, I could still access my cameras remotely?

Would I have to go through an authentication process each time I want to view them?

And would someone with average IT skills be able to do it?  

Do you have a Hub 1 also? 

 

 

RichardB
Pro
Posts: 388
Thanks: 120
Fixes: 4
Registered: 19-11-2008

Re: Which VPN - suitable for Hub1 & CCTV?

Hi

Re>>Can I just double check - are you saying that with a Raspberry PI, I could still access my cameras remotely?

Yes but the connection to between your phone (or remote PC etc) would be encrypted in a VPN tunnel.

In effect your phone would would join your home LAN.

Re >>Would I have to go through an authentication process each time I want to view them?

Yes but that is handled by the VPN app on the phone. I use OpenVPN. I open the VPN app and press "connect".

Re>> And would someone with average IT skills be able to do it?  

With some patience and persistence I believe so.

I set up my Pi as a "headless" device (no monitor or keyboard) and connect to it via SSH from a desktop PC.

I followed the guide at http://readwrite.com/2014/04/10/raspberry-pi-vpn-tutorial-server-secure-web-browsing/

Re>> Do you have a Hub 1 also? 

No I use a TP-link archer C7 router with an Openreach modem. The Hub One was not available when I signed up for fibre.

The TP-link firmware allows me to open one port (1194) to the PI rather than put the PI in a "full" DMZ but full DMZ for the PI is an option.

The benefit of exposing the PI to the internet (without firewall protection) rather than the camera box is that  Raspbian is continually maintained and security updates/fixes are rapidly released.

If you give the PI a go and get it working I also recommended arranging some sort of UPS for thr PI to prevent the sdcard becoming corrupted due to power cuts etc.

http://raspi-ups.appspot.com/en/index.jsp

As our power cuts are usually less than one hour I used the power bank but did not worry about auto shutdown etc.

Richard

SCGH
Dabbler
Posts: 16
Registered: 06-03-2017

Re: Which VPN - suitable for Hub1 & CCTV?

Thanks Richard.  I have been reading up online about this, and I think I will do it.  But it will probably take me some time to get it sorted.  

 

 

Can I ask a somewhat newbie question?   I'm trying to get an idea of the risk, which will give me an idea of how quickly I need to get the Raspberry Pi and OpenVPN up and running.

At the moment, with the ports wide open - is it only my NVR & cameras that can be hacked into?  Or my PC & IOS devices also? If its only my CCTV setup (and the cameras all external around my property), I don't really mind if people can view them.  Or am I missing something?

RichardB
Pro
Posts: 388
Thanks: 120
Fixes: 4
Registered: 19-11-2008

Re: Which VPN - suitable for Hub1 & CCTV?

Hi no problem.

When setting up the PI - take it one step at a time. Do not try and getting all running at once!

 

I am not sure how much risk you run leaving your CCTV box exposed to web. How often does the manufacturer provide security updates for the box? Is it a Chinese box with undeclared "back doors" in the software?

 

I would not let any "no name" Chinese webcam have access to the internet. They appear to be easily compromised by botnets and have chronic security failings. For example:

http://www.theregister.co.uk/2017/03/09/185000_wifi_cameras_naked_on_net/

https://blog.sucuri.net/2016/06/large-cctv-botnet-leveraged-ddos-attacks.html

https://news.slashdot.org/story/16/06/27/2157204/a-massive-botnet-of-cctv-cameras-involved-in-feroci...

https://www.wired.com/2014/04/hikvision/

 

All these links appear to show security camera systems can be hacked to be part of botnets used to attack other people and systems.

 

Regards

 

Richard