I’m trying to find the most effective way to allow for a connection back to my home network so I can see a video stream on a local ip camera. The server is I’m trying to tunnel to is on a subnetwork under 2 routers (dish provided, then my dd-wrt). It’s an ubuntu server (16.04) with openvpn installed. This server holds sensitive, but encrypted data.
What is the best and safest way to gain access to my network while I’m away from home? I looked at algo (https://github.com/trailofbits/algo) but I’m not sure if that’s what I really need. I was going to add an ubuntu droplet on digital ocean, install openvpn, then connect both my remote pc and home server to this droplet as clients. Is this the right idea? Ideally I’d like my remote computer to act as if I am at my house, so I can just go into my browser and enter my ip camera’s address and view everything going on without having to deal with portforwarding from a subnetwork.
Run a raspberry pi with an openvpn server on it, run a dynamic DNS service like noip on it also and use it as the domain name instead of ip when setting up the openvpn server so it updates your ip when it changes, then just connect to your vpn from anywhere in the world and you’ve access to your local (home) network
I was going to add an ubuntu droplet on digital ocean, install openvpn, then connect both my remote pc and home server to this droplet as clients. Is this the right idea?
No, that would be totally pointless.
It’s an ubuntu server (16.04) with openvpn installed.
So, you already have OpenVPN installed on that server? Just have your router port forward to your Ubuntu server with OpenVPN running, and making use the OpenVPN IP-range is the same as your stub/home-network IP-range.
Ideally I’d like my remote computer to act as if I am at my house, so I can just go into my browser and enter my ip camera’s address and view everything going on without having to deal with portforwarding from a subnetwork.
You need to port-forward, there is no way around that, if you are using IPv4. This is because your stub/home-network is using a RFC 1918 range (which is not used on the internet).
If you only want to use IPv6, then your Ubuntu server would be available on the internet.
I was going to add an ubuntu droplet on digital ocean, install openvpn, then connect both my remote pc and home server to this droplet as clients.
That’ll do it! Will probably be the easiest and cheapest thing to set up, too.
Why can’t you just use teamview?
Seconding this! I had good luck with pivpn although I never bothered with a dns server- I just connect via ip address
Couldn’t that be done from the Ubuntu server?
Seconded… I am thoroughly confused why OP is not just using the OpenVPN server on the actual server he wants to connect to. Forward UDP 1194 or whatever you have the OpenVPN box listening to…
I don’t know how the Ubuntu droplet thing works that he explained, so I’ve no idea how that connects back to your local network, but you could install open vpn on the Ubuntu droplet, after that however it works it’ll probably be fine but to me the raspberry pi idea is the simplest and easiest way.
Change the port to a non-standard port for more security? That’s what I done anyway, no real reason other than I didn’t want it to be a standard port.
Change the port to a non-standard port for more security?
Or use ports like 443 or 80 to beat firewalls. Often firewalls will block everything, but ports 80 and 443. Use these ports for your OpenVPN.
Learning how to port forward on even the most basic of router is fun and can come in quite useful in the future