Many routers support VPN access. If you can setup a VPN server, then when you are away from your home, you can use a VPN client to utilize your home network connection.
Some routers support behaving like a VPN client, whereby your router connects to a VPN server. This is typically a paid for service for folks that don’t trust their home ISP or their government’s privacy-invading habits. This is not what I’m covering here.
Many people setup a VPN server to allow secure surfing when you are on questionable networks, like a hotel or internet cafe. This is what your standard VPN servers provide, whether it is a paid for service or your home router. But we need to go one step further, not only allow surfing access from your network remotely, but to be able to access your internal network.
For example you want to log into your alarm panel (Envisalink) or your security cameras or NVR. Sure you can open ports in your router, perhaps try to set them to an odd number, but that is not secure. The best method is to keep all your router’s ports closed and only access your home network with an encrypted VPN.
My ASUS RT-AC66U router supports OpenVPN as a client or server. I do not setup the router as a VPN client, and have only setup the router as a VPN server.
First you create users with passwords. I encourage you to use obscure names and long random passwords. I always like GRC’s Password Generator.
Under Advanced Settings, below are my settings that work on my ASUS RT-AC66U router (Merlin firmware v378.56_0). My ASUS router also supports dual servers, so I can setup one for home network access and setup one just for safe browsing.
Once you set these settings, you export an .ovpn file.
Then you setup your OpenVPN clients and import the .ovpn file.
On my iOS device, I downloaded the free OpenVPN app, imported the .ovpn file and entered my username and password. Whenever I wish to use the VPN, I simply open the app, press connect and it’s done.
You can tell by the VPN in a box on top of the screen that the device is connected. To confirm, I can open a webpage and type whatismyip and if it matches my home network, them I’m safely connected.
After being connected, I can open up my Remote Desktop application and log into my Windows NVR. I can also connect to my Envisalink’s local webpage.
I have tried on a couple of occasions trying to connect remotely with my Windows laptop, but never was able to get it to work. But my iOS device has never had an issue connecting, unless the hotel network was blocking all VPN access.
To be honest, I don’t fully understand the intricacies of each of these settings, but I can confirm these settings have been working reliably for over a year.
The value here is a secure encrypted connection from any network to your home. I recommend setting this up and closing all your ports in your router. Once they are closed, be sure to scan your router using GRC’s Shields Up.