Difference between revisions of "OpenVPN"

From ZoneMinder Wiki
Jump to navigationJump to search
Line 37: Line 37:
=== I can't connect to the internet when VPN is running ===
=== I can't connect to the internet when VPN is running ===


This particular VPN, by default adds a setting called: '''Topology Subnet''' This setting will route traffic through VPN which you do not want for an OpenVPN setup with a camera. You want a VPN that connects only to the camera machine subnet when you want it. You are not trying to forward all outgoing traffic. Note that this setting is in addition to the push redirect gateway and push dhcp options that you might already know forward traffic. All of the push commands should be disabled on the server side as well (comment out from /etc/openvpn/server.conf).
VPNs can work in different ways depending how they route traffic. Some will route all outbound traffic to the VPN, others will only route a particular IP subnet requests. OpenVPN, with the configuration above adds a setting called: '''Topology Subnet''' This setting will route traffic through VPN which you do not want for an OpenVPN setup with a camera. You want a VPN that connects only to the camera machine subnet when you want it. You are not trying to forward all outgoing traffic. Note that this setting is in addition to the push redirect gateway and push dhcp options that you might already know forward traffic. All of the push commands should be disabled on the server side as well (comment out from /etc/openvpn/server.conf).

Revision as of 12:21, 8 January 2021

OpenVPN can be used to allow remote access to the ZM server and camera feeds, on a desktop computer or mobile device. An alternative to OpenVPN is to use SSH port forwarding.


Setup

From the ZM Server, follow instructions on

http://github.com/nyr/openvpn-install

Use a non default port for setup.


The idea is to run the script on the server, create the configurations for server and client. Then to send the client configurations to the client, where he runs them.


If you run the roadwarrior script a second time after the first time, it will allow you to make new client certificates. By default, OpenVPN will allow one person to use each certificate. If you want others to view the camera feeds, you will need to make additional certificates.


The certificates are created as .ovpn files. These extensions should be renamed to .conf and placed in the /etc/openvpn folder for most distributions. Then edit /etc/default/openvpn and add the name of the ####.conf file to the autostart, if you want the VPN connected upon boot.


If you have not setup a VPN before, you need to understand how to troubleshoot if things go wrong. VPNs are widely documented on the internet. This 'roadwarrior' script quickly sets up a VPN for you with the settings that 'most' people want. It needs to be slightly tweaked for Zoneminder usage, as we only want to redirect traffic intended for the ZM server. We do not want to redirect traffic through the Zoneminder server to the WAN.


Mobile Device

This works easily on a mobile device as well.

Download the official OpenVPN application, and import the .ovpn file. Then connect to 10.8.0.1/zm on a browser.


Troubleshooting

I can't connect to the internet when VPN is running

VPNs can work in different ways depending how they route traffic. Some will route all outbound traffic to the VPN, others will only route a particular IP subnet requests. OpenVPN, with the configuration above adds a setting called: Topology Subnet This setting will route traffic through VPN which you do not want for an OpenVPN setup with a camera. You want a VPN that connects only to the camera machine subnet when you want it. You are not trying to forward all outgoing traffic. Note that this setting is in addition to the push redirect gateway and push dhcp options that you might already know forward traffic. All of the push commands should be disabled on the server side as well (comment out from /etc/openvpn/server.conf).