Remote Access

[IAmATeaf]

Network newbie here but what is the safest and best way to be able to remotely access my home network? Really open ended question I know but I have a cctv server and would like to be able to access it remotely.

I don’t really even understand the basics so am struggling. At home I have a virgin media sh3 and an ASUS 68u in AP mode. I’ve setup DDNS and a custom script in the router to perform updates if my home IP address changes. From here I just don’t understand how having a DDNS name then allows me to target a specific home box?

Any help would be appreciated.

 

[bremen1874]

With Virgin DDNS isn't going to be that important. Their IPs are very sticky and rarely change.

Your WAN IP (or DDNS name) gets you as far as your home router. You can then open ports on the home router and have them forwarded to the device you want on the LAN.

A better option (from a security point-of-view) is to have a VPN endpoint either on your router or behind it. You then connect to your VPN (which gets you onto the LAN) before connecting to the device.

 

[IAmATeaf]

Thanks, is using a VPN transparent. What I want to do is setup access to the cctv server from my families phones but if it means firing up a VPN client first then I can’t see them going for it?

 

[bremen1874]

If you use a VPN you would need to connect to it first.

If you just open ports anyone can connect. You're then relying on user accounts and passwords to keep people out.

 

[Zefan]

Any reason why you couldn't just use Teamviewer for this? You can set up two factor authentication and have a whitelist for logins from only specific accounts if you're wanting to allow and track logins from different accounts.

 

[bremen1874]

I wouldn't want to use Teamviewer if I was connecting in using a phone. For a phone I'd expect to be using a native app.

 

[Kol]

Chrome remote desktop works great for when my VPN throws a wobbly. Installed on my Mac and then the app on my phone. Most of the time I simply VPN in and use everything I need.

Otherwise TV gets another vote from me.

 

[ChrisD.]

You could get a Pi and use PiVPN.

 

[Kol]

@ChrisD. Are you using this at the moment? I tried setting this up recently (instead have openvpn running on a VM) but by default with a fresh RPi and just running pi VPN it wouldn't work. Googling seems it's an error that quite a few people experienced and suggestions it was things like dnsmasq or whatever and not resolving DNS. I hoped just using a fresh untouched pi and then installing it would work out the box.

I struggled to get it working in the end, but would be keen to.

 

[ChrisD.]

No I'm not, but know a few people who are. I'm running OpenVPN on my QNAP NAS and just port forward to it. It works well but obviously not everyone has a NAS

 

[BigBoy]

I was using PiVPN for a while but now have my Draytek setup as a VPN portal, the PiVPN was a right pain especially if you forgot to generate keys before setting it up. Glad I got the draytek router tbh makes life far simpler.

 

[memyselfandi]

I would agree with using a VPN over using Teamviewer having used both. From a client usability point of view toggling one switch on the phone was an awful lot easier than trying to control things using Teamviewer.

I did use the QNAP implementation the same as ChrisD above and that did work reasonably well (and integrated in DDNS as well which made things easier). Now I use a container under Docker and a manually written DDNS service using AWS Route53 which is more technical to set up but works really well in practice.