DISCOVER
X

Easy Secure Home IP Camera Access with Your Own VPN

February 10, 2015 11:50 pm Leave your thoughts
Facebooktwittergoogle_plusredditpinterestlinkedinmailFacebooktwittergoogle_plusredditpinterestlinkedinmail

IP Cameras are getting much more affordable these days and they are definitely one of the most handy equipment to monitor your house. The applications are endless, from general home security, baby monitoring, pet monitoring and many more. A lot of those cameras basically has in-build web server and API interface which enables you to access it from anywhere be it from your web browser or your phone. This is of course only possible if you enable port forwarding in your home router configuration.

The problem is, most of the public connection to those IP Cameras are unencrypted and security goes as far as username and password only. Some may have more hardened security features such as brute force protection, however opening your home IP camera connection directly to the public internet is never desirable, after all, you wouldn’t want to accidentally expose your in-house activities to everyone in the internet.

Enter VPN

One of the ways to avoid having to forward your IP Camera ports and opening to the public internet is by using VPN (Virtual Private Network). If you are connected to your own VPN in your home network, you’ll be able to access the IP Cameras just by using local address securely. This also means your traffic between your device and your camera is encrypted.

Today I’m going to show you how to install OpenVPN server in your home network in the simplest way possible. As always though, after installing, research more on security and do leave advices in the comment section for everyone if you found or know anything interesting.

Installing OpenVPN

The server that I am using at home is a Ubuntu 14 – 64 bit server. Therefore the installation steps will be based on that. I assume other distros would have similar steps. Also note some of the steps here are referenced from the official OpenVPN website.

Download and Install Open VPN Package

Our first task is to download the correct OpenVPN package. The download can be found in this page.

Once downloaded, open your terminal and navigate to the directory where you have downloaded the package. Let’s assume we download the package under ~/Downloads. Then we run dpkg to install the package.

After running the above commands you should see the screenshot below:

openvpn_terminal

Basically the package actually installs everything including setting up your certificates automatically, which for our purpose of simplicity we will use. Pay attention of the admin website address after the installation is successful because you will need them. In case you miss them though, it’s usually https://192.168.0.9:943/admin.

The default user is openvpn. It is important to understand, that openvpn users are tied to the server users, after the initial installation, the script also created openvpn user for you in your Ubuntu server. The next thing to do is to give the openvpn user a strong password, please use random password generators and managers such as 1Password to ensure you have a secure password for starter.

As seen above the command to change the password is:

Create Another User

The next thing to do, is to create another user, which we will use later to take over the administration privileges of the default openvpn user. This is one of the security measure that I normally do, take out the default admin and replace it with a different one just in case.

So, choose your unique username and create your user. Straight after the creation set the password using secure password. In our tutorial we will use padawan. We’ll use this user for the next section.

Assign a new Admin

Continuing from previous section, login to the OpenVPN administration page using your web browser. Again, it should be something like https://192.168.0.9:943/admin. Use the user openvpn and the password that you set previously for it.

When logged in successfully you should see the status overview page, showing your server version, ports, etc.

On the left hand navigation, navigate to user permissions. When the page is loaded, simply add your new padawan user just like the screenshot below.

openvpn

 

 

Click on save settings and follow the steps below:

  1. After saving, the openvpn server should restart its services automatically, however I had to restart the entire service manually last time in order to activate the user.
  2. You can restart OpenVPN in the terminal by doing: sudo service openvpnas restart
  3. Go back to the user permission page
  4. Tick the “Admin” permission for your new padawan user
  5. Log out of the administration page
  6. Login using the padawan user.
    This is to test if the user is setup properly.
  7. Go back to the user permission page
  8. Enable deny access for the openvpn user. We no longer need this default user since we have a new admin.

Enable Google Authenticator

In order to add an additional layer of security, we also want to enable Google Authenticator. In the past we would have to set this up manually, however this version of OpenVPN makes it very easy.

  1. Simply navigate to Client Settings
  2. Tick on “Require that users provide a Google Authenticator one-time password for every VPN login”
  3. Save settings

That’s it, you have Google Authenticator support setup. Now you’ll have to setup your authenticator app. I myself uses the iOS version of Google Authenticator but the process should be similar when using Android app.

  1. Simply open the VPN Server address in your iOS web browser
  2. This, again, should be something like https://192.168.0.9
    Notice the https and don’t append any port number
  3. You’ll be prompted to download the OpenVPN connect client, you can do this later.
  4. Scroll down and you’ll see the QR code and the unique code that you can enter into google Authenticator
  5. Copy and paste the unique code
  6. Open your Google Authenticator app and add the new code in

So that’s it, the authenticator is now setup.

Enable Internet Access to the VPN

Now that we have setup our basic security, let’s setup the VPN server for public access.

  1. Login into the OpenVPN web administration
  2. Select Server Network Settings
  3. In the “Hostname or IP Address” field, enter your public IP address
  4. Leave the rest of the configurations the same for now
  5. Save settings

The next step is to port forward OpenVPN ports in your home router. Every routers have different setup interface, so I can’t really show the details here. However in a nutshell you need to forward the TCP and UDP ports that you see in the Server Network Settings page, by default they are port 443 and 1194.

Setup the VPN Client

There’s not much to say really on this point. The first thing to do is to download the OpenVPN Connect client from the app store and install it.

Then when ask to add a profile, simply choose “Import profile from OpenVPN Access Server”. In the field provided, just enter your public IP address. It will then automatically downloads the correct profile file and then all you have to do is press open with OpenVPN Connect app.

After the above, your profile should be setup and you can login to your VPN using your username and password. Since we enable Google Authenticator, you’ll need to key in your authenticator token too.

In order to install the correct VPN software for your computer, the steps are similar:

  1. Login to your VPN client address, this means the public IP with https
  2. Click on download client. In my Mac, after installing the client, the profile is setup automatically. All I had to do is login with the correct credentials.

Access Your IP Camera

This is the easy part, you just have to make sure that you have your VPN connection enabled. Then you can either access the webcam’s web interface using a web browser or use handy iOS software such as IP Cam Lite (it’s free and pretty good in my opinion), I believe there exist the Android counterpart too.

Either way, you should be able to connect to the IP Camera just by using the local address and the right port straight away.

Closing

So that’s it, easy IP Camera access through the internet via your very own VPN server. Like I said, this is the simplest installation possible, there are potentially more things to do to hardened the security of course. I hope this article helps you out and if you have more ideas or questions, please leave them in the comments section.

 

 

Facebooktwittergoogle_plusredditpinterestlinkedinmailFacebooktwittergoogle_plusredditpinterestlinkedinmail
Tags: , ,

Categorised in: , ,