Attach video surveillance with a VPN

Hello to all the members of the forum, I need help to configure the Turris Omnia router and thus access my video surveillance. My port forwarding only works if my VPN is disabled. Which is certainly normal! How do I set up the Turris Omnia to access my video surveillance with my VPN running from my smartphone? For your information, I also set up a domain address with No-ip whose status is normal in the DDNS of my video surveillance NVR. All of this seems to be functional, except for access with VPN active because my software no longer sees my public IP from Ethernet. In the Android video surveillance application I have already tried to enter my domain name but it doesn’t work, maybe it’s not the right method or it’s not designed for it! I would like to thank in advance anyone who is competent in the field of networking, who will be able to help me move in this direction, cordially to all. Also don’t blame me for my post it’s my first and I’m 61 years old, I don’t speak English and I haven’t learned how to use a forum, sorry. (I use the translation of Ethernet).

Which VPN?

How are your firewall rules set up?

If you’re connecting to the Turris by VPN, you should be able to get to the local IP of the NVR.

Hello jklaas and thank you for your response, I use NordVPN but what impact can the type of VPN have? So for my firewall rules:

In Services/UPnP/Universal Plug & Play/Active UPnP Redirects/MiniUPnP Settings/General Settings:

I redirected the 4 external ports (http,rtsp,server,https) to the internal ports on the IP of my NVR. But I’m not sure that this adds anything!?

In Networks/Firewalls/General Settings/Zone Configuration: I haven’t written anything here, so as not to do anything stupid.

In Port Redirections I redirected from Wan to Lan the 4 external ports (http,rtsp,server,https) to the 4 internal ports to the destination of the source IP of my NVR.

This allowed me to connect my NVR via local Wi-Fi and also via Ethernet provided that I deactivate the VPN in Reforis, because I confirm I have the VPN on my smartphone but also in Reforis/OpenVPN/Client settings, which works correctly since it hides my public IP address well.

The smartphone’s VPN has no effect, it does not block my access to the NVR, when I tested to deactivate the VPN on the Turris Omnia router it works well, my Turris Omnia is configured as a Router and that of my Operator is in Bridge mode.

But it is not the one who is in bridge, nor my operator who prevents access because if it were him it would not work when I deactivate the VPN in Reforis, when I asked NordVPN for advice they told me said that indeed it could happen that VPNs prevent access!

The question I have: Should I write something in the VPN configuration file? or should zones be created on the Firewall network interfaces?

In Traffic Rules and NAT Rules I didn’t write anything.

For information, I also did another test in my Android video surveillance app, I replaced my public ip address with the dynamic address assigned to me by the VPN and it doesn’t work!

So, outside your network and using a VPN and you can’t reach your NVR? But if you’re not using a VPN outside your network, you can reach your NVR?

I was assuming you were using one of the Turris built in VPNs that allows you to connect to the router and be part of the local network.

Hello jklaas for answer to your questions No. 1: So, outside your network and using a VPN and you can’t reach your NVR ?

Answer No. 1: Yes, that’s right, as soon as I activate the NordVPN client in Reforis OpenVPN on my Turris Omnia router, I no longer have access to my NVR outside my network.

Question No. 2: But if you don’t use a VPN outside your network, you can reach your NVR ?

Answer 2: No whether or not I activate the NordVPN Android app on my smartphone, it doesn’t matter. So it’s the activation of the NordVPN client in Reforis Turris Omnia’s OpenVPN that makes it impossible to access from outside my network.

Making sure I understand. Your Turris is a VPN client to a NordVPN endpoint. When you enable that connection, you cannot get to your Turris IP for the NVR (or the connection is refused or dropped)?

That makes sense to me since your routing will change if your Turris is a client. It will restrict what it responds to on it’s own IP at that point.

Have you tried connecting to the endpoint IP that the VPN server gives you (not even sure this is possible)?