I haven't tested this myself, but Windscribe claims to offer port fowarding and claims to be free. Portmap.io, which is just for port fowarding, also has a free tier. Its not so fast though. I'm paying $6.49 a month for TorGuard. I didn't mind paying that since T-Mobile is saving me $60 a month over Comcast.
Thanks, this looks like just what I need but in the FAQ it says it doesn't support ipv6 so does this mean it won't work with T-Mobile?
Portmap.io and the other VPN's will require you to setup a VPN connection on your personal router connected to the T-Mobile gateway. Depending where you DVR server is installed, you could instead install and connect the VPN from the DVR server. I would recommend that you use your personal router as it will also have a firewall. Whatever service you use, it doesn't have to support ipv6 because the whole point is to acquire an ipv4 IP which is what most of the internet uses.
OK, I have OpenVPN on my Asus AC1300 router and set it up with the TCP configuration generated by Portmap.io and then set up Port forwarding to my local PC in the Asus settings. I am a little confused about the ports. Do I set the mapping in Portmap.io to the port I specify in the OpenVPN server setup and then in the router port forwarding map that port to the local port on the PC? That doesn't seem to be working.
If you are using the free version of portmap.io, they will just give you a port number rather than letting you pick a specific port. That is OK because your router can switch them. So, use that number on the ASUS router and map that to port 8089 and the IP address of the DVR server. You also need to route the reply traffic from the connection back from the DVR server back through the VPN. But, just for testing, you can set your router to route all traffic from the DVR server through the VPN. Later, you can set that to just the port 8089 reply traffic. If you are running Merlin on the router, this is pretty easy. I'm not sure if you can make these types of policy based routes on the stock ASUS firmware. Once you have done this, disable and re-enable the remote DVR function of the DVR server. That will send your IP to the Channels system. Wait a few minutes and then in a browser go to my.channelsdvr.net. if you see your DVR site come up, you are likely working. If not, look at the address bar and you should see URL with alphanumeric characters .channelsdvr.net. Write down or copy the characters.channelsdvr.net. Then use nslookup with that address. It should point to the address on the outside of your VPN. If it doesn't, the DVR server hasn't (yet) contacted the Channels server with your IP or your route isn't working.
In order to route just the DVR traffic through the VPN, you are likely going to need Merlin running. If you do, reply back and I can help with that once you have the above working.
I don't have Merlin installed - it doesn't look like my router is supported. I guess what might be tripping me up is having the OpenVPN server on the router instead of the PC. There are 5 ports to deal with:
- Portmap.io setting, "Port on Portmap.io": This is assigned and can't be changed
- Portmap.io setting, "Port on your PC": I have set this set to the port set for OpenVPN server in #3
- Asus router OpenVPN server setting, "Server Port": I chose an arbitrary port in the suggested range
- Asus router Port Forwarding, "External Port": I set this to #3
- Asus router Port Forwarding, "Internal Port": This is set to the required port for the dvr server
I am using the TCP protocol for everything. Thanks for your help.
The port forwarding in the GUI is only gong to port forward through the WAN connection. To setup port forwarding for a VPN, you need to use the command line through SSH. I really don't think this can be done without Merlin. I cannot test for you because I have Merlin. These commands will have to be run at each boot. Again, without Merlin, I do not believe you can setup a script to run at reboot. But here are the commands you would run with Merlin installed. You will need to change this to match your environment. You would put this a file called nat-start in your /jffs/scripts directly on your router. It will run at router startup.
FW_MARK='0x4000/0x4000'
SERVER_IP='ipaddressofDVR'
SERVER_PORT='8089'
VPN_IF='tun13'
VPN_TID='ovpnc3'
port forward to Channels DVR over openvpn client network interface
iptables -I PREROUTING -t nat -i $VPN_IF -p tcp --dport $SERVER_PORT -j DNAT --to $SERVER_IP
mark packets from Channels DVR server
iptables -t mangle -I PREROUTING -i br0 -s $SERVER_IP -p tcp --sport $SERVER_PORT -j MARK --set-mark $FW_MARK
route marked packets from DVR over openvpn client
ip rule add fwmark $FW_MARK table $VPN_TID prio 9990
You could also use something like Tailscale on the PC or somewhere else on your network. Then, you would access your DVR by IP and not even use the remote DVR function.
Thanks for this recommendation. This is so easy that it scares me a little bit about how secure it must be :). I just want to confirm that I can now connect to all services including Channels on the PC without needing SSL?
Using that URL and nslookup was only to test connectivity. Yes, you can connect without SSL. But only after you have authenticated and have the "token" stored in your browser. The nslookup is to show if the Channels server is storing your VPN IP or the incorrect IP of the T-Mobile gateway.
Sorry, I thought I quoted the part about Tailscale which is what I was referring to.
Can someone help me with using Tailscale? I thought I was setting it up correctly, but cannot get it to work. By "it", I do not mean Tailscale...I mean connecting remotely to my server, behind a T-mobile 5G Router.
I assumed it was installing Tailscale, then using its IP address as the IP address in the 'Home' section of the Channels app.
Setup:
T-Mobile 5G Router, wifi settings turned off.
Connected to Linksys EA8500 WiFi Router.
Channels DVR Server is on a Windows 10 Server, connected, via switch, to the EA8500.
I have installed Tailscale on only the DVR Server's machine and allowed local network access.
Internally everything is humming along, without issue.
Externally, trying to reach the DVR server, either by selecting 'Away from home' or 'Home' and inserting the Tailscale IP address fails.
Did you install Tailscale on the phone?
That is where I figure I have gone wrong. I actually need it on a FireTV Stick. I have been reading how to make that happen. Got to wait until I am at my son's and give it a try.
Google can be your best friend
Thanks...that is actually the guide I was looking at.
Can this still be done? I send an email to support with this information two days ago.
Tailscale is now built in to ChannelsDVR. Just update, select the experimental Tailscale and then connect from HOME on your remote viewing device entering the Tailscale IP address for the Channels server, and also the viewing device must be connected to Tailscale. See this thread.
Wow this works perfectly fine here using T-Mobile home internet.
Same here.