Thanks for the replies - food for thought. I've added those IPs to the blacklist.

I've also put the cameras on a separate LAN and the VPN user logs in to that LAN.

Using Firewall rules to allow VPN access only to the cameras I find that I can still surf the web through the Vigor from my remote device, so that will do me I think.

Piste Basher wrote:
Thanks for the replies - food for thought. I've added those IPs to the blacklist.

I've also put the cameras on a separate LAN and the VPN user logs in to that LAN.

Using Firewall rules to allow VPN access only to the cameras I find that I can still surf the web through the Vigor from my remote device, so that will do me I think.

I'm totally new to using VPN on Vigor, even though, like you, I'm a long time user of Draytek.
Would you mind telling whether you used a specific guide to set up access? I'll need to set up access to my Arlo cameras and I've tried SSL VPN but it doesn't work (I get authentication error, even though the username and password are correct; I followed Draytek's guide, as I mentioned in my separate post about it). Or would you mind posting/sending me screenshots of how you set up access over VPN to your cameras (removing, of course, sensitive information)? Thank you.

I have one Arlo camera but I've never attempted to access it via its IP address - I've only used the Arlo web interface. As far as can see it doesn't respond if I try to directly access its IP address in a browser.

I have four Hikvision/Trendnet IP cameras and a Hikvision PVR. I set up LAN5 and gave the cameras bound IP addresses 192.168.1.35 - 38 and the recorder 192.168.5.110

With Inter-LAN routing ticked between LAN 1 and LAN 5 I can access these devices from my local network.

I've tried SSL VPN without success in the past so I use L2TP/IPSec for the VPN. I set up a remote dial-in user with access to the LAN 5 subnet.

I then set firewall filter rules in the following order:-

LAN/DMZ/RT/VPN->LAN/DMZ/RT/VPN Any Source IP to 192.168.5.35-192.168.5.38 Pass Immediately

LAN/DMZ/RT/VPN->LAN/DMZ/RT/VPN Any Source IP to 192.168.5.110 Pass Immediately

LAN/DMZ/RT/VPN->LAN/DMZ/RT/VPN Any Source IP to Any Destination IP Block Immediately

If I remote in on the VPN I can access the cameras and the recorder but nothing else on my internal network is accessible. I can still access the web through the router via the VPN.

Seems to work OK - I'm not experienced in the firewall application so if I've boobed somewhere I hope someone more knowledgeable will put me straight....