Noob with No networking skills

Droops

n3wb
Joined
Oct 1, 2019
Messages
3
Reaction score
0
Location
US
Hello all,
I'm looking to secure my IP cameras and NVR from the outside eyes of the internet but also allow the manufacturers remote viewing app to access the NVR from several smart phones. Browsing through the forum, I see the most common recommendation is to have the cameras on a totally separate network and/or on VLAN.

I plan to get an ubiquiti edge router X and a D-Link (DGS-1100-08P) managed POE switch for the separate Network portion.

I'm using an Amcrest 16CH NVR (NV4116E-HS), with 8 POE ports with 4 camera's currently ported into the NVR and plan to add 2/3 more cams onto the NVR POE Ports, then a few more cams will be plugged into the D-link managed POE Switch routed by the ER X.

I pretty much need a networking for dummies how to guide. I'm reading I have to create a different subnet for my separate network (I think), configure VLANS, then setup a VPN to allow my NVR to securely transmit video stream out to several smart phones. I did read the IPCT wiki on how to secure your network, but I have no clue on what or how to configure things.

As a side note, when checking under the "connections' tab on my router, I noticed my 2 off brand "Chinese" cams from Amazon were connecting to Google, Amazon technologies, and L3 communications IP addresses which kind of freaked me out. These same cameras when first connecting to NVR gave themselves IP addresses that other cameras had, conflicted and timed them out until, i manually assigned an IP address to them.

Any and all input is welcome.




Sent from my BLA-A09 using Tapatalk
 

civic17

Getting the hang of it
Joined
Dec 7, 2018
Messages
175
Reaction score
60
Location
Canada
One positive of the Ubiquiti equipment is that there are many resources available for setting things up. They have great easy to follow how to guides all written. Also check youtube videos they pretty much walk you through setting up VLANs and firewall rules for the ER X.

Ubiquiti Help Center
 

streamnvr

n3wb
Joined
Oct 1, 2019
Messages
8
Reaction score
3
Location
New York, NY
So you have several obstacles to overcome:
  1. Local routing (the switch and router);
  2. VPN Access;
  3. Stream Acquisition (connecting to the cameras and playing them back);
  4. Security Concerns
Local Routing
I would recommend consolidating the router and switch into one device. You could use a Mikrotik router and solve both problems for $70 bucks (https://www.amazon.com/MikroTik-Routerboard-RB960PGS-Gigabit-Ethernet/dp/B01MDUCLVW). Mikrotik devices run a router operating system that has a web user interface and you can easily configure VLANs, routes, and a whole plethora of other things!

VPN Access

You would need a VPN server to serve up the connections and of course a VPN client on your smartphone(s). This has it's own routing challenges as well (easily overcome if you're experienced). IF you roll the Mikrotik device it has built-in support for running a VPN server!

Stream Acquisition
You mentioned streaming video "out to" smartphones.. It would make more sense to stream "from" the camera(s). If you're connecting via VPN you can connect directly to your camera(s) web interface through a browser (assuming they don't need a plugin). If you're using a solution like an NVR such as Blueiris there is a web player (that doesn't need plugins) where you can view all of your cameras from one place.

Security
The outgoing connections you saw are likely the cameras phoning home for updates as well as NTP to synchronize date and time, Ultimately you couldn't be sure unless you ran a packet sniffer to see what is being transmitted/received (if it isn't encrypted).

Hope that helps..
Reach out if you have any more questions!
 
As an Amazon Associate IPCamTalk earns from qualifying purchases.
Top