BI mobile app and VPN - issues connecting

[rotorwash]

I have been using BI mobile with my iphone and it works fine from my local network. Today I set up an OpenVPN server and am having trouble connecting to the BI server from the app. When I launch the OpenVPN client on my iphone, I can ping the BI server, scan port 81 to show it's open, and open safari on my phone and hit the BI web interface on port 81. However, when I start up the BI app, it does not connect and gives a "Check network availability" error. I have windows firewall disabled on the server just in case.

I'm hitting the internal LAN address of BI not the external IP in the above examples. Is there some authorization in the BI app that I'm missing to allow "non-lan" clients to access the server? If so, why can I connect and log into the web interface from safari but not the BI app?

Any thoughts?

 

[rotorwash]

This is fixed now. I had to set the WAN address to be the same as the LAN address for it to connect. It must look to see if it is local to the network being accessed.

 

[PSPCommOp]

This is fixed now. I had to set the WAN address to be the same as the LAN address for it to connect. It must look to see if it is local to the network being accessed.

Correct. And if you click on the "Get IPs" button when on LAN, it'll update both fields and change the WAN again.

 

[Scarrz]

Same issue, THANKS For the help.

 

[UKYooper]

This is fixed now. I had to set the WAN address to be the same as the LAN address for it to connect. It must look to see if it is local to the network being accessed.

Another thanks; I feared I'd dropped into IP routing hell for a moment!

 

[Mike K]

My BI App only works when my phone is connected to my LAN. I don't see how my ISP would allow me to change the WAN address?

 

[PSPCommOp]

My BI App only works when my phone is connected to my LAN. I don't see how my ISP would allow me to change the WAN address?

If you're using a VPN, u don't change the WAN, u type the LAN address in the WAN settings in the BI app.

Also, the WAN is determined by you in your router. Unless u have a dual Modem/Router from your ISP. And if that's the case I'm not sure u can set up a VPN on it.

Sent from my iPhone using Tapatalk

 

[Mike K]

If you're using a VPN, u don't change the WAN, u type the LAN address in the WAN settings in the BI app.

Also, the WAN is determined by you in your router. Unless u have a dual Modem/Router from your ISP. And if that's the case I'm not sure u can set up a VPN on it.

Sent from my iPhone using Tapatalk

I don't have a VPN yet; plan to set one up eventually. Sounds like I have a different kind of problem.

I do have a Comcast modem/router combo.

 

[PSPCommOp]

I don't have a VPN yet; plan to set one up eventually. Sounds like I have a different kind of problem.

I do have a Comcast modem/router combo.

Yeah this is for accessing then system thru the VPN outside of the home network. Just keep these things in mind when u set your VPN up


Sent from my iPhone using Tapatalk

 

[Mike K]

Still struggling to understand. When setting up my VPN it will effectively merge my two LANs. I don't see how that enables the app when i'm in a coffee shop.

 

[UKYooper]

Still struggling to understand. When setting up my VPN it will effectively merge my two LANs. I don't see how that enables the app when i'm in a coffee shop.

I guess you can think of it as merging the two networks. One can get carried away with VPN setups but most people probably use the default VPN setup of sending all traffic (which includes DNS requests) from their client device to their VNP Server's local network, so it's more like when the VPN is switched on you feel like your device is on that local home (or work) network.

People (those with a desire to be hacked...) may choose to open and map ports on their router's firewall (the WAN IP address of which is assigned by your ISP) so the Blue Iris server can be accessed directly over the internet without using a VPN; I think this is what the WAN address setting in Blue Iris was originally intended for (to put your ISP assigned IP address in for when you are not connected to your LAN). To my mind using this is not wise from a security point of view as your Blue Iris host is exposed to being hacked through any vulnerabilities that may exist in the Blue Iris server software (bear in mind the likes of Apple, Cisco, Google, Microsoft, Linux and others still haven't figured out a way of eliminating such issues and all issue regular security patches to their software to fix such exploits; it seems unreasonable to expect Blue Iris to be fault free).

When one opens a VPN connection, I assume the Blue Iris software on the client device decides it needs to connect to the WAN address because the OS (e.g. Apple's iOS) is telling it it's running on a WAN, not a LAN; but as the VPN in effect puts your device securely on your home network, you in fact need Blue Iris to connect to the LAN address, not the WAN address; this is why those of us running VPNs need to put the LAN address in the WAN box.

I hope that makes some sense!

 

[Mike K]

[QUOTE=" this is why those of us running VPNs need to put the LAN address in the WAN box."[/QUOTE]

This conclusion seems to me like it results in two things as follows:

1) The only access to BI is for those individuals who can enter the LAN.

2) Therefor no one would be able to access BI using a WAN address. That would mean the BI APP should not be expected to work from a coffee shop.

This seems contrary to the reported fix for the BI APP that does not work in the previous posts. What am I missing?

 

[fenderman]

The blue iris app works local and remote.
To view remotely, you either need to forward the webserver port or setup a vpn. Simply as that.

 

[UKYooper]

As I understand it, if you expose your BI server directly onto the internet (by configuring your home router to do so - in my view a bad idea) and set the WAN IP Address to be your router's public IP address (assigned by your ISP), when you are in a coffee shop you can use the BI App to connect through this WAN address to your BI server. So it will work, it's just pants from a security point of view. Using a VPN is much more secure, but much more effort to set up (unless your router happens to have a decent VPN server built in of course, but most don't).

 

[PSPCommOp]

[QUOTE=" this is why those of us running VPNs need to put the LAN address in the WAN box."

This conclusion seems to me like it results in two things as follows:

1) The only access to BI is for those individuals who can enter the LAN.

2) Therefor no one would be able to access BI using a WAN address. That would mean the BI APP should not be expected to work from a coffee shop.

This seems contrary to the reported fix for the BI APP that does not work in the previous posts. What am I missing?[/QUOTE]

You need to do a little more research on VPN servers and how they work. You aren't merging two networks, your getting a (secure) direct access pipeline per se to your home network where BI is running from whatever network you are on. This in turn gives u access to the BI server and all the video on it.

Using the port forwarding option will work as well but makes your network much more vulnerable then a VPN. To some people it isn't a big deal but if you care about identity theft and other things, or if the BI is on a business server, you should go the VPN route.


Sent from my iPhone using Tapatalk

 

[randytsuch]

Recommended reading
VPN Primer for Noobs

 

[Mike K]

Recommended reading
VPN Primer for Noobs

Thanks Randy.

I have researched the Open VPN and I installed on my PC/Server. I have purchased a firewall/router that supports VPN but have not built that part of my all new system on my farm YET. Also have installed BI on my PC just to get familiar with it. Still waiting for available new cams.

So I will now test the remote BI APP using the simple feature on my home (Comcast) router, witch is were my PC is. (set it up at home just for testing). The Comcast Router, I discovered, has a very easy to enable feature for remote access. They also have a built in warning regarding security. I still want to test it to see if it works with my I-Phone from a LAN other than my own. ie the coffee shop.

 

[greenmarcus_02]

Noob here......Im trying to configure BI and all seems to work just fine but I can't figure out why I CAN access my BI server with the iOS app using LTE cellular service and no VPN? I have VPN setup and as I was reading the only way to get the iOS BI app to work was to port forward my BI server. Please correct me if Im wrong so I can have a piece of mind.

 

[fenderman]

Noob here......Im trying to configure BI and all seems to work just fine but I can't figure out why I CAN access my BI server with the iOS app using LTE cellular service and no VPN? I have VPN setup and as I was reading the only way to get the iOS BI app to work was to port forward my BI server. Please correct me if Im wrong so I can have a piece of mind.

The entire point of vpn is so that you dont port forward. Disable port forwarding..if you properly setup the vpn and connect to the vpn from your mobile phone, you will be on your local network...enter your LOCAL BI IP in the both the lan and wan boxes.

 

[greenmarcus_02]

The entire point of vpn is so that you dont port forward. Disable port forwarding..if you properly setup the vpn and connect to the vpn from your mobile phone, you will be on your local network...enter your LOCAL BI IP in the both the lan and wan boxes.

Thank you sir! That resolved my problem. I was making the adjustments in the lan and wan boxes on the LOCAL BI and not the app. I made the adjustments on the app and now I can only access my LOCAL BI while on VPN or connected to my LAN.