Hikvision DS-7716NI-SP/16 no live view or playback over https

B

bhoth

n3wb
Jun 18, 2016
28
0
Utah, USA
Hi All,

I searched and really didn't come up with anything on this so I am wondering if anyone else is having this issue. I have enabled https and port forwarded the https port. I can login from the outside and look at the config menu but no live view or playback works. Any ideas?

I do have H264+ enabled and wondering if that is the issue. (but it works just fine from inside my LAN and without https)
 
Last edited by a moderator:
I just did a test plugging in the internal IP address of my NVR and the https worked fine https://192.168.4.200:445 and it worked fine so now what? (yes I changed the https port from 443 to 445)

The error I get is "Live view failed"
 
Last edited by a moderator:
fenderman said:
you need the rtsp port forwarded as well.
Click to expand...

I have the RTSP port forwarded (it's 10554) and it sill does not work. I am confused though, why should an SSL connection require a non secure port forwarded?
 
check that your portforwarding is working with this: rtsp://youripnumber:10554/Streaming/channels/101
play the stream in vlc or whatever you like and see that it comes through to start with
 
badmannen said:
check that your portforwarding is working with this: rtsp://youripnumber:10554/Streaming/channels/101
play the stream in vlc or whatever you like and see that it comes through to start with
Click to expand...

Yes it works.
 
Did you ever figure out a solution to your issue here? I'm having the same problem and I'm afraid I'm stumped. I haven't been able to find any information elsewhere to lead me to a solution. :(
 
Figured this one out!

Looks like the playback controls are hard-coded to operate on the HTTP port configured in the NVR, whether or not you're logging in via HTTPS. When I began forwarding both the HTTPS and HTTP ports through the firewall, playback and live view worked! So, HTTPS is used strictly for authentication, which is ok, since the whole point here is to secure passing of credentials so that man-in-the-middle attacks can't steal your password when you log into the NVR over WAN.

In the NVR, go to Configuration > Network > Basic Settings > Port. I'd recommend changing the HTTP port to something non-standard (not 80). Forward the HTTP port directly through the firewall (ie: 8800 ext -> 8800 int). This does not work if you're forwarding a different external port to the NVR's HTTP port (ie: 8800 ext -> 80 int).

For HTTPS, you can forward a different external port through to the NVR's HTTPS port (ie: 9000 ext -> 443 int).

Hope this helps anyone who happens upon this thread in search of the same answers.
 
Last edited:
The problem with this is the http port is then presented to the world!
 
True, but the point is to secure login credentials. I wish the video stream was served encrypted too, but these units don't seem capable of that. Sloppy programming, if you ask me. This is the best we get with these HIKVISION NVR's.
 
tristanx said:
True, but the point is to secure login credentials.
Click to expand...
tristanx said:
Sloppy programming, if you ask me. This is the best we get with these HIKVISION NVR's.
Click to expand...
The point is that the NVR is not designed or marketed as a hardened device to be directly exposed to the internet.
tristanx said:
Forward the HTTP port directly through the firewall (ie: 8000 ext -> 8000 int).
Click to expand...
This is the 'command and control' port, not the HTTP port.
tristanx said:
This does not work if you're forwarding a different external port to the NVR's HTTP port (ie: 8000 ext -> 80 int).
Click to expand...
No surprise there.

The best advice is to spend some study time on this topic : VPN Primer for Noobs
It's not as hard as it appears, and is designed to be secure.
 
tristanx said:
Figured this one out!

Looks like the playback controls are hard-coded to operate on the HTTP port configured in the NVR, whether or not you're logging in via HTTPS. When I began forwarding both the HTTPS and HTTP ports through the firewall, playback and live view worked! So, HTTPS is used strictly for authentication, which is ok, since the whole point here is to secure passing of credentials so that man-in-the-middle attacks can't steal your password when you log into the NVR over WAN.

In the NVR, go to Configuration > Network > Basic Settings > Port. I'd recommend changing the HTTP port to something non-standard (not 80). Forward the HTTP port directly through the firewall (ie: 8800 ext -> 8800 int). This does not work if you're forwarding a different external port to the NVR's HTTP port (ie: 8800 ext -> 80 int).

For HTTPS, you can forward a different external port through to the NVR's HTTPS port (ie: 9000 ext -> 443 int).

Hope this helps anyone who happens upon this thread in search of the same answers.
Click to expand...

Hi. I hope the knowledge in this ancient post isn't dead. Just got my old system on the Internet and ran into same ssl issue w/ feed. I tried what I thought was your solution, but after authenticating w/ SSL, I am unable to change to http without it forcing me to authenticate again (insecurely). What am I missing?
 
mcsing said:
What am I missing?
Click to expand...
Security awareness!
By port forwarding to an insecure device, you are putting the LAN it resides on and the data and devices on it at risk of compromise.

alastairstevenson said:
The best advice is to spend some study time on this topic : VPN Primer for Noobs
It's not as hard as it appears, and is designed to be secure.
Click to expand...

How to Secure Your Network (Don't Get Hacked!)

Many camera networks are unsecure, even those installed by professionals. This guide gives basic instruction in how to secure a camera network from the most common types of attacks. Perhaps the most important rule of securing a computer network is to not forward ports to unsecure services...
www.ipcamtalk.com www.ipcamtalk.com
 
alastairstevenson said:
Security awareness!
By port forwarding to an insecure device, you are putting the LAN it resides on and the data and devices on it at risk of compromise.


How to Secure Your Network (Don't Get Hacked!)

Many camera networks are unsecure, even those installed by professionals. This guide gives basic instruction in how to secure a camera network from the most common types of attacks. Perhaps the most important rule of securing a computer network is to not forward ports to unsecure services...
www.ipcamtalk.com www.ipcamtalk.com
Click to expand...

I get that Alastair. However I am stuck being the only person in a small condo that knows how to operate the system. I've shown others, but they still come to me every time footage is needed. The requirement of the obsolete Internet Explorer doesn't help. We are stuck with the system for a couple more years. Until I got it Internet accessible, If I was on vacation and the police needed footage to investigate a crime in front of our building, they had to wait until I was home. I have placed the NVR on an isolated LAN and accept the risk that bad guys could compromise the system (and nothing else), since the bad guys we are trying to stop are a bigger concern to our neighborhood than the bad guys on the Internet. I am just trying to make an unsecure system a little less unsecure by using SSL. If there isn't a solution, so be it, but I thought it was worth asking a thread that suggested there was a solution. Hope this explanation helps explain why I would still like a solution.
 
  • Like
Reactions: alastairstevenson
You must log in or register to reply here.
Top Bottom