DezertManiac
Getting the hang of it
Sitting at home watching a live video of my remote camera, via OpenVPN, just saying!
Viewing Camera outside of my network without portforwarding.
- Thread starter Pain12
- Start date
alastairstevenson
Staff member
websocket in the browser.
flynreelow
Known around here
- Joined
- Dec 12, 2016
- Messages
- 1,252
- Reaction score
- 1,141
PiVPN w/ WireGuard seems to work the best for me.
Onlooker777
n3wb
Hopefully, for the last time and avoiding replies which involve misdirection and obfuscation. I have used a VPN where I am the host and “when inside my LAN“ CAN view live surveillance camera video feed using an iPhone and web access via IP address. There is no problem using NordVPN + Meshnet, or OpenVPN on my router. The camera website can be entered using a web browser and the cameras IP address. So once again, there is NO PROBLEM in doing this.
The problem only arises when the cell phone is used OUTSIDE of the LAN. Any form of acceptable solution must use VPN and not use port forwarding (I AGREE, I AGREE). My surveillance camera manufacturer happens to be Reolink and, whilst I am able to achieve web access to the cameras IP address the received live video feed cannot be decoded as it uses Adobe Flash Video (FLV) format. Reolink technical agree that without a web browser that supports FLV (and no major browser will support it as the plug-in iitself is extremely vulnerable to hacking) the REMOTE LIVE video cannot be viewed.
I had hoped that someone would provide a simple direct example, giving actual components used, eg OpenVPN on router (which one) using a defined surveillance camera, cell phone, host pc, web browser, etc, etc, where they ACTUALLY ACHIEVE remote live video viewing and not “I’m sure this would work if you tried it”. If you can’t provide these simple details then don’t waste time replying.
The problem only arises when the cell phone is used OUTSIDE of the LAN. Any form of acceptable solution must use VPN and not use port forwarding (I AGREE, I AGREE). My surveillance camera manufacturer happens to be Reolink and, whilst I am able to achieve web access to the cameras IP address the received live video feed cannot be decoded as it uses Adobe Flash Video (FLV) format. Reolink technical agree that without a web browser that supports FLV (and no major browser will support it as the plug-in iitself is extremely vulnerable to hacking) the REMOTE LIVE video cannot be viewed.
I had hoped that someone would provide a simple direct example, giving actual components used, eg OpenVPN on router (which one) using a defined surveillance camera, cell phone, host pc, web browser, etc, etc, where they ACTUALLY ACHIEVE remote live video viewing and not “I’m sure this would work if you tried it”. If you can’t provide these simple details then don’t waste time replying.
dudemaar
Known around here
I use to use Openvpn no problem when away on my iPhone . At that time I had a Dahua NVR. I used this guide and had no issues.
randyshomeprojects.blogspot.com
I now use zero tier on my camera’s because I no longer use a nvr but have blue iris on my PC .
OpenVPN on a Asus router
Sept 2021 Turned off comments because of ads July 2021 Bought a new Asus router, an RT-AX86U. Loaded it right away with Merlin firmware, s...
randyshomeprojects.blogspot.com
I now use zero tier on my camera’s because I no longer use a nvr but have blue iris on my PC .
bigredfish
Known around here
Wait, what?
Your phone and browser is able to see (and therefore decode) the video Inside your LAN, but that same phone and browser cant decode the video Outside your LAN?
PS there are two types of VPN and they aint the same (neither should have anything to do with this)
Nordstream and others are services used to mask your online identity
OpenVPN is a Point to Point client/server application that allows you to "tunnel" into a network with the client and proper credentials.
Many of us have for years and continue to use OpenVPN to access cameras remotely.
Your phone and browser is able to see (and therefore decode) the video Inside your LAN, but that same phone and browser cant decode the video Outside your LAN?
PS there are two types of VPN and they aint the same (neither should have anything to do with this)
Nordstream and others are services used to mask your online identity
OpenVPN is a Point to Point client/server application that allows you to "tunnel" into a network with the client and proper credentials.
Many of us have for years and continue to use OpenVPN to access cameras remotely.
yes there is you can use the reolink cameras without port forwarding all you have to do is add the UID of the camera when you set it up
If you can see the live feed at home but not on cellular then you are clearly using the wrong VPN then or have it set up wrong.
Hundreds, if not thousands, of us here can see our cameras one cellular service without port forwarding...
The whole point of VPN back in to YOUR system is then it is like you are sitting on YOUR couch on your home LAN.
NordVPN masks your IP address, so it isn't putting you back on YOUR network, but rather whatever server NordVPN is using to host their VPN.
Hundreds, if not thousands, of us here can see our cameras one cellular service without port forwarding...
The whole point of VPN back in to YOUR system is then it is like you are sitting on YOUR couch on your home LAN.
NordVPN masks your IP address, so it isn't putting you back on YOUR network, but rather whatever server NordVPN is using to host their VPN.
I believe by doing it that way you are still exposing your camera to the internet via P2P or quasi port forwarding.
You stated in your post #16 above "All camera manufacturers appear to employ Adobe FLV to encode transmitted vide to to its low bandwidth requirements."
Actually, it's only IP cameras that use the RTMP protocol, such as Reolink. There are others, but it's not accurate to say "all." When using RTSP or MJPEG protocols to stream video, there is no use of Adobe FLV or Flash media.
So that's "one."
Mike A.
Known around here
- Joined
- May 6, 2017
- Messages
- 3,835
- Reaction score
- 6,400
I use OpenVPN and/or WireGuard running under pfSense to VPN into my network to view live video from my Dahua, Hikvision, Wyze, and a couple of oddball cams via my iPhone or Android devices using Safari and a variety of other browsers both directly or through BI's UC3. There is no general limitation as you described.
The Automation Guy
Known around here
As others have mentioned, if you can't view your live camera feed while via a remote VPN connection that is hosted on your local network, then either you have set it up wrong, your cameras are preventing it (I wouldn't be surprised to find out that Reolink won't work over VPN, but I don't use that brand myself so I can't test that theory), or the "upload" speed of your home's internet connection is too slow to support video feeds..
You asked for specific information so he is my set up. I use OpenVPN which is hosted on my pfSense Firewall appliance (a "DIY" solution that cost me about $150 for the hardware used). While I use pfSense, OpenVPN is available on nearly every residential grade router sold in the last decade, so don't get hung up on my "hardware" choices. I use a Dynamic DNS service so that I have a unique and non-changing public URL that I use in my config files in leu of my actual public IP address that is assigned by my internet service provider. I have a service set up on my pfSense firewall that communicates any changes in my actual public IP address to this Dynamic DNS service. (Again most consumer grade routers sold in the last decade have the ability to communicate with the more popular Dynamic DNS services available). That service will forward any traffic from the non-changing public URL to my actual public IP address so I never loose access to my network even if my public ip address changes. I run IP cameras from a variety of manufactures (but mostly Dahua) and I run BlueIris as my "NVR" software.
I can connect to the BI system either using the BI mobile app (a paid app) or by using the BI internet browser interface (free access). Both viewing methods work just fine over the VPN and both allow me to see live camera feeds as well as view saved footage and alerts. I can access these feeds using ANY device (mobile phones, tablets, computers, etc) that I have set up to use the VPN connection (which is a one-time setup of downloading the encryption key to the device while I'm at home and pointing the VPN to the right Dynamic DNS public url along with the correct settings for my connection).
Not only can I access my BI feeds over the VPN service, I can access anything else on my network as well (at least anything else that I want to be accessed over the VPN - I can limit access should I want/need to) . For example, I use a computer based DVR system to record TV and I can view live TV or recordings over the VPN without any issues too. I can also access my home automation system and control everything such as HVAC, lighting, A/V systems, home alarm system, or even close the garage door if it's left open all from my home automation app (or web interface).
EDIT - I remember that I actually did have an old Reolink RLC-410 camera in my system at one time and I could view it just fine over the VPN connection.
Last edited:
Excellent write up! ^^^
Onlooker777
n3wb
This uses port forwarding by indirect route im afraid
Onlooker777
n3wb
OK, thanks to those who have taken the trouble to respond with positive suggestions. Just a final note I did not attempt to use RTSP or RTMP as they are both regarded as security risks and to mitigate these risks, it is important to use encryption and authentication to secure the video stream (as quoted from a security assessment website). I assume that the suggestions in this forum re using a VPN such as OpenVPN mitigates these security risks. Am I correct in assuming this. I also note that RTMPS is apparently available as a secure version of the same RTMP; does anyone use this version?
The Automation Guy
Known around here
The fact that your camera "encrypts" the traffic just means someone can't snoop your traffic after it leaves your network. It does not mean the device is good at "securing" your network from attacks. (EDIT - a VPN connection also encrypts ALL the traffic passing through the VPN connection, so it really doesn't matter if each individual device encrypts the traffic or not).
Your firewall is your primary/best way to keep the "bad" people off of your network. Anytime you forward a port, you are punching a hole in your firewall and creating a vulnerability. All incoming traffic on that port is forwarded to whatever device/service you have set up meaning there is no "security" at the firewall level for that port's traffic. Once your forward that traffic, the only thing keeping the "bad" people from accessing your network at that point is the security of that particular device/service. Most non-computer devices have a history of terrible and ineffective security measures and an even worse history of security updates (even when an exploit is found). Computer systems are not immune to these flaws being found either, but they tend to be patched quickly which is why it is important to update your OS regularly. (Edit - this is also why "best practices" say to keep your CCTV and other IOT stuff - including your cell phones and other mobile devices - isolated from the personal computers/data on your network by using VLANs. This way even if there is a compromised device on your network, it's "reach" is limited).
With a self hosted VPN connection, you only have to forward a single port to your VPN service and all your remote access needs can be handled through this single port (ie you aren't opening a different port for every device). The fact that the VPN service requires an encryption key to be validated before any traffic is passed to the rest of your network makes the "security" of the service very effective and trustworthy. Of course you are still at the mercy of your VPN service to be free of vulnerabilities. While I am not a security expert, my gut feeling is that the potential for an exploit with a VPN service is much lower because the exploit would have to occur at or before the encryption key validation step which happens very early in the process. Compare that with a device that (best case scenario) only requires a user name/password for security. Because the entry barrier is so much lower on those devices it opens the device up to potential exploits found after the "authorization" process too. Finally, if there is a vulnerability found in a VPN service, it is going to patch it as quickly as possible vs your IOT/CCTV manufacturers who might take years to fix or may never fix the known exploits with their devices (there are lots of examples of this).
Long story short, you are really only one flaw/exploit from a compromised network. But the odds of a VPN service (like OpenVPN) having an exploit are miniscule compared to the odds of a CCTV camera or IOT device having an exploit. OpenVPN, like many of the VPN options out there, is also open source so there are plenty of security experts regularly reviewing the code to ensure it doesn't contain anything that could be used as an exploit.
Hopefully that helps explain why we feel a VPN is the most secure and the only acceptable way to remotely access your network.
Last edited:
Onlooker777
n3wb
Many thanks for your comprehensive reply. However I have never had a problem with using VPN and am fully aware of its advantages and limitations. I use and will continue to use VPN almost certainly in the form OpenVPN on my router.
The one and only problem I have is that for remote LIVE video viewing (eg 10m away from my LAN) of my home security camera when using my iPhone is that because the video codec (FLV) is not supported I can log in to the camera site but not view the video. Everyone just keeps telling me how to log in to the camera website or why I should use VPN.
Again, you are doing something wrong.
IF you can view it live on your phone when on your LAN, but as soon as you go remote viewing (ie cellular) and cannot view live video, then you are either using the wrong VPN, have a setting messed up, or cell service is too slow to produce a live image.
After using something like OpenVPN - you should be able to see it EXACTLY as if you are sitting at home on your couch on your home wifi.
That is the way it works for everyone else here. So if it doesn't work for you, then YOU either haven't set it up correctly or your mobile provider doesn't have fast enough speed for it display.
Onlooker777
n3wb
OK, I hear what you say. So to be clear the fact that a different video player codec is used to play the live video when located within my LAN as compared with the player codec normally used (ie when OpenVPN is not used) when iPhone is used outside of my LAN makes no difference when OpenVPN is used? That is the reason Reolink give as to why I won’t be able to view live video on cellphone when outside my LAN. I haven’t tried OpenVPN yet as I would need to replace my existing modem/router, at some expense, which can have OpenVPN installed. I have only used NordVPN+Meshnet and in this case external live video was not possible using a browser and camera IP address. Detailed discussions with NordVPN and Reolink made clear that my system was set up correctly. So again, OpenVPN offers special processing which will allow remote live video viewing to be achieved?