ZeroTier and Dual Nic
- Thread starter moose021879
- Start date
You haven't really given us enough info to go on here. Assuming you utilize Zerotier as VPN remote access to your network, you could utilize a dual NIC setup but it may not be necessary. That really depends on your network design which you haven't shared with us.
moose021879
n3wb
Sorry I don't really know what I'm talking about (obviously) I set up the dual nic on my blue iris PC first. I then setup zero tier on my BI PC as well for VPN. My ultimate goal is to be able to remotely view BI on my home network, but also outside of the home network. Let me know what info you need and I'll try to get it for you. Thanks
You do not need two NICs to use Zerotier.
moose021879
n3wb
Here's my setup. I've got a router with wifi in my house. There is a LAN line run from the house to the garage underground. I've got another router in my garage so that I can have a wifi signal in the garage. I've got a PC with blue iris and dual NIC's. One NIC is plugged into the router, one NIC is plugged into the POE switch. I cannot view UI3 when typing in the LAN access address in the house. Even though I have two routers, its the same network correct? Thanks
That depends on how you connected the 2nd router. If you connected the 2nd router to a LAN port then yes, it's on the same network. If you have connected the 2nd router via the WAN port, then the answer is no. In the 2nd scenario you will also be dealing with a 2nd NAT from the 2nd router. You'd have to open a port to get to the cameras in that case on the 2nd router.
moose021879
n3wb
Ok I'll have to check. Thanks
SouthernYankee
IPCT Contributor
The second router should be set to access mode. Not as a router.
Make and model of second router.
What is the SSID and channel on both the main router and the second router ?
Is the BI computer connected to the second router ?
a network diagram would help
Make and model of second router.
What is the SSID and channel on both the main router and the second router ?
Is the BI computer connected to the second router ?
a network diagram would help
moose021879
n3wb
TP-LINK WiFi Router AC1750
SouthernYankee
IPCT Contributor
set second router as access point
www.alphr.com
How to Setup Your TP-Link AC1750 Router as an Access Point
TP-Link routers are among the best routers in the world. They are reliable, affordable, and offer stable and fast internet connections. Some of the
www.alphr.com
moose021879
n3wb
great thanks!
nowandthen
Getting comfortable
- Joined
- Oct 11, 2014
- Messages
- 178
- Reaction score
- 44
Sorry about resurrecting an old thread.
Last year I sold my house and left behind the BI system.
Finally getting around to setting up a new BI system.
Came across a video about Zerotier.
Came here to see what the BI community thinks about it.
I was about to install a second NIC and OpenVPN.
But wait... sounds like the BI community endorses Zerotier.
Which way should I go? Zerotier or OpenVPN with 2nd NIC?
I assume (you know wht they say about assuming) that Zerotier prevents the cameras from phoning home. Right?
Thanks.
OpenVPN could be more reliable than Zerotier, because you don't need to depend on a cloud service or networking tricks like UDP hole punching (which does not always work) to get a connection.
But Zerotier is a lot simpler to set up.
Zerotier does not prevent cameras from phoning home. Neither does OpenVPN. That is not the job of a VPN. That is the role of using a 2nd NIC on the BI system. The 2nd NIC is so you can connect the BI system to a completely separate network that contains only your cameras and/or other devices that you don't want to allow internet access.
tech_junkie
Getting comfortable
Zerotier by its self 'Phones home' and OpenVPN uses self sign certificates so its suseptible to MTM attacks.
Unless the NVR uses poor authentication methods, There is nothing wrong with serving a NVR on its own outside IP address with a public CA certificate. Which is the real secure method.
Yes, this is true.
While this is technically true, the adversary would need to be "in the middle" during the initial key exchange (during creation and copying of the openvpn configuration file) in order to substitute public keys with their own. Once the OpenVPN tunnel is configured, each end of the connection is able to verify that the entity it is communicating with has the correct private key.
That is only if you trust the NVR to be well hardened against attack. Which the major brands have proven over and over again that they are not. It doesn't matter how good the authentication method is when the attacker is triggering a remote code execution bug or exploiting a backdoor or other authentication bypass vulnerability.
tech_junkie
Getting comfortable
Then they need to repair it and others publish the CVE and boycott their products until they comply. It is ludicrous to cover for them by hiding a vulnerable system and not say anything about it.
tech_junkie
Getting comfortable
NEVER underestimate a hacker. Especially advanced ones that can make efficient automatic code and pass it around to other hackers.
duplo
Getting comfortable
Yeah, and Biden should not be President since 2021. Since he denied to pass a mental health test. Maybe he sign his own pass certificate ? Not sure if a man in the middle already exchange the public certificate.
You are writing bullshit day after day.
tech_junkie
Getting comfortable
The pitfalls of self signed certificates is well documented and the standard practice to deploy Public TLS/SSL CA Certificates with these programs when you apply the internet to them.
Ignore me if you want, but its your own fault if you get hacked.