Hey all, so
@Ssayer and I tried a couple of things to get that VPS and VPN tunnel going so he could remotely access his cams.
First was trying to run pfsense in a VPS from vultr.com, so we could use it as a wireguard server and use pfsense's interface to do the routing through to his
Blue Iris box. But it was a pain to get pfsense installed, and halfway through configuring wireguard, the pfsense interface just stopped working with no explanation. Admittedly this was the "overkill" solution when all that was needed was Blue Iris remote access. So we scrapped that idea and just installed the zerotier client on the Blue Iris server and on a basic Debian virtual machine. Joined them both to the same network, and that was it. Connectivity achieved between the cloud VPS and Blue Iris machine.
To actually pass Blue Iris traffic through the zerotier tunnel, we put nginx on the VPS and configured the default nginx site to proxy the traffic to Blue Iris via zerotier according to the
example nginx configuration in UI3's github wiki. I also got
letsencrypt certificate with autorenewal set up. Since we were using a proxy server capable of HTTPS anyway, I figured why not. The only major stumbling point was realizing that Debian's default firewall was blocking the inbound communication to the VPS. That is solved by opening each desired TCP port via the command
sudo iptables -I INPUT -p tcp -m tcp --dport 80 -j ACCEPT (where
80 is the port number).
I should note that the cloud VPS is technically optional when using Zerotier. If you install the Zerotier client on every device that needs to remotely access Blue Iris, then you can connect to the Zerotier network directly without needing a public routable IP address anywhere. Myself, I am not thrilled with that option because an always-on VPN is going to be a bit of a drain on battery life.
