Beat a protect setup

blazin912

n3wb
Joined
Sep 15, 2019
Messages
23
Reaction score
3
Location
MA
Ok, somewhat of a newb here and I've done some fair amount of searching but I'm trying to beat a protect setup for high WAF.

If I gave into the ecosystem and sacrificed on camera quality, I know, I know.. the WAF would be high as there are dedicated apps with "secure" channels into the Unifi protect NVR.

I understand setting up a VPN is easily handled on a USG and this would be secure, but what have you all done to provide a seamless experience outside the home?

TLDR:
Equipment/Setup to replace Unifi Protect
USG
US-16-150W
VLAN Cameras and NVR to limit access
VPN to VLAN for remote viewing

Wife wants "single app" experience. ie View Cameras, done.

How do we get there?
 

bp2008

Staff member
Joined
Mar 10, 2014
Messages
9,136
Reaction score
6,353
Location
USA
I am not sure what your goal here is. You want new cameras? New NVR? New software? Not to need to connect to a VPN, instead just tap an icon on your home screen and see the cameras?
 

blazin912

n3wb
Joined
Sep 15, 2019
Messages
23
Reaction score
3
Location
MA
I am not sure what your goal here is. You want new cameras? New NVR? New software? Not to need to connect to a VPN, instead just tap an icon on your home screen and see the cameras?
Sorry. I have nothing but ubiquiti gear. Looking to add Poe cameras.

Ubiquiti cameras are not great for the money but protect has high waf with great, easy app.

Dahua is a great camera, but I'm not sure how to best create a similar waf solution. What have you done? Blue Iris + port forward is a no no. Vpn is a two step at least process I think, not sure exactly.

Just looking for your experience
 

bp2008

Staff member
Joined
Mar 10, 2014
Messages
9,136
Reaction score
6,353
Location
USA
I have not used Ubiquiti's VMS in a long time. I liked the first-generation Aircams, but not long after those came out, I found much better values elsewhere and Ubiquiti never got close to catching up.

Blue Iris + port forward is what I do. I know the risks, and I am willing to accept them.

There is probably a way you can automate the VPN connection, but I have never tried this. I am too lazy to connect a VPN every time I want to view remotely. If you want a little more security without a VPN, you could always use a reverse proxy server that requires its own authentication, and the same proxy server can serve HTTPS for you.
 

blazin912

n3wb
Joined
Sep 15, 2019
Messages
23
Reaction score
3
Location
MA
I have not used Ubiquiti's VMS in a long time. I liked the first-generation Aircams, but not long after those came out, I found much better values elsewhere and Ubiquiti never got close to catching up.

Blue Iris + port forward is what I do. I know the risks, and I am willing to accept them.

There is probably a way you can automate the VPN connection, but I have never tried this. I am too lazy to connect a VPN every time I want to view remotely. If you want a little more security without a VPN, you could always use a reverse proxy server that requires its own authentication, and the same proxy server can serve HTTPS for you.
Thanks I'll look into this
 

blazin912

n3wb
Joined
Sep 15, 2019
Messages
23
Reaction score
3
Location
MA
It turns out with Android, you can use the default VPN client. The VPN can be set to "always on" and you can manually set a forwarding route to ensure only traffic to/from your home is routed via the VPN. Since I do not have magically symmetric fiber at my home, I will pay a price when viewing my cameras, but won't pay that same price for using my phone to use the interwebs in remote locations. Hooray.

Also, I can take my wife's phone, perform this "magic" behind the scenes and she should be able to seamlessly load the blueIris app for high WAF and 1-click operation.


Now I just need to figure out:

DuckDNS and the USG VPN configuration.

Joy
 

blazin912

n3wb
Joined
Sep 15, 2019
Messages
23
Reaction score
3
Location
MA
Update.. USG VPN and DuckDNS done except android's default L2TP/IPSec PSK doesn't support always on with DDNS. Yuck. I'm going to try OpenVPN as an alternative. I really don't want to tell my wife she needs to launch a VPN then view the cameras. She is more than capable, but it is something I know I'll need to support time and time again..
 

Ratfink11

n3wb
Joined
Sep 25, 2019
Messages
11
Reaction score
3
Location
Washington
In dealing with mobile vpn's...some things to remember which it appears your savvy on.
1. Mobile carriers will restrict and throttle bandwidth... Probably why they double NAT and hide ip addresses.
2. I use NoIP, and use Tasker for (automating) the one button always on vpn connection.

...just some thoughts...and curious Android vpn is so clooooogey?
 

blazin912

n3wb
Joined
Sep 15, 2019
Messages
23
Reaction score
3
Location
MA
In dealing with mobile vpn's...some things to remember which it appears your savvy on.
1. Mobile carriers will restrict and throttle bandwidth... Probably why they double NAT and hide ip addresses.
2. I use NoIP, and use Tasker for (automating) the one button always on vpn connection.

...just some thoughts...and curious Android vpn is so clooooogey?
How do you have tasker setup? When you run x application the VPN connects?
 
Top