BI, VPN and Unifi USG
- Thread starter DLONG2
- Start date
luisrodz
Young grasshopper
- Apr 4, 2018
- 55
- 20
Thank you both for replying. It shows up in the topology but can’t ping it. I can ping other devices in same switch.
Maybe is the BI PC firewall?
Sent from my iPhone using Tapatalk Pro
Last edited:
luisrodz
Young grasshopper
- Apr 4, 2018
- 55
- 20
Yes it shows up in the Topology.
I did disabled the BI PC firewall. Didn’t work neither. I tried placing a static IP address and didn’t work.
I used Dahua Config tool and it shows up but it appears as “uninitialized”.
When I try to initialize, this is the error I get...
Sent from my iPhone using Tapatalk Pro
Last edited:
luisrodz
Young grasshopper
- Apr 4, 2018
- 55
- 20
Well,
I connected my Camera directly to my BI PC and was able to access it.
Changed both passwords (admin and ONVIF) and IP address.
I will be connecting it to the switch and see if it works. I just want to make sure that it doesn't access the internet.
I'll keep you posted. Thank you for your help so far.
Luis
I connected my Camera directly to my BI PC and was able to access it.
Changed both passwords (admin and ONVIF) and IP address.
I will be connecting it to the switch and see if it works. I just want to make sure that it doesn't access the internet.
I'll keep you posted. Thank you for your help so far.
Luis
bob2701
Getting comfortable
EDIT: Opps, didn;t see page 4.
Dahua cameras come set to static so you can't change that it Unifi. You will need to use the Config tool that came with the camera to change the ip address. If you want to control it with Unifi then set them to DHCP.
- May 17, 2017
- 772
- 461
Thanks, Bob Yes, the IP of the camera has to be set within the Dahua web GUI. In my UniFi system, I then made the same device a static IP as well so as to manage the rules. This last step didn't have to happen? Guess I prefer using static IPs in UniFi, but I got to learn something.
bob2701
Getting comfortable
luisrodz
Young grasshopper
- Apr 4, 2018
- 55
- 20
Thank you for your advice. I was able to add my first camera with static IP address to the BI network.
Now I’m having issues trying to place the BI PC with static IP to BI network. Despite all efforts it goes under Corporate LAN instead of the BI LAN
Sent from my iPhone using Tapatalk Pro
- May 17, 2017
- 772
- 461
Check out the UniFi switch's port configuration where the PC is connected. Each port can be configured to allow for a specific network.
luisrodz
Young grasshopper
- Apr 4, 2018
- 55
- 20
I have changed it in both UniFi controller and Network controller in PC.
No luck.
Sent from my iPhone using Tapatalk Pro
Last edited:
luisrodz
Young grasshopper
- Apr 4, 2018
- 55
- 20
UPDATE: I configured two IP cams and able to see them in BI. I appreciate all help I got from you guys.
However, I have several questions:
1. I do still have access to internet on my BI PC. I’m I missing a rule or this is they way it supposed to be?
2. After creating the VPN and users, I am able to connect to BI through IU3 but not the BI app. It should be something in the app setting, right?
I’ll appreciate your feedback.
Luis
Sent from my iPhone using Tapatalk Pro
However, I have several questions:
1. I do still have access to internet on my BI PC. I’m I missing a rule or this is they way it supposed to be?
2. After creating the VPN and users, I am able to connect to BI through IU3 but not the BI app. It should be something in the app setting, right?
I’ll appreciate your feedback.
Luis
Sent from my iPhone using Tapatalk Pro
- May 17, 2017
- 772
- 461
As long as the VPN is configured correctly, the way to view the BI app on the mobile via the VPN is to assure that the app's server settings both show the internal and the external IP addresses as the same local, internal IP address; no more need to list the external WAN address.
If you need to know if your BI PC still has internet access, just use it load up Google or Bing in a browser. UPDATE: If you want to block the BI PC from accessing the internet then just add it's static IP address in the rule to block WAN access.
Last edited:
Ugh.. I'm stuck.. Without any protection in place I can't get my 2 corporate networks to communicate:
LAN - 192.168.1.x/24
IPCAM - 192.168.19.x/24 VLAN 10
Camera - Static IP 192.168.1.13
Gateway - 192.168.19.1
No USG rules.
Can ping IPCAM gateway cannot ping Camera
If I change my laptop to a static IP of 192.168.1.20 I can see the camera and watch the feed.
I can put in LAN_IN rules to drop traffic to block internet chatter, but I cannot get the camera to talk to my PC across the subnets without ANY rules. I believe this is supposed to be enabled by default.. something fishy going on?
Equipment -
USG 3P
Unifi 16 port POE
Dahua camera
I have not updated any Camera firmware, I am running controller 5.11.50
Is this a camera issue? Unifi bug? Hopefully someone can help!!
LAN - 192.168.1.x/24
IPCAM - 192.168.19.x/24 VLAN 10
Camera - Static IP 192.168.1.13
Gateway - 192.168.19.1
No USG rules.
Can ping IPCAM gateway cannot ping Camera
If I change my laptop to a static IP of 192.168.1.20 I can see the camera and watch the feed.
I can put in LAN_IN rules to drop traffic to block internet chatter, but I cannot get the camera to talk to my PC across the subnets without ANY rules. I believe this is supposed to be enabled by default.. something fishy going on?
Equipment -
USG 3P
Unifi 16 port POE
Dahua camera
I have not updated any Camera firmware, I am running controller 5.11.50
Is this a camera issue? Unifi bug? Hopefully someone can help!!
- May 17, 2017
- 772
- 461
Trying to follow. You have two networks ("LAN" and "IPCAM") but the camera is on the LAN network while your laptop is normally on the IPCAM network? The PoE ports are set for "All" networks and you cannot ping between the networks? If you want all devices to reach each other without any firewall rules then why create two networks to begin with?
Laptops on LAN, cameras on IPCAM
I eventually want:
IP Cameras no access to internet (Done)
IP Cameras access to Blue Iris (I think this will be accomplished by putting the BI machine on a static IP on the 192.168.19.x network)
BI Machine accessible by LAN - This is not working at this point, I cannot access 192.168.19.x from 192.168.1.x as shown by testing Laptop->Ip Camera
BI Machine accessible by VPN
I found by googling that the default Unifi rules should allow two corporate networks to communicate without any rules. That being said I applied:
LAN_IN
Allow all protocols no source no destination
Drop all protocols source IP CAM network any destination (this should cover traffic to internet too but just in case)
WAN_IN
Drop all protocols source IP CAM network any destination
WAN_OUT
Drop all protocols source IP CAM network any destination
I confirmed internet access disabled by assigning my laptop a static IP in 192.168.19.x (aka IP CAM) and it fails.
Ping 192.168.19.13 from 192.168.1.200 (DHCP provided address to my laptop)
Destination unreachable
Ping 192.168.19.1 (Gateway) from laptop address above
Responds as expected
Pinging the camera when I have a static IP in IP CAM network aka 192.168.19.20
Responds as expected
So the root of my issue at this point is not being able to communicate to/from 192.168.1.x and 192.168.19.x
Thanks for your help, hope this is clear
- May 17, 2017
- 772
- 461
Try this. In the SETTINGS/ROUTING & FIREWALL/FIREWALL/GROUPS, add a new group named something like 'GroupToReachCam' and add the IP addresses of any laptop or device you need to reach the IP camera, including the IP address of the camera. Then in the Firewall settings, add a new "LAN LOCAL" rule named something like 'RuleToReachCam' and set it to BEFORE PREDEFINED RULES, ACCEPT, ALL, DON'T MATCH ON IPSEC PACKETS, Source would be 'Address/Port Group' and select the group you had created. Same for Destination. Build the same new rule in the "LAN IN" category.
Then wait a couple minutes to see if the laptop can connect to the camera.
Then wait a couple minutes to see if the laptop can connect to the camera.