Blue Iris Android app - notifications with image preview and how I got it working

[Kensko]

Edit: Behavior was due to a bug in the router port forwarding. Disregard the quirky problem/solutions, which are in italic. Went with a working VPN setup as sugested by @bp2008 and others here on the forum.

I'll try to be briefer than the title. New user of Blue Iris, and the forum. Wanted to give back a little with what ever I can.
Struggled to figure out the Blue Iris server software and Android app setup. Read through many posts on this and other forums, but none seemed to give the results that was advertised. Not because they were "wrong", but because the Blue Iris server software and app seems to work in a very inconsistent manner.

What I wanted:
-Near instant push notifications to my phone, no matter if it was on the same WiFi or 3g/4g network.
-No port forwarding poking holes in my router, exposing it to the outside internet.
-Access recordings though VPN and the Blue Iris app when necessary .

Without port forwarding, the notification would be instant while on the same network (but no preview image), but could take 3-4 minutes! while on 3g/4g (still no preview image). Same with VPN enabled.
With port forwarding, notifications are instant with preview image both on the same WiFi and 3g/4g.
Tried filtering the allowed IP addresses in the advanced Web server settings in the Blue Iris software to only include my telecom providers IP range, and this would get me instant notifications on 3g/4g with preview image, but no preview image on the same WiFi. Including my local network and VPN address range in the port forwarding on my router would give me instant notifications with preview image on both the same WiFi and 3g/4g. Very strange that it needs same network port forwarding. Tested this extensively and got the same results every time.

TLDR:
Enabled port forwarding only from my local network to the Blue Iris server and now notifications with preview image is near instant on both the same network and 3g/4g. This means no holes to the outside internet.
If I want to watch the feeds through the app while on 3g/4g, then I use VPN to connect.


This might be a quirky combination of the Blue Iris software / app, and my hardware setup. But since it's very standard, it might be helpful for others.​

My setup:
Router: Asus RT87u running Asus Merlin firmware version 384.7
Blue Iris server: Windows 10 Pro version 1809. No AD domain
Samsung Galaxy S8, root Android 8.00 with September 1 2018 security patch

Port forwarding rule I use:
Source IP: 10.0.*
Source port: 81
Destination IP: 10.0.0.{Blue Iris server}
Destination port: 81​

Thanks again for a great forum!
Kent

 

[bp2008]

Hi. This makes sense because when the BI mobile app tries to load the preview image, it will be doing so via your public IP address no matter if you are on cellular or your home wifi. Either way, the only way those preview image connections make it to Blue Iris is by passing through a port forwarding rule in your router. If your port forwarding rule specifies allowable source addresses then any address not on that list will not be able to get its connections forwarded through that port. This is why you ended up needing to add your LAN range to the allowable source address list.

Now, using a source-limited port forwarding rule like this really helps to reduce the chance you will be hacked through it. That said, you should be able to disable the forwarding rule and get all the connections working over your VPN if you go to Blue Iris Options > Web server and set the WAN address field to your BI machine's local IP and port number (same as the LAN address box). Be sure to also uncheck the "Refresh external IP" box or else BI will just undo your change later. Once you've done this, the push notifications to your phone should begin instructing the phone to load preview images from the BI machine's LAN address. As long as the phone is connected to your VPN, it should work.

 

[Kensko]

Thanks for the reply. That was how I imagined it would work, and your reply sparked off some investigations I should have done right away. Common sense should also have triggered me, but why start using that all of a sudden.

Turns out my router has a bug! The source IPs of "10.0.*.*", or "10.0.0.*" will actually open the port forwarding for EVERY IP. Seems like the leading zero in combination with asterisks " * " will cause the opening to all IPs. Testet source IP of "10.*.*.*", which worked like it should, only allowing IPs from the 10 network.

Thank you for replying and making me test this further. I've set it up like you suggested and using VPN when not at home. Edited my original post in case someone finds it in Google and gets confused.

 

[Martin Paul Sr]

I achieved this simply using the SMTP server settings in Blue Iris.
With those settings BI will send an SMS or MMS (MMS includes a snapshot).
You gotta give it your SMTP server Username and Password such as Gmail account, but there are other ways do do SMTP.
Then you can give it your carrier's email address to send a message (they all have email>messaging, in my case the Sprint MMS address is "mobile-number@pm.sprint.com")
Whenever my cams are "on", meaning green light, I get a pic in about five seconds whenever a trigger occurs, usually even before the mobile app alerts me.
I get to test it a lot because I have a lawn guy every Friday that triggers the doorbell, and some others like house cleaners that trigger the indoor cams.

I also have free-and-true CA-certificate SSL/HTTPS access with UI3 and the mobile app PLUS Chromecast play, and the only port I have open on my home router is 443 to the encrypted "stunnel" proxy.
See my recent tutorial on that issue (You're welcome!): Chromecast working...!

 

[mtpleasantben]

I received a message from support today, looks like Animated Gifs do not work on Android:

"It has been determined that GIF does not work on Android alerts and this is a limitation on that platform. You must stick with JPEG on the Android."

 

[Kensko]

I achieved this simply using the SMTP server settings in Blue Iris.
With those settings BI will send an SMS or MMS (MMS includes a snapshot).
You gotta give it your SMTP server Username and Password such as Gmail account, but there are other ways do do SMTP.
Then you can give it your carrier's email address to send a message (they all have email>messaging, in my case the Sprint MMS address is "mobile-number@pm.sprint.com")
Whenever my cams are "on", meaning green light, I get a pic in about five seconds whenever a trigger occurs, usually even before the mobile app alerts me.
I get to test it a lot because I have a lawn guy every Friday that triggers the doorbell, and some others like house cleaners that trigger the indoor cams.

I also have free-and-true CA-certificate SSL/HTTPS access with UI3 and the mobile app PLUS Chromecast play, and the only port I have open on my home router is 443 to the encrypted "stunnel" proxy.
See my recent tutorial on that issue (You're welcome!): Chromecast working...!

Unfortunately my carrier stopped supporting this some years ago. Used to be common 10 years ago but today, none of the carriers in Norway support this now (as far as I know). Have been going the VPN route to achieve some of the things I want.