Blue Iris PC on one network and ip cameras on another

[Stephan06]

All,

I have 1 pc that I use for general use. (yes I kow to have a seperate pc for blueiris but I don not at the moment)

PC > Edgerouter X - port 1 is seperated out 192.168.60.1 port 2,3,4 is 192.168.50.1

Smart switch is connected to port 1 > and cameras is connected on this, This has firewall rules setup. PC is connected to port 2.

I guess the cameras must be on the same network for blueiris to see them? As it can't find them now.

Thanks

 

[sebastiantombs]

You can add a second address to the existing NIC in the BI PC to put it onto the 192.168.60.x network. That's the quick easy way.

The better way would be to add a second NIC to the BI PC configured for the 192.168.60.x network and plug that into the smart switch, unplugging the smart switch from the Edge router. That will provide total isolation since Windows doesn't do any routing unless you specifically configure it to.

Generally, it's not a good idea to route camera traffic through a router due to the relatively high load. I don't know the specs on an Edge router, but getting them off of it can't hurt.

 

[Stephan06]

You can add a second address to the existing NIC in the BI PC to put it onto the 192.168.60.x network. That's the quick easy way.

The better way would be to add a second NIC to the BI PC configured for the 192.168.60.x network and plug that into the smart switch, unplugging the smart switch from the Edge router. That will provide total isolation since Windows doesn't do any routing unless you specifically configure it to.

Generally, it's not a good idea to route camera traffic through a router due to the relatively high load. I don't know the specs on an Edge router, but getting them off of it can't hurt.

Thanks for that! OK I have an extra NIC card. It might just save me $300 buying another used pc to host blueiris and isolate it for security purposes.

 

[fenderman]

Thanks for that! OK I have an extra NIC card. It might just save me $300 buying another used pc to host blueiris and isolate it for security purposes.

You can buy an i5-8500 PC for under 200 bux.

 

[Stephan06]

You can buy an i5-8500 PC for under 200 bux.

Cheers mate. Yes that is what I just got now. I think long term I will isolate a physical port on the edge router and assign a different subnet and still allow internet access. I then plan to use Zerotier if I need to do remote viewing, however with alerts that can be pushed to the phone the need for remote viewing becomes less. Issue with a second NIC is there is no internet access for the cameras but blueiris should still send the push alerts I assume.

 

[sebastiantombs]

Blue Iris has a "front facing" IP and will send alerts just fine. Once again, with a second NIC there is no need for the camera traffic to go through the router. The whole point is to totally isolate them from internet access. If/when you upgrade firmware simply download it onto the BI machine and upgrade from the file directly from the BI machine. There is no reason for cameras to have internet access, Set up a time server on the BI machine as well and point your cameras to the address of the second NIC in the BI machine for a time server.

 

[wittaj]

^ +1 above!

Most of us run the dual NIC system and get alerts just fine and with OpenVPN or Zerotier, you can then remote in and see the system.

The dual NIC is cheaper and faster, and depending on the number of cameras, better than VLANs (although true VLAN users will refute it).

The EdgeRouter X is claimed to be somewhere between 800Mbps to 1Gbps, but you see tests all over where people are only getting in the 700Mbps range.

On my isolated NIC, my cameras are streaming non-stop between 280Mbps to 350Mbps depending on motion. This is full-on, never stopping to take a breath. Even if someone has a gigabit router, a 3rd of non-buffering 24/7 data will impact its speed.

I would just as soon not have that much video data going thru a device if it doesn't need to. Has to slow the system down.

 

[Stephan06]

Thank you all for your advice. i have added the 2nd NIC and have followed the guide on here on how to set it up and find the cameras on the different network. this saves me from buying another sff pc used pc for now. I will now setup deepstack and define zones, otherwise it alerts me when a car drives by or person walks in the street. I only want alerts if the person is in my driveway.

 

[Stephan06]

^ +1 above!

Most of us run the dual NIC system and get alerts just fine and with OpenVPN or Zerotier, you can then remote in and see the system.

The dual NIC is cheaper and faster, and depending on the number of cameras, better than VLANs (although true VLAN users will refute it).

The EdgeRouter X is claimed to be somewhere between 800Mbps to 1Gbps, but you see tests all over where people are only getting in the 700Mbps range.

On my isolated NIC, my cameras are streaming non-stop between 280Mbps to 350Mbps depending on motion. This is full-on, never stopping to take a breath. Even if someone has a gigabit router, a 3rd of non-buffering 24/7 data will impact its speed.

I would just as soon not have that much video data going thru a device if it doesn't need to. Has to slow the system down.

Hi I am in the process of setting up remote or blueiris app view for my mrs.. who is not a computer geek. What I understand from zerotier is, that you first have to open that and then the blue iris app. NGROK also seems an option but because I run the 2 NIC’s I thought I best ask.
If she is home and connected to the normal wifi the ngrok would not work as she first then would have to disconnect her phone wifi and the open the blueiris app?

She would only need access to 1 camera. What would people recommend that have been down this track using 2 NIC’s?

thanks

 

[wittaj]

If she is home on your home wifi then you don't need to VPN back into your system so the app will work just fine or open up a browser and type in the IP address of the BI computer to access the cameras.

The whole point of the VPN back into YOUR system is to access your system as if you were sitting at home on your wifi, so when you are actually home on your own wifi you obviously do not VPN back into your own wifi because you are already on it.

 

[Stephan06]

If she is home on your home wifi then you don't need to VPN back into your system so the app will work just fine or open up a browser and type in the IP address of the BI computer to access the cameras.

The whole point of the VPN back into YOUR system is to access your system as if you were sitting at home on your wifi, so when you are actually home on your own wifi you obviously do not VPN back into your own wifi because you are already on it.

Thanks, I will setup the bi app without having to port forward when she is home. 90% of time the viewing will be done when she is home and 10% away from home. Thanks for that!

 

[Holbs]

Thanks, I will setup the bi app without having to port forward when she is home. 90% of time the viewing will be done when she is home and 10% away from home. Thanks for that!

Unsure about Edgerouter X, but the UDM series router has built in Wireguard VPN nowadays.

 

[Stephan06]

Unsure about Edgerouter X, but the UDM series router has built in Wireguard VPN nowadays.

Thanks have it connected now, the issue was the windows firewall and had to allow blue iris over public networks as well.

 

[Holbs]

for those in the future that come across this posting.... having a 2nd Network Interface Card (NIC) is the best way to go. I ran that setup for a couple years happily. Makes things sooooooo simple for a general startup setup.
when you get more advanced configuration, that is where having a smart switch with VLAN's come into play. But that also comes with confusing network knowledge of VLAN do's/dont's, firewall rules, etc.

 

[wittaj]

Thanks have it connected now, the issue was the windows firewall and had to allow blue iris over public networks as well.

That is only an internal thing is it relates to YOUR network with the Windows computer and determined when you initially connect to your home network - it is saying your home network is public.

You could go to the effort of redoing the wifi network of everything in your house and setting up each computer to private network only, but you will find that is more trouble than it is worth.

You normally make this decision the first time you connect to a network. Windows will ask whether you want your PC to be discoverable on that network. if you select Yes, Windows sets the network as Private. If you select No, Windows sets the network as public. You can see whether a network is private or public from the Network and Sharing Center window in the Control Panel.