Dahua local vs remote connection

[adri76]

Hi
I have Dahua cameras that I use with sd cards for intrusion detection and it is working quite well, but I have a problem with the app and SmartPSS.
The issue is that when I am on my local network I need to stream the cameras locally and when I am not on my local network I need to still be able to get notifications and video from the cameras.
If I use p2p (I know that it is not secure) the video feed is extremely slow as everything is routed via the internet, even when on my local network, so I am looking for a solution to be able to access the cameras when not on my network and have local access when on the local network.
At the moment my solution is to have each camera set up twice on the app (ip for local & p2p for remote) and manually selecting the local version of the camera when on my local network.
Does anyone have a better solution for this problem.

 

[catcamstar]

Sure, search ipcamtalk forum on "VPN", there are ample solutions (eg quick ones: using an onboard VPN server on your home router eg ASUS, or bit more sophisticated on an stand-alone router (pfsense, Edgerouter)... When you open that VPN tunnel over 4G (or WAN in more general), it looks your device is residing on-premise, at home so to say. Very secure. But mind bandwidth consumption, so when connecting over VPN, you might have to use the secundary video streams to save quota.

Hope this helps!
CC

PS. disable P2P at once.

 

[adri76]

I did look at setting up a vpn, but would that not give me the same result?
If I use vpn the local traffic (as I understand) would also pass through the vpn so it would still be slow as I will not have a "local" connection when on my local network.

 

[catcamstar]

Okay, let's rephrase as there is a lot of confusion on VPN. Many people use "VPN" to hide their surfing behavior (eg their ISP can't see what they do) or to avoid geographical limitations (eg watch netflix US series from EU). This is NOT what I meant. These are VPN CLIENT solutions.
Have a look at this diagram:

What I am referring to: you deploy your own VPN SERVER inside your home network. For your home network: NOTHING changes, it keeps working as it is, no IP address changes etc.
So the VPN Client (your pc with SmartPSS/gsm) receives a VPN client which connects, over the internetz, to your VPN Server at home. And through that newly created (virtual) tunnel, you can access your cams, your NAS, your TV box as if you were home. The so called "Perimeter Network" is your home network (LAN).

Does this help you?
CC

 

[adri76]

I think maybe I am not explaining my problem properly or maybe I need to do more research, but my problem is not creating a secure method of connecting to my cameras, but more of a routing problem. (security is important for the remote connection, but I do not want local traffic to also go through the vpn)
When I am on my local network I need to be able to connect to the cameras locally from my phone or pc without going through the VPN server that would slow down traffic.
I want the transition from remote to local to be seamless without creating 2 profiles for each camera. (local and remote connection.)
I need to be able to also still get alarm notifications on my phone remotely.

 

[catcamstar]

Hi @adri76 : like I wrote: NOTHING needs to be configured/changed (eg 2 network profiles on the camera). Local traffic (when being at home) will not pass through the VPN anyhow. Only when being out of your house, that VPN server will pass on LOCAL traffic to the VPN Client. On my phone, my VPN Client is in "always-on" state, so when being at home or abroad, I always got access to my camera's/NAS/printers without having to change anything on the network.

Do read a bit about VPN Servers at home (do NOT use a cloud based VPN Server because yes, in that case you need to install a VPN Client everywhere).

Good luck!
CC

 

[adri76]

Ok, thanks, I will read up a bit more on VPN's.
My understanding was that if you use a VPN server - client configuration, all traffic passes through the server and it encrypts the traffic and that would slow it down even if it is done locally.

 

[catcamstar]

That is true, but in this case, you only need client configuration on your SmartPSS/MobileDevice, all the others remain untouched.

 

[adri76]

The issue is that I do not want local traffic to go through the VPN as it seems counter intuitive to secure / encrypt local traffic and in the process slowing it down.
There would probably be a way to do this, and I thought that maybe someone has figured it out.

 

[wittaj]

Somebody has figured it out but you are not following along what is being told to you....

If you use a paid VPN that masks your IP address for illegal streaming and porno then yes your traffic would go thru VPN wherever you are.

This is what you think VPN is....but that is not what we are referring to.

Setting up your own VPN is free and YOU are the host and the only time your video goes thru the VPN is when you are away from home. When you are local you are not using the VPN. A common one used is OpenVPN that is native to many routers.

There are even Wikis here discussing it....

How to Secure Your Network (Don't Get Hacked!)

Many camera networks are unsecure, even those installed by professionals. This guide gives basic instruction in how to secure a camera network from the most common types of attacks. Perhaps the most important rule of securing a computer network is to not forward ports to unsecure services...

ipcamtalk.com

VPN Primer for Noobs

The internet is a force of nature; no video surveillance system made was designed to be exposed to those forces.. NEVER FORWARD PORTS to your NVR or Cameras, doing such things not only exposes you to severe security problems, but everyone else on the internet too.. Hackers dont want your video...

ipcamtalk.com

 

[adri76]

I understand exactly what a local VPN server is.
I am not referring to a cloud / remote hosted / paid VPN service when I talk about traffic going through a VPN.
I am referring to traffic passing through and getting encrypted locally on your own VPN server.
Encrypting data even when done locally must slow down that traffic as encryption takes time.

 

[adri76]

A quote from security.org: "
Do VPNs Slow Down Connections?
The simple answer is yes, every VPN slows down your connection to some degree. That’s because all the encryption to secure your internet connection takes time to code and decode. Some encryption methods and protocols slow down devices more than others.
"

 

[wittaj]

NO you do not understand and clearly are not following ....

When you are on your local network you are not turning VPN on....VPN off equals no data going thru a VPN....

Read the wiki....

Most of us use OpenVPN so I will use that as the example.

In order for OpenVPN to be on and data passing thru it, one needs to open the OpenVPN app and connect...

OpenVPN disconnected means data is not passing thru the VPN....

When we are home, OpenVPN is not open or connected because we are local to our system.

When we are not at home, we tap the OpenVPN app icon on our device and then tap the connect button and then and only then is traffic going thru the VPN and only for that device - anyone at home surfing the internet is still not going thru the VPN. When we are done, we disconnect the connection and close the app...

DATA ONLY PASSES THRU OPENVPN WHEN YOU TURN ON OPENVPN AND ONLY FOR THAT DEVICE....

You local data stays local and when local it is not passing thru a VPN...

 

[catcamstar]

Oh boy.

 

[adri76]

"
If you use a paid VPN that masks your IP address for illegal streaming and porno then yes your traffic would go thru VPN wherever you are.

This is what you think VPN is....but that is not what we are referring to. "

This is what I was referring to when I said that I do understand.

I am looking for a seamless way to stop local traffic going through the VPN.
Manually switching the client on/off is an option, but that means:
1. The client needs to be turned on manually each time I leave my local network.
2. If I forget to turn on the client I will not get alarm notifications.

I think the discussion went off track a bit because it seemed like I have not done any reading on the options available for remote access, but I did,
and I am looking for a better way to do it.

(At the moment I am using cloudflare to access my Homeassistant server when I am not at home and the Homeassistant app detects when I am on my local network and has 2 addresses, 1 for local and 1 for remote access and it switches between the 2 automatically. I was looking for a way to do this with cameras)

 

[catcamstar]

Why using an external service (like cloudfare) with indeed, double bandwidth consumption and double IP deployments... with that "cloudfare VPN server" running in your LAN, you can avoid all that...

 

[adri76]

Accessing homeassistant does not require al lot of bandwith. Using cloudflare made more sense than setting up a local VPN just to open the homeassistant GUI.
When I set up homeassistant remote access with cloudflare, streaming was not something I needed so it was the easiest thing to do at the time)
Streaming video is a bit different as it requires a lot more bandwith.

 

[catcamstar]

With the correct settings (TCP versus UDP, framesize, encryption strenght) you can even optimize your bandwidth consumption, even in FullHD streaming, if your ISP support it, upload speed wise. There are ample of blogs and whitepapers on OpenVPN optimisations on the net.

 

[wittaj]

In that case where you dont want to have to manually connect to a VPN, there are many options available that can turn your VPN on/off on your mobile device based on which network you are connected to.

 

[adri76]

In that case where you dont want to have to manually connect to a VPN, there are many options available that can turn your VPN on/off on your mobile device based on which network you are connected to.

I think this would be a viable option.
I am going to look into this, thanks.