DDNS setup ? Remote viewing questions ?

thedoc46 · Jul 27, 2015

Hi,

Want to setup my DS-2CD2132F camera's for remote viewing. Trying to setup DDNS. I've registered up at http://us.hik-online.com/auth/login

However when I go to add a camera, i put in my serial number, give it a domain name, it says the device does not exist. (as per its recommendation, I've left the port at '0'.

I've not yet setup my DDNS screen in the web interface.

Also another question is because the DS-2CD2132F has an SD Card slot, i do not plan on running any kind of NVR... I would just like to access my 2 camera's remotely. What are we supposed to enter as a ports for the following ? (considering I'm trying to leave the port as '0' on the DDNS setup. If my camera is the NVR itself ? then when doing my port forwarding, should i be keeping or leaving out of these ? Also what is the RTSP Port?

CamFan · Jul 28, 2015

It is not advised to expose your cameras to the internet. See my blog tip https://diysecurityguy.wordpress.com/2015/07/28/tip-isolate-your-hikvision-ip-cameras-from-the-internet-using-parental-controls-in-router/?preview_id=127

ruppmeister · Jul 28, 2015

CamFan said:
It is not advised to expose your cameras to the internet. See my blog tip https://diysecurityguy.wordpress.com/2015/07/28/tip-isolate-your-hikvision-ip-cameras-from-the-internet-using-parental-controls-in-router/?preview_id=127

I say if the OP knows the risks, then let them do it and try to provide the support they are asking for.

Edit: With that being said, I agree with @CamFan that it is bad practice to expose your cameras with open ports to your network as these cameras are not very secure.

As for setting this all up, try the link below which is a PDF from Hikvision on how to use and configure DDNS for a DVR but same/similar settings can be used for the camera itself. Make sure you are setting up the port forwarding on your router to point to your camera. And yes, use port 0 in your DDNS port configuration as the service uses both ports 80 and 8000 for the connection, both of which need to be forwarded in your router according to the guide.

http://oversea-download.hikvision.com/uploadfile/doc/DDNS Management System User's Manual V1.0_20120301.pdf

thedoc46 · Jul 28, 2015

It's really not happening for me...

Firstly, the DDNS configuration of the cam itself, doesn't allow me to enter in any credentials. As you can see from the screenshot below, they're greyed out....

And secondly, the us.hik-vision.com doesn't allow me to enter in my IP cams as devices, telling me that they do not exist ?????

Getting frustrated with these cams. I am able to view using iVMS 4500 and prentending that my leased IP address is static, but that's not going to last for long.... Really need a solution for these IP cams. Need to have DDNS going... Is the only solution a pay $5 dyndns solution ? What am I missing here ? Is it cos they come from China & the firmware is crap, along with no registered serial numbers on the US hik sites?

fenderman · Jul 28, 2015

@thedoc46 I dont use hiks ddns, but you dont need to enter credentials when using it..you need to enter your unique domain.
I believe the correct server address is www.hik-online.com not what you have entered.
You can use a free service like no-ip.com ..they also have a paid service for only 20 dollars a year.

ruppmeister · Jul 28, 2015

Actually, the documentation lists the server address as 173.200.91.74 for US based users. I could be wrong as I don't use this service since I use Blue Iris instead and access my cameras through the web using NO-IP.com as my DDNS service (free version).

id5 · Jul 29, 2015

I had the same with newer Chinese cameras not being recognised by hikonline.

I us no-ip which works well. If you setup the camera correctly with a user level account and only publish the server port then you will be far more secure than the majority.

ruppmeister · Jul 29, 2015

id5 said:
If you setup the camera correctly with a user level account and only publish the server port then you will be far more secure than the majority.

No, this is wrong. You are not any safer just because you think you are using a lower level account. There are hard coded accounts in the camera that are not able to be disabled which could allow for someone to take over your camera. Some of the known exploits have been patched, but others I am sure still exist. You are always taking a risk when you expose something to the Internet, it comes down to how comfortable are you with what you have exposed. If the OP doesn't care if someone sees the camera feeds, then so be it, expose it to the Internet. Otherwise, take caution and find and alternate solution with more secure access (VPN).

id5 · Jul 29, 2015

ruppmeister said:
No, this is wrong. You are not any safer just because you think you are using a lower level account. There are hard coded accounts in the camera that are not able to be disabled which could allow for someone to take over your camera. Some of the known exploits have been patched, but others I am sure still exist. You are always taking a risk when you expose something to the Internet, it comes down to how comfortable are you with what you have exposed. If the OP doesn't care if someone sees the camera feeds, then so be it, expose it to the Internet. Otherwise, take caution and find and alternate solution with more secure access (VPN).

The user level account is safer to use than the admin account, if someone was to hack the user level they will have a lower set of privileges to continue to hack with.

If your fear level of the manufactures code is that high then frankly you should not be running the camera except in its own firewalled network air gapped from your own whilst wearing a tinfoil hat.

thedoc46 · Jul 30, 2015

I like the idea of this... What's the best way to do this? Export the config, (so you can revert if you ever need to make changes later on) then create the lower level account, and then delete the admin ?

ruppmeister · Jul 30, 2015

thedoc46 said:
I like the idea of this... What's the best way to do this? Export the config, (so you can revert if you ever need to make changes later on) then create the lower level account, and then delete the admin ?

That is the problem I have with @id5 suggestion. In order to ensure that your admin account in not also available for an attack you have to remove remote access to the account, leaving only your user account to have web access (don't delete admin account (if that is even possible)). That just doesn't make sense to me at all. Use a VPN and ensure that your connection is much safer instead.

valcctv · Dec 7, 2015

Dos anyone know if V5.3.0 version software have option to change region on DDNS as my V5.2.0 do not have option.......Maybe thats why having probs to acsees my camera in Barbados. Set up in UK to make sure is working was fine now problem "The device is not registered in the current region, please edit the device DDNS configuration" But my 5.2.0 version soft do not***have option to change region

Please anyone help

valcctv · Dec 7, 2015

Hi Fantastic forum best info.

Now having a nightmare with hik-online.com

Please anyone help

Setup my 2732F in UK no probs at all worked fine*DDNS*set up hik-online account with device domain, to make sure it working and all that and it did until i tried to access in Barbados. Now in Caribbean trying to connect to*DDNS*hik-online.com it states now THAT I AM IN THE WRONG REGION AND NEED CHANGED. I have done that changed to Barbados. Maybe i need to change that somewhere else? But message still coming up:

The device is not registered in the current region, please edit the device*DDNS*configuration:
1)If the device supports the county selection, please select the country as: Barbados
2)If the device does not support the county selection, please edit the*DDNS*address as: sadev.hik-online.com

Please help as need to fix this urgently. Flying back to UK in few days.

All help appreciated.

valcctv · Dec 16, 2015

valcctv said:
Hi Fantastic forum best info.

Now having a nightmare with hik-online.com

Please anyone help

Setup my 2732F in UK no probs at all worked fine*DDNS*set up hik-online account with device domain, to make sure it working and all that and it did until i tried to access in Barbados. Now in Caribbean trying to connect to*DDNS*hik-online.com it states now THAT I AM IN THE WRONG REGION AND NEED CHANGED. I have done that changed to Barbados. Maybe i need to change that somewhere else? But message still coming up:

The device is not registered in the current region, please edit the device*DDNS*configuration:
1)If the device supports the county selection, please select the country as: Barbados
2)If the device does not support the county selection, please edit the*DDNS*address as: sadev.hik-online.com

Please help as need to fix this urgently. Flying back to UK in few days.

All help appreciated.

I guess no one can help me here?

Also now issue: managed to get in via Router ip addres with :8xxx port number.

But via hik-online.com still going to redirection and then it stops mentioned Web not available.

Please any advice on this.

whoslooking · Dec 16, 2015

The easy way to setup ddns is to put the camera into dhcp, if you have set your own ip address, you probably didn't setup it all up what's needed, like setting the dns to that of your routers ip address.
Give that a go.

Dwys · Mar 2, 2016

I'm looking for someone to log into my hikvision nvr, setup cloud, ddns, remote viewing, xfinity router. I'd be happy to contribute some money via papal. Let me know if anyone up for the challenge thx!

zero-degrees · Mar 2, 2016

@Dwys - make sure if anyone assists you use a program called TeamViewer. This is one of the safest ways to allow TEMP remote access as once the project is complete you can shut down access, also you can take back controll at any time while they are working or if you don't like something you see them doing. My advice is be careful trusting just anyone from a forum, there are some stand up guys here, but still be careful.

I will tell you that I have seen @fenderman offer in the past to remote in to assist people via TeamViewer, not sure if its something he'd be up for at the moment.

If you have the all in one Xfinity Dory Device (Modem, Router/Gateway) the config is pretty quick as it relates to port forwarding, if you already have signed up for a DDNS or the like, then that just needs plugged into your NVR and you should be good. This is only about a 5 min setup start to finish.

Dwys · Mar 2, 2016

Ok thx for that knowledge. My Comcast router modem (no gateway for telephony) in Port forwarding is asking for ip address range in addition to Ports...

zero-degrees · Mar 2, 2016

Dwys said:
Ok thx for that knowledge. My Comcast router modem (no gateway for telephony) in Port forwarding is asking for ip address range in addition to Ports...

So if you need to open port 1234 for example the range is 1234 - 1234 and the IP address to forward that traffic to is that of the NVR 192.168.100.50 for example if that is the address of your NVR.

Search

DDNS setup ? Remote viewing questions ?

thedoc46

n3wb

CamFan

Getting the hang of it

ruppmeister

Getting the hang of it

thedoc46

n3wb

fenderman

ruppmeister

Getting the hang of it

id5

Young grasshopper

ruppmeister

Getting the hang of it

id5

Young grasshopper

thedoc46

n3wb

ruppmeister

Getting the hang of it

valcctv

n3wb

valcctv

n3wb

valcctv

n3wb

whoslooking

Dwys

n3wb

zero-degrees

Known around here

Dwys

n3wb

zero-degrees

Known around here