Dual NIC setup on your Blue Iris Machine

mitchrapp

n3wb
Joined
Jan 22, 2020
Messages
16
Reaction score
12
If one were to do this dual NIC method, how can the other computers on the home LAN (connected to the internet) connect to BI using UI3?
 

RubberDucky

Young grasshopper
Joined
Jan 8, 2020
Messages
30
Reaction score
9
Location
Canada
I think this might be more complicated than you like with dual-NIC unless you can connect the app to Blue Iris streams or willing to port-forward at the Blue Iris machine and the app supports that. I don't use apps, I only use UI3 for all access on TV, iPad, phone (on wifi), and phone (over vpn).

The benefit of dual-nic is complete, idiot-proof isolation -- but that is also a curse if you are wanting to use any app etc which expects to reach the cameras via local subnet or public IP (either via P2p, uPNP, or port forward). The reason it works fine with Blue Iris is because Blue Iris provides the web server, and the utility (UI3) provides capability to interact with standard camera functions. Only the setup becomes more complicated due to the need to RDP/Teamviewer onto the Blue Iris machine to reach the camera interfaces.

In your case, if you need to use the cameras from an app, you might have to look at learning the basics of VLAN's and you might need VLAN capable hardware at certain points in your network.

Yes, I experimented with joining the two networks, also tunneling between them and thought about VLANs, All possible but in the end decided to just not bother using gDMSS. IMO it's not worth weakening the security given the entire point is to isolate the cameras. RDP/Teamviewer into the PC using smartphone retains the isolation of the dual NIC setup but I found it awkward so in the end switched software instead.
 

Sybertiger

Known around here
Joined
Jun 30, 2018
Messages
1,079
Reaction score
1,376
Location
Orlando
LOL...some of y'all are really overthinking this dual NIC thing.

Your NICs are going to be assigned static IP addresss BY YOU! In the diagram below, if your home network router is 192.168.1.1 like most people then the home network is 192.168.1.X so make your main BI server NIC (red) have a fixed IP like 192.168.1.100. Then make your Camera side NIC (green) have a fixed address like 192.168.0.100. Only devices on the red side can talk directly to your BI server. Devices (IP cams) on the green side can only be accessed by your BI server and they all have IP addresses 192.168.0.X. If you stick your BI server in a closet without a keyboard, mouse, monitor then use TeamViewer or RDP from any computer on your red side network to pull up the desktop/screen of your Windows 10 BI server. If you are away from home on another network like a mobile phone network (cell tower), a friend's network or any WiFi network anywhere in the world connect to your home network first using VPN. Hopefully, you have a router with built-in VPN capability like OpenVPN...one reason I like ASUS routers. After connecting via VPN to your home network you can access your BI server with TeamViewer or RDP. If you want to access Blue Iris directly then use UI3 on a computer or any mobile device or use the BI app on a mobile phone. You'll turn-off VPN when you get back home. To access BI camera view using UI3 use a Chrome browser and use the address of your BI server. If your BI server (red side) has an IP address of 192.168.1.100 then in the browser you enter the address such as where 81 is the port number.


Network1.jpg


Capture.JPG
 
Last edited:
Joined
Apr 26, 2016
Messages
1,075
Reaction score
790
Location
Colorado
doing this I found a switch I thought was a gigabit is only 100MB, so getting that swapped out!
Is it POE? It might be fine until your camera addiction moves into crazy territory, but could also be old and inefficient also. You can pass a lot of video traffic through a 100Mbit switch before you have to upgrade it. But if it isn't POE and is old then yeah I'd probably junk it myself if you don't need a low-speed test network for something.
 

wittaj

Known around here
Joined
Apr 28, 2019
Messages
6,687
Reaction score
9,807
Location
USA
@Sybertiger OK I did exactly what you said and it works, so now I have to adjust my IPs on everything else LOL, but that is the easy part!

Here is my question for you or others. From this menu:
1580912460498.png

Am I mixing everything up that I have read on this forum? Does the Enable the HTTP web server on port 81 open this computer up on the internet or just within the LAN? I have it in my mind that HTTP and port is BAD. Is it more secure to change that port # and it would just be change it to a different number both there and the part after the :?

What about the Remote, external address that is showing the IP of the ISP modem - is that bad and why can we not uncheck that? Is that exposing this computer to the internet? I don't think so because I went onto cellular data and couldn't access it, but is that an opening?

What is the "Listen/Bind to one selected LAN IP only" option?
 

Sybertiger

Known around here
Joined
Jun 30, 2018
Messages
1,079
Reaction score
1,376
Location
Orlando
@Sybertiger OK I did exactly what you said and it works, so now I have to adjust my IPs on everything else LOL, but that is the easy part!

Here is my question for you or others. From this menu:
View attachment 55157

Am I mixing everything up that I have read on this forum? Does the Enable the HTTP web server on port 81 open this computer up on the internet or just within the LAN? I have it in my mind that HTTP and port is BAD. Is it more secure to change that port # and it would just be change it to a different number both there and the part after the :?

What about the Remote, external address that is showing the IP of the ISP modem - is that bad and why can we not uncheck that? Is that exposing this computer to the internet? I don't think so because I went onto cellular data and couldn't access it, but is that an opening?

What is the "Listen/Bind to one selected LAN IP only" option?
Keep in mind, that was just an example to give you an idea of what IP addresses and ports we are talking about. In BI 5 click on the help button at the top for the manual. Go to the section dealing with Remote Access.

Capture.JPG
 

SouthernYankee

IPCT Contributor
Joined
Feb 15, 2018
Messages
5,023
Reaction score
4,823
Location
Houston Tx
Enable the HTTP web server on port 81 . It allows the access to the web server on port 81 on the BI PC. When you want to access the BI web server you do it on port 81. When you enter the BI PC ip address with that port , it will connect you to the web server. It has nothing to do direct WAN or LAN access. The IP address identifies your computer on the network.



Private ip addresses. Local IP addresses. These addresses are NOT used by the internet. They are for your local home/business network.
10.0.0.0 to 10.255.255.255
172.16.0.0 to 172.31.255.255
192.168.0.0 to 192.168.255.255

Note there is no reason to redact local ip addresses when posting.
 

wittaj

Known around here
Joined
Apr 28, 2019
Messages
6,687
Reaction score
9,807
Location
USA
@SouthernYankee - thank you for clearing that up! That all makes sense now.

So if I understand correctly, the remote/WAN access shown above would indeed be the IP address of the ISP Modem, but as long as I don't run thru the remote access wizard or open up/port forward port 81 in my router, then the BI machine is not reachable from outside unless VPN'd into.

Sorry for so many NOOB questions, but I want to make sure I have it set up correctly!
 

SouthernYankee

IPCT Contributor
Joined
Feb 15, 2018
Messages
5,023
Reaction score
4,823
Location
Houston Tx
Wittaj
That is correct. You have to let access to the BI machine or your home network through your router. What you do on your BI PC will not allow access to it from the internet through the router.
 

wittaj

Known around here
Joined
Apr 28, 2019
Messages
6,687
Reaction score
9,807
Location
USA
Wittaj
That is correct. You have to let access to the BI machine or your home network through your router. What you do on your BI PC will not allow access to it from the internet through the router.
Awesome thank you so much....I have been debating dual NIC versus VLAN for way too long and have read so many things they start to run together, but I think I finally know my solution!

Thanks to all that contribute to this forum!
 

wittaj

Known around here
Joined
Apr 28, 2019
Messages
6,687
Reaction score
9,807
Location
USA
@SouthernYankee and @Sybertiger - why does this only seem to happen to me!? So I got the Dual NIC up and working great (well I thought). I can log into the UI3 great from the home wifi on my mobile device so I bookmarked it.

I go to the guest network wifi and open the bookmark to confirm it will not connect (it doesn't) and try to open the router page and it doesn't - so far so good!

So now I go to setup the OpenVPN on the Asus Router - should be simple right? I set it up using the suggestions on this forum.

From my mobile device, I go to the guest network wifi and connect to OpenVPN and I look at the computer and it shows on the router I am connected, so I log out of the router on the computer.

I then open up the router login screen over VPN - I can access it - great!

So I go to the UI3 bookmark over VPN and it will not connect?

Thinking maybe some weird issue by trying on guest network, I go to cellular service - I can log into the router over VPN, but cannot get to the UI3 screen?

What am I missing?
 
Last edited:

Sybertiger

Known around here
Joined
Jun 30, 2018
Messages
1,079
Reaction score
1,376
Location
Orlando
Not sure of your sequence of events, but if you are on a cell phone (for example) don't forget to turn off the WiFi (because if may still be connected) before you connect via OpenVPN.
 

wittaj

Known around here
Joined
Apr 28, 2019
Messages
6,687
Reaction score
9,807
Location
USA
Not sure of your sequence of events, but if you are on a cell phone (for example) don't forget to turn off the WiFi (because if may still be connected) before you connect via OpenVPN.
Yep I turned off wifi, went into airplane mode, I have tried every NOOB configuration, and it is so puzzling that I can see the router over VPN but not UI3?
 

Sybertiger

Known around here
Joined
Jun 30, 2018
Messages
1,079
Reaction score
1,376
Location
Orlando
If I understand your setup, if you are trying to do what I did, you have a headless BI server (no monitor, keyboard, mouse)...it's set up dual-NIC, so....

To access your BI server (desktop, operating system...i.e. the computer) from any other device WiFi or not from WITHIN YOUR HOME NETWORK you'll be using TeamView or MS RemoteDesktop. To assess the BI Server's webserver (the BI camera interface) you'll use UI3 from any computer, again within your home network via WiFi or direct ethernet connection. If you are OUT OF NETWORK, you'll want to connect INTO YOUR NETWORK using OpenVPN. To simulate being out of network on your cell phone simply turn off WiFI to force it to connect to the internet via cell phone tower. You connect to your home network through your cell phone tower using OpenVPN which you should have the OpenVPN app on your phone including the OpenVPN certificate. Once connected then you open up a Chrome browser on your cell phone and using the UI3 link.

You can't be in AIRPLANE MODE....it turns off the cell phone radio AND the WiFi.
 

Sybertiger

Known around here
Joined
Jun 30, 2018
Messages
1,079
Reaction score
1,376
Location
Orlando
We might have to back you up a couple of steps depending on your understanding of networking (or not).

This started out as a Dual-NIC thread. FIrst, do you have that working to your satisfaction??

To access your BI server (desktop, operating system...i.e. the computer) from any other device WiFi or wired ethernet computer from WITHIN YOUR HOME NETWORK you'll be using TeamView or MS RemoteDesktop. To assess the BI Server's webserver (the BI camera interface) you'll use UI3 from any computer, again within your home network via WiFi or direct ethernet connection.

^^^^^^ Confirm you have that working first ^^^^^

We'll worry about OpenVPN after that.
 

wittaj

Known around here
Joined
Apr 28, 2019
Messages
6,687
Reaction score
9,807
Location
USA
If I understand your setup, if you are trying to do what I did, you have a headless BI server (no monitor, keyboard, mouse)...it's set up dual-NIC, so....

To access your BI server (desktop, operating system...i.e. the computer) from any other device WiFi or not from WITHIN YOUR HOME NETWORK you'll be using TeamView or MS RemoteDesktop. To assess the BI Server's webserver (the BI camera interface) you'll use UI3 from any computer, again within your home network via WiFi or direct ethernet connection. If you are OUT OF NETWORK, you'll want to connect INTO YOUR NETWORK using OpenVPN. To simulate being out of network on your cell phone simply turn off WiFI to force it to connect to the internet via cell phone tower. You connect to your home network through your cell phone tower using OpenVPN which you should have the OpenVPN app on your phone including the OpenVPN certificate. Once connected then you open up a Chrome browser on your cell phone and using the UI3 link.

You can't be in AIRPLANE MODE....it turns off the cell phone radio AND the WiFi.
My setup will be headless once I get it to where I want, so TeamView and RemoteDesktop are down the line for setting up.

Yep, I can connect to UI3 from any computer or mobile device while on home network.

Out of network, I use the OpenVPN app and connect to the home network. I open the Chrome browser and can open the router homepage thru OpenVPN, but the UI3 bookmark will not open thru OpenVPN? So I know that I am "on the home network" when thru OpenVPN because I can get to the router page, but not UI3?

While I am a NOOB on some of this stuff, I do know that Airplane mode turns off the radio, but I then turn on the wifi radio to have wifi service while still on airplane mode.

I am at a total loss?
 

Sybertiger

Known around here
Joined
Jun 30, 2018
Messages
1,079
Reaction score
1,376
Location
Orlando
Does the Chrome browser address look something like this...


...which is your red side NIC address if that what you manually assigned AND 81 represents the BI webserver default port?

What http address are you using?
 

Sybertiger

Known around here
Joined
Jun 30, 2018
Messages
1,079
Reaction score
1,376
Location
Orlando
Sounds like this have become a OpenVPN thread because you have the dual-NIC situation working fine...correct?
 

wittaj

Known around here
Joined
Apr 28, 2019
Messages
6,687
Reaction score
9,807
Location
USA
I am 192.168.2.100:81/ui3.htm. This location works while on home network so I bookmarked it in Chrome. Works fine on home network.

I get on another wifi or cellular data and connect to OpenVPN and can use the router bookmark (192.168.2.1) to login into router so I know I am now in the "home network" via VPN. Go to bookmark for ui3 and it says it is unreachable. I hit reload several times, I close chrome and reopen the bookmark, close and try manually. I am getting 30+mbps thru VPN so I know that isn't it.

So then I disconnect OpenVPN, go back to home wifi, go back to the Chrome page, hit reload and it comes up.

I am guessing it is an OpenVPN thread now because I believe everything is correct on Dual NIC now. I guess if you can't think of anything else to try or look at, I will go ahead and move the question to an OpenVPN thread?
 

Sybertiger

Known around here
Joined
Jun 30, 2018
Messages
1,079
Reaction score
1,376
Location
Orlando
Congrats on getting your dual-NIC setup working!

I would just double check that on your device you don't have a typo and are entering the exact same http address you used on the other device. Other than that, I'd start a new thread in the appropriate forum with your issue with OpenVPN.
 
Top