Feedback on plans for new setup with Blue Iris, HomeKit/Scrypted, and Amcrest/Dahua Cameras

[pete1945]

Trying to isolate my poe ip cams from the network (both for security and to save bandwidth as our network is getting overloaded even with 250 Mbps and an orbi router with satellites. I was hoping to be able to put all my IoT devices on the guest network, my IP cams offline, but connected to blue iris and scrypted on a pc (already run scrypted and plex there) that has it's own separate internet connection, and put apple tv's on both wifi networks and ethernet. Using Amcrest and Dahua (via Empire Tech) cameras and a WD purple hard drive with blue iris for video storage. I already have the equipment shown, and my wife doesn't want to expand the budget, so my options are limited if I need new equipment.

A few questions:
1. Does this network diagram (amateur, I'm new to this) look like a good plan?
2. Can I access the IP cams remotely if the scrypted server has internet access, and the cams connect to the server? If so, am I just connecting the cams to the internet through the scrypted server?
3. Will this work to let us access the IoT devices even though on the other network since we'll have an AppleTV there?
4. Will running NordVPN on Firewalla really improve security and will it impact network speed noticeably?

I've thought about taking a VLAN approach rather than separating things out, then I could use the ORBI mesh system to run ethernet cables, but that has a network congestion issue I'd prefer to avoid, and networking is not my forte.

I would really appreciate any advice or comments on this!

 

[sebastiantombs]

1 - That will work well assuming you have two NIC cards in the Blue Iris machine. The camera traffic won't go through the router.
2 - You can access the cameras remotely IF you use a product like OpenVPN or ZeroTier. What you will actually do is remote in to the BI machine then use a remote desktop product to control that machine and access the cameras.
3 - You'll need rules to access the AppleTV from you local LAN.
4 - NordVPN or other VPN services are for outbound traffic and are designed to hide your IP and surfing habits from your ISP and the rest of the world, but not from the VPN provider. They will not let you access your cameras remotely so OpenVPN or ZeroTier will be needed.

 

[pete1945]

Even without OpenVPN or ZeroTier I can still access it remotely on the blue iris mobile app and in HomeKit, right? We want both since we mainly use HomeKit but occasionally want the higher resolution stream that HomeKit doesn’t offer.

 

[wittaj]

Even without OpenVPN or ZeroTier I can still access it remotely on the blue iris mobile app and in HomeKit, right? We want both since we mainly use HomeKit but occasionally want the higher resolution stream that HomeKit doesn’t offer.

If you open ports you can, but then you are opening yourself up to being hacked.

What does this mean? Are there people connecting to my Blue Iris?

So I noticed These connections in my connections tab, the bottom is me, but the top 3 I don't know, one is an IP from Florida using a VPN, and the other is a Michigan VPN. What do these mean and why is their connection session 0:00:00:00? Thanks, sorry I'm a newbie. Steve

ipcamtalk.com