Hi everybody!
I am soon to become a fresh home security system owner and I am trying to understand a few things about the camera setup, especially the network side is a bit unclear to me. As far as sensors for siren alarm are concerned, I got that covered with a security contractor but I wanted to try to setup the cameras myself as I plan to often upgrade and play with different positions, camera types, maybe even some machine learning software.
My goal is to have good night vision capabilities and license plate readability during day and night. I plan to install 10-12 cameras around my medium sized house, I’ll combine some 2MP big sensor night vision ones with 4K for daily viewing of traffic passing by and looking at my driveway.
My biggest confusion was why are cameras even using http and not https? Is this because it became a norm to use VPN on all cctv networks that makes adding 1 more encryption layer less interesting? Should I setup a VPN even if I don’t want to access cameras remotely (say, while on vacation or from work)?
Here is a picture of my current home network:
The modem/router that I got form my ISP does not support adding VPN and I can’t install a different firmware on it, plus the hardware of it is complete crap because the internal web server for the GUI takes ages to load settings pages. So, I bet I need to connect another router/switch after the ISP router to go from there. I have a dynamic IP but even if it was static, I don’t think I can initiate a connection from a remote connection to my home network without having some sort of server hosted somewhere that will first allow for correct IP resolving and let my router accept incoming connection as a reply to outgoing connection that the router made to that external server. I hope that makes sense, it might be completely wrong, please do correct me.
I made another network scheme and wish to ask you if this is the correct setup:
Here I added another VPN capable router between my modem/router and my switch that feeds into all PC’s. This new router connects to NVR, that connects directly to some cameras and to one POE+ switch. Not sure how many cameras can those POE switches support but judging by the cat cable connectors, it seems quite many.
I never had to deal with port forwarding before. As for IP resolution, normally I just looked at the DHCP table on the ISP’s modem/router what local IPs are assigned to machines in my network and copied it from there. I saw a recommendation to change my home local area IP range to something non standard (other than 192.168.1.*). UPnP is already disabled on my ISP router/modem.
If VPN is running on the “VPN capable router”, does that mean it will only tunnel traffic form that router towards my remote connection? My local camera traffic going from camera towards the NVR or a different computer on local network will still be unencrypted, right? If yes, I am a bit unhappy with that as it means if there was any compromised device added to the network later, it would see all the local traffic unencrypted.
Would it be better to add a dedicated computer for viewing and storing video? If I understand this correctly, I should be able to use any computer on local netowrk to open stream on the fly to quickly check who is at the door of I am at PC?
I saw an advice I should be recording at all times and not only when camera detects movement. Is the movement detection timed recording that unreliable?
Sorry for the long post, I did read IP Cam Talk Cliff Notes and Newbie Starter Guide to IP Cam System – VPN setup – Computer Hardware – Blue Iris – Dahua Cameras and VPN Primer for Noobs but it is a lot to take in.
I hope someone will take time to read my nooby comments and questions.
Thank you all for a great community, it is the best and biggest I found for home cctv networking questions so far.
I am soon to become a fresh home security system owner and I am trying to understand a few things about the camera setup, especially the network side is a bit unclear to me. As far as sensors for siren alarm are concerned, I got that covered with a security contractor but I wanted to try to setup the cameras myself as I plan to often upgrade and play with different positions, camera types, maybe even some machine learning software.
My goal is to have good night vision capabilities and license plate readability during day and night. I plan to install 10-12 cameras around my medium sized house, I’ll combine some 2MP big sensor night vision ones with 4K for daily viewing of traffic passing by and looking at my driveway.
My biggest confusion was why are cameras even using http and not https? Is this because it became a norm to use VPN on all cctv networks that makes adding 1 more encryption layer less interesting? Should I setup a VPN even if I don’t want to access cameras remotely (say, while on vacation or from work)?
Here is a picture of my current home network:
The modem/router that I got form my ISP does not support adding VPN and I can’t install a different firmware on it, plus the hardware of it is complete crap because the internal web server for the GUI takes ages to load settings pages. So, I bet I need to connect another router/switch after the ISP router to go from there. I have a dynamic IP but even if it was static, I don’t think I can initiate a connection from a remote connection to my home network without having some sort of server hosted somewhere that will first allow for correct IP resolving and let my router accept incoming connection as a reply to outgoing connection that the router made to that external server. I hope that makes sense, it might be completely wrong, please do correct me.
I made another network scheme and wish to ask you if this is the correct setup:
Here I added another VPN capable router between my modem/router and my switch that feeds into all PC’s. This new router connects to NVR, that connects directly to some cameras and to one POE+ switch. Not sure how many cameras can those POE switches support but judging by the cat cable connectors, it seems quite many.
I never had to deal with port forwarding before. As for IP resolution, normally I just looked at the DHCP table on the ISP’s modem/router what local IPs are assigned to machines in my network and copied it from there. I saw a recommendation to change my home local area IP range to something non standard (other than 192.168.1.*). UPnP is already disabled on my ISP router/modem.
If VPN is running on the “VPN capable router”, does that mean it will only tunnel traffic form that router towards my remote connection? My local camera traffic going from camera towards the NVR or a different computer on local network will still be unencrypted, right? If yes, I am a bit unhappy with that as it means if there was any compromised device added to the network later, it would see all the local traffic unencrypted.
Would it be better to add a dedicated computer for viewing and storing video? If I understand this correctly, I should be able to use any computer on local netowrk to open stream on the fly to quickly check who is at the door of I am at PC?
I saw an advice I should be recording at all times and not only when camera detects movement. Is the movement detection timed recording that unreliable?
Sorry for the long post, I did read IP Cam Talk Cliff Notes and Newbie Starter Guide to IP Cam System – VPN setup – Computer Hardware – Blue Iris – Dahua Cameras and VPN Primer for Noobs but it is a lot to take in.
I hope someone will take time to read my nooby comments and questions.
Thank you all for a great community, it is the best and biggest I found for home cctv networking questions so far.
Last edited:
Although I do remember that some private torrent trackers tell their users to open ports that the torrent client uses and to make sure the IP for which the port is open is always their PC's local IP. I wonder how risky that is. I imagine it is way worse when IPs assigned to cameras have open ports into the internet.