Hello, I am running a few hikvision cameras, and have them working presently via hikconnect, however when I attempt to access the "remote configuration" menu it tells me i need to setup ddns, so I have purchased a no-ip hostname and though i had it configured correctly, but seems to be running into an issue where it still does not allow me to remotely configure the camera. if I use noip do i still need to do port forwarding, also in many of the videos online they are configuring one camera, what if i have many cameras, do they all need to have their ports changes so that that all can have they own entry? any advise is greatly appreciated, perfer someoen who I can speak to over the phone or voip but happy with any assistance i can receive at this point. Thank you all very much,.
Hikvision ddns configuration setup for remote configuration
- Thread starter Peter Myers
- Start date
alastairstevenson
Staff member
Some useful reading, for the protection of your systems :
How to Secure Your Network (Don't Get Hacked!)
Many camera networks are unsecure, even those installed by professionals. This guide gives basic instruction in how to secure a camera network from the most common types of attacks. Perhaps the most important rule of securing a computer network is to not forward ports to unsecure services...
That’s helpfull, however having to turn on a vpn on my cell everytime I want to access the cameras seems like a hassle, because it slows down my overall internet connection and then auto disconnects after a period of time , which means I have to constantly turn it back on. I look at these cameras maybe.. 3-5 times per hour. All day. lol. And I thought the whole point of noip and such was to avoid having to do all that port forwarding.. but I guess it’s just a way to keep the client side address, still technically accessing via ip and I guess yeah, port
DDNS simply allows you to be able to access your WAN if/when the IP address changes, but it doesn't do anything to secure your device. DDNS is used whether someone port forwards or uses a VNP.
Most here will agree that port forwarding directly to the camera is the least safe. Although the great internet has many articles that state it is OK lol like whatismyipaddress.com that states:
"Port forwarding is an excellent way to preserve public IP addresses. It can protect servers and clients from unwanted access, "hide" the services and servers available on a network, and limit access to and from a network. Port forwarding is transparent to the end user and adds an extra layer of security to networks. In short, port forwarding is used to keep unwanted traffic off networks. It allows network administrators to use one IP address for all external communications on the Internet while dedicating multiple servers with different IPs and ports to the task internally. Port forwarding is useful for home network users who may wish to run a Web server or gaming server on one network."
Next are the other options. There is a debate as to if P2P (what Hik-Connect uses) or OpenVPN or something like ZeroTier is the next safer option.
Arguments are made both ways.
P2P you are relying on the camera manufacturer's servers to not be hacked. You have zero control over those. Dahua has recently been shutting down the older P2P servers that were more easily hacked.
Same with ZeroTier or Wireguard or Tailscale and the like. You are relying on someone else's servers to make that connection. Anytime you are relying on someone else, it can be hacked.
OpenVPN is hosted locally, either native to the router or installed on a computer.
In theory you have the most control over this since it is all in your house.
But it relies on opensource coding that can be hacked as well.
You are relying on your computer and router to be up to date and not allow bad actors in. And sadly, like NVRs and cameras, routers are not routinely updated either. But that is the same regardless of the solution you are using.
Or just say F it and use port forward and scanning QR codes blindly like most of society. At the end of the day, most don't get hacked. It just sucks if you are one of them that do.
At a bare minimum, set up a crazy strong password. Consider not using admin for the username - make a new username. Put the camera on a guest network so at the very least it doesn't exploit your entire network and connected devices, etc.
Most here will agree that port forwarding directly to the camera is the least safe. Although the great internet has many articles that state it is OK lol like whatismyipaddress.com that states:
"Port forwarding is an excellent way to preserve public IP addresses. It can protect servers and clients from unwanted access, "hide" the services and servers available on a network, and limit access to and from a network. Port forwarding is transparent to the end user and adds an extra layer of security to networks. In short, port forwarding is used to keep unwanted traffic off networks. It allows network administrators to use one IP address for all external communications on the Internet while dedicating multiple servers with different IPs and ports to the task internally. Port forwarding is useful for home network users who may wish to run a Web server or gaming server on one network."
Next are the other options. There is a debate as to if P2P (what Hik-Connect uses) or OpenVPN or something like ZeroTier is the next safer option.
Arguments are made both ways.
P2P you are relying on the camera manufacturer's servers to not be hacked. You have zero control over those. Dahua has recently been shutting down the older P2P servers that were more easily hacked.
Same with ZeroTier or Wireguard or Tailscale and the like. You are relying on someone else's servers to make that connection. Anytime you are relying on someone else, it can be hacked.
OpenVPN is hosted locally, either native to the router or installed on a computer.
In theory you have the most control over this since it is all in your house.
But it relies on opensource coding that can be hacked as well.
You are relying on your computer and router to be up to date and not allow bad actors in. And sadly, like NVRs and cameras, routers are not routinely updated either. But that is the same regardless of the solution you are using.
Or just say F it and use port forward and scanning QR codes blindly like most of society. At the end of the day, most don't get hacked. It just sucks if you are one of them that do.
At a bare minimum, set up a crazy strong password. Consider not using admin for the username - make a new username. Put the camera on a guest network so at the very least it doesn't exploit your entire network and connected devices, etc.
A DDNS is used when your public WAN IP is dynamic, not static, meaning it can change at any time, although some go for weeks and months without doing so....but you won't know what the new IP is if and when it changes and you can be stuck trying to access remotely.
The hostname provides a name that is easier to remember than an IP address and does NOT change.
Many routers can be configured with the DDNS account username, account password and hostname so that when the WAN IP changes, it notifies the DDNS provider who then updates the hostname they have on record with the new IP address. You access the hostname and you are sent to the updated IP address.
Many DDNS providers also have a client program that runs on a always-on PC that performs the same function (contacting the DDNS provider to refresh the hostname with the new WAN IP) as described above in the router
Port forwarding is another thing altogether and as mentioned previously is highly discouraged, and instead a VPN is encouraged. The type of VPN to use is not the subscription type; that merely masks your IP and outgoing data. The most recommended is a server-client setup where the VPN server runs on a compatible router at the local site and its matching client runs on the remote device (PC or smartphone). OpenVPN and Wireguard are of this type.
The hostname provides a name that is easier to remember than an IP address and does NOT change.
Many routers can be configured with the DDNS account username, account password and hostname so that when the WAN IP changes, it notifies the DDNS provider who then updates the hostname they have on record with the new IP address. You access the hostname and you are sent to the updated IP address.
Many DDNS providers also have a client program that runs on a always-on PC that performs the same function (contacting the DDNS provider to refresh the hostname with the new WAN IP) as described above in the router
Port forwarding is another thing altogether and as mentioned previously is highly discouraged, and instead a VPN is encouraged. The type of VPN to use is not the subscription type; that merely masks your IP and outgoing data. The most recommended is a server-client setup where the VPN server runs on a compatible router at the local site and its matching client runs on the remote device (PC or smartphone). OpenVPN and Wireguard are of this type.
Last edited: