I DO NOT need a VPN to remotely view my BI & cameras !!!

adamdylan

Young grasshopper
Joined
Jan 1, 2016
Messages
53
Reaction score
5
I am convinced that I DONT need a seperate VPN to remotely view my BI software screen and camera feeds !!!

Background

So you want to connect remotely to your Blue Iris & cameras at home via eg teamviewer, chrome remote desktop app or Microsoft Remote desktop. You should first should setup a vpn (virtual private network) then you can safely remote access. A VPN provides secure access control encrypting all the network traffic it carries so you can securely access your cctv remotely. Most of you use free openvpn on Asus router. Theres a massive section here on vpns : VPN Primer for Noobs

The main problem.
Hackers dont want your video feeds, they want an always on linux box with decent internet connectivity that can be used to attack targets on the internet.. they want to turn your camera into a weapon of mass destruction.

But..................................... is a vpn really necessary?

Teamviewer has had over 2 billion installations on devices has had no issues (since 2016 anyway ) plus it has its own VPn add on.

Chrome remote desktop
Chrome Remote Desktop is secure and safe. All remote sessions are AES encrypted over a secure SSL connection, which means your data is protected while you remotely access your computer. Additionally, when granting access to Chrome Remote Desktop, you must generate an expiring access code and provide that to the other user.
While Chrome Remote Desktop is secure, the privacy of your data is only as strong as the security practices you use and your computer. Weak passwords, reused PINs, lax security practices and already-vulnerable machines may compromise the privacy and security of your data. How to Use Chrome Remote Desktop for Business - businessnewsdaily.com


Navs input..............................(He discusses home viewing to see work cameras at workplace but can be done work to home of course, teamviewer Ms remote or Chrome remote)


Hi Guys

So far I have gathered that majority here are proponents of following connection model to connect to BI from say home to camera feeds in the target network.
Configuration Setup: OpenVPN + Router Configuration inc dyndns and port forwarding, generating OpenAm key files along with userid and password, reduced traffic speed due to VPN encryption

But I believe there is a simpler and equally secure method to achieve the same and NOOBs will like it. I wanted to check with you guys if you can find any loophole in this method.
1) I have installed Blue Iris on a computer in the remote network - in the same LAN as my camera feeds.
2) Then I installed Teamviewer unattended access server on that computer and marked it a trusted device in my teamviewer account protected by a really long and complex password.
3) Then I went home, logged into the teamviewer client from home, marked my home laptop "trusted" as well and then connected with the Teamviewer unattended access server on the remote computer with BI running on it - all that without doing any port forwarding and confusing dyndns and vpn setups. And I was able to watch the screenshare of the remote BI computer on my home laptop.

What I know about the pros of this method so far.
  1. both computers need to be trusted to communicate with each other and to do that one would need my long complex TV password. No other computer with TV on it can connect to my TV server without being trusted in my TV account. if someone can hack that password then they can very well get into my Windows laptop as well as that has a similar variation of the same length and complexity password.
  2. TV's marvelous proprietary protocol encrypts all the traffic and also handles NAT routing with help from TV's central servers and uses UDP ports, hence no DYNDNS required to be setup in this method (which takes its own sweet time to propagate through the DNS system when the IP of remote router changes)
  3. Read about TV's protocol here - What is the difference between TeamViewer and RDP?
  4. Teamviewer has had over 2 billion installations on devices has had no issues (since 2016 anyway) plus it has its own TeamViewer built-in VPN service that allows you to connect to a device to share windows file shares and to share printers. You may read about it here About TeamViewer VPN
  5. This setup is unaffected by life events like changing your broadband provider, changing your internet router, adding any wifi AP/repeaters in the middle etc etc..
Let me know what you guys think?

Nav
 

alastairstevenson

Staff member
Joined
Oct 28, 2014
Messages
15,930
Reaction score
6,779
Location
Scotland
Teamviewer has had over 2 billion installations on devices has had no issues (since 2016 anyway)
Whilst it's fair to say it hasn't had many vulnerabilities publicly exposed, here is the most recent, from July this year :
 

reflection

Getting comfortable
Joined
Jan 28, 2020
Messages
348
Reaction score
261
Location
Virginia
I'm sure teamviewer would work fine. I use stunnel, which has some integration with BlueIris. Lots of ways to securely access BlueIris remotely.
 

jmhmcse

Pulling my weight
Joined
Dec 30, 2018
Messages
211
Reaction score
129
Location
usa
Interesting solution.

Presuming that one is not a business and therefore no license(s) required. Also presume that one doesn't mind sending all one's video (and other) traffic through a third party network.

your client <-> TV network <-> your host​

Looks like TV has a plethora of clients, it seems that connecting to the host should not be an issue.

Yes, for YOU using TV, you would not need an additional VPN; nor would anyone else who adopts a similar approach.

The TV solution simplifies the initial setup/configuration, but has other challenges. There is a chance TV will notice an excessive amount of data being transferred and do some sort of speed limitation or disconnect. There would also be needed ongoing maintenance activities, ongoing version upgrades of both clients and host. And there may be lurking security issues, published or not, and even the smallest may allow full access to the host.

Granted, the items mentioned above carry only a slight change of happening, but they could.

Whether you, or anyone, choose to use TV or other VPN method is not the issue, the issue is that some type of VPN is used rather than simply opening ports on the router.

I typically don't have a need for remote access, but this seems quick/easy enough for the infrequent/occasional use I need... I'll be checking into the "unattended access" for "trusted" client.
 

reflection

Getting comfortable
Joined
Jan 28, 2020
Messages
348
Reaction score
261
Location
Virginia
If TV is like other "remote desktop"-like solutions, you are sending the "screen" as oppose to the "feed". Video quality might not be as good.
 
Top