IP-Cam Liveview over Internet

[DL2ROY]

Hello,

I own 2 IP-Cam's
1. 7Links: works great. Network over PC or AndroidApp and Internet over AndroidApp

To get this to work i created a free Dynnet Account for the Internet. And for the Network I set both Cam's on a stable IP. After this I forwarded the external Port 81 to the 7Links Cam an the external Port 82 to the other one.

2. My second Cam is a NoName China Cam. In the Shop is written something like Model: TOP-308 on the Back op my Cam is written: Model: JSK-720P. But no Brandname...
In the Network i can watch the Liveview on my PC (Software delivered with the Cam: CMS) and over an Freeware AndroidApp.
For the PC i connect by the MediaPort of the Cam: 34567
For the App I use Onvif over the Onvif-Port: 8899
But I can't connect over the Internet... I tryed to forward the external Port 82 to the internal Port 34567 and I tryed to forward the external Port 82 to the internal Port 8899. But norhing works.

What could I do to get it to work??

And second Problem: I also want to get the Liveview on my Homepage, so I need a Script/Player with the possibility to stream this Liveview of the IP-Cam on my Page. What could I try for this??


Greets
DL2ROY

 

[Kawboy12R]

Do the world (and yourself) a favour. Don't port forward any camera, but PARTICULARLY a noname Chinese camera, over the Internet.

 

[hmjgriffon]

Do the world (and yourself) a favour. Don't port forward any camera, but PARTICULARLY a noname Chinese camera, over the Internet.

My head hurts, lol.

 

[DL2ROY]

What should i do else?

 

[nayr]

Start by reading this: VPN Primer for Noobs

 

[DL2ROY]

I started the vpn on my Router.
I created a certificate an put it on my phone to test.
I tryed 3 OpenVPN Apps.
1. dis not work at all (unable to import this certificate)
2. and 3. works but while trying to connect after asking the passkey they fail with the message "TAP based Tunnels are not supported on android" or something like this...

What' s that and what should i change?

 

[hmjgriffon]

I started the vpn on my Router.
I created a certificate an put it on my phone to test.
I tryed 3 OpenVPN Apps.
1. dis not work at all (unable to import this certificate)
2. and 3. works but while trying to connect after asking the passkey they fail with the message "TAP based Tunnels are not supported on android" or something like this...

What' s that and what should i change?

You want tun, here is my config with the me specific stuff removed.



##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################

# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client

# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun

# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel
# if you have more than one. On XP SP2,
# you may need to disable the firewall
# for the TAP adapter.
;dev-node MyTap

# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server.
;proto tcp
proto udp

# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote "server IP and port goes here"
topology subnet

# Choose a random host from the remote
# list for load-balancing. Otherwise
# try hosts in the order specified.
;remote-random

# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite

# Most clients don't need to bind to
# a specific local port number.
nobind

# Downgrade privileges after initialization (non-Windows only)
user nobody
group nobody

# Try to preserve some state across restarts.
persist-key
persist-tun

# If you are connecting through an
# HTTP proxy to reach the actual OpenVPN
# server, put the proxy server/IP and
# port number here. See the man page
# if your proxy server requires
# authentication.
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]

# Wireless networks often produce a lot
# of duplicate packets. Set this flag
# to silence duplicate packet warnings.
;mute-replay-warnings

# SSL/TLS parms.
# See the server config file for more
# description. It's best to use
# a separate .crt/.key file pair
# for each client. A single ca
# file can be used for all clients.
;ca ca.crt
;cert client.crt
;key client.key

# Verify server certificate by checking that the
# certicate has the correct key usage set.
# This is an important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the keyUsage set to
# digitalSignature, keyEncipherment
# and the extendedKeyUsage to
# serverAuth
# EasyRSA can do this for you.
remote-cert-tls server

# If a tls-auth key is used on the server
# then every client must also have the key.
;tls-auth ta.key 1

# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
;cipher x

# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
comp-lzo

# Set log file verbosity.
verb 3

# Silence repeating messages
;mute 20

<ca>
-----BEGIN CERTIFICATE-----
"Paste cert here"

-----END CERTIFICATE-----
</ca>

<cert>
-----BEGIN CERTIFICATE-----
"Paste cert here"

-----END CERTIFICATE-----
</cert>

<key>
-----BEGIN PRIVATE KEY-----
"Paste key here"

-----END PRIVATE KEY-----
</key>

key-direction 1
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
"Paste TLS key here"
-----END OpenVPN Static key V1-----
</tls-auth>


I use the same cert for every client because I don't care and I'm the only one who uses the VPN so all of the clients are me anyways, import the config into open VPN connect and go to town.

 

[DL2ROY]

Hello,

thx for that, I already reached the next Problem... Now the Message is not "unable ...TAP...", actually it's this one: "tun_prop_error: one of ifconfig or ifconfig-ipv6 must be specified"

The Problem is, I can't find the "Server Config". I only can enable or disable the VPN on my router and the only settings I can set are:
- UDP/TCP
- VPN-Port (i choosed as in your Post the port: 443)
- Mode: Bridged / Routed (i changed bridged)

Nothing more. For the Rest i can download the XXX.ovpn and the XXX.p12

Here my actual XXX.ovpn


client
dev tun
proto udp
remote MyDynDNS 443
resolv-retry infinite
nobind
persist-key
persist-tun
pkcs12 MyKeyFile.p12
comp-lzo
verb 3
remote-cert-tls server
ns-cert-type server
verb 3

 

[hmjgriffon]

Hello,

thx for that, I already reached the next Problem... Now the Message is not "unable ...TAP...", actually it's this one: "tun_prop_error: one of ifconfig or ifconfig-ipv6 must be specified"

The Problem is, I can't find the "Server Config". I only can enable or disable the VPN on my router and the only settings I can set are:
- UDP/TCP
- VPN-Port (i choosed as in your Post the port: 443)
- Mode: Bridged / Routed (i changed bridged)

Nothing more. For the Rest i can download the XXX.ovpn and the XXX.p12

Here my actual XXX.ovpn


client
dev tun
proto udp
remote MyDynDNS 443
resolv-retry infinite
nobind
persist-key
persist-tun
pkcs12 MyKeyFile.p12
comp-lzo
verb 3
remote-cert-tls server
ns-cert-type server
verb 3

Your client config has nothing pointing to the cert, you either have to put the path where it is on your phone, or open the certs and paste the contents inline in your config file like I did. It would really help if you router would either tell you what the settings are, or generate a config file for you lol. I set up OpenVPN myself on my firewall so I had to set up the config file on the firewall also.

 

[DL2ROY]

Yeah I don't know how that works, all this. The same for my Firewall in the Router, i cann enable or disable, no more settings for the firewall (ok sure there are: e-mail setup for firewallwarning mails... )

the p12 I chose in the app, an it combines both. Is it that what you mean?? How could i set the path to the cert.?

 

[DL2ROY]

Hmm, so no more Idea?? :-(

 

[hmjgriffon]

Hmm, so no more Idea?? :-(

Not without seeing the interface for the VPN stuff

 

[DL2ROY]

Ok, no Problem.

just tell me what you need. I can show you screenshots a.s.o...

 

[hmjgriffon]

Ok, no Problem.

just tell me what you need. I can show you screenshots a.s.o...

the vpn configuration screen would be good to start.

 

[DL2ROY]

You think this???


MyClientConfig.ovpn:

---------------------------------------------------
client
dev tun
proto udp
remote MyFree.ddns.net 443
resolv-retry infinite
nobind
persist-key
persist-tun
pkcs12 MyKey.p12
comp-lzo
verb 3
remote-cert-tls server
ns-cert-type server
verb 3
---------------------------------------------------

 

[hmjgriffon]

You think this???


MyClientConfig.ovpn:

---------------------------------------------------
client
dev tun
proto udp
remote MyFree.ddns.net 443
resolv-retry infinite
nobind
persist-key
persist-tun
pkcs12 MyKey.p12
comp-lzo
verb 3
remote-cert-tls server
ns-cert-type server
verb 3
---------------------------------------------------

Have you verified that MyFree.ddns.net 443 is actually forwarding to your firewall? Maybe try the public IP of your firewall in the client and see if that works first.

 

[DL2ROY]

Yes sure. Over the my ddns adress I cann actually see one of the 2 cams (still over portforwarding). So this works fine...

My Problem is that the AndroidApp won't connect to the vpn by telling me:

"tun_prop_error: one of ifconfig or ifconfig-ipv6 must be specified"

 

[nayr]

turn off bridging in your server config (Connection Method: Bridged)

thats tap (Bridging) , and your client config is for tun (Routing), thus a mismatch.. tun is recommended.

 

[hmjgriffon]

Yes, server and client settings must match

Sent from my Nexus 6P using Tapatalk

 

[DL2ROY]

Ok,

But which settings should I take for this in der Router/Server Config:



VPN Subnet 192.168.4.0IP Subnet Mask 255.255.255.0


How could I connect to the Cam when de VPN connect's to a subnet??