IP Camera through VPN

[AjdinDev]

Hi there,

I'm working on setting up an IP camera platform.

I run a business with several locations and I'm planning to install IP based camera's on all of them. These should all be accessible through a single web portal which has already been made.

So IP camera's require certain ports to be open so that you can fetch the camerastream. This is fairly unsafe so I'm looking for an alternative solution.

My concept was to install an OpenVPN server on the same server that the webserver runs on. My idea was then to put raspberry pi's in each office which route all the camera traffic through the main VPN server. So let's say the VPN Server IP is 64.163.47.81.

I'd be able to access camera's from office 1 through the following IP's/ports: 64.163.47.81:5555 64.163.47.81:5556 64.163.47.81:5557

For office 2, it would be: 64.163.47.81:5558 64.163.47.81:5559 64.163.47.81:5560

Of course these IP's would only be accessible from a frontend proxy we use for our webserver.

What's the best way to do this? My offices don't have static IP's however they all have decent upload speeds so that shouldn't be an issue.

I'm alright at linux/networking but I couldn't figure this one out.

Thanks in advance.

 

[bp2008]

OpenVPN should work as long as your web server has sufficient bandwidth. All camera traffic would be flowing in, and back out of its internet connection.

I would suggest setting up a dynamic DNS service to have your VPN clients connect to, so you don't have to reconfigure them in the event your web server's IP changes.

As for actually setting up OpenVPN, I can't help there. That is what Google is for.

One important thing to note is each of your locations should run a different subnet so you don't have IP conflicts or overly complex routing.

e.g:

10.0.0.0/24
10.0.1.0/24
172.16.0.0/24
172.16.1.0/24

Best to not use the common default subnets at all I think (192.168.x.x), to reduce potential headaches in the future.

 

[copex]

1, when using a vpn ALL ports are open
2, A raspberry Pi would probably struggle to encode the video traffic on multiple cameras, if you have some old PCs you could use PfSense for example.
3. you would also need a good upload speed at the cameras sites
3, you would only need a static at the server side, so the camera sites would be dial out and the server side would be dial in, no-ip or dydns would work if the router support this.
4. good look

 

[bp2008]

You don't actually have to make all ports be open over a VPN, but that would be the standard setup.

You are right, raspberry pi is a bit underpowered for high bandwidth VPN duties. Would probably be better off with a low end NUC or other x86 PC.

 

[AjdinDev]

1, when using a vpn ALL ports are open
2, A raspberry Pi would probably struggle to encode the video traffic on multiple cameras, if you have some old PCs you could use PfSense for example.
3. you would also need a good upload speed at the cameras sites
3, you would only need a static at the server side, so the camera sites would be dial out and the server side would be dial in, no-ip or dydns would work if the router support this.
4. good look

You don't actually have to make all ports be open over a VPN, but that would be the standard setup.

You are right, raspberry pi is a bit underpowered for high bandwidth VPN duties. Would probably be better off with a low end NUC or other x86 PC.

Thanks for all the posts.

Would it be a solution to disable encryption somehow? Encryption isn't that important to us, having ports closed is more important.

 

[bp2008]

Maybe?

I haven't tried, or measured performance, myself.

 

[AjdinDev]

Maybe?

I haven't tried, or measured performance, myself.

I'll give it a shot soon. Thanks.