Nightmares with "your connection is not private" errors, has anyone seen this specific situation?

[christyhicks]

So, I had this happen last year at our vacation home, and I can't remember what I had to do to resolve it, but I was going in and changing IP addresses on our Foscam R2 cameras and suddently, I was back in a pickle!

Here's what I CAN tell you:
We are on a wireless internet, so we have a radio on our roof and the ISP beams a signal back and forth from us to them, it is NOT static, changes IP regularly, and is shielded in that if I were to run a "what's my IP" type search, I get THEIR IP not mine. I'm set to DHCP.
I DO have a firewall on my Linksys EA7500 Router.
I tried to assign static IP's and ports TO the cameras, popped this up, and fought it for hours and hours, and I'm somewhat confident that the problem lies in a single camera, as I changed them all back to DHCP and the ports back to 88 and one by one, disconnected cameras until the error went away.
Here is what confuses me: I plugged that camera back in and for awhile, all was well, then it started glitching, so unplugged it again, BUT, although the other WIFI gear in the house experienced SOME glitching, only one computer and one ipad actually gave me the error, the other computer, same Windows 10, did not! I know for a fact you CANNOT access any of these cameras from outside my network. . . I've tried, believe me, but I went from Starlink to this system and neither have a way to sneak in. I've done the obvious virus checks, but I'm pretty confident it is NOT a virus. I feel like it's some type of glitchy thing with camera software, but I don't understand it. I have attached clips of the error, and you'll notice, it's always thinking that the name is myfoscam.org, not matter which website I try. Also, changing my own laptop between static and DHCP occasionally would clear problems up for a short time. I HAVE to understand what happened. . .it's not enough to just toss a camera, I have to know WHY!!!!

 

[alastairstevenson]

Are you using HTTPS to access the camera web GUI, with the camera therefore using a self-signed certificate?
Most browsers will complain about that as the CA (Certificate Authority) won't be in their list.

 

[christyhicks]

No, I have no way to access the camera web setup as those old plug-ins for IE are obsolete. I can access it through the Foscam app on an android/IOS device, or using the FOSCAM VMS software, which I even uninstalled thinking IT could have been the problem. These errors are when I tried to go to ANY website, got the same error, but what was weird was the *myfoscam.org NAME for each website listed, which really threw me. I cleared all caches, bookmarks, etc on chrome, reset it, (lost ALL my saved passwords of course), but nothing worked except it appears that if that camera is hooked up, it may come back, yet it was hooked up and working just fine UNTIL I started the process of assigning static IP addresses and ports to the cameras.

 

[wittaj]

IE is still available, just a few different ways to see it again and then the plug-ins work.

Several options on how to get it back in this thread:

Looks Like Internet Explorer Died Today

This morning it was working fine to view my Hikvision NVR's. Then this afternoon I wanted to look at something and when I clicked to open IE it reverted me back to Windows Edge. I could not browse the NVRs using the IP addresses. So, come to find out Edge does have a section that will open in...

ipcamtalk.com

 

[tangent]

At a glance it appears that you manually added a foscam ssl certificate containing wild cards as a trusted certificate on your computer. It's also possible you're using a very outdated operating system like Windows 7 or otherwise manually messed up some settings on your computer relating to security certificates.

You may find some guidance here Manage Certs with Windows Certificate Manager and PowerShell or with related internet searches.

 

[christyhicks]

At a glance it appears that you manually added a foscam ssl certificate containing wild cards as a trusted certificate on your computer. It's also possible you're using a very outdated operating system like Windows 7 or otherwise manually messed up some settings on your computer relating to security certificates.


How exactly would I have done that? I did do a bunch of research, but most of it dealt with your OWN security certificates. . . I did clear the SSL slate and all saved bookmarks, etc, but nothing seemed to solve it. I looked through the security certs but could find none that looked like they belonged to a foscam device. When I reset Chrome it erased all saved as safe websites, and the funny thing is, everything was working fine until I changed IP addresses from DHCP to static. This is a Windows 10 Microsoft Surface Book 3, so Windows 10 was native to it.

 

[tangent]

How exactly would I have done that? I did do a bunch of research, but most of it dealt with your OWN security certificates. . . I did clear the SSL slate and all saved bookmarks, etc, but nothing seemed to solve it. I looked through the security certs but could find none that looked like they belonged to a foscam device. When I reset Chrome it erased all saved as safe websites, and the funny thing is, everything was working fine until I changed IP addresses from DHCP to static. This is a Windows 10 Microsoft Surface Book 3, so Windows 10 was native to it.

Try this: in the address bad of an offending site, click on "not secure"


Then click on Certificate is not valid


The general and details tabs here should provide some insight into what's happening.

 

[christyhicks]

My responses when clicking did not look quite like that. What I found interesting is each website error gave this info at the bottom (and I could not choose to ignore and go to the website, btw.

 

[tangent]

My responses when clicking did not look quite like that. What I found interesting is each website error gave this info at the bottom (and I could not choose to ignore and go to the website, btw.

You have to click on not secure in the address bar in chrome to get the screens I showed above. Alternatively on a site that is secure clicking the padlock yields the same thing.

It seems like at some point you told your computer to trust / add a foscam certificate that's valid for

*.* or *.com or *.*.com

 

[christyhicks]

You have to click on not secure in the address bar in chrome to get the screens I showed above. Alternatively on a site that is secure clicking the padlock yields the same thing.

It seems like at some point you told your computer to trust / add a foscam certificate that's valid for

*.* or *.com or *.*.com

Mine looks different , don't have option to choose view certificate, but when I clicked on advanced on the error, I could see that every single website, EVERY website I chose had the exact same error, referring to the name of the website not matching the certificate, and every certificate said, "myfoscam.org" as the owner, AND, AND, when I unplug that specific camera, the errors go away.....another odd thing, I could go to google, search and get a result, but if I clicked on ANY result, ANY of them, immediately got the certificate error.

 

[christyhicks]

At a glance it appears that you manually added a foscam ssl certificate containing wild cards as a trusted certificate on your computer. It's also possible you're using a very outdated operating system like Windows 7 or otherwise manually messed up some settings on your computer relating to security certificates.

You may find some guidance here Manage Certs with Windows Certificate Manager and PowerShell or with related internet searches.

I have found no way to either delete or modify this certificate. . . if I search in the certificate manager for all certificates on my computer by serial number, it doesn't show up....cannot find a solution

 

[tangent]

I have found no way to either delete or modify this certificate. . . if I search in the certificate manager for all certificates on my computer by serial number, it doesn't show up....cannot find a solution

Does this occur in all web browsers or just chrome? have you tried other browsers like firefox, brave, or edge?

 

[christyhicks]

Does this occur in all web browsers or just chrome? have you tried other browsers like firefox, brave, or edge?

All browsers, all computers, and the other wifi devices on the system lose internet access, although the router indicates it has internet access and all devices show connected to the router.

 

[tangent]

All browsers, all computers, and the other wifi devices on the system lose internet access, although the router indicates it has internet access and all devices show connected to the router.

That kind of sounds like the foscam is defining its hostname in a manner that somehow inadvertently redirects traffic to the camera or perhaps you have a hacked camera that's try to snoop on network traffic using ARP cache poisoning or some type of DNS misconfiguration.

Check for firmware updates for your router and the camera. If that doesn't fix it, get rid of it and buy something better.

 

[christyhicks]

That kind of sounds like the foscam is defining its hostname in a manner that somehow inadvertently redirects traffic to the camera or perhaps you have a hacked camera that's try to snoop on network traffic using ARP cache poisoning or some type of DNS misconfiguration.

Check for firmware updates for your router and the camera. If that doesn't fix it, get rid of it and buy something better.

well, our system is shielded from the internet as we have a wirelss ISP with no static ip's, and you cannot reach my ip from outside my internal network. I do believe it is possibly a software glitch in the cameras that is messing with the DNS, but have not confirmed that yet. I have an email into foscam asking them if they know what could be wrong. I'm not sure how someone could have hacked any of my cameras, since we are so shielded from outside access. All cameras are updated so I suspect perhaps an update messed something up, but if so, someone else should be experiencing this also.

 

[tangent]

The simplest explanation I can come up with is that the camera is configured with a static ip address that matches your router's IP address resulting in an IP address conflict for the default gateway. As a result when devices try to connect to the internet instead they get the camera. I didn't suggest this earlier as it seemed too rudimentary a problem.

Many cameras provide a means of NAT Traversal otherwise knows as bypassing your firewall. You can buy cameras from disreputable sources that come with malware out of the box. The firewalls on consumer routers are a far cry from commercial firewalls.

You could also try disabling UPnP on your router and possibly also Express Forwarding and AllJoyn.

 

[christyhicks]

The simplest explanation I can come up with is that the camera is configured with a static ip address that matches your router's IP address resulting in an IP address conflict for the default gateway. As a result when devices try to connect to the internet instead they get the camera. I didn't suggest this earlier as it seemed too rudimentary a problem.

Many cameras provide a means of NAT Traversal otherwise knows as bypassing your firewall. You can buy cameras from disreputable sources that come with malware out of the box. The firewalls on consumer routers are a far cry from commercial firewalls.

You could also try disabling UPnP on your router and possibly also Express Forwarding and AllJoyn.

Definitely not the same IP address, in fact, I changed them to numbers outside what the router can assign, using ports way up at 10554, put them on DHCP, etc, so not the same
I have not tried disabling UPnP yet, but seriously, when you live out in the country and have to use Wireless internet providers, you don't get IP's that can be sniffed out, so the only method of getting a virus would be for me to download one, and we do use anti-viral protection, but I've been on the internet since it was a "dial and drop the phone on the modem cradle" age, so I'm pretty safe when it comes to downloads and browsing. Of course, it IS possible to buy a camera that someone may have jacked with, except I did the obvious and ran several checkers long before I got this far. Quite frankly, I'm bumfuzzled because everything from clearing caches, etc that I could find did not solve the problem, and when I do a search on the computer for a Security Certificate by that serial #, it comes up blank. . . same with "issued to".....so it almost HAS to be somehow the router is not playing nice with the cameras, and I know Linksys isn't the greatest, but I cannot find anywhere in IT'S software that I could resolve this either.

 

[tangent]

Try not to take this the wrong way, but your confidence regarding networking feels like it exceeds your knowledge and understanding.

Go review some material on how tcp/ip networking works and work your way up the OSI model using various command line tools (ping, tracert, arp) to troubleshoot / try to understand what's happening. You could also try connecting the offending device directly to a computer, assign a static ip and try to figure out what's going on. It's possible you even made a configuration mistake of some kind that's causing this and might want to try a factory reset on the camera..

 

[tangent]

when you're having issues open up a commend line and try things like "ping google.com", "tracert google.com",

Try accessing google by ip Google in your browser or ping 142.250.191.78. If that works, assign a different DNS server to your computer and see if your issues are resolved then try to figure out what's happening.

 

[jmhmcse]

The error message returned is indicating that the url does not have a valid https connection. This can be attributed to various faults/failures on the host or local PC.

On the PC verify that the browser is up to date; though this may create a problem if the hosts' security protocol is old and no longer supported by the current browser version.

Clearing browser cache and cookies might help; you've already stated this was performed.

Ensure date and time are accurate; on local PC and hosts. Your cameras are hosts and need to be synced with a time source.

Anti virus applications can generate this message, as well as some routers.

If the host is -yours- and you know it to be safe, you can click the Advanced buttons and proceed to the site. I have a very old HP printer that I must use IE emulation within Edge and use the advance/proceed at your own risk to connect to it.

Providing details of your router's DHCP settings (DNS, Default Gateway, Mask, Network Address) being handed out would be helpful. And all the static settings within each of the cameras. Also confirm the address provided by your ISP is entirely different from eveything on your network.

Please provide the URL from the browser along with the error message; what you typed and what is displayed when error occurs. Don't forget the output of the certificate's details.

Also provide the results of an IPCONFIG /ALL of your pc.

Additional specific details of your situation will help reduce the amount of guess/speculation we presume in our responses.

=========

On a side note... cameras have an OS which should be treated as though they are "infected". They could initiate a download themselves and allow a backdoor into your network. Never enable UPnP on your router or camera. Firewall camera IPs from the internet or put them on a separate isolated net.