Hello! I've got BI working pretty good on a Swann camera-salvage home system. It runs on a separate computer 192.168.10.xxx. I have my home network on 192.168.0.xxx using Omada ER605. A POE switch powers the cameras, and an open port is plugged into an unmanaged switch on the xxx.0.xxx home network. Wife wants to see the cameras on her phone. I created VLAN 10 and a VPN in the ER605, but am getting bogged down somewhere either on the 2 networks or on the OpenVPN. I cannot get to BI on 192.168.10.xxx and of course I'm doing something wrong. Any tutorial or vids with this re-hashed scenario? Thanks!
OpenVPN and Blue Iris on Separate Network?
- Thread starter CamDad
- Start date
Sybertiger
Known around here
The first step is to make sure wife can see the cams from her phone when on your home network using UI3 in a browser such as Chrome. The VPN comes in when she is not home and wants to see the cams through the mobile phone network or from a network outside your home.
Sybertiger
Known around here
This is how a lot of people on this forum access their BI computers. Notice the BI computer has two NICs. So there are two physical networks but I see you want to use virtual networks.
Thank you for responding. No, I cannot access the Remote WAN IP address supplied in the Web server tab using Chrome from the home xxx.0.xxx network. I can access the BI compute using Remote Connect from my home desktop on the xxx.0.xxx network.
Last edited:
Yes, aside from the NIC x 2, this is basically my setup. I have seen descriptions of the dual NICs but other descriptions on how this was not needed assuming everything is set up correctly, since the VLAN is essentially the other network. Any suggestions?
I setup my home network in the same way that you're trying to do. My basic firewall rule for the camera Vlan network (which includes the NVR server with one nic) is no internet access and no other vlan network access.
My openVPN service sits on the router and has its own Vlan which has access to the complete network. I then have a specific firewall rule for the NVR server that allows access to the OpenVPN vlan network. To troubleshoot, make sure that when you are on your openvpn vlan you can ping devices in your home network regardless of a devices vlan. Once that works, make sure that the NVR server can ping your phone when it's connected to your openVPN. If you use internal DNS, make sure that you have DNS forwarding enabled for the openvpn vlan.
If you're hyper security conscious, you could condition a firewall rule for your openvpn vlan to access only the NVR server. My thinking in the way I did things was to frontload all the security into the VPN connection itself with various layers of encryption, and then allow complete access to the network as if I were at a management terminal at my physical location.
First, when you set up the OpnVPN server, you have to specify which local network segments a remote device will be able to access. You likely only filled in the primary network segment (192.168.0.X/24). You definitely need to make sure the 192.168.10.X/24 network is listed as well.
Furthermore, you also have a problem with the fact that you have your separate camera network plugged into an unmanaged switch. That switch unmanaged cannot process any VLAN traffic (I believe it will simply ignore/drop the VLAN tag). To get the functionality and security that I believe you are attempting to achieve, you are going to need a managed switch (something that is VLAN aware) to replace your "main" unmanaged network switch. Right now your CCTV traffic is not being segregated from your regular network. You might as well put everything on the primary network for simplicity because it is not adding any extra isolation the way you have it set up.
PS - alternatively, if your current firewall/router device has another LAN port available (not simply another port on a built in switch, but a separately addressable LAN port) you could connect the CCTV stuff directly to the second LAN port/gateway and assign that port to the CCTV VLAN that you created.