P2P Xmeye

Excalibur

Young grasshopper
Joined
May 11, 2018
Messages
36
Reaction score
5
Location
NZ
I've got a Chinese Besder NVR and IPcamera system up and running on XMeye for a homeowner. I've been asked to do the best I can do with what is there. The system runs quite well and was easier to setup than I was anticipating. Even XMeye wasn't too bad. Once I'd figured out their way of doing things it fired right up.

OK, so what I'm looking at is to get P2P as secure as possible. What I've done so far.
1/. Password on NVR
2/. Passwords on IPcameras
3/. Password on XMeye login.

What else should I be doing to get the system robust? The system is behind Carrier Grade Nat. What about PC's attached to the home network?

Grateful for any help. Thanks.
 

TonyR

IPCT Contributor
Joined
Jul 15, 2014
Messages
16,432
Reaction score
38,152
Location
Alabama
If you scanned any QR code(s) and/or created any kind of "off site" account wherein a username and password is required, then your security will only be as good as what the Chinese-provided 'Cloud' server can and will provide for you. That's the way all these "easy to setup", P2P-based systems are.

I could be wrong, but IMO the only way to guarantee the total security of the LAN now is either remove every trace of P2P software, reset all cams and NVR or totally isolate your LAN from the Internet.

Someone else may have a better, less drastic method and I am looking forward to their input.
 

Aengus4h

Getting the hang of it
Joined
Mar 12, 2018
Messages
242
Reaction score
98
Location
UK
Personally as Tony says I'd disable any P2P and run the NVR and cameras on an isolated vLAN with no internet permission or ability to route to other vLANs, also check for open ports on the router and turn uPNP off on it then delete the open ports found. For monitoring/playback allow access from your main user LAN to it and if needs be for external use set up vpn to reach into your main user LAN and connect that way. How feasible will depend on the abilities of your consumer grade router and network gear and if the ISP allows vpn.

OK more complex than the "easy setup" these things offer, but far more secure, no chance of embedded virus/vulnerabilities exposing the rest of your network to attack or being used as mules in a DDoS or other attack on others. Not to mention, control of who can see/publish your video feeds!
 

Excalibur

Young grasshopper
Joined
May 11, 2018
Messages
36
Reaction score
5
Location
NZ
Thanks for thoughts.

I read the secure network wiki with great interest. Big warning there is don't use port forwarding.
There's a lot of talk about modern routers having built-in VPN. Indeed the router does have L2P2, IPsec.
So the question is: can the HG659 router VPN be used successfully over CGNat for remote viewing on Android?

Thanks.
 

Aengus4h

Getting the hang of it
Joined
Mar 12, 2018
Messages
242
Reaction score
98
Location
UK
Can't comment on your router as I use Draytek gear myself, but via android I connect to the VPN then use the ivms app to connect to my Hik NVR or Swann DVR on their internal LAN IP just as if I was sat at home with the phone connected to my wifi. Works just fine, the WAN & mobile data speeds will determine how well it works per individual circumstance tho.
 

Excalibur

Young grasshopper
Joined
May 11, 2018
Messages
36
Reaction score
5
Location
NZ
I've been studying the situation but I'm in need of some help.

They way I understand it is the home IP address is shared because it's behind CGnat. Therefore I can't forward any ports, so even DDNS is unavailable as well.
How to set up a router (HG659) with VPN in this case?
Please advise.
Thanks.

PS. meanwhile XMeye is working well.. (but if there's a better & safer way, I may as well use it.)
 

Excalibur

Young grasshopper
Joined
May 11, 2018
Messages
36
Reaction score
5
Location
NZ
Am not any closer to solving the puzzle of how to get the router VPN setup (from behind CGNat). Can anyone point to a tutorial?

Meantime I found this very good tutorial on setting up XMeye not that I need it. This is already working here but f I had this info at the start...
Putting here in case it helps others:
Remote Viewing with XmEye
 
Top