Problems with Remote Viewing

[TonyR]

I am away for a couple hours but last night I had no difficulty viewing locally on port 81 or 5124. 5124 was the last port that worked - for about 1 minute.

Again, my ip’s for my 5 cameras and pc are static and I am not yet using a DDNS or VPN. I am sitting in a fitness center at the moment and can remotely see each of my cameras on Amcrest View app in my iPhone but not on the BI app.

As stated in my post #6, if your WAN IP is dynamic, it can change and you need that DDNS for the BI app if no VPN.

 

[SouthernYankee]

I am 70 this month. I started with paper tape and punch cards. My first computer I built ( made the mother board and solder in the CPU , memory .) was a 4-bit 4004 in 1972. I built my first 8080 to run CP/M, loaded the boot loader from the front panel. All coding was in assembler, the 8080 used an 8 inch floppy

McRIMM

Set up a VPN for remote access. You need to set the modem to passthru, and get a router that supports openVPN. UPnP and opening ports is asking to get hacked. You need to block all cameras for direct internet access. I use an ASUS router , very simple to set up. The ASUS router supports DDNS using a ASUS service. If done correctly setting up openVPN takes less than 15 minutes on an ASUS router. The hardest part is to get you internet providers device set to passthru.

 

[mcrimm]

OK Tony, I set up the dynamic dns on my orbi as instructed in the manual. I don't see exactly what I do beyond crating as follows:

Service Provider
The NETGEAR DDNS on this router is currently configured to:
Host Name : mikexxxxxxxxxxx.com
Account/Email: mcrimmins@centurytel.net

and a password.

Here is a shot of my UPnPpage:

UPnP Portmap Table
Active Protocol Int. Port Ext. Port IP Address
YES TCP 80 8080 192.168.1.6
YES TCP 554 554 192.168.1.6
YES TCP 443 443 192.168.1.6
YES TCP 80 51581 192.168.1.16
YES TCP 37777 59401 192.168.1.16
YES UDP 37778 45969 192.168.1.16
YES TCP 554 52391 192.168.1.16
YES TCP 443 51153 192.168.1.16
YES TCP 80 50199 192.168.1.8
YES TCP 37777 58063 192.168.1.8
YES UDP 37778 45047 192.168.1.8
YES TCP 554 43888 192.168.1.8
YES TCP 443 58197 192.168.1.8
YES TCP 5124 5124 192.168.1.26
YES TCP 5107 5107 192.168.1.23

5124 is what my BI is set on - unsuccessfully.

I also notice my IP changed during the night based on canuseeme. I updated my iphone (with wifi off to gain external access only)

I assume the DDNS will fix this going forward.

Thanks Again,
Mike

 

[davej]

I just set up VPN on my Linksys router. Basically I had to set up a DDNS first. I used noip.com since that seems to be free, so I created an account there. Then I logged into my router admin page and entered my noip account information. Then I turned on VPN (a button on the router admin page) and clicked the button to download the OpenVPN ovpn file. I then put the ovpn file into the OpenVPN config folder on my laptop (which will be the remote client). Then I connected my laptop to the external internet using my phones hotspot and went to the OpenVPN GUI icon down on the toolbar and selected "Connect." I could then connect to the BI UI3 webpage as if I was on my local network.

ADDITIONAL COMMENT:
I'm not entirely happy with the result, because now if I use the noip address I can see my router login is exposed to the outside world. The grc.com port scan still doesn't seem to show any ports but the noip URL gets me right to my router login -- so I frantically had to create a much stronger router password. Also OpenVPN says the Linksys router certificate is a bit inferior.

UPDATE:
Ah, OpenVPN is on port 1194 which is outside the range of the normal grc.com port scan.

 

[fenderman]

OK Tony, I set up the dynamic dns on my orbi as instructed in the manual. I don't see exactly what I do beyond crating as follows:

Service Provider
The NETGEAR DDNS on this router is currently configured to:
Host Name : mikexxxxxxxxxxx.com
Account/Email: mcrimmins@centurytel.net

and a password.

Here is a shot of my UPnPpage:

UPnP Portmap Table
Active Protocol Int. Port Ext. Port IP Address
YES TCP 80 8080 192.168.1.6
YES TCP 554 554 192.168.1.6
YES TCP 443 443 192.168.1.6
YES TCP 80 51581 192.168.1.16
YES TCP 37777 59401 192.168.1.16
YES UDP 37778 45969 192.168.1.16
YES TCP 554 52391 192.168.1.16
YES TCP 443 51153 192.168.1.16
YES TCP 80 50199 192.168.1.8
YES TCP 37777 58063 192.168.1.8
YES UDP 37778 45047 192.168.1.8
YES TCP 554 43888 192.168.1.8
YES TCP 443 58197 192.168.1.8
YES TCP 5124 5124 192.168.1.26
YES TCP 5107 5107 192.168.1.23

5124 is what my BI is set on - unsuccessfully.

I also notice my IP changed during the night based on canuseeme. I updated my iphone (with wifi off to gain external access only)

I assume the DDNS will fix this going forward.

Thanks Again,
Mike

DELETE every single upnp port forward..port forwarding your cameras is a serious security risk

 

[mcrimm]

I am beginning to think this is way over my head. I'm gonna take a break and install a new 500GB Samsung SSD to divert my attention from this problem that I can't seem to fix. I don't understand why my cameras are remote viewable in Amcrest View but not on Blue Iris. I appreciate all the help I've received and i have 1 week left before we leave for the winter. I am still hoping to have this system working by then but I have things to do today

Mike

 

[TonyR]

I don't understand why my cameras are remote viewable in Amcrest View but not on Blue Iris. Mike

You may have scanned a QR code with the Amcrest cams, which causes them to communicate via P2P (peer-to-Peer) over their cloud.
The Amcrest cams will be viewable remotely (WAN) through Blue Iris if you can see them locally (on your LAN) but only if you tell the BI app where to find your BI server. Ultimately you'll want a VPN but for now, without the VPN, you could at least try this before you throw up your hands:

1. Insure you can see your cams on the BI server when on your LAN.
2. Insure your BI server has a static IP. I'm talking about the server's LAN IP, not the WAN IP from your ISP. Write that IP down.
3. Since you said your WAN IP is dynamic and you're not sure your DDNS is working, go to BI "Options", "Web server" and see what it says your WAN IP is after clicking "Refresh". Or go to whatismyip.com and write down what it says your WAN (Public) IP is.
4. Go into your router, remove ALL port forwards except the ONE (try port 81) that you have assigned to your BI webserver at "Options', "Webserver". Forward port 81 (or whichever ONE that you end up using) to the IP of your BI webserver. If asked, use "TCP" protocol.
5. On your smartphone: turn on Wi-Fi, get on your LAN. Open BI app and for your server, either "Add new" or "Edit" your current one. For "LAN", put in your BI server's LAN IP from step #2. For "WAN", put in the WAN IP you discovered above in step #3. Put in the Username and password for the particular user you are logging into BI as. Click on OK.
6. If correct, you should ne able to open up and view cams. If OK, close the app. Turn your smartphone's Wi-Fi "OFF", try getting onto Internet using your cellular network. If you can, open up the BI app again and log into your server.
7. Report your results.

CAUTION: If this works, I do NOT advise you leave it this way. You will need to remove that forwarded port ASAP and set up a VPN and and set up DDNS...but I just want to see if you can start with the simple basics to view your cams remotely as their is NO reason why you cannot if properly configured unless you have a modem (like most cellular providers) that do not allow access via a WAN (public) IP.

 

[mcrimm]

Thanks, TonyR. I've got a busy couple of days and probably won't work on this until Monday. I did get my SSD installed over the night. It took 7 hours to clone. Wooow. Boot time went from 3-4 minutes to about 20 seconds. All's well with that part of technology anyway.
Mike

 

[fenderman]

Thanks, TonyR. I've got a busy couple of days and probably won't work on this until Monday. I did get my SSD installed over the night. It took 7 hours to clone. Wooow. Boot time went from 3-4 minutes to about 20 seconds. All's well with that part of technology anyway.
Mike

7 hours to clone a 3-4 minuet original boot time tells me this computers is loaded with a bunch of junk. If you want a reliable error free experience, blue iris should be installed on a dedicated pc running a clean copy of windows installed using the MS media creation tool.

 

[davej]

Also I don't think you've ever mentioned which Orbi model you have.
https://kb.netgear.com/31487/How-do-I-use-VPN-service-on-my-Orbi-system-with-my-Windows-client

 

[mcrimm]

Fenderman, Samsung Migration Utility almost cloned it in 1.5 hours but errored out at 99%. I switched to Macrium which cloned it perfectly but did take substantially longer. I understand a stand-alone pc would be ideal but I don’t have a spare. Perhaps if I get this working, I’ll pick another up for BI only. At this point I have a $50 investment.

Is the Fender portion of your name like fender guitars and amps? I’ve owned a number of each.

 

[fenderman]

Fenderman, Samsung Migration Utility almost cloned it in 1.5 hours but errored out at 99%. I switched to Macrium which cloned it perfectly but did take substantially longer. I understand a stand-alone pc would be ideal but I don’t have a spare. Perhaps if I get this working, I’ll pick another up for BI only. At this point I have a $50 investment.

Is the Fender portion of your name like fender guitars and amps? I’ve owned a number of each.

A pc for most applications runs 100 bux. see wiki.
and yes.