Purchasing Dahua

[dazedv3]

Hi everyone I've been reading this forum a lot over the last week or 2 trying to get a handle on everything and I'm almost at the stage where I want to setup a surveillance system.

I have settled on the following hardware...

CAM - HDW4231EMASE
NVR - DHI-NVR4108-P-4KS2

The part that i'm concerned about is all the necessary steps that should be taken to ensure that the cameras are blocked from accessing the outside world.

I have an ASUS RT-AC68U Router that I have configured and enabled OpenVPN on and have tested access successfully from my android mobile phone.

Now I know that the consensus is to "block" the cameras however this is where I'm a little hazy. Once I have the cameras setup/installed (I will be following the cliff notes) I could easily "Block Internet Access" through my router for each individual camera however my question is if I do this am I also blocking access from my mobile device through OpenVPN to monitor the cameras through an app such as TinyCAM?

Also am I supposed to also block the NVR as well? And again is this restricting any ability to check the cameras "remotely"?

These are the main points I'm unsure of as I have not yet purchased the hardware but I have been setting up, testing and preparing my home network to be secure when I do purchase the hardware.

Whilst remote access isn't crucial for me I still would like the option should I ever need to check anything when I'm away from home.

Anyway I'd appreciate any input, especially if anyone has the same router (RT-AC68U) or similar and has been through this process.

Thanks.

 

[SouthernYankee]

I have a Asus rt-ac68u router. Running openVPN. I also use the parental setting to block camera access to the internet. I have no problem accessing the cameras directly from my laptop running openVPN from the internet.

 

[dazedv3]

I have a Asus rt-ac68u router. Running openVPN. I also use the parental setting to block camera access to the internet. I have no problem accessing the cameras directly from my laptop running openVPN from the internet.

So even with the cameras completely blocked within your router you can still monitor them remotely from a device that is not connected to your LAN? Of course with OpenVPN enabled.

Did you also block the NVR or just each camera?

 

[awsum140]

You can block the cameras and the NVR from accessing the internet in your Asus with the click of a mouse and it has no effect, whatsoever, when you VPN into your LAN. The VPN gives you a virtual, secured, connection directly to your LAN so your mobile device behaves exactly as if it was connected directly to your LAN since it is, virtually, directly connected through the VPN services.

 

[SouthernYankee]

Awsum140 what do you mean by "It has no effect" ? What has no effect on what ?

 

[awsum140]

It has no effect on the cameras and BI, or other PCs on your LOCAL LAN, from being able to communicate. It only stops the cameras from accessing the internet. That stops them from "phoning home" among other things. You may find it necessary to set up an NTP server on you BI machine and point the cameras to it for time sync purposes. Another step is to insert a bogus address in each camera for the DNS service and default gateway. That makes it harder still for them to access the internet.

 

[dazedv3]

I've tested this with one of my PC's and VNC viewer. When on my mobile internet I can enable OpenVPN, connect and then use VNC Viewer as if I'm at home with no problem however once I "Block Internet Access" to that PC from my router I can no longer connect even with OpenVPN enabled and connected on my phone. Is there a setting in OpenVPN i'm missing or something else perhaps?

Also I won't be using BI I'll be using a Dahua DHI-NVR4108-P-4KS2

 

[catcamstar]

I've tested this with one of my PC's and VNC viewer. When on my mobile internet I can enable OpenVPN, connect and then use VNC Viewer as if I'm at home with no problem however once I "Block Internet Access" to that PC from my router I can no longer connect even with OpenVPN enabled and connected on my phone. Is there a setting in OpenVPN i'm missing or something else perhaps?

Also I won't be using BI I'll be using a Dahua DHI-NVR4108-P-4KS2

Not clear to me, but is your OpenVPN running on your ASUS or on that PC? There might be one glitch (redirect gateway option in openvpn) that might confuse your VPN traffic, but then the VPN should not have worked either with the "block internet access" option turned off.

Can you make a diagram outlining your components including ip addresses to see where it goes wrong?

One last thing: if you disable full internet access, you can't make use of the push notifications (eg. through IVS events)... You can't have both!

 

[dazedv3]

Not clear to me, but is your OpenVPN running on your ASUS or on that PC? There might be one glitch (redirect gateway option in openvpn) that might confuse your VPN traffic, but then the VPN should not have worked either with the "block internet access" option turned off.

Can you make a diagram outlining your components including ip addresses to see where it goes wrong?

One last thing: if you disable full internet access, you can't make use of the push notifications (eg. through IVS events)... You can't have both!

Ok so I have setup an OpenVPN Server on my ASUS RT-AC68U.

Ill try and outline everything.

Router (OpenVPN Server running)

PC/NVR Internet Access DISABLED via Router option

Android phone -> I run OpenVPN app, connect successfully whilst NOT on my LAN

When I try to access the PC/NVR I can only do so successfully if the PC/NVR Internet access is NOT blocked.

 

[SouthernYankee]

You block the cameras from the internet. The NVR or PC is not blocked.