Push Notification with Open VPN only alerts open Blue Iris App

[dchomes]

Hello,

I have spent many hours reading all the relevant posts I can find and trying countless changes, but I am at a loss and really would appreciate some help.
BI 5.5.8 with Open VPN. Bi Pc blocked from access to the internet. I can view cameras with the Bi app on my Gallaxy S21 using Open VPN no problem. When the Bi app on the phone is open on the screen, I get a simple alert notification in the app. Outside the app no notifications.
If I allow Bi Pc access to the internet then I get 2 Push Notifications immediately to the phone regardless of the phone status. One includes a picture of the camera and one does not. So that works well besides the fact I'm exposed to the Internet.
How do I get push notifications to work with Open VPN only and block the PC from the Internet?
Thanks for any help!

 

[Mike A.]

Where are you running the OpenVPN server?

Generally, when using VPN, you don't need to block the BI server getting OUT to the Internet. You just wouldn't open any INCOMING ports on your router/network to allow the Internet to get to it from outside of your net. The VPN provides secure INCOMING access to the server without exposing it to the outside world.

Typically, you'd want the BI server not blocked for OUTGOING traffic so it can generate and send the push notifications for the alerts. With the client VPN running, you'll receive images with the alert. Without it running, you'll receive the alert but no image.

I don't know Andriod device settings well, but there should be one which permits the app to show notifications when not open. e.g., In IOS you grant permission to the app to present notifications and then can set how those are displayed, etc. I'm sure Android has some equivalent.

Not sure why you'd be getting two alerts. What do your settings under the Alert tab look like in BI?

 

[dchomes]

OpenVPN server is running on a TP-link ER605 router. My understanding of the VPN was that push notifications would go through the VPN and having the Bi server get out to the internet was not necessary.
If that is not the case then I will have to change the Firewall rules to allow access to the internet. If that is how it is usually done then you solved my problem!
The double alerts I am actually OK with, so I will not worry about it for now.
Thank you very much for your help, Mike!

 

[Mike A.]

Works something like this...

Search if interested and you'll find more detailed explanations re how the tokens are exchanged but for your purposes basically requires that out-going connection from your server to the Apple APN/equivalent Google server.

To test for another thread I just tried cutting off my Internet access. Also separately just blocked my server to double check. No push notifications either way.

ETA:

I should have mentioned that you DO want to block out-going access by your cams. They can't be trusted at all. Phoning home, ignoring settings and still making connections, accessing hard-coded destinations, etc.

BI makes some checks for the license/upgrades available and uses access for things like the notifications but I don't anyone's ever seen any sort of suspect behavior otherwise.

 

[dchomes]

Ok, that makes sense. Good graphic to explain it.
I have the cams on a VLAN that is blocked from all Internet access which is where I had the Bi Server located. I will have to change that so it has outgoing access and then I should be in good shape.
Thanks again for your help. Very much appreciated.