Remote viewing on Android and IOS

[S0619212]

This is my first camera ever, so I am taking baby steps. Right now I am using my personal server as BI server and POE switch. My next step is to be able to view my camera when I am away. I have BI app on my ipad and works great when I am on the same network. After reading the cliff notes, looks like I need to set up the networking such that the switch is connected to the server and doesn't have access to the internet and ONLY BI server has access to internet. I think I have decent idea how to get there. I am thinking of using tinycam and BI app , how do I add my cameras to these when out of network? Right now it just automatically detects and adds them. I wanted to make sure I am on the right path.

Once I get this set up I will add Asus router between my ATT modem/router and BI Server. Does this look right? TIA

 

[redman19]

This is my first camera ever, so I am taking baby steps. Right now I am using my personal server as BI server and POE switch. My next step is to be able to view my camera when I am away. I have BI app on my ipad and works great when I am on the same network. After reading the cliff notes, looks like I need to set up the networking such that the switch is connected to the server and doesn't have access to the internet and ONLY BI server has access to internet. I think I have decent idea how to get there. I am thinking of using tinycam and BI app , how do I add my cameras to these when out of network? Right now it just automatically detects and adds them. I wanted to make sure I am on the right path.

Once I get this set up I will add Asus router between my ATT modem/router and BI Server. Does this look right? TIA

I’m in the process of setting up as well and from my reading you are on the right path. Take a look at southernyankees thread in the dual nic setup. So far that is the easiest way that I’ve seen to physically separate the cameras from the web and a second nic card is only about $15. You’ll set your att router in bridge mode and use the asus as your router as well as using it to set up your openvpn server for remote access. You should be able to use the BI app to view and access and won’t need tiny cam at all. Right now your cameras are probably being auto assigned ip addresses. Best practice from my understanding is to assign each camera the ip addresses. I’m not to that point so I still have some reading and learning to do there as well. I’m sure a couple of the more seasoned folks can help you out with that.

 

[S0619212]

I’m in the process of setting up as well and from my reading you are on the right path. Take a look at southernyankees thread in the dual nic setup. So far that is the easiest way that I’ve seen to physically separate the cameras from the web and a second nic card is only about $15. You’ll set your att router in bridge mode and use the asus as your router as well as using it to set up your openvpn server for remote access. You should be able to use the BI app to view and access and won’t need tiny cam at all. Right now your cameras are probably being auto assigned ip addresses. Best practice from my understanding is to assign each camera the ip addresses. I’m not to that point so I still have some reading and learning to do there as well. I’m sure a couple of the more seasoned folks can help you out with that.

Yup I will be using 2 NIC's. I do not have a ASUS router atm, I will get router in the mix as my next step up. Right now my goal is to be able to view my cameras outside of the network. BI app costs about $10 , I did purchase that for the ipad. Tinycam standard version is free and gets me what I need just to be view. My BI server sends me alerts on motion ( though needs to be optimized, getting few false alerts.)..

 

[redman19]

I’d say the big thing would be to get a router so you can get the openvpn set up then so you have a secure route in and aren’t port forwarding anything for access. Just as an FYI the asus ac66ub1 has dropped to 89.99 on prime from 99.99. Mine should be here tomorrow if ups does their part. Good timing too since I’m laid up with a torn left calf for the next several days.

 

[wittaj]

UI3 is free as part of BI and works very well...simply open a browser and type in the IP address of your BI machine and login...

But yeah, get your cams off the net.

 

[S0619212]

I am planning to get Asus RT68P, someone is selling for $40. What do you all think?

 

[redman19]

If you can get it for that price I’d jump on it

 

[Mike A.]

I am planning to get Asus RT68P, someone is selling for $40. What do you all think?

They're very good all around routers. Performance, functions/capabilities, and ease of use all very good. OpenVPN is built in and fairly easy to set up when you're ready for remote access.

$40 is a deal. Get it. At that price it's worth having around as a back up or as an additional AP even if you go with something else down the road.

Probably the biggest thing lacking with the Asus are VLAN capabilities. You can kinda-sorta do some things with that in roundabout ways but not really as you'd want. But if you're going 2 NICs that won't affect you anyway.

I'll buy it if you don't. ; )

 

[JNDATHP]

We took a different approach here. We assigned static IPs to our cameras and then created a group of IPs which included the cameras. This group is not allowed to receive or send from/to the Internet by setting firewall rules. I can prove that this works because when I go into the camera’s GUI and attempt to check for updated firmware, the process times out because it cannot get to the Internet. We also run an NTP server on our LAN and the cameras get their time updates from this server.

Also, we created a VPN server on our network and our mobile devices use this VPN to always connect to our home network. There are multiple advantages to this approach, not the least of which is there are no open ports on our network. Add the increased security for online banking and setting up a VPN it is a no brainer. We can also watch our streaming services from anywhere in the world because the streaming provider thinks we are originating from our home network, which we are because of our VPN sever.

I will say that I ran our network with open ports for a period of time until I saw in our logs all of the attempts at infiltration. Then, I studied the Cliff notes and browsed the forums for our network (UniFi) to create an inbound VPN server and deployed an “always on“ VPN client back to our network on our mobile devices.

It took me about a week to figure things out (I’m not a network guru) but I have to say that we are much more protected than before.

To make sure that we can always get our mobile devices to connect to our network because we are assigned a dynamic IP from our ISP, we obtained a fully qualified domain name. We could have used a DDNS service without a FQD but felt the $20 per year was insignificant.

Whatever route you take, please close any open ports on your network.

 

[S0619212]

Thanks everyone. I have been reading cliff notes, I have a better understanding but I think I am all over the place now. Here is what I have so far:

1. Camera is connected to PoE switch.
2. PoE switch is connected to Asus AC 1900 router on one of the 4 yellow ports on back of the router.
3. Router is connected to a dedicated NIC on BI server.
4. BI server is connected to internet via ATT Router

When I am on network I am able to connect directly to the camera via browser using IP address that is on 192.168.1.X ( changed from default ). I know I will have to make some changes on each NIC on the BI server, I read it somewhere but then when I went back to look for it I couldn't find it. Seems like I will also have to make changes on my ATT router. Can someone please point me in right direction?

 

[looney2ns]

Thanks everyone. I have been reading cliff notes, I have a better understanding but I think I am all over the place now. Here is what I have so far:

1. Camera is connected to PoE switch.
2. PoE switch is connected to Asus AC 1900 router on one of the 4 yellow ports on back of the router.
3. Router is connected to a dedicated NIC on BI server.
4. BI server is connected to internet via ATT Router

When I am on network I am able to connect directly to the camera via browser using IP address that is on 192.168.1.X ( changed from default ). I know I will have to make some changes on each NIC on the BI server, I read it somewhere but then when I went back to look for it I couldn't find it. Seems like I will also have to make changes on my ATT router. Can someone please point me in right direction?

How to Secure Your Network (Don't Get Hacked!) | IP Cam Talk
The BI machine should be connected to the same poe switch as the camera. Most routers arn't capable of handling the high data rates of cameras.
If you have a AC1900 router, OpenVpn is built in. You don't need another router.
you will need to put the ATT router into bridge mode, then use only the Asus as your router.
See AT&T support on how to put it into bridge mode. This will also negate you using the AT&T router as your Wifi access point, this will now be relegated to the Asus.

 

[S0619212]

How to Secure Your Network (Don't Get Hacked!) | IP Cam Talk
The BI machine should be connected to the same poe switch as the camera. Most routers arn't capable of handling the high data rates of cameras.
If you have a AC1900 router, OpenVpn is built in. You don't need another router.
you will need to put the ATT router into bridge mode, then use only the Asus as your router.
See AT&T support on how to put it into bridge mode. This will also negate you using the AT&T router as your Wifi access point, this will now be relegated to the Asus.

Thank you.

So PoE switch is upstairs which in a media cabinet, it will be quite challenging for me to run a patch cable from there to my server . My understanding is these are 1 Gb ports, shouldn't the performance be similar? I can imagine connecting to a dedicated switch will be slightly better but in theory should be close enough?

Other than that, does my set up look right ?

I did kinda configure VPN on the router.

Working on getting ATT to bridge mode.

 

[S0619212]

OK the first attempt to configure ATT router to bridge mode didn't go very well. I followed instructions on ATT and was able to set it into bridge mode ,disable Wifi on ATT modem. I enabled Wifi on Asus router with the same SID, the connection was really really slow and on most of the devices were not even able to connect. I reverted the settings back on ATT and ASUS. Not really sure what went wrong, I will give another try tonight.

 

[S0619212]

I’m in the process of setting up as well and from my reading you are on the right path. Take a look at southernyankees thread in the dual nic setup. So far that is the easiest way that I’ve seen to physically separate the cameras from the web and a second nic card is only about $15. You’ll set your att router in bridge mode and use the asus as your router as well as using it to set up your openvpn server for remote access. You should be able to use the BI app to view and access and won’t need tiny cam at all. Right now your cameras are probably being auto assigned ip addresses. Best practice from my understanding is to assign each camera the ip addresses. I’m not to that point so I still have some reading and learning to do there as well. I’m sure a couple of the more seasoned folks can help you out with that.

Hello.. were you able to set ATT in bridge/ passthrough mode, I read through many instructions on ATT blog but nothing worked so far. Here is what I did so far;

1. Enabled passthrough on ATT modem.
2. Disabled 2.4 GHz and 5 Ghz on ATT modem.
3. Disabled all firewall options on ATT modem i.e. set to OFF.
4. Rebooted ATT modem.
5. Removed all RJ45 connections from ATT modem and connected only 1 RJ 45 going from ATT modem to my ASUS router ( blue color port with internet image).
6. Rebooted Asus router.
7. I can see same public IP on ASUS router that i saw on ATT modem.

Did this work for you?

 

[S0619212]

Hello.. were you able to set ATT in bridge/ passthrough mode, I read through many instructions on ATT blog but nothing worked so far. Here is what I did so far;

1. Enabled passthrough on ATT modem.
2. Disabled 2.4 GHz and 5 Ghz on ATT modem.
3. Disabled all firewall options on ATT modem i.e. set to OFF.
4. Rebooted ATT modem.
5. Removed all RJ45 connections from ATT modem and connected only 1 RJ 45 going from ATT modem to my ASUS router ( blue color port with internet image).
6. Rebooted Asus router.
7. I can see same public IP on ASUS router that i saw on ATT modem.

Did this work for you?

I was able to resolve this. Not sure which one actually fixed it but I had to update the software on Asus router and change DHCP lease on ATT router to 1 day, my hunch is software update on ASUS fixed this. Working on setting up VPN now .

 

[redman19]

I was able to resolve this. Not sure which one actually fixed it but I had to update the software on Asus router and change DHCP lease on ATT router to 1 day, my hunch is software update on ASUS fixed this. Working on setting up VPN now .

Sorry I was a ball tournament all day and just saw your post. It took me a couple of power cycles to get my modem to take in bridge mode and get the wireless set to off in it but good to hear you got your running. VPN is on the list for tomorrow for me hopefully. So far I have been well pleased with the WiFi strength and range compared to my old Arris combo router.