Just wanted to say thanks
a ton for taking the time and effort to post your configuration here!
I'm fairly technically-minded, but a noob when it comes to security cameras and systems. So I'm on the receiving end of some self-induced firehose learning regarding this stuff.
I initially just wanted to go old-school on my home network and wire it up vs having it on 24/7 wireless. I serendipitously bought an ER-X just looking for a solid edge router, not realizing what a huge community Ubiquiti has. As I was pulling ethernet cable through my house I decided it would probably be more efficient in effort to knock out running cables/installing some hardwired cameras... so I ventured down another project rabbit-hole and jumped into the deep end of the pool of IP camera setups.
I had already configured my ER-X for my home network, but didn't really care for having the eth1 LAN default with the standard 192.168.1.1. I started researching other configurations, preferably one that allowed for an IP camera LAN. I found a few good ER-X network configs but none specifically addressed adding a PC/server for a security camera system.
Meanwhile, I had decided to go with
Blue Iris, pulled the trigger on an HP workstation off eBay and also bought a smattering of IP POE cameras to get going (along with a couple POE+ switches) when I came across your configuration.... which is perfect for what I'm trying to do!
I would post a network diagram but it would be a little pointless since I simply used your configuration verbatim. I blew out my initial configuration (which was working fine) on the ER-X and happily replaced it with yours. I very much prefer the 4 separate LANs vs ports 2/3/4 all clumped together on sw0. The only ever-so-slight difference on my setup is that I found an old NIC in my computer parts box so decided to put it to good use for a 2-NIC NVRPC configuration... I figured I might as well add a physical separation for the camera farm since I have the part on hand and it's a fairly quick-kill task.
I currently have 4 cameras mounted and online with another 3 that I've tested out as good but haven't mounted yet. Loving BI and of course still learning more of it every day.
The main setbacks I have been having is remote connectivity with the Blue Iris box.
I initially tried out using Stunnel for a remote connection into BI. It seemed a bit wonky and fiddly to get to work (which I didn't), so I punted and then tried out the BI app (for $10) and got it running, but not without having to use port forwarding of course (I simply modified your ER-X sample rule with port 8081). Once I got the app running I shut down the port forwarding and set my sights on a bigger prize: OpenVPN.
I hunkered down the next morning and configured the OpenVPN server on the ER-X as per your instructions (again: THANKS!). Created all the client certs as well for my laptop, cell phone and iPad. I then spent a few hours last night scouring ipcamtalk for all things BI, Stunnel, OpenVPN and UI3 related. That's when I stumbled upon the proverbial common-use marriage of OpenVPN + TeamViewer for remote access to BI.
I have been able to fire up OpenVPN connections on my laptop (using Tunnelblick) and my cell phone (OpenVPN app) [still trying to load my certs on my iPad, in neanderthal fashion I'm sure...]. I was also able to access BI using TeamViewer over VPN on my laptop and on my iPad (sans VPN).
The last standing issue I have is UI3. I cannot get it to work on any device and suspect it may have something to do with my LAN1 access into LAN2? (Or maybe it's a browser config issue?) On my LAN1 office Win10 PC I can ping both eth2 192.168.92.1 and the NVRPC 192.168.92.20, but then on my LAN1 Mac laptop --that's hanging off the same unmanaged switch as the office PC-- all pings outside LAN1 time out... which I'm not understanding why. Not sure if this is enough provided info to help in troubleshooting, but any assistance is greatly appreciated.
At the risk of sounding redundant, just wanted to offer up another
HUGE THANKS for posting your ER-X configuration! Simply AWESOME! Moreover, it allowed me to get up and running within a mere couple of days.
