Using VPN to access cameras behind carrier grade NAT (3G/4G)

[th3bloody9]

I want to setup some cameras in a remote location and use a 4G router so I can remotely access them. The problem is mobile networks don't issue public IP addresses (they use NAT) so incoming connections are a problem.

I see the simplest option is to purchase a fixed-ip sim from a specialist company, but data is expensive. From some digging it seems a using VPN would be the other main option, but I'm not entirely sure on how to best use a VPN in this scenario. I'm thinking something along the lines of this should work:

1. Purchase a server on the internet with a public fixed ip and install OpenVPN server (perhaps a small digitalocean.com droplet would be enough?)
2. At the camera location use a router with VPN support and setup OpenVPN client (connected to the server)
3. On the server forward relevant ports
4. I should now be able to use the servers public IP to access the cameras?

Not sure if this is the best way to go about this? any advice would be appreciated

 

[Fastb]

th3bloody9,

Data consumption may be your biggest headache. Different vpn connections consume different amounts of data to maintain the connection. Cell phone plans offer "unlimited data", but that pricing hasn't filtered down to M2M or IoT plans, where you need the ability to surf down, not simply surf out to the internet.

Some reading, based on the below google surf terms.
Note, the final term in the serch string restricts hits to this site, to avoid the flotsam and jetsam of sites selling things....

Fastb

Google search terms:
cellular router, connection, public, data, site:ipcamtalk.com
cellular modem, static ip, data, site:ipcamtalk.com

Yielded these hits that appear relevant:
4G LTE setup
Setting up VPN, using cellular modem
Alternative internet connection over mobile network?
What is consuming my cellular data?

 

[th3bloody9]

Thanks Fastb some great reading there. Actually the VPN data usage doesn't sound too bad if gmaster1's estimates of between 100-450MB/mo are correct, data prices aren't too bad if I go with a regular sim.

I'm feeling like I might just opt for the fixed IP sim and save myself some headache though!

 

[Fastb]

VPN data usage doesn't sound too bad if gmaster1's estimates of between 100-450MB/mo are correct

Caution: He worked hard, with lots of skill, to drill down to "every byte, NOT every kilobyte" data consumption.
He's a professional, many sites, paid to reduce costs/data
Me, a homeowner and hobbyist, I didn't go down his path.

Maybe look into pt-to-pt wireless, to a place with internet?

Do a search with terms similar to this:
wifi repeater, farm, site:ipcamtalk.com

 

[pal251]

You just wanting to view the cameras?

 

[th3bloody9]

You just wanting to view the cameras?

Yes that's certainly the most important thing. Maybe do some quick playbacks on the NVR too, and update settings etc.

 

[th3bloody9]

Maybe look into pt-to-pt wireless, to a place with internet?

Yes that would be nice but unfortunately don't have line of sight (big hills & woods in the way).

 

[pal251]

Setting Up PT Cloud


Dahua has their own version

 

[pal251]

This will allow you to access it without opening up ports or forwarding

 

[th3bloody9]

This will allow you to access it without opening up ports or forwarding

Thanks, I've setup Hikvision's EZVIZ service on the NVR and it does work without needing to port forward (this is using a home broadband connection not tested using the 4G router yet). Seems a little flaky though and I can't get it to work at all when using cellular network to view (seems to be a common problem). The security aspect of relying on a third party cloud service does worry me too.

 

[pal251]

Are you able to use blue Iris and use what I believe is called dyndns and have a name or host direct you to the IP.

www.youreebcamera.com or whatever for the example. I haven't used dyndns for ages and not sure if it's free any more. Never used blue Iris but I heard they had a mobile.app for phone

 

[copex]

i use draytek routers to access remote cameras with 3g/4g data sims, the key is to use a dial out vpn.

 

[th3bloody9]

Are you able to use blue Iris and use what I believe is called dyndns and have a name or host direct you to the IP

Dynamic DNS is unfortunately no use here as it still requires a public IP the entire problem is mobile carriers assign a private IP.

 

[Carcus]

I have used the hik cloud service in these scenarios before and it works well since the update. (In Australia)

I have also used 4G with a public ip address before that or where possible with Telstra but it didnt cost anything extra. (Just needed a business account)

I always wanted to try the vpn method.

If i was to do this i would try a AWS instance (t2.tiny instance is free for a year) and run some VPN software. You could run up a RAS on 2008 R2 for nothing. The only thing would be data charges.

I also thought there has to be a vpn service that could provide and ip but it seems like most vpn services are unreliable.


Sent from my iPad using Tapatalk

 

[th3bloody9]

Yeah I guess the cloud service is a decent option for remote viewing. In my scenario I'd like full access to each devices' web interface though. I'm about to bite the bullet on a fixed IP sim contract, in case anyone is interested some comparative cost differences are:

• Fixed IP SIM with 10GB data/month = £36/month
• Regular SIM with 50GB data/month = £30/month

That's on the Vodafone (UK) network.

The VPN route actually doesn't look too difficult the more I learn about it, but the fixed IP sim should just work …which is always a nice thing

 

[Carcus]

Simpler is better.

You could also run a small eeepc or something with teamviewer for maintenance and run the cloud service for remote viewing.

They really charge for those plans. Aus isnt much better you couldnt get 50gb here if you wanted to.


Sent from my iPad using Tapatalk

 

[Defcon]

Just found this thread @th3bloody9

What did you end up doing? I have several farmers at me to install cameras over 4G, Vodafone UK and this Private IP is a pain in the ass. Currently about to test Hivisions cloud method.

Cheers

 

[th3bloody9]

Just found this thread @th3bloody9

What did you end up doing? I have several farmers at me to install cameras over 4G, Vodafone UK and this Private IP is a pain in the ass. Currently about to test Hivisions cloud method.

Cheers

Actually nothing as of yet, but if I go down the VPN route I think this is what I would do:

Equipment:

• NETGEAR 4G Modem LB1110-100EUS
• Decent router with OpenVPN support

Services:

• Install OpenVPN on VPS server (vultr.com - plans from $2.50/month, install/deploy OpenVPN in one-click)

Setup:

1. VPS is OpenVPN Server
2. Router is OpenVPN Client connected to the OpenVPN Server
3. Remote viewing device (e.g smartphone, laptop etc.) is also OpenVPN Client connected to OpenVPN Server
4. Enable client-to-client feature on OpenVPN Server so clients can see each other

If the router could act as the VPN server that would be ideal (wouldn't need the VPS then), but unfortunately without a public IP that won't work.

This is all just in theory! I'm not actually sure this is the best way to do it, but it's the best I've come up with so far.

 

[Defcon]

Thanks for that.

I had thought about a VPN connection which I recently tested using some fantastic Mikrotik kit but both client and server were on fiber so would need to test with client behind a 4G router. Has no cameras installed though but the connection worked.

I know the vpn server could be located at the customers home if they have broadband, used to open a direct connection between the clients farm and the server.

If they don't have a suitable location for the server, then this throws a spanner in the works. I would have to do what you suggested and rent a server or host a server at my own end which raises a number of questions.

The Hikvision cloud service worked perfectly last night with test cameras working of Vodafone 4G on a D-Link 4G router.

This would do the job as long as the customer doesn't want to play with camera recordings and change some settings remotely.

As an NVR will be installed at the farm if they want to record, fitting a small LCD there will sort out that option for playback and this would do away with any vpn and most likely problems that no doubt will occur.

 

[th3bloody9]

That's good to know that the cloud service worked well for you

I remember trying the EZVIZ service a while ago but didn't like it and it seemed a little flaky, but to be fair I didn't test for long. I think Hikvision now recommend that you use their Hik-Connect portal so maybe that's better. Is that what you used?