Viewing Camera outside of my network without portforwarding.

The Automation Guy

Known around here
Joined
Feb 7, 2019
Messages
1,374
Reaction score
2,734
Location
USA
So to be clear the fact that a different video player codec is used to play the live video when located within my LAN as compared with the player codec normally used (ie when OpenVPN is not used) when iPhone is used outside of my LAN makes no difference when OpenVPN is used?

So again, OpenVPN offers special processing which will allow remote live video viewing to be achieved?
When using a self hosted VPN (like OpenVPN, but certainly you are not limited to that option), your "remote" device will appear on the local network exactly the same as if it was actually on the local network. So if you can watch you camera's livestream on the local network with your phone, it will work exactly the same when you are remote. You will even use the exact same web address to access the device as you do on your local network (something like 192.168.1.55/myCCTVcameraStream). The downside to this is that your remote device will appear on the local network exactly the same as if it was actually on the local network - meaning that there won't be any video conversion to a "lighter" video codec. Therefore you need to make sure your local network's "upload" speeds are fast enough to be able to send out the video stream without being choppy and stuttering. Honestly this usually isn't a problem unless your local network has pretty slow upload speeds (sub 10Mb/sec).

Right now we all suspect that you are using a different web address to access your camera's feeds when you are not on your local network (so it's not 192.168.1.55/myCCTVcameraStream for example) and your system IS trying to do some sort of video conversion which is either failing or your mobile device doesn't support this "lighter" codec that the system is converting to.
 
Last edited:

wittaj

IPCT Contributor
Joined
Apr 28, 2019
Messages
24,428
Reaction score
47,548
Location
USA
OK, I hear what you say. So to be clear the fact that a different video player codec is used to play the live video when located within my LAN as compared with the player codec normally used (ie when OpenVPN is not used) when iPhone is used outside of my LAN makes no difference when OpenVPN is used? That is the reason Reolink give as to why I won’t be able to view live video on cellphone when outside my LAN. I haven’t tried OpenVPN yet as I would need to replace my existing modem/router, at some expense, which can have OpenVPN installed. I have only used NordVPN+Meshnet and in this case external live video was not possible using a browser and camera IP address. Detailed discussions with NordVPN and Reolink made clear that my system was set up correctly. So again, OpenVPN offers special processing which will allow remote live video viewing to be achieved?
@The Automation Guy nailed it his response.

We assure that regardless of what NordVPN and Reolink told you, they are incorrect. NordVPN is a service that HIDES your IP address, so when you go to cellular service, your IP address is now different than when you are sitting at home on your couch on your wifi.

It isn't that OpenVPN offers special processing, it is simply that OpenVPN puts you back on your LAN IP address like you are sitting on your couch because YOU are now hosting the server, whereas NordVPN puts you on THEIR IP address which is HIDING your IP address, so you could be on an IP address in India, or China, or any other country hosting a NordVPN server. In that situation, since you are not on your home LAN, that is why it doesn't work unless you port forward.
 

awonson

Pulling my weight
Joined
Feb 7, 2020
Messages
146
Reaction score
147
Location
Australia
@Onlooker777, you don’t have to replace your modem/router. Another option is get your hands on a Raspberry Pi and install OpenVPN or WireGuard VPN on it using the instructions at this site: PIVPN: Simplest way to setup a VPN. It is very easy to setup and it is how I have been accessing my cameras remotely for a number of years. Plug the RPi into your main network switch or router if it has spare LAN ports. You will have to forward a port in your router for the VPN traffic to pass - instructions are on the website I provided above.


@wittaj and @The Automation Guy have provided you with good information.
 

flynreelow

Known around here
Joined
Dec 12, 2016
Messages
1,198
Reaction score
1,086
@Onlooker777, you don’t have to replace your modem/router. Another option is get your hands on a Raspberry Pi and install OpenVPN or WireGuard VPN on it using the instructions at this site: PIVPN: Simplest way to setup a VPN. It is very easy to setup and it is how I have been accessing my cameras remotely for a number of years. Plug the RPi into your main network switch or router if it has spare LAN ports. You will have to forward a port in your router for the VPN traffic to pass - instructions are on the website I provided above.


@wittaj and @The Automation Guy have provided you with good information.
this is what i followed to the T with a client of mine, worked out great
 
Joined
Aug 16, 2023
Messages
23
Reaction score
8
Location
London
When using a self hosted VPN (like OpenVPN, but certainly you are not limited to that option), your "remote" device will appear on the local network exactly the same as if it was actually on the local network. So if you can watch you camera's livestream on the local network with your phone, it will work exactly the same when you are remote. You will even use the exact same web address to access the device as you do on your local network (something like 192.168.1.55/myCCTVcameraStream). The downside to this is that your remote device will appear on the local network exactly the same as if it was actually on the local network - meaning that there won't be any video conversion to a "lighter" video codec. Therefore you need to make sure your local network's "upload" speeds are fast enough to be able to send out the video stream without being choppy and stuttering. Honestly this usually isn't a problem unless your local network has pretty slow upload speeds (sub 10Mb/sec).

Right now we all suspect that you are using a different web address to access your camera's feeds when you are not on your local network (so it's not 192.168.1.55/myCCTVcameraStream for example) and your system IS trying to do some sort of video conversion which is either failing or your mobile device doesn't support this "lighter" codec that the system is converting to.
 
Joined
Aug 16, 2023
Messages
23
Reaction score
8
Location
London
OK - I'm convinced now and have purchased a Draytek 2766vac router which can access OpenVPN. I have a Raspberry Pi and noted noted earlier that could use OpenVPN on it, however I still want to use my Synology NAS Surveillance Station to save videos and believe that may be a problem.
One question I have for you guys relates to the speed degradation when using OpenVPN, which is processing heavy. Some reviewers noted a speed reduction of over 50% and that a concern. My Zen FTTC broadband is around 63Mb/s download and 18Mb/s upload and I believed that should be sufficient for my needs. OpenVPN recommend using UDP which does not have all the transmit/receive checks that TCP has and is stated to improve the speed situation. Has anyone noted the effects of using TCP and/or the benefits/disadvantages of going to UDP?
 

Mike A.

Known around here
Joined
May 6, 2017
Messages
3,825
Reaction score
6,377
You will see a decrease in throughput over the VPN. How much that is will depend on the performance of the server, client, numbers of connections, etc. But you're not running your entire network over the VPN. Only whatever client you use to access your server and what you have should be fine for that. UDP generally is the better way to go but you likely won't notice any practical difference either way.
 
Joined
Aug 16, 2023
Messages
23
Reaction score
8
Location
London
You will see a decrease in throughput over the VPN. How much that is will depend on the performance of the server, client, numbers of connections, etc. But you're not running your entire network over the VPN. Only whatever client you use to access your server and what you have should be fine for that. UDP generally is the better way to go but you likely won't notice any practical difference either way.
Hello Mike, thanks for your advice. I just want to make sure I understand and so can I make clear what I hope to do with the new setup. My existing (pre OpenVPN) setup comprised an iMac, 2 iPhones, an iPad and a Synology NAS for backup and Surveillance Station to record video files from a Reolink security camera. For baseline security I have employed Norton 365 for antivirus and, as it was included in the package, Norton VPN. This Norton package (including VPN) was installed on iMac, iPhones and iPad. Using this configuration the system download/upload speeds appeared comensurate with the speeds provided by my Zen ISP. Now, because I can't see live, remote, security camera video I am transferring over to OpenVPN (and keeping the Norton antivirus). Now here is what i'm not clear about; you say "But you're not running your entire network over the VPN". I had assumed I would use the OpenVPN on each of my Apple devices, along with the security certificates generated. For example, I still want to protect my iPhone usage during everyday use. Are you saying that this is not the way I should use OpenVPN? Forgive any misunderstandings on my part as I'm still learning the associated technology.
 

Clark Griswald

Pulling my weight
Joined
Mar 10, 2014
Messages
72
Reaction score
108
Location
California
@Onlooker777
IMHO the use of all the Norton products could/should be reduced significantly!
I use OpenVPN and Wireguard on a Pi4 and on my router without any problems.
After reading this thread, my question is " why haven't you tried Synology's VPN"?
Edit
Synology has OpenVPN in DSM 7, and I was not recommending any type of VPN service (nord, norton, etc). I was recommending the NAS as a VPN device, due to the stronger cpu.
 
Last edited:

Mike A.

Known around here
Joined
May 6, 2017
Messages
3,825
Reaction score
6,377
First, something like Norton VPN and OpenVPN are two fundamentally different things. Norton, Nord VPN, etc., are used to hide and encrypt OUTGOING traffic from your network to the Internet by encrypting the connection to their outside servers and proxying it from there. OpenVPN is a local server that you run internal to your local network which secures/encrypts INCOMING traffic from the outside INTO your network. Norton will do nothing as far as letting you access your local cams from the outside. OpenVPN will do nothing as far as hiding outgoing traffic. Two different applications for the same underlying VPN encryption/approach.

Running OpenVPN locally will not affect throughput FROM your network out to your ISP/Internet. There's no encryption happening in that direction so no overhead (other than some minimal processing required just to be running the VPN process). You don't run anything on any of your local devices to do anything with the VPN so it's not in play internally among inside devices or to outside destinations. That's what I meant by not running your entire network over the VPN.

It will affect throughput to some degree between outside clients (e.g., phone) coming INTO your network to do things like viewing cameras. How traffic from those clients to other sites works will depend on how you set up and run the VPN on them. If you don't start the VPN on the client, then there's no effect in that case (obviously). When running the client, there are two ways that you can set things up - either to run only traffic destined to your local network over the VPN with other traffic bypassing it, or to run all client traffic back through your local VPN and then back out. I do the latter so that in addition to secure access to my local network, I also have encryption for my client traffic from whatever local access connection and site filtering/ad blocking that I run for my local network.
 
Joined
Aug 16, 2023
Messages
23
Reaction score
8
Location
London
@Onlooker777
IMHO the use of all the Norton products could/should be reduced significantly!
I use OpenVPN and Wireguard on a Pi4 and on my router without any problems.
After reading this thread, my question is " why haven't you tried Synology's VPN"?
Edit
Synology has OpenVPN in DSM 7, and I was not recommending any type of VPN service (nord, norton, etc). I was recommending the NAS as a VPN device, due to the stronger cpu.
Just to clarify, you have OpenVPN on your Pi4 (Linux), your router and your Synology NAS running Surveillance Station. Your video camera host is the Pi4 and you save recorded video to Surveillance station. Is this correct. Did you mention earlier what make of surveillance camera you use? I'm looking again at my Synology NAS wrt OpenVPN. Do you use any other PC other than the Pi4? Thanks.
 
Joined
Aug 16, 2023
Messages
23
Reaction score
8
Location
London
First, something like Norton VPN and OpenVPN are two fundamentally different things. Norton, Nord VPN, etc., are used to hide and encrypt OUTGOING traffic from your network to the Internet by encrypting the connection to their outside servers and proxying it from there. OpenVPN is a local server that you run internal to your local network which secures/encrypts INCOMING traffic from the outside INTO your network. Norton will do nothing as far as letting you access your local cams from the outside. OpenVPN will do nothing as far as hiding outgoing traffic. Two different applications for the same underlying VPN encryption/approach.

Running OpenVPN locally will not affect throughput FROM your network out to your ISP/Internet. There's no encryption happening in that direction so no overhead (other than some minimal processing required just to be running the VPN process). You don't run anything on any of your local devices to do anything with the VPN so it's not in play internally among inside devices or to outside destinations. That's what I meant by not running your entire network over the VPN.

It will affect throughput to some degree between outside clients (e.g., phone) coming INTO your network to do things like viewing cameras. How traffic from those clients to other sites works will depend on how you set up and run the VPN on them. If you don't start the VPN on the client, then there's no effect in that case (obviously). When running the client, there are two ways that you can set things up - either to run only traffic destined to your local network over the VPN with other traffic bypassing it, or to run all client traffic back through your local VPN and then back out. I do the latter so that in addition to secure access to my local network, I also have encryption for my client traffic from whatever local access connection and site filtering/ad blocking that I run for my local network.
OK Mike, some interesting stuff here which will take me a little while to digest. Appreciate your support!
 

Clark Griswald

Pulling my weight
Joined
Mar 10, 2014
Messages
72
Reaction score
108
Location
California
Just to clarify, you have OpenVPN on your Pi4 (Linux), your router and your Synology NAS running Surveillance Station. Your video camera host is the Pi4 and you save recorded video to Surveillance station. Is this correct. Did you mention earlier what make of surveillance camera you use? I'm looking again at my Synology NAS wrt OpenVPN. Do you use any other PC other than the Pi4? Thanks.
I use the VPN on my router to access my LAN. I setup OpenVPN and WireGuard for redundancy. The RPi using PiVPN (OpenVPN) is used as a backup/another access to LAN. I do not use a vpn on my nas.
I plan on storing video on camera AND with surveillance station. The moment you get your vpn setup, just deny the cameras internet access, and you will be good.
Although, Andy's sale has recorders, and that would simplify my network, but my wife won't like the idea of spending so much at once, so my recorder purchase might wait for Andy's next sale ;)
 
Last edited:

dt-cam

Getting the hang of it
Joined
Dec 9, 2016
Messages
104
Reaction score
15
This reply is long overdue, however here goes. Yes, VPN is the only safe way for remote access to your camera system. However it will still not allow you to view live video. All camera manufacturers appear to employ Adobe FLV to encode transmitted vide to to its low bandwidth requirements. However since 2020 FLV is no longer supported. Push static image shots are now the only way to receive secure remote imagery.
i'm not sure what you are saying here, but it has nothing to do with streaming video over VPN or over a port forward. they are not related at all.
 
Joined
Aug 16, 2023
Messages
23
Reaction score
8
Location
London
Just a thanks to all those who helped me setup a VPN where I could view my security cameras externally without any unrestricted port forwarding. My system works perfectly now. I use Wireguard on a Raspverry Pi 5 server within my Apple system based LAN, where the router is a FritzBox from Zen. Again many thanks for all constructive advice.
 
Top