What outdoor security cameras are compatible with using Windows phones as a viewer ?

Roger

Getting the hang of it
Joined
May 30, 2014
Messages
89
Reaction score
47
Location
Bellevue, WA
Windows Phone also supports a few other VP protocols and if he wants to keep is phone, there are numerous tutorials to set up Softether on a $35 raspberry pi. Setting up VPN Server on Raspberry Pi 2 is one example.
As to the insecurity of pptp, if someone wants my data that bad, they can break into my garage with a cat-5 cable and connect to my stack of switches in the rack. I would not use it for a business, but doubt that someone is going to spend the effort to crack my pptp tunnel to get to my house.
 
  • Like
Reactions: GKL

mat200

IPCT Contributor
Joined
Jan 17, 2017
Messages
13,650
Reaction score
22,741
Windows Phone also supports a few other VP protocols and if he wants to keep is phone, there are numerous tutorials to set up Softether on a $35 raspberry pi. Setting up VPN Server on Raspberry Pi 2 is one example.
As to the insecurity of pptp, if someone wants my data that bad, they can break into my garage with a cat-5 cable and connect to my stack of switches in the rack. I would not use it for a business, but doubt that someone is going to spend the effort to crack my pptp tunnel to get to my house.
"bots"/malware are already out there attempting to break into whatever is connected to the internet, so you do not want to be too cozy with regards to the threat.
 
  • Like
Reactions: GKL

GKL

Getting the hang of it
Joined
Oct 20, 2017
Messages
167
Reaction score
8
"bots"/malware are already out there attempting to break into whatever is connected to the internet, so you do not want to be too cozy with regards to the threat.
So is it almost a definite given that if anyone uses PPTP that eventually they'll have their network infected with malware from a bot ?
 

GKL

Getting the hang of it
Joined
Oct 20, 2017
Messages
167
Reaction score
8
pptp is an old way of implementing vpn and is not secure...in many ways it worse than port forwarding because a vulnerability will expose your entire network. Buy a 50 dollar android phone and sell the windows phone...all your problems will be solved.
I don't think we'd get anywhere close to what they are worth even if we did want to switch, the windows phones have us spoiled, it's almost like carrying around a computer with its live tiles and neat features. We have some old android phones already, but they are just used on WIFI as cameras using Alfred Alfred | Turn your old phones into home security cameras

The drawback with Alfred is using android phones as cameras don't have IR night vision but are great for daytime or inside use as a camera/monitor.
 

GKL

Getting the hang of it
Joined
Oct 20, 2017
Messages
167
Reaction score
8
Hi Gary,
Using PPTP to view the main stream exhibits both lag and shop. Sub stream seems to be acceptable. And on a phone screen they look almost the same.
To tell you the truth, I don't remember what it took to set up PPTP. I believe it is supported in dd-wrt natively. There is a good discussion of it here. PPTP is also easy to implement in the Windows OS.
I use dd-wrt on most of my routers out of habit. Not sure I am using 1/20th of the capabilities that it has. Did a router search in the DB and your device does not support dd-wrt.
You might also look at SoftEther VPN Project - SoftEther VPN Project. It provides VPN server that can get through your router.

Roger
So the bottom line is that PPTP is not good for viewing a live stream ?
 

GKL

Getting the hang of it
Joined
Oct 20, 2017
Messages
167
Reaction score
8
Windows Phone also supports a few other VP protocols and if he wants to keep is phone, there are numerous tutorials to set up Softether on a $35 raspberry pi. Setting up VPN Server on Raspberry Pi 2 is one example.
As to the insecurity of pptp, if someone wants my data that bad, they can break into my garage with a cat-5 cable and connect to my stack of switches in the rack. I would not use it for a business, but doubt that someone is going to spend the effort to crack my pptp tunnel to get to my house.
Could I just use Softether on my laptop computer ?

With Softether is it possible to securely use my current router - RT-ACRH13 | Networking | ASUS USA and somehow still securely connect to the "L2TP with IPsec" client on my windows phone using software on my computer from Softether - SoftEther VPN Project - SoftEther VPN Project and here is another page - Setup L2TP/IPsec VPN Server on SoftEther VPN Server - SoftEther VPN Project
 

GKL

Getting the hang of it
Joined
Oct 20, 2017
Messages
167
Reaction score
8
I have not yet powered up my ip camera, the DS-2CD2342WD-I DS-2CD2342WD-I-Hangzhou Hikvision Digital Technology Co. Ltd. as I am educating myself enough first so I'll actually feel like I know what I'm doing :lol:

When I do power up my camera for the first time is it still necessary to turn off some camera functions right away ?

The reason I ask is because an article says that Hikvision was supposed to be removing the auto "phone home" function, here is the article -

Hikvision Removing Auto 'Phone Home'
 

GKL

Getting the hang of it
Joined
Oct 20, 2017
Messages
167
Reaction score
8
I have the iVMS-4500 on my Lumia 950XL and it does have the capability to play back recorded video if it is on the SD card in the camera. As for the generic IP camera apps, I would suspect that is the case, but have only played with a few of them.
Hi Roger,

I was hoping you could check what settings you use in your windows phone for the iVMS-4500 app in hopes it might help my problem below -

I have finally connected and powered my camera up (just in the house for now to get things set up before installing it outside) and so far I can view the live camera feed very well thru my LAN WIFI both on the iVMS-4500 on my windows phone nd the iVMS-4200 on my laptop.

What I am trying to do now is to view a live feed on the iVMS-4500 remotely (turning off my phone WIFI and turning on the DATA connection).

I obviously have something not set right as I get the error "ddns server internal error".

What should go in the various fields that you fill in when adding a new device on iVMS-4500 so I can maybe see what I did wrong.

Alias: (the name I name it)
Register Mode: should it be HiDDNS or IP/DOMAIN or IP SERVER (I used IP/DOMAIN for the successful WIFI setup)
Address: what goes here ?
Port: what goes here ?
Username: already filled in with admin
Password: I use my camera password
Camera No.: seemed to fill in automatically for the WIFI setup

NOTE: info needed is to have a remote view of the live feed.

NOTE: I do have a hik-connect account that gave me a 9 digit number.

NOTE: I think just the android and the IOS versions of the iVMS-4500 app have a separate "Hik-Connect" option, the Windows Mobile version does not, I think the Windows version needs to use the "HiDDNS" register mode, but I can't get it to work ("ddns server internal error") so there is obviously something I'm not doing right.

EDIT TO ADD:

Was doing more research after posting this and found a help page at this link that said:

http://www.hikvision.com/ueditor/net/upload/2017-01-05/fff5d82f-35e1-49cd-8cce-01dcd805fe12.pdf

In order to improve your user experience, we recommend you enable the UPnP function in both your router and device, or configure Ports Forwarding manually in your router.

You still can use Hik-Connect service even if you don’t enable UPnP or configure ports forwarding manually; however, you cannot use Hik-Connect domain name service.
(end of quote)

I read that it's not safe to enable UPnP and forward ports, is it okay in this instance, did you set yours up that way ? (I'm not sure if that would solve the error ("ddns server internal error")

Thanks !

Gary
 
Last edited:

Roger

Getting the hang of it
Joined
May 30, 2014
Messages
89
Reaction score
47
Location
Bellevue, WA
Hi Roger,

I was hoping you could check what settings you use in your windows phone for the iVMS-4500 app in hopes it might help my problem below -

I have finally connected and powered my camera up (just in the house for now to get things set up before installing it outside) and so far I can view the live camera feed very well thru my LAN WIFI both on the iVMS-4500 on my windows phone nd the iVMS-4200 on my laptop.

What I am trying to do now is to view a live feed on the iVMS-4500 remotely (turning off my phone WIFI and turning on the DATA connection).

I obviously have something not set right as I get the error "ddns server internal error".

What should go in the various fields that you fill in when adding a new device on iVMS-4500 so I can maybe see what I did wrong.

Alias: (the name I name it)
Register Mode: should it be HiDDNS or IP/DOMAIN or IP SERVER (I used IP/DOMAIN for the successful WIFI setup)
Address: what goes here ?
Port: what goes here ?
Username: already filled in with admin
Password: I use my camera password
Camera No.: seemed to fill in automatically for the WIFI setup

NOTE: info needed is to have a remote view of the live feed.

NOTE: I do have a hik-connect account that gave me a 9 digit number.

NOTE: I think just the android and the IOS versions of the iVMS-4500 app have a separate "Hik-Connect" option, the Windows Mobile version does not, I think the Windows version needs to use the "HiDDNS" register mode, but I can't get it to work ("ddns server internal error") so there is obviously something I'm not doing right.

EDIT TO ADD:

Was doing more research after posting this and found a help page at this link that said:

http://www.hikvision.com/ueditor/net/upload/2017-01-05/fff5d82f-35e1-49cd-8cce-01dcd805fe12.pdf

In order to improve your user experience, we recommend you enable the UPnP function in both your router and device, or configure Ports Forwarding manually in your router.

You still can use Hik-Connect service even if you don’t enable UPnP or configure ports forwarding manually; however, you cannot use Hik-Connect domain name service.
(end of quote)

I read that it's not safe to enable UPnP and forward ports, is it okay in this instance, did you set yours up that way ? (I'm not sure if that would solve the error ("ddns server internal error")

Thanks !

Gary
Hi Gary,
You are not saying how you want to connect from outside? Did you get the VPN to work? If so you would connect with the existing Wi-Fi settings.
If you are looking to connect through the you would need to forward some ports. If you are going to do that you would need some type of dynamic DNS or a static IP.
Give me a bit more info on how you are planning to connect and I can assist.
Roger
 
  • Like
Reactions: GKL

GKL

Getting the hang of it
Joined
Oct 20, 2017
Messages
167
Reaction score
8
Hi Gary,
You are not saying how you want to connect from outside? Did you get the VPN to work? If so you would connect with the existing Wi-Fi settings.
If you are looking to connect through the you would need to forward some ports. If you are going to do that you would need some type of dynamic DNS or a static IP.
Give me a bit more info on how you are planning to connect and I can assist.
Roger
Thanks, I appreciate your help and all the help everyone else is replying with, I hate to have to keep asking for more help, I thought I'd find a solution by now, but remote viewing on a Windows phone seems to be a real challenge :confused::lol:

VPN is what I had been trying to set up but I still haven't did something right to get a VPN connection to my windows phone, here is a link to my post from a thread where I have been trying to figure that out -

VPN Primer for Noobs

I was hoping the Hik-Connect would be a solution until I could eventually figure out the VPN, but I seem to keep running into different roadblocks.

I found yet another (maybe more recent) Hik-Connect help page at -

http://hikvisionusa.com/Techsupport/how to/Hik-Connect Data Sheet NA090517.pdf

It gives two options for remote viewing, Hik-Connect P2P service (no port forwarding needed) - or - Hik-Connect DDNS service (does need port forwarding)

I would like to use the Hik-Connect P2P service since no port forwarding is needed, but I can't find a way to set it up on a Windows phone.

As far as port forwarding with the Hik-Connect DDNS service, they even share a security tip as follows:

Security Tip: Minimize the number of ports opened to the Internet. Port forwarding should only be configured when absolutely necessary. Avoid common ports by changing the default device ports and / or mapping different external ports to the internal ports. (end of quote)

I'm not sure how to do that or how much safer not using common ports would make it, but if there is no way to get the Hik-Connect P2P service to work on a Windows phone and since it seems like getting a VPN connection to my windows phone figured out could take weeks or even months of research the Hik-Connect DDNS service using port forwarding might be my only option for now, but without VPN protection.
 
Last edited:

Roger

Getting the hang of it
Joined
May 30, 2014
Messages
89
Reaction score
47
Location
Bellevue, WA
Hi Gary,
While you are working on getting your VPN to work I would enable port forwarding. Let's, for example, assume you have two cameras you want to view. This assumes that you have some type of dynamic DNS setup. If you configured softether on your laptop then they provide a Dynamic DNS service for free.
Assumption: You have dynamic DNS i.e "yourname.softether.net"
On your router pick a random port #. Use a very high number out of the common range 8000 +
On your router:
Service Name: Camera name (kitchen, yard)
Port range: random high value # i.e. 8624
local IP: Camera internal IP i.e. 192.168.0.x
Local Port: 80 or whatever the port is that you use to view it from.

Set one of these for each camera using a different Port Range value.
On you phone in IVMS app:
Alias: Camera name
Register mode: IP/Domain
Address: DNS name like "yourname.softether.net" or external IP if you have static
Port: random port you forwarded on your router i.e 8642
Usename: Camera login
Password: Camera password.

Not sure if using some random high port number to forward through your firewall is any more risky then using pptp. I would not think so.

Roger
 

GKL

Getting the hang of it
Joined
Oct 20, 2017
Messages
167
Reaction score
8
Hi Gary,
While you are working on getting your VPN to work I would enable port forwarding. Let's, for example, assume you have two cameras you want to view. This assumes that you have some type of dynamic DNS setup. If you configured softether on your laptop then they provide a Dynamic DNS service for free.
Assumption: You have dynamic DNS i.e "yourname.softether.net"
On your router pick a random port #. Use a very high number out of the common range 8000 +
On your router:
Service Name: Camera name (kitchen, yard)
Port range: random high value # i.e. 8624
local IP: Camera internal IP i.e. 192.168.0.x
Local Port: 80 or whatever the port is that you use to view it from.

Set one of these for each camera using a different Port Range value.
On you phone in IVMS app:
Alias: Camera name
Register mode: IP/Domain
Address: DNS name like "yourname.softether.net" or external IP if you have static
Port: random port you forwarded on your router i.e 8642
Usename: Camera login
Password: Camera password.

Not sure if using some random high port number to forward through your firewall is any more risky then using pptp. I would not think so.

Roger
Okay, thanks, I appreciate the details, I go slow at this since it's new to me though.

On this help page http://hikvisionusa.com/Techsupport/how to/Hik-Connect Data Sheet NA090517.pdf it says:

"Avoid common ports by changing the default device ports and / or mapping different external ports to the internal ports."

Isn't 80 a common port to be avoided, or is that a port you have to use ?

Anyhow I would have preferred to use the Hik-Connect P2P service since no port forwarding is needed, but I can't find any client for that for a Windows phone.

Don't remember if I asked already (I'm talking to different people on different threads) but do you use a Windows phone with iVMS-4500 ?
 

Roger

Getting the hang of it
Joined
May 30, 2014
Messages
89
Reaction score
47
Location
Bellevue, WA
Hi Gary,
This, "Avoid common ports by changing the default device ports and / or mapping different external ports to the internal ports.", is why I said to pick a random port above 8000. This is for the public side of your network. The router will NAT it to whatever port you specify internally. No issues using 80 internally as those addresses are not routable. I do use iVMS-4500 but it doesn't support Hik-Connect P2P as far as I can tell.
 
  • Like
Reactions: GKL

GKL

Getting the hang of it
Joined
Oct 20, 2017
Messages
167
Reaction score
8
Hi Gary,
This, "Avoid common ports by changing the default device ports and / or mapping different external ports to the internal ports.", is why I said to pick a random port above 8000. This is for the public side of your network. The router will NAT it to whatever port you specify internally. No issues using 80 internally as those addresses are not routable. I do use iVMS-4500 but it doesn't support Hik-Connect P2P as far as I can tell.
Okay, thanks Roger, you can tell I am new at this stuff :lol:

I got some chores to do now, but I'll see about trying those settings you mentioned.

Being a Noob I am leery that if I try anything that doesn't use a VPN that there is a high risk of getting hacked, but maybe I am being overly concerned, I am not sure.
 

fenderman

Staff member
Joined
Mar 9, 2014
Messages
36,897
Reaction score
21,250
Okay, thanks Roger, you can tell I am new at this stuff :lol:

I got some chores to do now, but I'll see about trying those settings you mentioned.

Being a Noob I am leery that if I try anything that doesn't use a VPN that there is a high risk of getting hacked, but maybe I am being overly concerned, I am not sure.
changing your port will do nothing...you will get hacked...
 

Roger

Getting the hang of it
Joined
May 30, 2014
Messages
89
Reaction score
47
Location
Bellevue, WA
You are correct, eventually someone will find the port. I would still recommend softether to connect with. It works from my winphone perfectively and was pretty easy to set up.
 
  • Like
Reactions: GKL

GKL

Getting the hang of it
Joined
Oct 20, 2017
Messages
167
Reaction score
8
changing your port will do nothing...you will get hacked...
I know I sound like a noob, it's because I am when it comes to this stuff, but you are saying everyone who does port forwarding WILL get hacked, not maybe or 50% chance, but definitely will get hacked ?

If so and it's that bad, why don't they make routers so it's impossible to do something that can only result in definitely getting hacked ?
 

GKL

Getting the hang of it
Joined
Oct 20, 2017
Messages
167
Reaction score
8
You are correct, eventually someone will find the port. I would still recommend softether to connect with. It works from my winphone perfectively and was pretty easy to set up.
Softether is what I was trying to use since it does offer VPN protection, but it hasn't been easy for me (as a noob), I could have just a couple basic settings wrong and have no idea that it's wrong.

At least since I know since it works with your windows phone at least I'll know it's worth the ongoing effort to figure out what settings I have wrong or maybe not set at all that should be set. It will be funny if a month or two from now I finally figure out what's wrong and it turns out to be something very simple, but that's part of the challenge of being a noob :lol:
 
Top