ZeroTier and Dual Nic

moose021879

moose021879

n3wb
Jul 13, 2021
13
6
Milwaukee
I'm having trouble viewing BI remotely. If you use ZeroTier do you need to also do the Dual NIC setup as described in the Wiki? Thanks
 
You haven't really given us enough info to go on here. Assuming you utilize Zerotier as VPN remote access to your network, you could utilize a dual NIC setup but it may not be necessary. That really depends on your network design which you haven't shared with us.
 
Sorry I don't really know what I'm talking about (obviously) I set up the dual nic on my blue iris PC first. I then setup zero tier on my BI PC as well for VPN. My ultimate goal is to be able to remotely view BI on my home network, but also outside of the home network. Let me know what info you need and I'll try to get it for you. Thanks
 
Here's my setup. I've got a router with wifi in my house. There is a LAN line run from the house to the garage underground. I've got another router in my garage so that I can have a wifi signal in the garage. I've got a PC with blue iris and dual NIC's. One NIC is plugged into the router, one NIC is plugged into the POE switch. I cannot view UI3 when typing in the LAN access address in the house. Even though I have two routers, its the same network correct? Thanks
 
That depends on how you connected the 2nd router. If you connected the 2nd router to a LAN port then yes, it's on the same network. If you have connected the 2nd router via the WAN port, then the answer is no. In the 2nd scenario you will also be dealing with a 2nd NAT from the 2nd router. You'd have to open a port to get to the cameras in that case on the 2nd router.
 
The second router should be set to access mode. Not as a router.
Make and model of second router.
What is the SSID and channel on both the main router and the second router ?
Is the BI computer connected to the second router ?
a network diagram would help
 
bp2008 said:
You do not need two NICs to use Zerotier.
Click to expand...
Sorry about resurrecting an old thread.

Last year I sold my house and left behind the BI system.
Finally getting around to setting up a new BI system.
Came across a video about Zerotier.
Came here to see what the BI community thinks about it.
I was about to install a second NIC and OpenVPN.
But wait... sounds like the BI community endorses Zerotier.

Which way should I go? Zerotier or OpenVPN with 2nd NIC?

I assume (you know wht they say about assuming) that Zerotier prevents the cameras from phoning home. Right?

Thanks.
 
nowandthen said:
Sorry about resurrecting an old thread.

Last year I sold my house and left behind the BI system.
Finally getting around to setting up a new BI system.
Came across a video about Zerotier.
Came here to see what the BI community thinks about it.
I was about to install a second NIC and OpenVPN.
But wait... sounds like the BI community endorses Zerotier.

Which way should I go? Zerotier or OpenVPN with 2nd NIC?

I assume (you know wht they say about assuming) that Zerotier prevents the cameras from phoning home. Right?

Thanks.
Click to expand...

OpenVPN could be more reliable than Zerotier, because you don't need to depend on a cloud service or networking tricks like UDP hole punching (which does not always work) to get a connection.

But Zerotier is a lot simpler to set up.


Zerotier does not prevent cameras from phoning home. Neither does OpenVPN. That is not the job of a VPN. That is the role of using a 2nd NIC on the BI system. The 2nd NIC is so you can connect the BI system to a completely separate network that contains only your cameras and/or other devices that you don't want to allow internet access.
 
  • Like
Reactions: MTL4, looney2ns, alastairstevenson and 1 other person
nowandthen said:
Sorry about resurrecting an old thread.

Last year I sold my house and left behind the BI system.
Finally getting around to setting up a new BI system.
Came across a video about Zerotier.
Came here to see what the BI community thinks about it.
I was about to install a second NIC and OpenVPN.
But wait... sounds like the BI community endorses Zerotier.

Which way should I go? Zerotier or OpenVPN with 2nd NIC?

I assume (you know wht they say about assuming) that Zerotier prevents the cameras from phoning home. Right?

Thanks.
Click to expand...

Zerotier by its self 'Phones home' and OpenVPN uses self sign certificates so its suseptible to MTM attacks.
Unless the NVR uses poor authentication methods, There is nothing wrong with serving a NVR on its own outside IP address with a public CA certificate. Which is the real secure method.
 
tech_junkie said:
Zerotier by its self 'Phones home'
Click to expand...

Yes, this is true.

tech_junkie said:
OpenVPN uses self sign certificates so its suseptible to MTM attacks.
Click to expand...

While this is technically true, the adversary would need to be "in the middle" during the initial key exchange (during creation and copying of the openvpn configuration file) in order to substitute public keys with their own. Once the OpenVPN tunnel is configured, each end of the connection is able to verify that the entity it is communicating with has the correct private key.

tech_junkie said:
Unless the NVR uses poor authentication methods, There is nothing wrong with serving a NVR on its own outside IP address with a public CA certificate. Which is the real secure method.
Click to expand...

That is only if you trust the NVR to be well hardened against attack. Which the major brands have proven over and over again that they are not. It doesn't matter how good the authentication method is when the attacker is triggering a remote code execution bug or exploiting a backdoor or other authentication bypass vulnerability.
 
  • Like
Reactions: TonyR
bp2008 said:
That is only if you trust the NVR to be well hardened against attack. Which the major brands have proven over and over again that they are not. It doesn't matter how good the authentication method is when the attacker is triggering a remote code execution bug or exploiting a backdoor or other authentication bypass vulnerability.
Click to expand...
Then they need to repair it and others publish the CVE and boycott their products until they comply. It is ludicrous to cover for them by hiding a vulnerable system and not say anything about it.
 
bp2008 said:
While this is technically true, the adversary would need to be "in the middle" during the initial key exchange (during creation and copying of the openvpn configuration file) in order to substitute public keys with their own. Once the OpenVPN tunnel is configured, each end of the connection is able to verify that the entity it is communicating with has the correct private key.
Click to expand...

NEVER underestimate a hacker. Especially advanced ones that can make efficient automatic code and pass it around to other hackers.
 
tech_junkie said:
Then they need to repair it and others publish the CVE and boycott their products until they comply. It is ludicrous to cover for them by hiding a vulnerable system and not say anything about it.
Click to expand...

Yeah, and Biden should not be President since 2021. Since he denied to pass a mental health test. Maybe he sign his own pass certificate ? Not sure if a man in the middle already exchange the public certificate.

You are writing bullshit day after day.

Screenshot_20240723-111213.png
 
  • Like
Reactions: TonyR and looney2ns
duplo said:
Yeah, and Biden should not be President since 2021. Since he denied to pass a mental health test. Maybe he sign his own pass certificate ? Not sure if a man in the middle already exchange the public certificate.
Click to expand...

The pitfalls of self signed certificates is well documented and the standard practice to deploy Public TLS/SSL CA Certificates with these programs when you apply the internet to them.

Ignore me if you want, but its your own fault if you get hacked.
 
You must log in or register to reply here.
Top Bottom