WyzeCam and Pfsense
-
Try setting a static port outbound NAT mappings for the camera IPs. It's possible the cloud side of this can't cope with source port changes. Though that's unlikely, anything vaguely recent should have no problem with that.
https://docs.netgate.com/pfsense/en/latest/nat/outbound.html#static-port
-
Added the Static port earlier and there was no change.
New Cat 8 arrived and has Doubled speeds to around 200-220 on speed.cloudflare.com
─$ iperf3 -c 192.168.200.1
Connecting to host 192.168.200.1, port 5201
[ 5] local 192.168.200.236 port 45108 connected to 192.168.200.1 port 5201
[ ID] Interval Transfer Bitrate Retr Cwnd
[ 5] 0.00-1.00 sec 18.9 MBytes 158 Mbits/sec 0 837 KBytes
[ 5] 1.00-2.00 sec 18.8 MBytes 157 Mbits/sec 0 1.09 MBytes
[ 5] 2.00-3.00 sec 18.8 MBytes 157 Mbits/sec 0 1.20 MBytes
[ 5] 3.00-4.00 sec 18.8 MBytes 157 Mbits/sec 0 1.45 MBytes
[ 5] 4.00-5.00 sec 20.0 MBytes 168 Mbits/sec 0 1.52 MBytes
[ 5] 5.00-6.00 sec 18.8 MBytes 157 Mbits/sec 0 1.52 MBytes
[ 5] 6.00-7.00 sec 20.0 MBytes 168 Mbits/sec 0 1.52 MBytes
[ 5] 7.00-8.00 sec 17.5 MBytes 147 Mbits/sec 0 1.52 MBytes
[ 5] 8.00-9.00 sec 12.5 MBytes 105 Mbits/sec 0 1.52 MBytes
[ 5] 9.00-10.00 sec 10.0 MBytes 83.9 Mbits/sec 0 1.52 MBytes
[ ID] Interval Transfer Bitrate Retr
[ 5] 0.00-10.00 sec 174 MBytes 146 Mbits/sec 0 sender
[ 5] 0.00-10.03 sec 171 MBytes 143 Mbits/sec receiver -
Hmm, what link did you replace the cable on? Where is that test between?
-
WAN.
That perf3 test is AP to PFSense
I also ran a speedtest from CLI.
Shell Output - speedtest-cli
Retrieving speedtest.net configuration...
Testing from Cox Communications (98.x.x.x)...
Retrieving speedtest.net server list...
Selecting best server based on ping...
Hosted by CenturyLink (Tucson, AZ) [148.82 km]: 41.069 ms
Testing download speed................................................................................
Download: 724.45 Mbit/s
Testing upload speed......................................................................................................
Upload: 107.26 Mbit/sThroughput to ISP is decent.
-
And that's the cable you replaced?
-
Cable from Modem to PFsense was replaced.
The cables from the AP's to the POE and POE to Switch and switch to PFS are all New C7/C8.
-
@djskott It's been a busy day. Here is my pf filter I'm new to pfsense as a home user since like 2 weeks ago besides using it in my work capacity. Which file would you like to see?
[EDIT]
Also this will help change those zeros on the up and down rates for the cameras. Run this link x number of cameras.https://view.wyze.com/live
[EDIT-EDIT]
I know when I worked in the NOC sites we setup traffic shaping for their events. When it was time to turn it off and on a lot of times it was not as obvious where the on and off switch was. It was never where you'd think it would be.
-
So I nuked the box and started Fresh today.
Set the PFSENSE Box on my Modem/Gateway's DMZ (Temp)
I am blocking all v6 traffic on WAN.
Set the Firewall to allow ALL ports on All net's In and out. (all/all) (Temp)
Setup the VLAN for Guest
Set DNS to my managed DNS Service for restricting access to certain sites
Set the firewall rule for this VLAN to open all/all
VLAN is online. Speeds are inline with the AP specs.
Setup the VLAN for IoT/Cams.
Blocked VLAN for Guest (in/out)
Set the firewall rule for this VLAN open for all/all
VLAN is online. Speeds are inline with the AP Specs.No Traffic shapers
No Bufferbloat setupThis config really should let everything pass. Yet I'm still getting buffering when trying to view WyzeCam's via the internet.
LAN the cams stream fine.
I am truly at a loss now. /headdesk
-
How are you testing? Some dedicated phone app?
I assume they have some 'cloud' service that serves to negotiate the link between cameras and client. Does that have anything to show the cameras are registering correctly?
My money would still be on either static port NAT or UPnP
-
@stephenw10 yes the wyze app on my phones.
-
Ok, and it links to your account which is some cloud based service that the cameras also connect to?
It's very unlikely their service actually handles the video streams between the clients and cameras, that would be a massive amount of data. Much more likely it handles address/port negotiation between them to setup a direct connection. If that is the case it could rely on UPnP or be broken by outbound NAT changing he source port. What do the docs show the camera connection requires?
-
https://support.wyze.com/hc/en-us/articles/360031479511-What-ports-are-necessary-for-Wyze-Cams-to-operate-
I've setup an alias for the cams ips and and alias with all these ports.
I've tried port forwarding. I've enabled upnp.
I wonder of this is an artifact of the modem not being in bridge mode.
-
@djskott said in WyzeCam and Pfsense:
I wonder of this is an artifact of the modem not being in bridge mode.
if your behind a double nat, for you to allow port forwards on pfsense, the ports would have to be forward on the device doing nat in front of pfsense. Look on your isp device for something called dmz host, where it forwards all traffic to IP you set, ie pfsense wan IP.
Then your pfsense forwards can work, pfsense can not forward traffic it never sees.
-
Those look like outbound ports which shouldn't be a problem.
How exactly does it fail in the app when you test?
It sees the cameras as available?
-
@johnpoz I have PF on the DMZ for my Modem/Router.
@stephenw10 Yes the App sees the cams as online and pulls a thumbnail. Its when I go to view live streams. The app shows a KBPS and it will range from a low speed say 3-5KBps and then jump up to 50 and then down to 4 and then hangs out at zero for a while and then maybe will spike up to 14 or 20 and then back to zero.
When on Cellular
When On LAN
-
Hmm, interesting. Is it actually updating the image during that time?
What sort of bit rate do you get when connecting locally?
-
Between 60-170 KBps The attached links to Youtube above show the behavior and rates.
-
Ah, yes I missed that second link, thanks. So it doesn't actually fail. You can see the timestamp incrementing still.
That looks more like MTU issue or a TCP windowing error. Try looking at a pcap of that traffic. Is it full of errors and/or retransmissions?
-
The cap is below See file attached, wyzeCAP.txt This is from when I loaded the cam in the App from my Mobile Phone. So the stream is coming through Port 10001 (UDP), I see a Secure HTTP from wyze to my phone prob to auth, and then starting to stream. The packet lengths vary. It seems that its a direct connection from the Cam to the App for this stream, its not uploading to the cloud (If Im reading this right).
Currently NO rules blocking TCP/UDP are in play.
This is all new to me so forgive me for any ignorance.
I tried finding my MTU.
└─$ ping -M do -s 1500 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 1500(1528) bytes of data.
ping: local error: message too long, mtu=1500└─$ ping -M do -s 1472 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 1472(1500) bytes of data.
76 bytes from 8.8.8.8: icmp_seq=1 ttl=58 (truncated)└─$ ping -s 1472 -M do 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 1472(1500) bytes of data.
76 bytes from 8.8.8.8: icmp_seq=1 ttl=58 (truncated)
76 bytes from 8.8.8.8: icmp_seq=2 ttl=58 (truncated)$ ping -s 1473 -M do 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 1473(1501) bytes of data.
ping: local error: message too long, mtu=1500So 1472 + 28 = 1500, so the MTU is 1500 or 1472?
Then MSS
MSS = 1500 - 20 - 20 - 8 = 1452 bytes.
Or
MSS = 1472 -20 -20 - 8 = 1424 bytes
Am I on the right path?
-
This post is deleted!
