WyzeCam and Pfsense
-
https://support.wyze.com/hc/en-us/articles/360031479511-What-ports-are-necessary-for-Wyze-Cams-to-operate-
I've setup an alias for the cams ips and and alias with all these ports.
I've tried port forwarding. I've enabled upnp.
I wonder of this is an artifact of the modem not being in bridge mode.
-
@djskott said in WyzeCam and Pfsense:
I wonder of this is an artifact of the modem not being in bridge mode.
if your behind a double nat, for you to allow port forwards on pfsense, the ports would have to be forward on the device doing nat in front of pfsense. Look on your isp device for something called dmz host, where it forwards all traffic to IP you set, ie pfsense wan IP.
Then your pfsense forwards can work, pfsense can not forward traffic it never sees.
-
Those look like outbound ports which shouldn't be a problem.
How exactly does it fail in the app when you test?
It sees the cameras as available?
-
@johnpoz I have PF on the DMZ for my Modem/Router.
@stephenw10 Yes the App sees the cams as online and pulls a thumbnail. Its when I go to view live streams. The app shows a KBPS and it will range from a low speed say 3-5KBps and then jump up to 50 and then down to 4 and then hangs out at zero for a while and then maybe will spike up to 14 or 20 and then back to zero.
When on Cellular
When On LAN
-
Hmm, interesting. Is it actually updating the image during that time?
What sort of bit rate do you get when connecting locally?
-
Between 60-170 KBps The attached links to Youtube above show the behavior and rates.
-
Ah, yes I missed that second link, thanks. So it doesn't actually fail. You can see the timestamp incrementing still.
That looks more like MTU issue or a TCP windowing error. Try looking at a pcap of that traffic. Is it full of errors and/or retransmissions?
-
The cap is below See file attached, wyzeCAP.txt This is from when I loaded the cam in the App from my Mobile Phone. So the stream is coming through Port 10001 (UDP), I see a Secure HTTP from wyze to my phone prob to auth, and then starting to stream. The packet lengths vary. It seems that its a direct connection from the Cam to the App for this stream, its not uploading to the cloud (If Im reading this right).
Currently NO rules blocking TCP/UDP are in play.
This is all new to me so forgive me for any ignorance.
I tried finding my MTU.
└─$ ping -M do -s 1500 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 1500(1528) bytes of data.
ping: local error: message too long, mtu=1500└─$ ping -M do -s 1472 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 1472(1500) bytes of data.
76 bytes from 8.8.8.8: icmp_seq=1 ttl=58 (truncated)└─$ ping -s 1472 -M do 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 1472(1500) bytes of data.
76 bytes from 8.8.8.8: icmp_seq=1 ttl=58 (truncated)
76 bytes from 8.8.8.8: icmp_seq=2 ttl=58 (truncated)$ ping -s 1473 -M do 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 1473(1501) bytes of data.
ping: local error: message too long, mtu=1500So 1472 + 28 = 1500, so the MTU is 1500 or 1472?
Then MSS
MSS = 1500 - 20 - 20 - 8 = 1452 bytes.
Or
MSS = 1472 -20 -20 - 8 = 1424 bytes
Am I on the right path?
-
This post is deleted! -
1500 is the default so that's expected. Where were you testing that from though?
I note the maximum packet size the camera is sending is 1117. Or at least that's the largest packet captured. Where was that pcap taken?
-
@stephenw10 I was pinging from my laptop connected to the VLAN the cams are on. The cap was taken from Pfsesnse's packet capture tool.
-
@djskott what specific version of camera is this? I half a mind to order one to play with..
-
@johnpoz I have a Mix of the V3 and Floodlights w/ V3 cams.
https://www.amazon.com/Vision-Indoor-Outdoor-Camera-Assistant/dp/B08R59YH7W/ref=sr_1_5?crid=13FLV3G805FJ7&keywords=Wyze+v3&qid=1693310484&sprefix=wyze+v3%2Caps%2C348&sr=8-5
-
@djskott said in WyzeCam and Pfsense:
I would think the pan model would be exactly the same when it comes to networking.. Which is less than $2 more..edit: Well my v3 "pan" will be here tmrw ;)
-
@djskott said in WyzeCam and Pfsense:
The cap was taken from Pfsesnse's packet capture tool.
On which interface though?
If that was on WAN try looking on the VLAN. There might be more traffic there that isn't shown on the WAN. Which would be a big clue.
-
@stephenw10 That was from the VLAN
Here are Caps from when I initialize the Cam from My Phone (Not connected to LAN):
VLAN wyzeCAPVLAN200.txt
WAN wyzeCAPWAN.txt -
@djskott txt caps are not very useful.. just upload the actual pcap file..
-
@johnpoz My apologies
Due to size using links
WAN: https://www.djskott.com/thingsthatgohmm/pcapwan.zip
VLAN: https://www.djskott.com/thingsthatgohmm/pcapvlan.zip -
There are only 8 packets in the WAN pcap there to the cell IP. And they are all small.
You probably need to filter than pcap by the remote IP so it doesn't get swamped by other WAN traffic.
-
@stephenw10 When I filter the Phones IP, i see a string to the Modem and then nothing.
