webrtc
-
is this something i can configure in pfsense?
it’s not entirely clear
what they mean by that, but I think there might be something like thatin your situation 1:1NAT or UPnP
(we don't really like UPnP on firewalls so segment your network where you enable UPnP - VLAN or independent interface)https://docs.netgate.com/pfsense/en/latest/nat/1-1.html
https://docs.netgate.com/pfsense/en/latest/services/upnp.html -
Maybe the outbound NAT needs to be static for the device, so that the port is the same between the host and pfSense doing the NAT? Maybe there's something in the data that says what port the device is using, but the NAT on pfSense is using a different port on its connection, causing problems.
The S in IOT stands for Security
-
@virgiliomi said in webrtc:
Maybe the outbound NAT needs to be static
you are on a very good way, but it is VMS system...
something like that:
https://en.wikipedia.org/wiki/Video_management_systemor
https://us.hikvision.com/en/partners/technology-partners/vmsI hope this is the case, as this has not been explained properly by the OP
so like a game console, but not so complicated... hihiihi
so it can be dangerous to misconfigure behind a firewall -
@virgiliomi can you give me an example how to configure this?
-
Re-reading everything now, outbound NAT isn't likely the issue. Since the VMS server probably isn't making an outbound connection to your device when you want to watch a camera, that was a poor suggestion.
-
can you give me an example how to configure this?
if your VMS knows UPnP, and what I've seen so far is known...
that will be the solution, but be careful this is dangerous on NGFW...separate the VMS network with a separate interface
BTW:
pls. note that pfSense does not block anything (just because it is), especially not RTSP stuff, ergo your settings are bad -
@daddygo when i enable upnp. it is still not working.
when i swapp pfsense for en simple router it is working fine... -
-
@daddygo is a local dutch solution: https://ensura.com/
-
@jacquesh the strange thing is: when i install vmscore on a local server in my network, my client pc's in the local network has the same problem.
-
-
when i install vmscore on a local server in my network,
I googled my brain to ruins and there is almost no description from this VMS ...
do you have some user or installation guides in your hand or PRTSC setup?something like these:
BTW:
This is a Hikvision VMS, running behind a pfSense....
I only threw ports up to 50K effortlessly,.... it works flawlessly, so your "vmscore" works differently -
@daddygo
they say:"
VMSCORE Servers need to be behind a compatible NAT type (basically, anything but Symmetric NAT) in order for bidirectional communication to be possible through a firewall.See here:
https://doc-kurento.readthedocs.io/en/stable/knowledge/nat.html#port-restricted-cone-nat -
basically, anything but Symmetric NAT
I found this yet, pls. read Jimp's response (second answer) about symmetric NAT, so you're not in a good position,....
https://forum.netgate.com/topic/57370/symmetric-nat
-a correct description of the VMS is required to assign static ports (I would ask this from the vms developers)
-or as I suggested 1: 1NAT
