Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Unable to reach Reolink camera on VLAN

    Scheduled Pinned Locked Moved L2/Switching/VLANs
    10 Posts 7 Posters 7.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      gulo
      last edited by

      Hello,

      I have a separate VLAN created for all my IP cameras (192.168.20.x). There is also a wireless network linked to that VLAN on Unifi access point. I have several cameras from different manufacturers (Foscam, Hisense, D-Link) connected to that WIFI/VLAN and they all work fine and are accessible from my main LAN.

      Today I have purchase a new camera Reolink E1 Pro. I set it up using their app and connected it to my CAMERAS VLAN wifi. When my phone is connected to the same WIFI I can connect to the camera and it works fine. However all my computers run on the main LAN interface (192.168.1.x) and none of them are able to ping or see the camera on the 192.168.20.x subnet.

      When I reconfigured the camera to use the main LAN Wifi and it got 192.168.1.x everything worked fine and I was able to see it.

      I have disabled all firewall rules and even added one for the CAMERAS VLAN to allow all traffic but I cannot seem to be able to reach this camera from my other networks. I am really not sure if this is a firewall problem, VLAN problem or a problem with Reolink cameras? Is it possible that the camera refuses to be reached from other VLANS? What possible troubleshooting can I do?

      Thanks

      A 1 Reply Last reply Reply Quote 0
      • G
        gulo
        last edited by

        When I ping from the same CAMERAS VLAN I get response:

        c005756a-1d49-4346-bfdf-bfb57cf8b19d-image.png

        Pinging from LAN I do not:

        436eb751-29f3-409b-868b-02cae52e9774-image.png

        K 1 Reply Last reply Reply Quote 0
        • K
          Karl Gustavson @gulo
          last edited by

          @gulo

          According to a post in Reolinks support forum, this seems to be a known issue introduced with one of the last firmware updates:

          https://reolink.com/topic/e1-pro-unaccessible-from-another-local-subnet-after-firmware-update/

          Only option seems to be reaching out to Reolinks support.

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            Do you have a gateway set in this camera's setting? If not then no you would never be able to talk to it from a different network.

            Possible work around to devices that do not have gateway, is to source nat your traffic so to the camera it looks like it came from the IP of pfsense in this network.

            In your example that would be your 20.1 IP... This is just a simple outbound nat setup..

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.7.2, 24.11

            Z 1 Reply Last reply Reply Quote 1
            • Z
              zroger @johnpoz
              last edited by

              I had this same issue with my E1 cameras when I put them on a separate VLAN. I was able to solve this with a source NAT like @johnpoz mentioned. Here's what my NAT rule ended up looking like:

              f5f7a656-8d08-4543-aebd-0d0cbb8a54d1-image.png

              VLAN_IOT is the interface that the cameras are on, and 192.168.4.0/24 is the network for that VLAN.

              Hope this helps anyone having the same problem.

              A 1 Reply Last reply Reply Quote 0
              • bingo600B
                bingo600
                last edited by

                I think i had somewhat the same issue with a camera (can't remember brand).
                DHCP didn't set (well take) the def-gw.

                But setting it w. static ip would work.
                The cam had a little webserver , where i could set static ip etc.

                /Bingo

                If you find my answer useful - Please give the post a šŸ‘ - "thumbs up"

                pfSense+ 23.05.1 (ZFS)

                QOTOM-Q355G4 Quad Lan.
                CPUĀ  : Core i5 5250U, Ram : 8GB Kingston DDR3LV 1600
                LANĀ  : 4 x Intel 211, DiskĀ  : 240G SAMSUNG MZ7L3240HCHQ SSD

                1 Reply Last reply Reply Quote 0
                • A
                  andrea.rizzini @zroger
                  last edited by andrea.rizzini

                  @zroger @zroger I have the same issue. Just tried to replicate your NAT source rule but it is not working for me. To my understanding is that this NAT rule should be able to bridge the two network from VLAN (private) to a VLAN (IOT). However when looking at your example I don't see how this is possible. If 192.168.4.0/24 is the VLAN network for the IOT network and the "IOT addresses" infers 192.168.4.0/24, how's this supposed to work? It is just translating addresses from and to the same network? Where is this NAT rule created on the (private) VLAN. Would you mind give some advise how to set this up correctly. Very much obliged for a y help you could provide.

                  1 Reply Last reply Reply Quote 0
                  • A
                    ahsunh @gulo
                    last edited by ahsunh

                    @gulo dear sir for using local subnets intervlan communication you need to allow sourceNAT with destination(Other vlan IP) for communication.
                    this firewall rule is placed on you source where you want to access IP camera like lan or other VLAN to WIFI vlan or camera vlan.

                    thanks

                    A 1 Reply Last reply Reply Quote 0
                    • A
                      andrea.rizzini @ahsunh
                      last edited by

                      I have tried a couple of suggestions and i'm not sure if "it is not working on my machine" or it is me that is not getting what is the right configuration i need to specify in the NAT rule.

                      In my case i have

                      • PRIVATE vlan
                      • PRIVATE net - 192.168.10.1/24
                      • IOT vlan
                      • IOT net - 192.168.100.1/24
                      • Cameras IPs -- 192.168.100.160-166

                      Not when i'm connetec on my laptop on PRIVATE vlan with address 192.168.10.101, i can't access the cameras. Reading previous posts it seems that i need to create a NAT outbound rule.

                      Could anyone help me with the right configuration / parameters i need to specify?

                      Your help is extremely appreciated.

                      johnpozJ 1 Reply Last reply Reply Quote 0
                      • johnpozJ
                        johnpoz LAYER 8 Global Moderator @andrea.rizzini
                        last edited by johnpoz

                        @andrea-rizzini for starters what are the rules on your private interface? Are you forcing traffic out a gateway before you allow access to your camera vlan? Or your camera IPs

                        But examples were given on how to create the source nat (or outbound nat on the iot camera vlan) interface.

                        It would just be an outbound nat using your IOT interface, and the IOT interface address. Now when you talk to the camera's from your private net, it looks like your talking from the IOT interface IP.

                        Currently I show uptime of
                        63 Days 06 Hours 39 Minutes 54 Seconds

                        Which would of been when I updated to 22.01

                        An intelligent man is sometimes forced to be drunk to spend time with his fools
                        If you get confused: Listen to the Music Play
                        Please don't Chat/PM me for help, unless mod related
                        SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.