Unable to reach Reolink camera on VLAN

gulo

Hello,

I have a separate VLAN created for all my IP cameras (192.168.20.x). There is also a wireless network linked to that VLAN on Unifi access point. I have several cameras from different manufacturers (Foscam, Hisense, D-Link) connected to that WIFI/VLAN and they all work fine and are accessible from my main LAN.

Today I have purchase a new camera Reolink E1 Pro. I set it up using their app and connected it to my CAMERAS VLAN wifi. When my phone is connected to the same WIFI I can connect to the camera and it works fine. However all my computers run on the main LAN interface (192.168.1.x) and none of them are able to ping or see the camera on the 192.168.20.x subnet.

When I reconfigured the camera to use the main LAN Wifi and it got 192.168.1.x everything worked fine and I was able to see it.

I have disabled all firewall rules and even added one for the CAMERAS VLAN to allow all traffic but I cannot seem to be able to reach this camera from my other networks. I am really not sure if this is a firewall problem, VLAN problem or a problem with Reolink cameras? Is it possible that the camera refuses to be reached from other VLANS? What possible troubleshooting can I do?

Thanks

gulo

When I ping from the same CAMERAS VLAN I get response:

Pinging from LAN I do not:

Karl Gustavson

@gulo

According to a post in Reolinks support forum, this seems to be a known issue introduced with one of the last firmware updates:

https://reolink.com/topic/e1-pro-unaccessible-from-another-local-subnet-after-firmware-update/

Only option seems to be reaching out to Reolinks support.

johnpoz

Do you have a gateway set in this camera's setting? If not then no you would never be able to talk to it from a different network.

Possible work around to devices that do not have gateway, is to source nat your traffic so to the camera it looks like it came from the IP of pfsense in this network.

In your example that would be your 20.1 IP... This is just a simple outbound nat setup..

zroger

I had this same issue with my E1 cameras when I put them on a separate VLAN. I was able to solve this with a source NAT like @johnpoz mentioned. Here's what my NAT rule ended up looking like:

VLAN_IOT is the interface that the cameras are on, and 192.168.4.0/24 is the network for that VLAN.

Hope this helps anyone having the same problem.

bingo600

I think i had somewhat the same issue with a camera (can't remember brand).
DHCP didn't set (well take) the def-gw.

But setting it w. static ip would work.
The cam had a little webserver , where i could set static ip etc.

/Bingo

andrea.rizzini

@zroger @zroger I have the same issue. Just tried to replicate your NAT source rule but it is not working for me. To my understanding is that this NAT rule should be able to bridge the two network from VLAN (private) to a VLAN (IOT). However when looking at your example I don't see how this is possible. If 192.168.4.0/24 is the VLAN network for the IOT network and the "IOT addresses" infers 192.168.4.0/24, how's this supposed to work? It is just translating addresses from and to the same network? Where is this NAT rule created on the (private) VLAN. Would you mind give some advise how to set this up correctly. Very much obliged for a y help you could provide.

ahsunh

@gulo dear sir for using local subnets intervlan communication you need to allow sourceNAT with destination(Other vlan IP) for communication.
this firewall rule is placed on you source where you want to access IP camera like lan or other VLAN to WIFI vlan or camera vlan.

thanks

andrea.rizzini

I have tried a couple of suggestions and i'm not sure if "it is not working on my machine" or it is me that is not getting what is the right configuration i need to specify in the NAT rule.

In my case i have

PRIVATE vlan
PRIVATE net - 192.168.10.1/24
IOT vlan
IOT net - 192.168.100.1/24
Cameras IPs -- 192.168.100.160-166

Not when i'm connetec on my laptop on PRIVATE vlan with address 192.168.10.101, i can't access the cameras. Reading previous posts it seems that i need to create a NAT outbound rule.

Could anyone help me with the right configuration / parameters i need to specify?

Your help is extremely appreciated.

johnpoz

@andrea-rizzini for starters what are the rules on your private interface? Are you forcing traffic out a gateway before you allow access to your camera vlan? Or your camera IPs

But examples were given on how to create the source nat (or outbound nat on the iot camera vlan) interface.

It would just be an outbound nat using your IOT interface, and the IOT interface address. Now when you talk to the camera's from your private net, it looks like your talking from the IOT interface IP.

Currently I show uptime of
63 Days 06 Hours 39 Minutes 54 Seconds

Which would of been when I updated to 22.01