webrtc
-
i am testing with a vms system witch converts the rtsp stream of a cam into a webrtc stream. Because of this we can use any browser from any device to acces our vms system.
The vms system is working great accept when traffix has to go true a pfsense router.
In tha case the webrtc stream is not comming up. Is there some kind of feature in pfsense witch blocks this?wo just to be clear:
when vms server is behind pfsense anyone from inside and outside cannot watch the cams.when the vms server is not behind a pfsense it is working great, accept when i use a client device connected behind a pfsense. Only that specific device cannot watch the cams. Any other not connected behind the pfsense is working fine.
any thoughts?
-
i am testing with a vms system witch converts the rtsp stream of a cam into a webrtc stream. Because of this we can use any browser from any device to acces our vms system.
Hi,
(in my understanding )each browser handles the WEBRTC differently...
(but this is not a pfSense issue, unless you are playing with ports)
I would never let this WEBRTC!F.E.: https://www.expressvpn.com/webrtc-leak-test
(and read on for the explanation as well)
I think, it can also be dangerous in a production environment, that isn’t Citrix - Webex, for example.... everywhere may be
I would use a clean RTSP stream with good high tossed ports (40-50K) and with smooth WinAmp / VLC, etc....
What justifies the WEBRTC?
BTW:
@jacquesh "vms system witch converts"
it's a chick who can be evil...= which
pls. use Hikvision iVMS-4200 and all your worries will be eliminated...
-
@daddygo thx for your reply.
my suppier told me the NAT type of the router should be bidirectional.
is this something i can configure in pfsense?
-
is this something i can configure in pfsense?
it’s not entirely clear
what they mean by that, but I think there might be something like thatin your situation 1:1NAT or UPnP
(we don't really like UPnP on firewalls so segment your network where you enable UPnP - VLAN or independent interface)https://docs.netgate.com/pfsense/en/latest/nat/1-1.html
https://docs.netgate.com/pfsense/en/latest/services/upnp.html -
Maybe the outbound NAT needs to be static for the device, so that the port is the same between the host and pfSense doing the NAT? Maybe there's something in the data that says what port the device is using, but the NAT on pfSense is using a different port on its connection, causing problems.
-
@virgiliomi said in webrtc:
Maybe the outbound NAT needs to be static
you are on a very good way, but it is VMS system...
something like that:
https://en.wikipedia.org/wiki/Video_management_systemor
https://us.hikvision.com/en/partners/technology-partners/vmsI hope this is the case, as this has not been explained properly by the OP
so like a game console, but not so complicated... hihiihi
so it can be dangerous to misconfigure behind a firewall -
@virgiliomi can you give me an example how to configure this?
-
Re-reading everything now, outbound NAT isn't likely the issue. Since the VMS server probably isn't making an outbound connection to your device when you want to watch a camera, that was a poor suggestion.
-
can you give me an example how to configure this?
if your VMS knows UPnP, and what I've seen so far is known...
that will be the solution, but be careful this is dangerous on NGFW...separate the VMS network with a separate interface
BTW:
pls. note that pfSense does not block anything (just because it is), especially not RTSP stuff, ergo your settings are bad -
@daddygo when i enable upnp. it is still not working.
when i swapp pfsense for en simple router it is working fine... -
-
@daddygo is a local dutch solution: https://ensura.com/
-
@jacquesh the strange thing is: when i install vmscore on a local server in my network, my client pc's in the local network has the same problem.
-
-
when i install vmscore on a local server in my network,
I googled my brain to ruins and there is almost no description from this VMS ...
do you have some user or installation guides in your hand or PRTSC setup?something like these:
BTW:
This is a Hikvision VMS, running behind a pfSense....
I only threw ports up to 50K effortlessly,.... it works flawlessly, so your "vmscore" works differently -
@daddygo
they say:"
VMSCORE Servers need to be behind a compatible NAT type (basically, anything but Symmetric NAT) in order for bidirectional communication to be possible through a firewall.See here:
https://doc-kurento.readthedocs.io/en/stable/knowledge/nat.html#port-restricted-cone-nat -
basically, anything but Symmetric NAT
I found this yet, pls. read Jimp's response (second answer) about symmetric NAT, so you're not in a good position,....
https://forum.netgate.com/topic/57370/symmetric-nat
-a correct description of the VMS is required to assign static ports (I would ask this from the vms developers)
-or as I suggested 1: 1NAT
