Cannot access Security Cameras via Phone App inside home.

Porkazil · Feb 23, 2023, 4:18 AM

I still cannot access my web camera when in Wifi Mode with either my phone app or my laptop. Only time within network is if i use the local address+port.
I can only access them from external ip address and seems a bit slow.
Any other info i should be looking for ?

Pzil

Gertjan · Feb 23, 2023, 6:15 AM

@porkazil said in Cannot access Security Cameras via Phone App inside home.:

still cannot access my web camera when in Wifi Mode with either my phone app or my laptop

What is the lapton IP at that moment ?
What is the phone IP at that moment ?
What is the dvr IP at that moment ?
What is the LAN IP of pfSense at that moment ?

Example : my DVR is part of my LAN network has 192.168.1.8
My Phone has 192.168.1.15
pfSense has 192.168.1.1
If have also an access point at 192.168.1.2, it exposes a Wifi network so my Phone can connect to the LAN. Ones my Phone connected to the local LAN Wifio, I can access any LAN IP device, including pfSense GUI - and the DVR of course.

When I'm outside, I do no change the DVR video app at all, I still have it set with the same IP of the dvr 192.168.1.8.
But : I need to start to OpenVPN app first. It connects to the DYNDNS WAN IP of pfSense. Ones the VPN connection is established, I fire up the DVR App on the phone, and it will find 192.168.1.8 as usual.

Even better :
I have a web site, somewhere on a dedicated web server on the Internet.
On that web site, I retrieve an image from two cameras every 20 seconds.
At first I was using FTP, but now I use VPN, like the phone.
With the help of a script I retrieve a "still image" so you can see it.

FSC830 · Feb 23, 2023, 9:44 PM

@porkazil : What you did, is a complete wrong approach!
Dont open any ports for accessing to any device in your home LAN.
An access from inside is always possible, if your mobile phone is connected to the same LAN (by WLAN).
When not at home, VPN is the buzzword, nothing else.
No idea, which OS you are using at your mobile, but for Android you can use StrongSwan for IPsec or the Wireguard app. Both are running fine at my mobile.
Yes, it sounds like rocket science if just starting out, but it is not!
All other solutions are much less secure and an invitation for criminals.

So make yourself a gift and switch to VPN.

Regards

stephenw10 · Feb 24, 2023, 6:38 PM

Yes, using a VPN to access it externally would be much better.

However if you do have port forwards and have enabled NAT reflection you will need to set 'Enable automatic outbound NAT for Reflection' if the client and target are in the same subnet.

Steve

Porkazil · Feb 24, 2023, 6:38 PM

@stephenw10
yes, that worked, thanks.
this is all new, i am complete newbie, so stressful.
going forward i will be doing alot of reading to configure the Netgate 2100 for a better experience.

Pzil.

Porkazil · Feb 24, 2023, 7:05 PM

@fsc830
i am using Windows 10 and Galaxy Camera phone app.
i want to be more secure, so far the explanation that @stephenw10 gave me worked.
But now i want to see how VPN works from the outside.
i know from the inside i can just use the lan address+port, but from the outside i need to understand how to connect using VPN.

thanks.

Pzil.

stephenw10 · Feb 24, 2023, 8:38 PM

When you use a VPN you can just use the LAN IP directly or the internal hostnames if you pass the DNS server to clients.

Porkazil · Feb 25, 2023, 5:03 AM

@stephenw10

sorry, i have no idea what that means.
i want to understand what the VPN does and how it will be used instead of port forwarding, sound interesting.
How would a VPN know how to access the cameras from outside the network is the big question for me.

Pzil.

Dobby_ · Feb 25, 2023, 7:30 AM

@porkazil

From inside the lan you may able to use wlan if you add it to your pfSense and from outside you may be using vpn to connect to it, both is a common way for using your
smartphone.

EDIT:

Cannot access Security Cameras via Phone App inside home.

Sorry I was overreading this part, in some rarely cases the App must be in the same subnet or vlan like the cameras
otherwise it will not find the cameras!

FSC830 · Feb 25, 2023, 7:22 AM

A VPN establishes a secure tunnel to your home LAN.
You can act from remote with your mobile device in the same way as you would be at some.
This means you can use for access your devices the same own private IPs (i.e. 192.168.x.x or 172.16.y.y) as at home.
The pfSense routes from the home LAN to the VPN.

Noticed at my end: when being remote and connected by IPsec or Wireguard I need to add a route manually at my Win 10 laptop after connection to home LAN is established. I did put this command in a batch file and thats it.

Things to take care: depending to your country and provider you will have a public IPv4 or may be not.
If not, ask your provider if a public IPv4 is possible.
In our region (Germany) people often reported that without an public IPv4 access from outside is not easy to achieve.

Me too running still without IPv6 , did not find the time to switch to IPv6 yet.

Regards