Cannot access Security Cameras via Phone App inside home.
-
Hi Guys, i am new and learning here.
I managed to setup my pfsense and have everything working.
I setup up Port Forwarding for my security camera and all works fine after hours and hours of reading.
My questions is how can i access my DVR, Camera configuration from home (within network) and via my phone app within network.
I have to open my VPN to gain access to device.
i know i can use the local address and that will work, but with my phone no other way unless i open the VPN on phone or use my data to trick it that i am outside of the home.With my previous ISP router it was very easy, now i think i am missing something to add to port forward to allow local connection.
thanks for the help in advance.
Pzil
-
@porkazil Sounds like youβre trying to use the WAN IP from inside? On the NAT rule, enable reflection.
-
Hi thanks for the answer, i tried that doesn't work, Phone app tries to load but times out., it will work if i use the data on my phone but not the wifi in the house., same via web sites, will work if i turn VPN on, but in my house won't work. Below is my setup.
Firewall-NAT-Port Forward
NAT reflection -> Use system default
Filter rule association -> Rule NAT GalaxySystem-Advanced-Firewall & NAT
Network Address Translation
NAT Reflection mode for port forwards
NAT + Proxy -
@porkazil Per https://docs.netgate.com/pfsense/en/latest/nat/reflection.html
"This [NAT + Proxy] mode does not work with UDP, only with TCP"Try Pure NAT? Video is likely UDP.
Enabling it at the system level effectively enables it for all NAT rules. Which may or may not be desired.
-
@porkazil said in Cannot access Security Cameras via Phone App inside home.:
My questions is how can i access my DVR, Camera configuration from home (within network) and via my phone app within network.
The phone and the DVR are all part of the same RFC1918 network ?
If so, then traffic isn't even seen by pfSense.
It's a direct 192.168.1.x to 192.168.1.y connection.I use a 8 cameras DVR from Dahua myself, it lives on 192.168.1.8.
But I don't use IPv4 address by numenrs, I'm using host names, so I use dvr.mylocalsuff.tld because I've created DNBS entries for all my important local LAN devices.
Btw, pfsense is pfsense.mylocalsuff.tld of course.You could set up "dvr.mylocalsuff.tld" with a local host override.
Or, IMHO, better : a static DHCP mac lease (the dvr uses the default DHCP).When I'm out, I use the pfSense OpenVPN server, I connect VPN first.
This time I'm entering using the OpenVPN RFC1918, 192.168.3.w
Pass rules on the OpenVPN firewall page permit dvr = 192.168.1.8 access.
Because unbound does the local DNS for me, also for my OpenVPN connected devices, the phone app can use the host name dvr.mylocalsuff.tld as this still resolves to 192.168.1.8Btw : I never needed to port forward what so ever. When I want to use resources on my LAN being on the outside myself, I start up an OpenVPN access first.
No NAT reflection neither.
Pure NAT ? Noop. -
Thanks for the response.
Great answer, but a bit too advanced for me.
I just started 3 days ago.
I am up and running took a while to understand for me.Again, I have DVR with 6 cameras.
I can gain access from outside my home via Web browser or Samsung APP on phone.
Within home, i cannot via phone only via App VPN being turned on.
I will figure it out eventually. Hopefully.Pzil
-
I still cannot access my web camera when in Wifi Mode with either my phone app or my laptop. Only time within network is if i use the local address+port.
I can only access them from external ip address and seems a bit slow.
Any other info i should be looking for ?Pzil
-
@porkazil said in Cannot access Security Cameras via Phone App inside home.:
still cannot access my web camera when in Wifi Mode with either my phone app or my laptop
What is the lapton IP at that moment ?
What is the phone IP at that moment ?
What is the dvr IP at that moment ?
What is the LAN IP of pfSense at that moment ?Example : my DVR is part of my LAN network has 192.168.1.8
My Phone has 192.168.1.15
pfSense has 192.168.1.1
If have also an access point at 192.168.1.2, it exposes a Wifi network so my Phone can connect to the LAN. Ones my Phone connected to the local LAN Wifio, I can access any LAN IP device, including pfSense GUI - and the DVR of course.When I'm outside, I do no change the DVR video app at all, I still have it set with the same IP of the dvr 192.168.1.8.
But : I need to start to OpenVPN app first. It connects to the DYNDNS WAN IP of pfSense. Ones the VPN connection is established, I fire up the DVR App on the phone, and it will find 192.168.1.8 as usual.Even better :
I have a web site, somewhere on a dedicated web server on the Internet.
On that web site, I retrieve an image from two cameras every 20 seconds.
At first I was using FTP, but now I use VPN, like the phone.
With the help of a script I retrieve a "still image" so you can see it. -
@porkazil : What you did, is a complete wrong approach!
Dont open any ports for accessing to any device in your home LAN.
An access from inside is always possible, if your mobile phone is connected to the same LAN (by WLAN).
When not at home, VPN is the buzzword, nothing else.
No idea, which OS you are using at your mobile, but for Android you can use StrongSwan for IPsec or the Wireguard app. Both are running fine at my mobile.
Yes, it sounds like rocket science if just starting out, but it is not!
All other solutions are much less secure and an invitation for criminals.So make yourself a gift and switch to VPN.
Regards
-
Yes, using a VPN to access it externally would be much better.
However if you do have port forwards and have enabled NAT reflection you will need to set 'Enable automatic outbound NAT for Reflection' if the client and target are in the same subnet.
Steve
-
@stephenw10
yes, that worked, thanks.
this is all new, i am complete newbie, so stressful.
going forward i will be doing alot of reading to configure the Netgate 2100 for a better experience.Pzil.
-
@fsc830
i am using Windows 10 and Galaxy Camera phone app.
i want to be more secure, so far the explanation that @stephenw10 gave me worked.
But now i want to see how VPN works from the outside.
i know from the inside i can just use the lan address+port, but from the outside i need to understand how to connect using VPN.thanks.
Pzil.
-
When you use a VPN you can just use the LAN IP directly or the internal hostnames if you pass the DNS server to clients.
-
sorry, i have no idea what that means.
i want to understand what the VPN does and how it will be used instead of port forwarding, sound interesting.
How would a VPN know how to access the cameras from outside the network is the big question for me.Pzil.
-
From inside the lan you may able to use wlan if you add it to your pfSense and from outside you may be using vpn to connect to it, both is a common way for using your
smartphone.EDIT:
Cannot access Security Cameras via Phone App inside home.
Sorry I was overreading this part, in some rarely cases the App must be in the same subnet or vlan like the cameras
otherwise it will not find the cameras! -
A VPN establishes a secure tunnel to your home LAN.
You can act from remote with your mobile device in the same way as you would be at some.
This means you can use for access your devices the same own private IPs (i.e. 192.168.x.x or 172.16.y.y) as at home.
The pfSense routes from the home LAN to the VPN.Noticed at my end: when being remote and connected by IPsec or Wireguard I need to add a route manually at my Win 10 laptop after connection to home LAN is established. I did put this command in a batch file and thats it.
Things to take care: depending to your country and provider you will have a public IPv4 or may be not.
If not, ask your provider if a public IPv4 is possible.
In our region (Germany) people often reported that without an public IPv4 access from outside is not easy to achieve.Me too running still without IPv6
, did not find the time to switch to IPv6 yet.Regards