WyzeCam and Pfsense
-
I have 3 wyze cams.
2 Pan v3 and 1 v3
They all work without issue.
I can't remember if they worked or not before I turned on UPMP ant nat port forwarding or whatever but I never saw any activity in there anyway.
If you have any questions Ill try to help the bvest I can
-
Thank you both for the responses.
@nullcure What does your NAT PF rule look like?
This is my Setup which may help: This is an old SFF Desktop.
I7-2600 @ 3.4ghz (8CPU, 4 core x 2 hardware threads)
8GB RAM
100/100/1000Mbps Gigabit Ethernet Converged Network Adapter (NIC) with Intel 82576 Chip | Dual NIC
2x AP: Ubiquiti Networks UniFi UAP-AC-PROWAN is on one port of the Dual NIC and LAN to the Managed switch is on the 2nd port.
So while doing some tests yestraday I noticed the speed on both AP's are not 100%. These are Wifi-ac devices, so i should see throughput up to 1300mbps. The VLAN for the Cams and Home both are on a 1GB connection. The Link up LED on the switch shows 1000 and PFSENSE Reflects the same, however im only peaking at 95 mbps down, my upload is peaking at 113 mbps.
I'm on a 1gbps/100mbps plan. Speedtests on the Nighthawk are at 950ish down and peaking 125 mbps up. This is on a wired connection, and when on the wifi its around 750 down and 100 up.
Both PFSENSE and Nighthawk are grabbing an IP from the Modem via DHCP. I have tried the BufferBloat fix on and off with no changes in behavior
To remove a bad wire sceanrio I have a newer Cat8 coming today, even though the current cat5e should handle the through put it is a older wire that was in my spare parts Bin.
I have an assumption that the buffering that is occurring for the WyzeCams could be related to this speed limitation.
Another setting Ive tested is by putting the PFSENSE on the Modems DMZ, not super secure which I understand but I'm trying anything I could think of to see what may be the cause of this. My end goal is to bridge PFSENSE to the Modem rather than DHCP.
Push comes to shove, Should I just nuke the box and start over?
-
@djskott Are you saying you're seeing only 95mbps AND 113mbps coming through for your wyze cams? Cause that would be correct.
{Edit}
What do you mean both Nighthawk and Pfsense are are getting an IP from the modem via DHCP isn't Nighthawk Your Modem? or is it a nighthawk router.For router like you see in my config yoiu need to do this.
-
The throughput on the Cams is 0.0 most of the time and then will randomly show traffic example 0.5 then 14 then 55 then 0 and sits. This is in KBs.
The throughput I'm seeing the degradation is via the AP's. Both AP's exhibit the same throughput.
The nighthawk is my original router that is connected to my Modem. Its grabbing an IP via DHCP from the modem. I have zero issues with my internet connection with devices on this router, it is not in AP mode.
Another tidbit, I had a ASUS router which I had placed in AP Mode . This Router was running the cams before I moved to the Unify AP's. I thought it was the ASUS router causing the issue so I moved to the Unify's. The ASUS router in AP mode yielded the same results.
-
@djskott You're using a WLC (Wireless Controller) for these? If so you have setup vlan for wifi mgmt traffic yeah?well of course, you have connectivity right so lets narrow it down.
OSI Model we'll be looking at Layers 2 and 3 I believe.
Layer 2 to make sure our hardware ports have the correct settings.
Layer 3 to check for any bandwidth limiters or traffic shapers. Perhaps an accidently turned on setting somewhere?If I was you and I know you've already probably tripled checked by now.
I'd run traceroute from said bandwidth limited device to the gateway to the internet.
Then with pen and paper go from point to point checking my layer 2 ethernet stuff including the port neogotiations and link tests. installing iperf can also help you narrow it down by running it from different end devices.After checking the layer 2 stuff I'd start back and go again checking layer 3 stuffs.
Let me know what you find. If you choose to do this
-
@nullcure The AP's are in standalone I do not have a Unify Controller.
I do have traffic shaping setup for Bufferbloat. I have that disabled at the moment.
The links appear to be 1000 in PFSENSE and the Link Lights are indicating 1000 on the Switch.
The Ipref test does show a limited connection.
AP 1 (Home)
AP2 (Cameras)
This is from the Modem to PFSENSE
This is the speedtest from the NightHawk while on my LAN
Both devices are pulling dhcp from the Modem.
-
@djskott said in WyzeCam and Pfsense:
These are Wifi-ac devices, so i should see throughput up to 1300mbps
You won't ever actually see that. That's just the maximum link speed.
However this doesn't seem like a throughput issue, you won't need anything like that to stream video. It seems more like a blocked or replaced state somewhere. Possibly in the upstream router.
-
Correct The AP BW is up to 1300, never what you will actually see. Totally get that peice.
But it should be more than 100mbps.I just ran a state reset on PFsense and rebooted the modem.
No Change in behavior
-
Try setting a static port outbound NAT mappings for the camera IPs. It's possible the cloud side of this can't cope with source port changes. Though that's unlikely, anything vaguely recent should have no problem with that.
https://docs.netgate.com/pfsense/en/latest/nat/outbound.html#static-port
-
Added the Static port earlier and there was no change.
New Cat 8 arrived and has Doubled speeds to around 200-220 on speed.cloudflare.com
─$ iperf3 -c 192.168.200.1
Connecting to host 192.168.200.1, port 5201
[ 5] local 192.168.200.236 port 45108 connected to 192.168.200.1 port 5201
[ ID] Interval Transfer Bitrate Retr Cwnd
[ 5] 0.00-1.00 sec 18.9 MBytes 158 Mbits/sec 0 837 KBytes
[ 5] 1.00-2.00 sec 18.8 MBytes 157 Mbits/sec 0 1.09 MBytes
[ 5] 2.00-3.00 sec 18.8 MBytes 157 Mbits/sec 0 1.20 MBytes
[ 5] 3.00-4.00 sec 18.8 MBytes 157 Mbits/sec 0 1.45 MBytes
[ 5] 4.00-5.00 sec 20.0 MBytes 168 Mbits/sec 0 1.52 MBytes
[ 5] 5.00-6.00 sec 18.8 MBytes 157 Mbits/sec 0 1.52 MBytes
[ 5] 6.00-7.00 sec 20.0 MBytes 168 Mbits/sec 0 1.52 MBytes
[ 5] 7.00-8.00 sec 17.5 MBytes 147 Mbits/sec 0 1.52 MBytes
[ 5] 8.00-9.00 sec 12.5 MBytes 105 Mbits/sec 0 1.52 MBytes
[ 5] 9.00-10.00 sec 10.0 MBytes 83.9 Mbits/sec 0 1.52 MBytes
[ ID] Interval Transfer Bitrate Retr
[ 5] 0.00-10.00 sec 174 MBytes 146 Mbits/sec 0 sender
[ 5] 0.00-10.03 sec 171 MBytes 143 Mbits/sec receiver -
Hmm, what link did you replace the cable on? Where is that test between?
-
WAN.
That perf3 test is AP to PFSense
I also ran a speedtest from CLI.
Shell Output - speedtest-cli
Retrieving speedtest.net configuration...
Testing from Cox Communications (98.x.x.x)...
Retrieving speedtest.net server list...
Selecting best server based on ping...
Hosted by CenturyLink (Tucson, AZ) [148.82 km]: 41.069 ms
Testing download speed................................................................................
Download: 724.45 Mbit/s
Testing upload speed......................................................................................................
Upload: 107.26 Mbit/sThroughput to ISP is decent.
-
And that's the cable you replaced?
-
Cable from Modem to PFsense was replaced.
The cables from the AP's to the POE and POE to Switch and switch to PFS are all New C7/C8.
-
@djskott It's been a busy day. Here is my pf filter I'm new to pfsense as a home user since like 2 weeks ago besides using it in my work capacity. Which file would you like to see?
[EDIT]
Also this will help change those zeros on the up and down rates for the cameras. Run this link x number of cameras.https://view.wyze.com/live
[EDIT-EDIT]
I know when I worked in the NOC sites we setup traffic shaping for their events. When it was time to turn it off and on a lot of times it was not as obvious where the on and off switch was. It was never where you'd think it would be.
-
So I nuked the box and started Fresh today.
Set the PFSENSE Box on my Modem/Gateway's DMZ (Temp)
I am blocking all v6 traffic on WAN.
Set the Firewall to allow ALL ports on All net's In and out. (all/all) (Temp)
Setup the VLAN for Guest
Set DNS to my managed DNS Service for restricting access to certain sites
Set the firewall rule for this VLAN to open all/all
VLAN is online. Speeds are inline with the AP specs.
Setup the VLAN for IoT/Cams.
Blocked VLAN for Guest (in/out)
Set the firewall rule for this VLAN open for all/all
VLAN is online. Speeds are inline with the AP Specs.No Traffic shapers
No Bufferbloat setupThis config really should let everything pass. Yet I'm still getting buffering when trying to view WyzeCam's via the internet.
LAN the cams stream fine.
I am truly at a loss now. /headdesk
-
How are you testing? Some dedicated phone app?
I assume they have some 'cloud' service that serves to negotiate the link between cameras and client. Does that have anything to show the cameras are registering correctly?
My money would still be on either static port NAT or UPnP
-
@stephenw10 yes the wyze app on my phones.
-
Ok, and it links to your account which is some cloud based service that the cameras also connect to?
It's very unlikely their service actually handles the video streams between the clients and cameras, that would be a massive amount of data. Much more likely it handles address/port negotiation between them to setup a direct connection. If that is the case it could rely on UPnP or be broken by outbound NAT changing he source port. What do the docs show the camera connection requires?
-
https://support.wyze.com/hc/en-us/articles/360031479511-What-ports-are-necessary-for-Wyze-Cams-to-operate-
I've setup an alias for the cams ips and and alias with all these ports.
I've tried port forwarding. I've enabled upnp.
I wonder of this is an artifact of the modem not being in bridge mode.
