Stunnel and IP Cameras
-
I'm ambivalent about having IP cameras facing the public IP with no VPN required to get at them, but seems most of them have no SSL web interface. I wanted to have one on a port I could turn on and off with a button click to my firewall rules but leave configured.
I put stunnel facing the web and pointed the other side of it at my IP camera.
Of course its better to have it behind firewall and access through VPN, but stunnel works to hide my user name/pass when logging in and seems to keep it all inside SSL nicely.
No guarantee camera won't get DOSed but I have no plans to leave it open all the time.
Of course, it would be nice to have an intermediary tool of some sort similar to captive portal that would request a username and password before a single packet was sent to the camera since pfsense can handle a DOS attack much better than the little camera can but not sure how I'd set something like that up in short order that was specific to a single port on the WAN and didn't get in the way of other things. I'm think about it.
-
Is your configuration like this?
Listening socket IP address and port $WAN:443
Target IP address and port 127.0.0.1:22
IP address to bind to when connecting to the target Cam_IP
-
I tried it behind stunnel. It works, but the problem is that 7 billion people world wide try to connect to that port, so it causes the IP camera to be un-responsive. So, I only use VPN.
-
you can try listening socket IP address and port $WAN:443
-
