Limit cams access for "paranoid" people and trick to enable online view (virtual volume and LAN switch)

Hi Folks,

I have like most (most ?) of you IP Cams. Mine are connected to a NVR and I can view my cams in real time through the Internet.
I tried to find a way to limit the access because in fact I don't need to access them all the time. That means my cams are online only if I need them.

My setup:

my nvr is connected to a POE switch and my cams are also connected to that switch, so the local recording is enabled all the time.
My POE switch is connected to my router to have online access, BUT:

I put another switch between the POE switch and the router and this switch is powered through a monitored HE switch (in my case a Lutron Caseta Smart Home Plug-in Lamp Dimmer Switch, but any controlled outlet is fine, you know them all).

I created a virtual volume switch (but a dimmer switch can be also good) and a rule:
if the volume of this virtual switch equals 68 (1 of 100 possibilities), the lutron switches ON, and the Lan switch is now ON, making the cams visible through the net.

Of course, you can modify the rule to suit your paranoid behavior, like "if the volume equals the actual minute of the HE clock (1 of 60 possibilities, variable), then open the lan switch", etc.
And you can enhance the rule by closing the virtual switch for the night, or after a certain time on, when you leave, etc.

That means your cams are offline but if you adjust your virtual volume/dimmer and the value matches your rule, the cams are online.

You "hide" this virtual switch within a (passworded) dashboard and voilà !

Ok, sounds silly, useless or a good idea: unleash the comments :slight_smile:


This does look to lessen the time periods of vulnerability, but does not address the issue of open access. What I did was to upgrade my router to one that has Virtual Private Network capability. It is a Netgear AX3000 (model RAX40-100NAS) router. I enabled the VPN server. With that, one downloads and installs some information on the computer/phone one wishes to use to access the VPN. Once that is done, the other part is similar to any other remote access. One needs a static IP address or a dynamic DNS service (such as that provided by No-IP for Netgear). I can activate the home VPN and then it is just like I am at home. I can view my IP cameras by my home network's IP address. They are not open to the general public during that time since the traffic is being carried over the VPN and is encrypted. By having the VPN server locally, I also am not required to subscribe to some "free" or pay VPN service that wouldn't necessarily do what I needed it to do anyway.

Agree with StephenH, a VPN is by far the better choice.

Me? $40 (+ accessories) Raspberry Pi 4 + (free) OpenVPN + PiHole
[Can even route your incoming VPN connection through PiHole]

Sounds complicated, but it is as easy as, errrm, pie.


I see what you did there.

I would recommend changing that to an appliance module instead of a dimmer.

1 Like