Secure remote viewing of IP camera

I have four Iris V2 cameras. While I can view them inside the house, I wanted a way to view them remotely. The catch is that I wanted that way to be secure. Just opening up the network was not acceptable. I think I have a workable solution. It isn't necessarily cheap, but it is not too expensive.

The key is to find a router that has the capability to set up a VPN server. I looked at several and opted to purchase a Netgear RAX40-100NAS AX3999 Wi-Fi 6 router. There were some that were less expensive, but this one is more future-proof as it has the latest WiFi 6 standard.

Two things are needed. One is to set up a dynamic DNS service. The Netgear router has one built in that will work with setting up a user.mynetgear.com address, a No-IP address (the Netgear address is actually using No-IP), or DynDNS. The second is to enable the VPN service. Once this is done, there are four sets of instructions can be downloaded to help set up an OpenVPN client. Files are avilable for Windows, Mac, Iphone/Ipad, or Android. Three setup files, Windows, non-Windows, or Smart-Phone, can then be downloaded and used to complete the setup.

Once the client is set up on the device, the VPN can be activated. Then the camera can be accessed just as if one is sitting at home with the internal network address. For example, I can use VLC to access my cameras by using "rtsp://ip-address-of-camera/img/video.sav" which will stream a live image from the camera (with network delays, of course, but it is near-real-time.

I was able to test this today. I hope this will help anyone else wanting a way to view IP cameras securely.

3 Likes

I would think this would also be possible with Pi VPN without having to purchase a new router (or for those who are stuck with a service provider's router).

True, but I did not have a Pi to use and the router seemed like the best option for me. I would expect the rPie would need to be placed in the router's DMZ for it to work. Some form of dynamic DNS service would also need to be done unless one has a static IP from the provider. I had a spare computer I was thinking of using to set up an OpenVPN server, but couldn't wrap my head around getting everything set up. The router was much simpler.

The first thing I did though was to set up a secure password for the router. No sense setting up a VPN if I left the default password as "password."

1 Like

Yes, that makes sense. There are lots of possible options . . .

The Netgear and Asus router are awesome for basic OpenVPN server setup. I did have the Asus router before and the free DDNS is a huge bonus as well.
Just do some fine tune for access once you are comfortable by the limit the client access to the camera IP only instead of your whole network. Unless that's your end goal of course.

I thought Secure-IP was an oxymoron :slight_smile:

That is why it is called a "Virtual Private Network." One just can't waltz in and poke around. The proper security keys need to be on the client before the router will allow it to connect.

Once connected, it is just as if one is sitting at home on the network. The 192.168.x.x addresses can be used to access devices.

@Navat604 : Thanks. I will consider that. I did have an SSHD server set up, but the latest update to Fedora 31 seems to have broken it and I haven't gotten that working yet. The VPN will allow me to access files at home which was the point of the SSHD server. In a way it is more secure.

I also use OpenVPN on an Asus router which also has free builtin DDNS. I use it to access a Blue Iris Server which hosts 4 Lowes Iris cameras for event recording, alerting, and live viewing. I use BI Control on Hubitat to manage the BI profiles according to the Hubitat Modes to adjust recording and event alerting depending on time and presence (HSM State).

Unfortunately, BI does not run on Linux. I am using Motion for recording. I will use OpenVPN for remote viewing if I get alerted (assuming I have a signal wherever I am at the time).

I have had a couple of opportunities to test the OpenVPN remote viewing of my cameras (actually, I have only viewed one of them remotely, but a change in IP address would let me view the others also). It works quite well. I have the doorbell notification set up. I was at a place with a good WiFi signal (important to minimize cellular data use). I changed from the Google Fi VPN to my home VPN and then used VLC to view the front door camera and verified that a package delivery had been made as I could see the package. Then I disconnected and reverted back to the Google Fi VPN.

If I wanted to, I could then access the recordings to get the video of the delivery. I have not done that yet though. I have had too many other projects going to explore the full capabilities of the home VPN, but I consider this a success. :grin: