Saturday, September 28, 2019

Accessing camera NVR from external network through port forwarding or OpenVPN?

I apologize if this is the wrong sub to post this question. If it is, I would love suggestions for the appropriate sub.

Here's what I'm trying to figure out. I'm trying to setup a NVR camera system for somebody's office. I initially set it up for them through port forwarding from a TP-Link router that is connected to a static IP address from ISP that isn't used by any other devices in this person's office. I did advice them to look into something else or ask an IT person for better solutions as this is not a very secure way to access your cameras and these NVR boxes are not to be trusted, even though the company that sells it is from the US.

I've heard about setting up OpenVPN to access the camera's remotely. It seems like a pretty easy thing to setup. The TP-Link router is running DD-WRT and it should have the OpenVPN options for username and password. Then I guess I download the config file and install OpenVPN on the devices the person wants to remote view the cameras. Is that correct? The owner wants to access the camera viewing on his iPad, which works with port forwarding. Would OpenVPN work on iOS and is there a way to use the config file on iOS?

Here's where I'm getting a bit confused. I looked into this a bit further and found myself finding info about pfsense and how I shouldn't let IP cameras have access to the internet at all. I have no clue how to set any of this up. Is that necessary for this use case? I have fairly limited networking knowledge, but if this is doable by the average person with decent tech literacy, I can look into this if you think I should.

Essentially this is the current setup. The camera is connected to a TP-link router that is connected to a static IP address from ISP. Port forwarding is enabled to access the camera from remote location on Windows PC and iPad. All other devices this office uses is connected to firewall routers that was setup by IT professionals on the other static IP addresses. This business is franchise, so the computers and business equipment is setup by the IT people sent by the franchise company. Only the NVR is connected to the TP-Link router (wi-fi disabled too). None of the other devices run off of it.



No comments:

Post a Comment