Enrolling a cam in BI5 from the WAN, not the LAN

Post Reply
yerrbjr
Posts: 1
Joined: Tue Dec 08, 2020 3:24 am

Enrolling a cam in BI5 from the WAN, not the LAN

Post by yerrbjr »

Interested in learning whether this is possible. And if so, what would appropriate or least complex security measures needed..
This is a standard ONVIF cam at a remote physical location that I would like to add to my normal LAN cluster.

Probably the most immediate obvious challenge is that the only ISP available at the loc is Comcrap presently configured with a 5 Mbps upload speed.
So.. possibly not practical with a high-res stream, but probably OK with a secondary one. And.. keeping track of the current IP address (no pc at the loc)

Perhaps this is a situ. where the best course of action may be using one of the current wireless solutions, Eufy / Arlo / whatever and just deal with that.

Thanks for all input.
Matts1984
Posts: 496
Joined: Fri Apr 10, 2020 1:12 pm
Location: Maryland, USA

Re: Enrolling a cam in BI5 from the WAN, not the LAN

Post by Matts1984 »

Its definitely possible and TBH the 5Mbps is probably ok unless you want to do like 4K (and assuming you don't have huge needs by other devices). Ultimately I'd ask you this question.... what is the camera capturing? If it's a parking lot, driveway, etc... you may not have the need to encrypt and excessively harden this traffic - and thats spoken from a security engineer. Yes the ideal solution is a VPN tunnel, and that could come down to being one of the easiest - but I don't know that I would stress about it too much. The hardest part will probably come down to the config of the camera side router. Is it just the standard Xfinity router - or is it just a modem? You really need to dig down into the config options THAT device gives you to know your answer/options. Many even consumer grade routers will give the option to port forward or add a device to a DMZ and possibly even support dynamic DNS. 100% of the connections needed in this situation are from your BI server to your camera. If able, I would block all traffic from your camera.

Some routers, especially ones that support open firmware like DD-WRT, can support a VPN tunnel which would be more complex to setup but more secure and potentially easier to network AFTER the tunnel is up and working. Assuming you don't want to go out and buy stuff and make an investment out of it - I think to really go any further we (or I) would need to know device specifics on both ends - the routers that is. But if it was my setup, I'd definitely try to get this working through BI vs going with some cloud provided vendor service.
Blue Iris 5.9.9.x | Server 2025 VM | Xeon E5-2660 v3 @ 2.60GHz - 32 Cores | 48GB RAM | 8TB RAID | Sophos UTM WAF | Mostly various SV3C Cameras
HeneryH
Posts: 740
Joined: Thu Jul 18, 2019 2:50 pm

Re: Enrolling a cam in BI5 from the WAN, not the LAN

Post by HeneryH »

Can it be done? Sure. All you need is to be able to make a TCP/IP connection from your BI machine to the remote camera.

How you choose to do that opens up lots of questions and pros/cons.
Post Reply