Author Topic: Safe external access (no open ports) using VPN  (Read 3878 times)

Coomoo

  • Newbie
  • *
  • Posts: 7
    • View Profile
Safe external access (no open ports) using VPN
« on: August 01, 2018, 04:22:13 PM »
Open ports on routers can be a security risk, so I avoid them.  UPnP and NAT-PMP are disabled in my router.

To access my network from outside the office I use a VPN that is built-in to the router.  Over the cell (AT&T / LTE) network, I connect my iPhone to my router using L2TP VPN and am able to a access other resources on the network such as screen sharing and DVR security cameras.  However, iCamSource Pro cameras won't show up this way -- "Broker Connection Error: Your network may be preventing you from making a UDP connection to the iCam Broker Server."

When I connect on WiFi to the network everything works fine.  Why won't UDP go over a VPN like this? 

Stefan

  • Administrator
  • Hero Member
  • *****
  • Posts: 2358
    • View Profile
Re: Safe external access (no open ports) using VPN
« Reply #1 on: August 03, 2018, 11:17:13 AM »
iCam Pro and the iCamSource Pro have logic in them to attempt to perform NAT traversal without the need of forwarding ports. Depending on how complex your local and remote networks are, you may be able to connect without connecting to your local network via VPN. (Not sure why your VPN would not allow UDP communication.)

Have you tried connecting via LTE without connecting through your VPN?

Coomoo

  • Newbie
  • *
  • Posts: 7
    • View Profile
Re: Safe external access (no open ports) using VPN
« Reply #2 on: August 06, 2018, 11:32:59 PM »
You know, this is weird.  Maybe you can explain it.  But initially when I tried connecting from outside to my inside network, I got the no sources error.  So I assumed you need open ports or a VPN.  The VPN didn't work, so I thought I was just out of luck.  A few days later, one of my sources started showing up.  A few days later a 2nd one.  And then a few days later all of them.

So now all my iCamSource Pro feeds show up on iCam Pro with no special network settings.  Thanks!  How did this happen after several days?  It's like magic!

Coomoo

  • Newbie
  • *
  • Posts: 7
    • View Profile
Re: Safe external access (no open ports) using VPN
« Reply #3 on: August 09, 2018, 07:52:19 PM »
And then, like magic, it all stopped working.  Now, about a week later, no sources can be found for several days.  Nothing that I'm aware of has changed in the network.  What could it be?

Stefan

  • Administrator
  • Hero Member
  • *****
  • Posts: 2358
    • View Profile
Re: Safe external access (no open ports) using VPN
« Reply #4 on: August 11, 2018, 11:13:32 AM »
Is your computer going to sleep after a period of inactivity?

Coomoo

  • Newbie
  • *
  • Posts: 7
    • View Profile
Re: Safe external access (no open ports) using VPN
« Reply #5 on: August 12, 2018, 12:00:33 AM »
Nothing so simple I'm afraid.  As long as ports are opened on the router and iCam Sources are assigned the appropriate UDP range, everything works superbly.  But I don't want ports open.  With ports all closed, it seems sometimes it works and sometimes not.  Would changing IP addresses cause this?

Stefan

  • Administrator
  • Hero Member
  • *****
  • Posts: 2358
    • View Profile
Re: Safe external access (no open ports) using VPN
« Reply #6 on: August 18, 2018, 11:26:06 AM »
Is the local IP address of the computer or the external IP address of your connection changing? Does clicking Stop and then Start again on the iCamSource fix the issue? (If so, then it may be a changing IP address issue.)

Coomoo

  • Newbie
  • *
  • Posts: 7
    • View Profile
Re: Safe external access (no open ports) using VPN
« Reply #7 on: August 22, 2018, 01:01:21 PM »
The local IP on each computer is static.  However, we have two external IP addresses.  They are also static, but persistent -- meaning when accessing the internet, a computer will not switch IP address for a given session.  Later on however, the router may assign a different external IP address for use for a different purpose.

This system works well for everything inside the network, including security cams / DVR, voip phones, computers.  I do not believe this is causing any issue with iCam because prior to having two external IP addresses we had a single one and the iCam issue was exactly the same.

Clicking stop / start does not make a source appear if it's not in the mood.  Again some days a few sources will work, and some days no sources work.  And once in a while all sources work.  It seems random, but whatever the situation it seems to be like that for an entire day or two.

Stefan

  • Administrator
  • Hero Member
  • *****
  • Posts: 2358
    • View Profile
Re: Safe external access (no open ports) using VPN
« Reply #8 on: August 25, 2018, 11:30:32 AM »
Is the two external IP addresses due to the VPN? Or does each computer have two active network interfaces that are connected to two separate Internet connections?

iCam and the iCamSource use a proprietary STUN-like protocol to perform NAT traversal to allow most users to connect from outside of their local network without opening ports, but that protocol assumes that the Internet connection is more or less the standard modem-connected-to-a-router configuration.

Adding a VPN or multiple Internet connections could cause issues connecting.

Coomoo

  • Newbie
  • *
  • Posts: 7
    • View Profile
Re: Safe external access (no open ports) using VPN
« Reply #9 on: August 25, 2018, 12:20:29 PM »
We actually have two internet services.  Cable and Fiber.  Both have static IP addresses.  Cable has a cable modem, and fiber has a fiber modem.  Both modems are connected to a single router.  It's a dual-wan router that takes both services and provides and "blends" them to provide a "normal/single" internet connection to our network.  I know this sounds weird but again, everything other than iCam works great.  The router uses "persistence" to make sure a device isn't suddenly using a different external IP address one second to the next.  Based on how iCam works, do you think a change in IP address could lead to several days of not-functioning?  And then suddenly start working again for a few days?  Does your server refresh that slowly or something?