Hi. I currently getting to setting up my home security cam network which consists of several Trendnet IP POE Cameras. models include TV-IP320PI, TV-IP310PI, and TV-IP1318PI . Been noticing im no longer able to log into many of them (invalid password). So i did a factory reset with new password, and three days later locked out again. I really want to be able to access the cams when i am away from home so i dont want to completely isolate them from the web. But I also cant continue this way. Debating on using and NVR but seems less than optimal. I do have a FreeNAS server in my home for media, not sure if i want to abuse it with constant camera recording. I have heard about this blue iris software which may be a nice interface to use but dont think that will help with me getting hacked. Ill admit i am much more of a hardware guy than software/networking. If there are any tips or suggestions to make my cams less accessible to intrusion im all ears but talk to be like a 5 year old lol. I do currently have port forwarding enabled for each camera to a diff port so i can access them from the web interface.
What I’d do is:
- Install Motioneye to group all the video feed from the cameras
- Close all the ports to access them directly
- Get a domain (there are cheap ones you can get or even free like the ones from duckdns)
- Install Nginx Proxy Manager (easy GUI to set up Nginx proxy)
- Open port 80 and 443
- Set up your domain with HTTPS and a password to access Motioneye
- Profit
Rather than make the cameras publicly addressable, can you configure your router so that you can VPN into it? That way you can leave your cameras with non-routable private addresses (192.168.x.x for example), behind your router’s firewall, and any camera access you perform whilst mobile is encrypted (thanks to the VPN) and thus secure from prying eyes?
Most people are familiar with using a VPN to connect from their home network to a remote host and access the rest of the Internet via that, but it’s the same principle to connect from a remote device (e.g. phone or laptop) to your own router and access your home network via that.
Lots of articles exist describing the basics of how to VPN into your home network, like this one:
A good router with in-built VPN capabilities is, by far, the easiest approach, IMHO. Your current router might even already have that capability, which means you just need to turn it on a do a bit of configuring.
I just use VLAN on home network with no gateway out. onthe VLAN is a basic Ubuntu Server with 2 NICs, MotionEye Docker linked to VLAN on secondary NIC, VPN into Server from primary NIC, as long as you lock down Server, you’re golden.
VPN is Linode basic server…
I have IP cameras on a separate VLAN that has no access to internet or any other VLAN. I then have a PC running blue iris that can access both the IP cam VLAN and is on the normal network VLAN so I just access all the cameras through blue iris. Worth noting though the cams will need to be manually updated and the clocks do tend to drift I’ve noticed.
You could do something similar but if you don’t want to mess with VLANS just hook up a second router to connect your cams to as well as one port on your PC then hook the other PC port to your normal network. Just make sure you don’t let windows do something stupid like bridge the connections or share internet with that connection.
There are other free alternatives to blue iris out there as well. Same concept of isolation would apply there too.