DMSS When Mobile (On Cell Data)

[Barboots]

I've only just changed from email to DMSS push notifications. The video clip is more useful than the still image emailed, and it's working reliably. I was very pleased with the change. However I am concerned/perplexed that I receive DMSS push notifications when away from my home WiFi and not connected via OpenVPN.

How is DMSS connecting from my home to my mobile (cell) phone? I have not set up any P2P, UPnP, Easy4IP, etc services on the NVR due to security concerns. My cams are blocked to the internet. I can't understand how these push messages are getting through.

Is it simply because my mobile (cell) provider and home internet provider are not changing my IP address frequently? Or is there some connectivity I'm not aware of, and if so, is the arrangement actually secure???

Cheers,
Steve

 

[Barboots]

No one?

 

[paul@austins.tv]

I will try. If I understand things correctly?
When you request a push notification from a NVR/DVR on Android or Apple, the unique identifier of the DMSS application/mobile device will receive the notification. I use an Android mobile and Google receives the notification via its own connectivity inbuilt software and then pushes to DMSS. I would then activate Open VPN on my Android and view the push video. Hope this helps?

 

[Barboots]

I will try. If I understand things correctly?
When you request a push notification from a NVR/DVR on Android or Apple, the unique identifier of the DMSS application/mobile device will receive the notification. I use an Android mobile and Google receives the notification via its own connectivity inbuilt software and then pushes to DMSS. I would then activate Open VPN on my Android and view the push video. Hope this helps?

Thanks Paul... however, I'm receiving DMSS push notifications from the NVR when away from my house WiFi, and not connected to my VPN.

It's like there's a cloud service handling the connection. I have double checked the network settings tabs of the NVR via webgui and directly, and nothing other than the network itself has been enabled.

Is it possible that DMSS has set up a P2P type connection which is invisible on the NVR interface?

Cheers, Steve

 

[Barboots]

To be clear, what I'm receiving is just the notification... I can't watch the linked video.

 

[Barboots]

All these notifications were delivered to my mobile while on cellular data, two suburbs away from my home, without any "tunnel" established.

I re-checked the NVR and there are no network services enabled other than the normal wired network.

I thought this would have either generated some interest, or an explanation.

 

[paul@austins.tv]

Perhaps someone else can step in, to clarify what I suggested to be fairly correct.
Your NVR/DVR has internet access. When you get the notification on your mobile network even without the VPN to your home network, the Google or Apple server (via NVR/DVR) sends to your mobile via the mobile network.

 

[Barboots]

Perhaps someone else can step in, to clarify what I suggested to be fairly correct.
Your NVR/DVR has internet access. When you get the notification on your mobile network even without the VPN to your home network, the Google or Apple server (via NVR/DVR) sends to your mobile via the mobile network.

That would be a connection which I have not established, granted permission or been made aware of.

So if the notification passage is via a cloud connection, that would more likely appear to be Dahua by stealth... as per my security concern stated.

 

[awonson]

@Barboots, have you enabled the Mobile Push Notifications option in your NVR? You will find it on Security | System Service | Basic Services.

My notifications are going out on port 2195 to the Apple 17.0.0.0/8 IP address range and port 8888 to a amazonaws server. A few months ago I had to open port 8888 outbound for the notifications to work. Previously I only had port 2195 and outbound to Apple IP 17.x.x.x. open, but a few months ago the notifications stopped and upon checking my firewall, port 8888 was being blocked by my router. Once I opened 8888 outbound the notifications started working. To view the video in the notification when I am on cellular, I just turn on my VPN to view.

Edited to put in Apple IP Range.

 

[Barboots]

@Barboots, have you enabled the Mobile Push Notifications option in your NVR? You will find it on Security | System Service | Basic Services.

Thanks for the clue, and detailed info from your set-up.

I'll check it out and report back.

 

[Barboots]

@Barboots, have you enabled the Mobile Push Notifications option in your NVR? You will find it on Security | System Service | Basic Services.

My notifications are going out on port 2195 to the Apple 17.0.0.0/8 IP address range and port 8888 to a amazonaws server. A few months ago I had to open port 8888 outbound for the notifications to work. Previously I only had port 2195 and outbound to Apple IP 17.x.x.x. open, but a few months ago the notifications stopped and upon checking my firewall, port 8888 was being blocked by my router. Once I opened 8888 outbound the notifications started working. To view the video in the notification when I am on cellular, I just turn on my VPN to view.

Edited to put in Apple IP Range.

I've been over the NVR-4116 settings several times, and I can't find any reference to mobile push, notification ports, servers... not a thing. I've also checked the cams for the same and also found nothing. They're blocked to the internet in my router too.

I'll have a look over the router settings regarding port 8888.

I'm a bit perplexed. My system is working exactly as yours is, though there are no settings visible in the WebGUI. Did you set up the Apple IP yourself, or was it created automagically by DMSS?

Cheers, Steve

 

[Mike A.]

Perhaps someone else can step in, to clarify what I suggested to be fairly correct.
Your NVR/DVR has internet access. When you get the notification on your mobile network even without the VPN to your home network, the Google or Apple server (via NVR/DVR) sends to your mobile via the mobile network.

That would be generally correct. It's an OUTGOING connection from whatever device inside of your network just as, for example, hitting an external web or mail server from inside of your network. No VPN or port opening required in that case. May need to open some connection to come back in to get video, etc., associated with the notification but not for the notification itself. VPN or ports open are only required for INCOMING connections to your network.

Not familiar enough with the NVR or DMSS to know where, but there must be some setting there permitting the connection to the notification server(s). How about in the app? Does the app have the ability to define/change settings on the NVR? Somewhere you must define your NVR as the system to view and/or the connection? It's obviously being made so must be there in some form.

That said, I have seen some of my Dahua cams with various firmware that still would try to connect to its P2P server even though that setting was disabled. They could not in my case since I have them blocked but they'd try continually. The NVR probably is not blocked so could make the same connection.

 

[awonson]

I've been over the NVR-4116 settings several times, and I can't find any reference to mobile push, notification ports, servers... not a thing. I've also checked the cams for the same and also found nothing. They're blocked to the internet in my router too.

I'll have a look over the router settings regarding port 8888.

I'm a bit perplexed. My system is working exactly as yours is, though there are no settings visible in the WebGUI. Did you set up the Apple IP yourself, or was it created automagically by DMSS?

Cheers, Steve

@Barboots , what firmware version are you running On your NVR. I have a NVR4108-P-4K2 running the latest version 4 software Dated 26 November 2020. Mobile push is an option in the version 4 firmware. The Apple IP range was set in my router to allow outgoing from my NVR and cameras. All my cameras have Mobile Push option under System | Safety. See below for NVR and below that for my 5442T-ZE camera:





Edited to show screenshots.

 

[Barboots]

@Barboots , what firmware version are you running On your NVR. I have a NVR4108-P-4K2 running the latest version 4 software Dated 26 November 2020. .

Thanks for your ongoing assistance. I'm still running the original firmware, having followed the strong advice here to avoid updates unless problems are occurring.

You've found Version 4 solid and reliable?

Cheers, Steve

 

[Barboots]

That would be generally correct. It's an OUTGOING connection from whatever device inside of your network just as, for example, hitting an external web or mail server from inside of your network. No VPN or port opening required in that case. May need to open some connection to come back in to get video, etc., associated with the notification but not for the notification itself. VPN or ports open are only required for INCOMING connections to your network.

Not familiar enough with the NVR or DMSS to know where, but there must be some setting there permitting the connection to the notification server(s). How about in the app? Does the app have the ability to define/change settings on the NVR? Somewhere you must define your NVR as the system to view and/or the connection? It's obviously being made so must be there in some form.

That said, I have seen some of my Dahua cams with various firmware that still would try to connect to its P2P server even though that setting was disabled. They could not in my case since I have them blocked but they'd try continually. The NVR probably is not blocked so could make the same connection.

Yes... I see the point that's previously been made now. I've been getting hung up on the incoming, and forgetting that outgoing is for the most unrestricted. Gotcha.

The app has the NVR login input to it. I have checked that UPnP remains disabled in my router, the NVR and cams, however I appreciate that the app does have the ability to change settings in the NVR. If this was how the link between devices has been created, these changes are not visible in the NVR... as far as I can ascertain anyway. There must be something to single out my installation of DMSS from all others.

I believe your closing summary is likely to be the case. Despite P2P being disabled in the NVR, it appears that there is still a connection being established through Dahua. This was the essence of my question and concern.

Perhaps I'll need to Wireshark my network to confirm for sure.

Many thanks,
Steve

 

[awonson]

Thanks for your ongoing assistance. I'm still running the original firmware, having followed the strong advice here to avoid updates unless problems are occurring.

You've found Version 4 solid and reliable?

Cheers, Steve

@Barboots, yes, I have found version 4 to be solid. I ugraded from version 3.15, going up in each version 4 incrementally

 

[Barboots]

@Barboots, yes, I have found version 4 to be solid. I ugraded from version 3.15, going up in each version 4 incrementally

If you hear someone crying from Australia...


EDIT: it seems I have no Version 4 update being offered to the NVR via the press to update feature... I'm on 3.215.000000.4

 

[Barboots]

Could the push be making it's way to me via:

RTSP Port (1~65535) POS Port (1~65535)
RTSP Format rtsp:/<User Name>:<Password>@<IP Address>:<Port>/cam/realmonitor?channel=1&subtype=0
channel: Channel, 1-16; subtype: Code-Stream Type, Main Stream 0, Sub Stream 1.

 

[awonson]

If you hear someone crying from Australia...


EDIT: it seems I have no Version 4 update being offered to the NVR via the press to update feature... I'm on 3.215.000000.4

@Barboots, I don't even think that update feature even works. In Andy's forum, you will find the various version 4 firmwares that he released. You can also find them here: https://dahuawiki.com/images/Files/Firmware/?C=M;O=A and here Index of /Firmware/Rejestratory/NVR/NVR4xxx-4KS2/Stare/ and here: Index of /Firmware/Rejestratory/NVR/NVR4xxx-4KS2/

I updated sequentially, resetting back to factory after each one. It will take time and patience.

 

[awonson]

Could the push be making it's way to me via:

RTSP Port (1~65535) POS Port (1~65535)
RTSP Format rtsp:/<User Name>:<Password>@<IP Address>:<Port>/cam/realmonitor?channel=1&subtype=0
channel: Channel, 1-16; subtype: Code-Stream Type, Main Stream 0, Sub Stream 1.

Are you specifically blocking outgoing traffic in your router? If not, then the NVR is going out.

I have blocked in and out for all my cameras and NVR and only allow out on certain ports (8888, 2197, 2195, 443, 587, 5223) and to the Apple notificaton range 17.0.0.0/8