I've tried all day to not make this post.

Giorgio23

Getting the hang of it
Joined
Dec 28, 2021
Messages
78
Reaction score
42
Location
Canada
I'm not familiar with zerotier, but if you're still having issues you should consider tailscale. Tailscale is a Zero config VPN. Installs on any device in minutes, manages firewall rules for you, and works from anywhere.


I GOT IT WORKING WITH TAILSCALE!!!!!!!!

THANK YOU!

12+ HOURS OF BULLSHIT.

Next up learning and configuring camera settings properly for my environment lol
 

Giorgio23

Getting the hang of it
Joined
Dec 28, 2021
Messages
78
Reaction score
42
Location
Canada
@wittaj @Vettester @spammenotinoz @Broachoski @TL1096r

I do need help one more time to confirm my victory here if getting things working.

While I know some of you are questioning the safety and security of things like zerotier/tailscale my thoughts are with the cameras themselves and why I did the tutorial @TL1096r did for the dual nic setup configuration.

Now in Blue iris web server settings I set the local IP to the IP of tailscale as was shown to do for zerotier in the video @Alaska Country shared.

Does doing this allow full access to the web for the cameras, or are they still being protected by the dual nic setup and tailscale is "safely bridging" that gap to provide internet to them/Blue iris so I can view remotely on my other devices registered with tailscale?

Thank you to everyone for your help. I think I woke up the whole neighborhood with my shouts when I was able to video my camera feeds on mobile data via the blueiris app/tailscale configuration haha.
 

spammenotinoz

Getting comfortable
Joined
Apr 4, 2019
Messages
345
Reaction score
274
Location
Sydney
Now in Blue iris web server settings I set the local IP to the IP of tailscale as was shown to do for zerotier in the video @Alaska Country shared.
Does doing this allow full access to the web for the cameras, or are they still being protected by the dual nic setup and tailscale is "safely bridging" that gap to provide internet to them/Blue iris so I can view remotely on my other devices registered with tailscale?
No you are exposing your BlueIris server, to access the cameras a malicious party needs to first gain access to your BlueIris server.
Please note though, with zerotier/tailscale implementations you now basically have a two-way VPN tunnel into their cloud open for all ports, so your placing a lot of trust in the provider.
At least with Port-Forwarding you only expose a specific port.
With your own VPN the tunnel is direct between your mobile and home network, so having additional ports open isn't really a concern. I like to host VPN on a firewall, so I get more granular control and alerts.
 

Giorgio23

Getting the hang of it
Joined
Dec 28, 2021
Messages
78
Reaction score
42
Location
Canada
No you are exposing your BlueIris server, to access the cameras a malicious party needs to first gain access to your BlueIris server.
Please note though, with zerotier/tailscale implementations you now basically have a two-way VPN tunnel into their cloud open for all ports, so your placing a lot of trust in the provider.
At least with Port-Forwarding you only expose a specific port.
With your own VPN the tunnel is direct between your mobile and home network, so having additional ports open isn't really a concern. I like to host VPN on a firewall, so I get more granular control and alerts.
Understood ok thank you for the response. Yes I definitely understand and that's why although I am happy I know this is a bandaid fix.

I have an older D-Link 601 router with ddrwrt on it in a box somewhere. I might blow the dust off it and try and put openvpn on it.

If I do that it would look like this 1.modem 2. Eero. 3 hardwire from Eero to first nic blueiris PC. 4. Second NIC to ddrwrt router. 5. Ddrwrt router to Poe switch. 6. Cameras.

Think this would work or should the openvpn router be placed somewhere else in this configuration?

Thanks for your help
 

Vettester

Getting comfortable
Joined
Feb 5, 2017
Messages
740
Reaction score
693
Understood ok thank you for the response. Yes I definitely understand and that's why although I am happy I know this is a bandaid fix.
If you would like to host your own VPN locally I would recommend WireGuard over OpenVPN .
 

Giorgio23

Getting the hang of it
Joined
Dec 28, 2021
Messages
78
Reaction score
42
Location
Canada
If you would like to host your own VPN locally I would recommend WireGuard over OpenVPN .

I tried all day yesterday to setup openvpn. Even though I could connect to my PC because the blueiris PC is a dual NIC setup I was unable to see my cameras in the app or access the UI3 webpage.

Tailscale is working good for now, I just hate having to rely on a third party vs my own setup. Obviously I am missing something with the dual NIC setup and openvpn
 

looney2ns

IPCT Contributor
Joined
Sep 25, 2016
Messages
15,521
Reaction score
22,657
Location
Evansville, In. USA
I tried all day yesterday to setup openvpn. Even though I could connect to my PC because the blueiris PC is a dual NIC setup I was unable to see my cameras in the app or access the UI3 webpage.

Tailscale is working good for now, I just hate having to rely on a third party vs my own setup. Obviously I am missing something with the dual NIC setup and openvpn
Are you certain you performed this step.
1664298425864.png
 

Giorgio23

Getting the hang of it
Joined
Dec 28, 2021
Messages
78
Reaction score
42
Location
Canada
Are you certain you performed this step.
View attachment 141065
Yes i did I followed that guide step by step. Accessing the cameras through the dual NIC is perfectly fine on the desktop itself. Was able to setup all cameras with new IP addresses and access them fine. The problem is when I access the PC from another PC or my phone with OpenVPN. It connects, but I can only access files on the PC. Can't live view the cameras connected to my POE switch on the second NIC
 

jrbeddow

Getting comfortable
Joined
Oct 26, 2021
Messages
370
Reaction score
485
Location
USA
Yes i did I followed that guide step by step. Accessing the cameras through the dual NIC is perfectly fine on the desktop itself. Was able to setup all cameras with new IP addresses and access them fine. The problem is when I access the PC from another PC or my phone with OpenVPN. It connects, but I can only access files on the PC. Can't live view the cameras connected to my POE switch on the second NIC
Wait, are you attempting to directly connect to the cameras from some other PC on your LAN, without first connecting through the BI computer via RDP (or TeamViewer, or AnyDesk, etc..your choice here)?
The whole point of isolating the camera subnet is that they aren't connecting to your primary (internet connected) LAN directly, only through the BI server computer.
 

Giorgio23

Getting the hang of it
Joined
Dec 28, 2021
Messages
78
Reaction score
42
Location
Canada
Wait, are you attempting to directly connect to the cameras from some other PC on your LAN, without first connecting through the BI computer via RDP (or TeamViewer, or AnyDesk, etc..your choice here)?
The whole point of isolating the camera subnet is that they aren't connecting to your primary (internet connected) LAN directly, only through the BI server computer.

Yes I didn't want the cameras to "phone home" thats the whole reason I followed @TL1096r guide and got everything setup with dual NIC. POE switch is on my second NIC with cameras attached.

Not on my LAN no. just on my laptop and phone when I leave the house. with openvpn i was able to tunnel in to my blueiris pc with openvpn server running, but I was unable to view the cameras through UI3 or the app. Was a connection timeout.

Not sure what I was missing I even did the proper port forward 1994 etc. Everything is working now with tailscale on the blueiris pc and my phone/laptop (tested laptop by doing hotspot from phone so it was like I was somewhere else).
 

jrbeddow

Getting comfortable
Joined
Oct 26, 2021
Messages
370
Reaction score
485
Location
USA
Odd...not sure about your OpenVPN setup, but normally when running an OpenVPN setup that runs through the router you then effectively have access to any of the internal LAN devices in exactly the same manner as if you were physically on the LAN. So, are you saying that you still have trouble getting UI3 to display your cameras even when accessing them from another laptop on your LAN? Normally that just requires entering the LAN IP address of your BI server followed by the port number (usually 81 by default), so for example .
It would be good to insure that is working correctly from inside the LAN before moving on to getting it working from outside.
 

Giorgio23

Getting the hang of it
Joined
Dec 28, 2021
Messages
78
Reaction score
42
Location
Canada
Odd...not sure about your OpenVPN setup, but normally when running an OpenVPN setup that runs through the router you then effectively have access to any of the internal LAN devices in exactly the same manner as if you were physically on the LAN. So, are you saying that you still have trouble getting UI3 to display your cameras even when accessing them from another laptop on your LAN? Normally that just requires entering the LAN IP address of your BI server followed by the port number (usually 81 by default), so for example .
It would be good to insure that is working correctly from inside the LAN before moving on to getting it working from outside.
Thanks for your response and attempting to help. Inside the LAN is perfectly fine on all devices laptop phone etc viewing UI3.

I am actually was trying to run the openvpn server on the blueiris PC. My router system, Eero, doesn't have VPN functionality.

My setup is modem>Eero>wire from Eero to motherboard ethernet>second pcie ethernet to Poe switch>cameras.
 

Falcon786

n3wb
Joined
May 31, 2019
Messages
4
Reaction score
0
Location
JHB -South Africa
I GOT IT WORKING WITH TAILSCALE!!!!!!!!

THANK YOU!

12+ HOURS OF BULLSHIT.

Next up learning and configuring camera settings properly for my environment lol
Hi could you please give us a detailed explanation or walkthrough of how you got this right?

I'm trying to get remote access working over a 4g/lte huawei modem system and unfortunately port forwarding via openvpn doesn't work through that connection driving me crazy,tailscale might be the only way.
 

Broachoski

Getting comfortable
Joined
Jun 21, 2019
Messages
589
Reaction score
1,409
Location
USA
I use Zerotier and Tailscale as my ATT wireless internet does not allow port forwarding. Tailscale is the easiest to install, go to Tailscale
and sign up with one of your prefered emails and download the software. Do the same on other devices and they will be linked and will show on your "machines" which you will see whenever you login. Download the Iphone app if applicable and sign in the same. To login to your BI machine, enter the Tailscale IP into the remote (or local) browser as " by using your BI tailscale IP. On any of your Windows machines, enter IPCONFIG from the Command prompt and your Tailscale IP will be shown under "Unknown adapter Tailscale:" as 100.xxx.xxx.xx
Zerotier is a little more involved and may be more secure as you need "Auth" your devices after setting up a network.
 

Falcon786

n3wb
Joined
May 31, 2019
Messages
4
Reaction score
0
Location
JHB -South Africa
I use Zerotier and Tailscale as my ATT wireless internet does not allow port forwarding. Tailscale is the easiest to install, go to Tailscale
and sign up with one of your prefered emails and download the software. Do the same on other devices and they will be linked and will show on your "machines" which you will see whenever you login. Download the Iphone app if applicable and sign in the same. To login to your BI machine, enter the Tailscale IP into the remote (or local) browser as " by using your BI tailscale IP. On any of your Windows machines, enter IPCONFIG from the Command prompt and your Tailscale IP will be shown under "Unknown adapter Tailscale:" as 100.xxx.xxx.xx
Zerotier is a little more involved and may be more secure as you need "Auth" your devices after setting up a network.
Thanks, I will try this later.

Same IP address should be used for blue iris app too right?
 

tech_junkie

Getting comfortable
Joined
Sep 2, 2022
Messages
412
Reaction score
417
Location
South Dakota
Thanks for your response and attempting to help. Inside the LAN is perfectly fine on all devices laptop phone etc viewing UI3.

I am actually was trying to run the openvpn server on the blueiris PC. My router system, Eero, doesn't have VPN functionality.

My setup is modem>Eero>wire from Eero to motherboard ethernet>second pcie ethernet to Poe switch>cameras.
actually, you should vpn into the network, by a router that has a vpn server that assigns a phone a local and tertiary ip addresses. then access the UI3 by its local ip address.
This week I'm going to get around to it with my blue iris build and post. But I am very interested on making a better remote connection module because there are ways to make remote viewing happen without a VPN or hosting it and paying VPS bandwidth.
 

Falcon786

n3wb
Joined
May 31, 2019
Messages
4
Reaction score
0
Location
JHB -South Africa
I use Zerotier and Tailscale as my ATT wireless internet does not allow port forwarding. Tailscale is the easiest to install, go to Tailscale
and sign up with one of your prefered emails and download the software. Do the same on other devices and they will be linked and will show on your "machines" which you will see whenever you login. Download the Iphone app if applicable and sign in the same. To login to your BI machine, enter the Tailscale IP into the remote (or local) browser as " by using your BI tailscale IP. On any of your Windows machines, enter IPCONFIG from the Command prompt and your Tailscale IP will be shown under "Unknown adapter Tailscale:" as 100.xxx.xxx.xx
Zerotier is a little more involved and may be more secure as you need "Auth" your devices after setting up a network.
You sir are a gentleman and a legend!!

I've been breaking my head over this for months and finally got it sorted with Tailscale.....

I didn't know I had to use my Tailscale server IP address basically, but thanks for also breaking it down step by step as that helped me find what I was missing instead of clutching at straws.

Maybe when I have some time I'll try to implement Zerotier for the added security.
 
Last edited:

Stephan06

Young grasshopper
Joined
Dec 11, 2017
Messages
50
Reaction score
6
I use Zerotier and Tailscale as my ATT wireless internet does not allow port forwarding. Tailscale is the easiest to install, go to Tailscale
and sign up with one of your prefered emails and download the software. Do the same on other devices and they will be linked and will show on your "machines" which you will see whenever you login. Download the Iphone app if applicable and sign in the same. To login to your BI machine, enter the Tailscale IP into the remote (or local) browser as " by using your BI tailscale IP. On any of your Windows machines, enter IPCONFIG from the Command prompt and your Tailscale IP will be shown under "Unknown adapter Tailscale:" as 100.xxx.xxx.xx
Zerotier is a little more involved and may be more secure as you need "Auth" your devices after setting up a network.
Good day , I have installed the tailscale app on my iphone so I could view my cameras and alert playback when I am not home. The vpn logo appears on my phone, does that mean when I use my banking app now that any data travels via tailscale servers? How do I set the tailscale vpn only to turn on when I Open the blue Iris app?

thanks
 
Top