New Setup Thoughts: Blue Iris or NVR

srvfan · Apr 23, 2024

Good evening everyone. Due to issues around our neighborhood, my father is now looking at placing cameras around their property. My house is directly across the yard probably about 200-300 feet away. I offered up the idea of wiring some cameras up and then placing beams between our houses for communication and grouping his cameras on my BI computer. However, desiring to remain independent (retired military), he wants everything located at his house and running on his own stuff. Only thing is, he states he does not want a complicated setup. Before I begin comparing cameras and other hardware (to be in another thread), I would like to request some advice about which option to take; NVR or BI. Personally, I prefer BI as I have never had an issue out of it. The only issue has been with expiring iOS certificates, but that’s on Apple, not BI.

As background, he does have an iPhone, so whatever system is chosen will need to have an iOS app, and preferably one that does not communicate with undesirable servers. We both use the same ISP, and that service is behind a CGNAT, and no IPV6 is offered. In my case, I have to run ZeroTier whenever I am outside of my network. In order to keep from typing LANs and WANs each time I switch between my network and ZeroTier, I had to create an “additional server” in my BI app to switch between. If that is the route that has to be taken, I wonder how quick it will be before he gets frustrated. If working with an NVR, I’m not sure that ZeroTier could be installed on one?

Next concern would be camera isolation as has been beat into my head over the past couple of years through this forum’s assistance. I know with a dual NIC or the cameras being on a separate VLAN (like in my setup), I can keep the cameras isolated. However, if one were to go with an NVR, how is that possible? Even if possible, wouldn’t the NVR and its app still communicate with undesirable servers (plus open up NVR to the internet and backdoors)?

I’m sure I will have many more questions to follow up, but these are my initial thoughts/concerns. Any thoughts or advice would be greatly appreciated.

wittaj · Apr 23, 2024

The NVR itself kinda acts like a dual NIC. By default, most NVRs will put the cameras on a 10.x.x.x. subnet and the NVR acts as a firewall of sorts to prevent the cameras from talking to the rest of the network.

If you use P2P for the NVR to get push notifications, then yes it is talking to servers you have no control over.

BI versus NVR - There is a big debate here on which is better.

Here is the search tool of all the NVR versus BI comparisons:

blue iris vs nvr ip cam site:ipcamtalk.com - Google Search

srvfan · Apr 23, 2024

Yeah that’s a big point for me; getting the push notifications via P2P vulnerabilities. If our stupid ISP had not put us behind CGNAT, I would say go with Edgerouter or similar for VLANs and VPN and roll directly with BI.
Not to repeat myself but the switching back and forth with zerotier and having to switch between 2 listings for computer is going to be a frustration source for him. Of course maybe I’m doing something wrong in my end lol.
I’ll definitely begin looking over the link you provided. I had a feeling this was gonna be a Ford/Chevy type of debate lol.

srvfan · Apr 24, 2024

If I were to go the nvr route, is there another way of getting notifications outside of P2P?
Same question for Blue Iris; is there a reliable and safe way to get notifications outside of the regular app notifications? I know I can by upgrading Blue Iris, but every time I attempt, I get the errors that my cameras are losing signal. Rolling back to a prior version resolves the issue but no notifications. There are times I hate Apple.

wittaj · Apr 24, 2024

Regarding BI, many of us use the pushover app to get notifications and then simply use UI3 to view the cameras.

That way for the iphone users, they are stuck having to update BI just for the certificate that apple annually requires.

Instead of a push from the NVR that requires P2P, you could make it email based and use the Pushover app to do that as well.

bigredfish · Apr 24, 2024

At first I'd recommend BI because thats what you're familiar with and that knowledge will come in handy training him.

But..

NVR is going to be more simple to set up and run
You can use P2P and make it all seemless, which as far as I can tell we've never seen a report of any hacking of an NVR from it in the 8 years Ive been here, and it is better than port forwarding. Im way more worried about my Samsung TV, have you seen the traffic those things generate reaching out to unknown servers?
NVR can send email alerts all by itself
NVR has a built in Dual NIC so to speak as mentioned and the cameras can't be reached by bad actors from outside of the network
DMSS app works fine on Iphone

Outside of the theoretical P2P issue there is Zero difference in security in hanging an NVR vs PC on the network

bigredfish · Apr 24, 2024

For $349 these are awesome and surprisingly simple and versatile even for a non technical person
Firewalla Purple: Gigabit Cyber Security Firewall & Router with WiFi Protecting Your Family and Business (Ships Worldwide)

This was helpful for me, 4 ways to connect it to your network.

https://help.firewalla.com/hc/en-us/articles/4406178984467-Firewalla-Purple-Purple-SE-Installation-Guide?

looney2ns · Apr 24, 2024

Being as you are already versed in Blue Iris, that's the route I would vote for.

mat200 · Apr 24, 2024

Agreed ^^^ stick with what you know better .. too many projects and too little time ..

srvfan · Apr 24, 2024

wittaj said:
Regarding BI, many of us use the pushover app to get notifications and then simply use UI3 to view the cameras.

That way for the iphone users, they are stuck having to update BI just for the certificate that apple annually requires.

Instead of a push from the NVR that requires P2P, you could make it email based and use the Pushover app to do that as well.

So for my own setup, would Pushover help resolve my issues of receiving notifications due to the annual certificates? I would gladly give that a try if it is a secure option for use with the iPhone app. I've seen references to Pushover within the forum pages here, but didn't know if there was a particular thread/post discussing it in-depth. Would there be any particular thread you could point a moron like me to?
Thanks for your help, and my apologies for the delay in response.

wittaj · Apr 24, 2024

Absolutely the Pushover app would take care of that certificate issue.

It has a free demo for like 30 days. Just try, use the email option. A lot faster and simpler to setup. It sends an email of the alert image to the Pushover email and then it is sent to you via a push on the Pushover app.

Then you can decide to stay with that or invest the time to set up the API version to remove their email server out of the equation.

Send Pushover notifications with pictures and hyperlinks

I've figured out how to send Pushover notifications with pictures and hyperlinks from Blue Iris Actions without using external scripts. This approach uses curl and the Pushover API, and provides functionality similar to that recently described for Telegram . EDIT (5/16/2022) - For those who...

ipcamtalk.com

srvfan · Apr 24, 2024

bigredfish said:
For $349 these are awesome and surprisingly simple and versatile even for a non technical person
Firewalla Purple: Gigabit Cyber Security Firewall & Router with WiFi Protecting Your Family and Business (Ships Worldwide)

This was helpful for me, 4 ways to connect it to your network.

https://help.firewalla.com/hc/en-us/articles/4406178984467-Firewalla-Purple-Purple-SE-Installation-Guide?

@bigredfish , been a long time. Hope all is well in your world sir and that retirement is treating you well. Many thanks to your posts; I had all but leaned toward BI, but now I'm contemplating the NVR route again, lol. As far as router, I had planned on getting Mom and Dad an Edgerouter like mine to where I could just copy settings and load into their system. However, I would definitely like to dive into the pros and cons of the router you listed.
Thank you for your advice and assistance, and apologies for my delayed response sir.

srvfan · Apr 24, 2024

looney2ns said:
Being as you are already versed in Blue Iris, that's the route I would vote for.

Thanks @looney2ns. I love how well BI works and how easy it is to setup and maintain. Now if I could just accumulate 1/4 of the knowledge with cameras you all have, I would be doing well. Thanks again sir.

srvfan · Apr 24, 2024

mat200 said:
Agreed ^^^ stick with what you know better .. too many projects and too little time ..

Could be the best route; I have about a month or so to make a final decision. In that time, hoping to get a more clear picture of what Mom and Dad need to include walking the property and taking measurements. Either way, I'll be hitting you guys up again for that part of the setup, lol. Thank you!

srvfan · Apr 24, 2024

wittaj said:
Absolutely the Pushover app would take care of that certificate issue.

It has a free demo for like 30 days. Just try, use the email option. A lot faster and simpler to setup. It sends an email of the alert image to the Pushover email and then it is sent to you via a push on the Pushover app.

Then you can decide to stay with that or invest the time to set up the API version to remove their email server out of the equation.

Send Pushover notifications with pictures and hyperlinks

I've figured out how to send Pushover notifications with pictures and hyperlinks from Blue Iris Actions without using external scripts. This approach uses curl and the Pushover API, and provides functionality similar to that recently described for Telegram . EDIT (5/16/2022) - For those who...

ipcamtalk.com

Thank you @wittaj, I will research that post. Good thing the trial is 30 days, lol. Thanks again!

bigredfish · Apr 24, 2024

srvfan said:
@bigredfish , been a long time. Hope all is well in your world sir and that retirement is treating you well. Many thanks to your posts; I had all but leaned toward BI, but now I'm contemplating the NVR route again, lol. As far as router, I had planned on getting Mom and Dad an Edgerouter like mine to where I could just copy settings and load into their system. However, I would definitely like to dive into the pros and cons of the router you listed.
Thank you for your advice and assistance, and apologies for my delayed response sir.

Hope you and yours are well too sir. Getting the hang of retirement, I like it!

On the firewall device, while it can also be used as a router, I don’t. I still use my Netgear router.
But easy VPN implementation, built in dual LAN support and all of the many things that come with a good firewall appliance at that price is a good value. Give it a read when you get time

Best

srvfan · Apr 24, 2024

bigredfish said:
Hope you and yours are well too sir. Getting the hang of retirement, I like it!

On the firewall device, while it can also be used as a router, I don’t. I still use my Netgear router.
But easy VPN implementation, built in dual LAN support and all of the many things that come with a good firewall appliance at that price is a good value. Give it a read when you get time

Best

Yes sir all seems well at this moment. Been able to have some downtime and spend some quality time with the kiddo who just turned 2! Man time has flown, and I have missed so much.
I will definitely check into the firewall piece. I would love to be able to use a device like that to vpn into but stupid ISP in the last several months has put us behind CGNAT which SUCKS. Had to turn to zerotier for that issue. Still would be worth reading up on. Thanks again sir!

srvfan · Apr 26, 2024

Well I do believe I may try to go the BI route and begin that setup. Either way I go I will have to get another router to begin the process. Will probably get an Edgerouter so I can just copy my settings over to their router.
Worse case is I have to switch to NVR. So if I did have to switch, as long as I bought all the cameras directly from @EMPIRETECANDY (either through his site or his Amazon page), the NVRs he sells should be compatible, correct?
Also final question for forum etiquette; once I perform the initial setup and want to start discussing camera strategies, would I need to continue this thread or create a new one?
Thanks all!

wittaj · Apr 26, 2024

Yes, if you bought cameras from Andy, then they will work with an NVR he sells.

This is your thread, so you can continue the discussion here to keep it all in one place or start a new thread.

CCTVThomas · Apr 26, 2024

I also ultimately chose the NVR option.
I have an AJAX NVR that is integrated with the AJAX alarm system, works perfectly!
I use Unifi hardware for the network, which is very user-friendly.
I set up the network as follows:
VLAN 1: main network for all devices
VLAN 2: This network is intended for the NVR
VLAN 3: For the IP Cameras (DAHUA)

I set it up as follows:
VLAN 1: Can access all other vlans (2 & 3)
VLAN 2: Only has access to VLAN 3 (so if the NVR is hacked it cannot access my main network.
VLAN 3: This is completely shielded from the internet and has no access to other vlans (1 & 2). I did open NTP port 123 so that the time is correct on the cameras.

The advantage of putting the cameras on a VLAN without internet access is that fewer devices are exposed to the internet (which reduces the chance of hacking or other problems). So the only risk left is the NVR.
You can also choose the VPN solution, which is the safest.

Good luck!

Search

New Setup Thoughts: Blue Iris or NVR

srvfan

Getting comfortable

wittaj

srvfan

Getting comfortable

srvfan

Getting comfortable

wittaj

bigredfish

Known around here

bigredfish

Known around here

looney2ns

mat200

srvfan

Getting comfortable

wittaj

Send Pushover notifications with pictures and hyperlinks

srvfan

Getting comfortable

srvfan

Getting comfortable

srvfan

Getting comfortable

srvfan

Getting comfortable

Send Pushover notifications with pictures and hyperlinks

bigredfish

Known around here

srvfan

Getting comfortable

srvfan

Getting comfortable

wittaj

CCTVThomas

n3wb