SOLVED: setup VTO2101E-P + VTH5221DW-C + NVR4104-P-4KS2

[Edwin3]

Hi All,

Setup:
NVR = 192.168.2.200 (within the IPv4 range of own network-router/wifi) connected with router
IPC1 = 10.1.1.65 Port 1 (within the IP range of the switch (of the NVR)) connected with the NVR
VTO1 = 10.1.1.66 Port 2 (within the IP range of the switch (of the NVR)) connected with the NVR



P2P:
On the NVR, P2P is enabled and status is online
On the VTO2, P2P is enabled and status is OFFline





Is working:
in both Android apps, showing live mode (video and receiving audio).


Facing the following issues:
1a. I'm not receiving calls from the outdoor villa station (doorbell) VTO0201E-P on the Android gDMSS Plus or 'Lechange' app when somebody hits the button 'Calling now, please wait moment'.
1b. No talk back audio from mobile towards the doorbell.

2. Cannot connected the VTO with P2P server (and therefor cannot add this device seperate in the mobile apps

Note:
Add DVR in app 'gDMSS Plus' by add 'wired device' --> P2P --> scan QR code via Internet Browser address 192.168.2.200: Menu of DVR system: Network --> Setup --> P2P.
Add DVR in app 'Lechange' by scanning the QR code (of DH-NVR4104-P-4KS2) via Internet Browser address 192.168.2.200: Menu of DVR system: Network --> Setup --> P2P.

Any thoughts or advice?

Thanks!

 

[Edwin3]

any suggestions?

 

[Edwin3]

Any ideas?

Vto connected on nvr.
P2p on vto says not connected.
All ports on router opened for forwarded

Video on gdmss works fine.

Talkbutton and 2 ways audio is not working

 

[Edwin3]

Solved.
Purchased a separate switch (8 channel which has 4 POE). Have connected the router to the switch.
A connection to the NVR from the switch and a connection (POE) to the doorbell from the switch.

 

[catcamstar]

Hi Edwin3,
I hope you did read the VPN Primer regarding opening and forwarding ports. If you want the push notifications to your phone, you can leave 2195 OUTbound open, however, close everything else. If you receive a "ring" notification on your phone, you still have ample time to connect to your home-LAN with a VPN client, and pick up the line then.

 

[Edwin3]

Hi catcamstar,
just figured out how to get the vto <--> gDMSS app (2-way audio) working. Did not opened and forwarding ports, just p2p.
Next step is vpn..Need a router which provide vpn functionality.. Did you use OpenVPN?

 

[catcamstar]

Hi catcamstar,
just figured out how to get the vto <--> gDMSS app (2-way audio) working. Did not opened and forwarding ports, just p2p.
Next step is vpn..Need a router which provide vpn functionality.. Did you use OpenVPN?

P2P is the "next-best thing", it's okay is you don't care that the Chinese peeps can see who's at your front door

I used OpenVPN on my ASUS router (good investment), but nowadays I have added an EdgerouterX (from ubiquity) to my network, capable of OpenVPN, vlans, firewalling etc etc. Have a look at the VPN Primer for Noobs !

 

[fenderman]

P2P is the "next-best thing", it's okay is you don't care that the Chinese peeps can see who's at your front door

I used OpenVPN on my ASUS router (good investment), but nowadays I have added an EdgerouterX (from ubiquity) to my network, capable of OpenVPN, vlans, firewalling etc etc. Have a look at the VPN Primer for Noobs !

p2p is not ok and it makes your entire network vulnerable if you dont have it segmented. As we have seen here not 5 days ago MILLIONS OF XIONGMAI VIDEO SURVEILLANCE DEVICES CAN BE HACKED VIA CLOUD FEATURE (XMEYE P2P CLOUD)

 

[Edwin3]

P2P is the "next-best thing", it's okay is you don't care that the Chinese peeps can see who's at your front door

I used OpenVPN on my ASUS router (good investment), but nowadays I have added an EdgerouterX (from ubiquity) to my network, capable of OpenVPN, vlans, firewalling etc etc. Have a look at the VPN Primer for Noobs !

Hi catcamstar,
did you configured openvpn in EdgerouterX easily? if yes, could you explain how? I'm just at a point to purchase that one, but wanna be sure if this thing is all i need for vpn connection.

 

[usaf_pride]

@Edwin3
EdgeRouter - OpenVPN Server

and see this thread before you start, otherwise the certificate expires after 365 days:
Ubiquiti Networks Community

 

[Edwin3]

@usaf_pride, thx..but purchased another brand router for setting up a vpn connection.

 

[catcamstar]

@usaf_pride, thx..but purchased another brand router for setting up a vpn connection.

Unfortunately, I did not get a notification from this thread. On ASUS, It takes like 2 minutes to setup OpenVPN server and export the .ovpn file. On ERX, it takes somewhat between 1 hour, as no "default" values are proposed and you have to enter everything by hand (command-line).

I hope you are happy with your choosen solution!
CC

 

[Edwin3]

@catcamstar, still need to figure out, how to set the right router rules/configuration to see the subnet ( ip cams poe and doorbell poe).
Setup openvpn was sorted out within minutes, but was not able to login on the 2th router (router behind the modem/router, running openVPN server) nor the 1th modem/router via android mobile (app= openVPN connect with status connected)

 

[catcamstar]

@catcamstar, still need to figure out, how to set the right router rules/configuration to see the subnet ( ip cams poe and doorbell poe).
Setup openvpn was sorted out within minutes, but was not able to login on the 2th router (router behind the modem/router, running openVPN server) nor the 1th modem/router via android mobile (app= openVPN connect with status connected)

It is always adviced to draw your network (at least on paper), that will visualise the subnets and routing rules much better. Remember, there are different roads to Rome, there is not "a perfect" way, like with networks. I once started with 1 flat network, then with different (unroutable) subnets, however nowadays I'm on vlans with completely "virtually" separated networks, even if they share the same physical wire. That does require some homework, especially if you need to pass through different routers, with their own firewalls etc. That's why I throw aboard all my "home wifi router" stuff and put one single router (ER-X from ubiquity), which manages the full network (VPN client & server, vlan, subnets, routing, firewalls), and in one of these vlans, my "good old" ASUS is still plugged in, it has its own VPN server (which gets portforwarded through the ER-X) so I can reach that inner network too.

Draw what you want, draw which communications are allowed/required versus which not, don't forget about NAS, IoT devices (eg google home), but also NVR/VTO/VTH/IPC, alarm, playstation, domotica, printers, mother-in-law etc etc

And your "most efficient with less cost" solution rolls out of it.

Good luck!
CC

 

[Edwin3]

thanks @catcamstar

I have made a sketch of my network (test) below.

An OpenVPN server / client device now makes it possible to set up a secure connection from my mobile to my home network.

Doorbell:

To receive incoming messages from the doorbell, there must be a constant VPN connection (from my mobile to my home network).

I have installed the Android app gDMSS Plus. When a push on the button is given I receive a notification on the Android mobile. Click on this to start the gDMSS application. It takes a while (15 seconds) until video image appears in the gDMSS app. I also receive sound. The doorbell will NOT sound when I speak back from the Android mobile.

Todo:
- 2 way audio failed. Network issue? App configuration? Doorbell configuration?
- alarm (movement)
- viewing of video / sound is about 200kB per second .. Find out how the value can be lowered. The video does not have to be a high bit rate. Possible with Main stream / sub stream selection?


IPC camera:

Also here :
Todo:
- alarm (movement)
- lower bitrate, for sake of my data bundle

 

[catcamstar]

Hi @Edwin3, nice drawing!

Couple of remarks:
- you draw a dotted line from your VTO to your NVR, does that mean you have already added it "manually" as a channel on your NVR? To do the motion-detection? Because VTO is NOT able to do this on its own.
- I measured my bandwidth in the ERX: opening live video stream on VTO takes 1.2Mbps, opening two audio increases to 1.4Mbps. So that's approximately the number you are experiencing too. In the VTO web services page (http://192.168.1.103) you are able to dim resolution on the streams, but then you're off for pixel football
- make sure your wifi's between TP & KPN are not fighting for a channel
- to debug 2way audio: what happens in you connect your mobile device directly (on wifi off course) on your TP Link: is the 2 audio then working? If yes, then it's not linked to the VPN (which I don't think could intervene here). Then you'll have to fiddle with the VTO settings
- regarding the push notifications in gDMSS plus: you do NOT have to have your VPN connection open all the time to receive a "door ring" signal on your cell phone. The "2195" TCP outbound is "acting" like some kind of P2P, but it's not exactly the same: it will send a notification to your phone that someone is calling. At that time, you need to open your VPN tunnel (shouldn't take more than 1 second), then open gDMSS (shouldn't take more than 2 seconds), and "pick up the line" (shouldn't take more than 2 seconds). So in my case, when being on 4g, in less than 5-6 seconds, I'm on the line with my visitors. If you are not reaching these numbers, have a look at a test on your TP link router locally, if that is also sluggish, make speedtests (from the TP link, from the KPN box), make sure you don't use an android from 1992 etc etc.

Tip of the day: if you want to debug: measure at each measurable point.

Hope this helps a bit!
CC

 

[Edwin3]

thx again @catcamstar (

-i've added the VTO manual.


Note:
I just noticed that P2P was enabled on the doorbell and nvr. And no VPN connection needed for getting video/notification from the VTO
Doesn't sound secured to me, so therefor i disabled the P2P on both devices..but now i do not receive a notification when the doorbell 'rings'..

Do I need to open TCP port 2195 ? for getting the notification?
BTW : which router (1 or 2) i need to config this and how/where can i put this for only outbound?
or is P2P enabling necessary.

- connection mobile device directly on WiFi did not make any change (still no audio via mobile back to the VTO)
- the speedtest
router 1

router 2


Android mobile = Samsung S9

 

[catcamstar]

P2P should not be enabled. If you open OUTBOUND TCP 2195, you will get push notifications on your mobile, whether or not you are on your wifi or 4g. However, I suspect that both router 1 & 2 have no internet blocking enabled for your NVR/cams/doorbell unless you specifically blocked it. So doublecheck whether (or not) you blocked anything on both router 1 & 2 for OUTBOUND connections, then you should be good to go.

PS. i suspect your router 1 and router 2 bandwidth got mixed, 1 should be faster than 2 ;-)

 

[Edwin3]

Hi @catcamstar,
i opened outbound tcp 2195 on both routers and p2p is disabled, but not receiving any notification on mobile
any suggestion? as there are no blocking rules

BTW: i also expected a higher value.. but did not mixed up..Testresult is time depending

 

[catcamstar]

It's called "caching", not time depending ;-) Although that might factor in too

Just to make sure nothing else is blocking, do you "dare" to remove all outbound blocking rules, for a single test?