What is consuming my cellular data?

[Fastb]

My remote system will only be connected via a cellular modem.
I need to be able to surf in with a browser and see live video.
Therefore, the cellular modem must be always connected (to Verizon)
So far, this works fine.

However, I'm consuming my data plan too quickly. Cellular data can be pricey....

Consumption:
Cellular modem only, no NVR or cameras: 19 K Bytes/hr
Cellular modem + NVR & 3 cameras: 2.6 M Bytes/hr

What the heck? What is using that data?

Notes:
- I'm not remote viewing. I'm not using cloud storage.
- The LAN side of the cellular modem only includes the Dahua NVR and 3 cameras. No PC.
- When I do remotely connect to the NVR, I use iGDMSS on my android.
- The connection is using P2P

Why does an NVR at rest, with no need to send data to/from the internet, consume 2.6 MB per hour? ie: ~2 GB/month?

Thanks,
Fastb

 

[nayr]

disable p2p, thats how it works.. it has to create and maintain an outbound connection with the cloud.. you should be using the VPN Server on that cradlepoint

 

[Fastb]

Thanks for quick reply.

I sorta suspected it was P2P. 2.6 MB/hour is a lot of overhead (IMHO). The NVR doesn't have any configuration settings to tweak.

I'm still using P2P because I found it works on Verizon. Problem: Verizon issues a Private IP. From my limited reading, a VPN needs a public IP. A dynamic public ip address is workable too.

Verizon's solution (apparently) is to sell a static IP, for a one time charge of $500. Future SIMS (for additional cradlepoint/NVR/Camera systems) get free static IPs.

In the Cradlepoint, under Networking--> Tunnels, it lists;
- CP Secure VPN
- IPSec VPN
- OpenVPN
- GRE
- NEMO
- L2TP

Q1: Can the above VPNs cope with the private ip address that Verizon offers?

If so, that would save me $500

Q2: Any guidance to get iGDMSS to work with a VPN?

Thanks again,
fastb

 

[nayr]

vpn is transparent, so iGDMSS wont even know it exists.. other than if its not connected to the VPN it wont connect to the NVR.

You could try to do a site to site VPN, where you connect your cradle-point to a router outside the network to allow a tunnel back in.. I'd suggest a S2S back to your corporate network and just have this remote mobile node be a subnet of it.. then anything on the corp network will have access to it.

there will still be a traffic flow even with nothing occurring, just to keep the connection alive.. but at least you can tweak that for the lowest possible without always finding the vpn is down.

 

[Fastb]

nayr,

VPN is transparent - good news.
For my job site security system, I'll need to enable/configure VPN on the android and apple cell phones of the GC and his workers, I imagine. minor headache, I'll cope. Similar with Chrome, Mozilla, and IE on the GC and worker's laptops. Unless all that is transparent too....

You mention;
"a site to site VPN"
"connect your cradle-point to a router outside the network to allow a tunnel back in"
"S2S back to your corporate network"

I'm not an IT engr (instead, EE with limited networking experience). I'm working from home (no "corporate" network)
My wife has a GoDaddy site, maybe that could be used for the site-to-site VPN?
I'll start getting smart through research. Any info sources you suggest?

The big question that still remains: Is the private IP that Verizon issues a showstopper to a vpn solution?

Every time the cellular modem connects, and periodically afterwards, the Cradlepoint will have a new private ip, and new public ip, and Verizon's NAT is the only thing that connects them. That seems like a showstopper....

Thanks again,
Fastb

PS: the Cradlepoint is awesome. Failover and Failback work flawlessly. Right now, at home, it configured with these connection priorities:
1: Wired WAN
2: WiFi as WAN
3: Cellular

 

[nayr]

not a show stopper if the router makes the vpn connection to an external server.. you might need a hosted VPN service for this, cant be much help with that.. but you'd need one that let all your devices connected to the vpn talk to eachother directly..

configuring the phones and laptops are pretty easy, you can roll out config files that have all the basic information and setup already done.. then send them a link to the file, tell them to run it and show them how to connect to it.. if you use like IPSec+L2TP basically every Mobile Phone, Tablet, Laptop, and Desktop thats safe to be on the internet will already have the VPN client built in to the operating system.. no need to install jack shit.

you got some learning to do bout VPN's, your getting in deeper than most just trying to remotely tunnel to there corp/home LAN.. you need to bridge lan's together at the router level, then bridge the clients in remotely too.. not pretty, or simple.. but totally doable, and reliable if you get a decent host.