Sponsored Links

CCTV Live Viewing with CGNAT

andyh747

Regular Member
Hi All,

This topic has been raised before and I know it’s not new. However I’m hoping someone might have a solution which hasn’t been posted before or advise on some ideas I’ve had. I install mobile broadband as a business and I have one customer who needs access to their CCTV while away from the property. I cannot use Three mobile on this install due to poor speeds which is a real shame as using the three APN provides a public IP. The best speed is using EE.

After some research it seems there are no easy solutions. One possible contender is installing ngrok on a Raspberry Pi which creates a tunnel to the ngrok servers and a unique address to access the Pi from the WAN side. I haven’t experimented with this but it appears to work for those that have tried it. However I have no idea how you would set this up so that the inbound connection to the Pi could be forwarded to the CCTV NVR. The customer does not want to change the hardware they have or connect any differently to how they do now so I need a solution which will allow access inbound to the NVR.

So has anyone done this on a Pi using ngrok and managed to access the NVR on the network? Has anyone come up with any other solutions which work?

Many thanks for any info.

Andy
 
Hi All,

This topic has been raised before and I know it’s not new. However I’m hoping someone might have a solution which hasn’t been posted before or advise on some ideas I’ve had. I install mobile broadband as a business and I have one customer who needs access to their CCTV while away from the property. I cannot use Three mobile on this install due to poor speeds which is a real shame as using the three APN provides a public IP. The best speed is using EE.

After some research it seems there are no easy solutions. One possible contender is installing ngrok on a Raspberry Pi which creates a tunnel to the ngrok servers and a unique address to access the Pi from the WAN side. I haven’t experimented with this but it appears to work for those that have tried it. However I have no idea how you would set this up so that the inbound connection to the Pi could be forwarded to the CCTV NVR. The customer does not want to change the hardware they have or connect any differently to how they do now so I need a solution which will allow access inbound to the NVR.

So has anyone done this on a Pi using ngrok and managed to access the NVR on the network? Has anyone come up with any other solutions which work?

Many thanks for any info.

Andy
A perhaps easier solution would be to get a private VPN with a fixed IP so you can access the network.

AAISP have such a service for £10 a month and you get a fixed IP. You could have the router connected constantly to the VPN and with some configuration you should be able to access all network resources from outside the network via the static IP. Avoids all the issues with CGNAT that way and you get your own IP permanently.

A free option would be to use something like ZeroTier - it creates a virtual network that can be connected into from other devices but there’s no public IP so you’d need to also install ZeroTier on the devices you want to connect into the network. I’ve used it quite a lot and it’s fairly reliable.
 
Thanks for reply.
So with zerotier that would need to be installed on something like a Pi within the LAN and then all clients would have to have zerotier installed too? How does that give direct access to the NVR?
I’d like to experiment with zerotier on my own setup as I can change the APN to the CGNAT one from Three and see how it works but any pointers on general config would be helpful.
I’ll also look at the private VPN option as understand that a bit better.

Thanks for taking the time to reply. Good to know there are some solutions.
 
Sponsored Links
My solution is to use a Vera Edge home automation z wave, access is through an external website hosted by Vera and this gets around the CGNET.
 
Thanks for reply.
So with zerotier that would need to be installed on something like a Pi within the LAN and then all clients would have to have zerotier installed too? How does that give direct access to the NVR?
I’d like to experiment with zerotier on my own setup as I can change the APN to the CGNAT one from Three and see how it works but any pointers on general config would be helpful.
I’ll also look at the private VPN option as understand that a bit better.

Thanks for taking the time to reply. Good to know there are some solutions.
So with ZeroTier it’ll connect your Pi to an additional private network address let’s say 192.168.50.1 range for example. The other devices you want to connect from also need the ZeroTier app installed and it’ll get an IP in that same range. The networks can be configured so that you can access local IPs the local network externally via its standard IP say if the cam is on 192.168.1.100. It’s quite convenient because you can choose to push all traffic through ZeroTier or just specific things such as IPs local to the network with the camera on it.
I’m not very good at explaining it but hopefully you get the gist, have a play with it. You can go to my.zerotier.com and create your virtual network then add other devices into itx
 
That’s brilliant info TTJJ, many thanks. I am familiar with LAN networks and your explanation makes sense.
I’ll have a play and see what I can achieve on my own network. If it works well it could be a lifesaver for many of my customers wanting external access to their LANs.
 
If the broadband is exclusively used for CCTV a fixed IP VPN seems like a good choice. If it's general broadband, then it will be problematic.

Whatever current service they are using to have remote access to cameras, they could continue that in parallel. Or, they need to change the cameras to tech that makes use of a cloud service which removes the need for a visible IP.

The VPN alternatives are possible, but they will be high maintenance.

The problem is streaming services who treat all VPNs with the suspicion that the VPN is being used to circumvent geo-licencing. BBC iplayer, Amazon Prime in particular, have a habit of blocking VPN servers.

Fixed IP will work really well and be simple until it gets blocked. The chances of that particular IP being targetted are lower, but once blocked it's dead forever and you'd need to start over by buying a new VPN service with a new fixed IP. At least with the cheaper providers like nordVPN.

You can go for general VPN with a dynamic IP and use a dynamic DNS service to connect (e.g. duckDNS is a good free one), but you will still need to occasionally change VPN settings to keep up with the cat and mouse game where streamers block ban URLs of VPN servers.

This is what I use. I have a second router running dd-wrt which connects to a VPN provider. My LAN is connected to this secondary router. The wan port connects to the primary B535 router and my 4G connection. I then use duckdns to maintain a domain which I can use to access the cameras.

It's OK, but I still need to fiddle with it twice a month to keep it working.
 
Sponsored Links
Thanks for reply. Problem is the customer wants a robust connection without hassle. I certainly can’t maintain it long term as the costs for them would be too high. I doubt they’ll pay for two connections and will probably make do with what they have despite a slow connection. They want one connection which will do everything so I don’t think it’s feasible at present.

At the end of the day I can only offer options and it’s up to them to decide what’s the priority. A fixed IP SIM is expensive so they won’t consider that.
 
Just out of interest, which brand of NVR/DVR are you using, I've found that the Hikvision platform works fine through CGNAT with EE.
 
As mentioned it’s not my installation. The customer has an existing installation which was installed by a third party. It’s a QVIS NVR. I believe the model is Viper.

I’m intrigued as to how any NVR can work over CGNAT unless it is cloud based. How do you connect inbound to your system over CGNAT without a public IP?
 
As mentioned it’s not my installation. The customer has an existing installation which was installed by a third party. It’s a QVIS NVR. I believe the model is Viper.

I’m intrigued as to how any NVR can work over CGNAT unless it is cloud based. How do you connect inbound to your system over CGNAT without a public IP?
The Hikvision platform is more like a cloud service. You connect to Hikvision, as does your CCTV equipment. It's not a direct connection through to the device. The platform is the middleman.
 
Sponsored Links
Ahh that makes sense. I've been in contact with QVIS and it appears their system works on a similar basis and they've indicated there should be no problems with it through a CGNAT mobile connection. Here's a link to the setup for their system using Superlive Plus:

QVIS Viper Setup
 
Top
Cheap BIG ISPs for 100Mbps+
Community Fibre UK ISP Logo
150Mbps
Gift: None
Virgin Media UK ISP Logo
Virgin Media £24.00
132Mbps
Gift: None
Shell Energy UK ISP Logo
Shell Energy £26.99
109Mbps
Gift: None
Plusnet UK ISP Logo
Plusnet £27.99
145Mbps
Gift: None
Zen Internet UK ISP Logo
Zen Internet £28.00 - 35.00
100Mbps
Gift: None
Large Availability | View All
Cheapest ISPs for 100Mbps+
Gigaclear UK ISP Logo
Gigaclear £15.00
150Mbps
Gift: None
YouFibre UK ISP Logo
YouFibre £19.99
150Mbps
Gift: None
Community Fibre UK ISP Logo
150Mbps
Gift: None
BeFibre UK ISP Logo
BeFibre £21.00
150Mbps
Gift: £25 Love2Shop Card
Hey! Broadband UK ISP Logo
150Mbps
Gift: None
Large Availability | View All
Sponsored Links
The Top 15 Category Tags
  1. FTTP (5472)
  2. BT (3505)
  3. Politics (2524)
  4. Openreach (2291)
  5. Business (2251)
  6. Building Digital UK (2234)
  7. FTTC (2041)
  8. Mobile Broadband (1961)
  9. Statistics (1778)
  10. 4G (1654)
  11. Virgin Media (1608)
  12. Ofcom Regulation (1451)
  13. Fibre Optic (1392)
  14. Wireless Internet (1386)
  15. FTTH (1381)
Sponsored

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms  ,  Privacy and Cookie Policy  ,  Links  ,  Website Rules