No problems, check out Wireguard as well as it is popular due to higher speeds and easier to setup although if your router has a wizard to setup openvpn that way can be very easy and opemvpn is more proven to be secure.
I’d recommend what I’ve recommended to you before.
Use Shinobi, ZoneMinder, BlueIris to manage your video streams. I know with Shinobi and strongly suspect you can with the other two that you can export your video feeds as a JPEG stream. Use that with an Image element on your sitemap with a reasonable refresh rate.
matt1’s suggestion of setting up a VPN to your home network and not going though myopenhab.org is also a great solution.
I use both approaches and I use Tasker to automatically connect to my VPN when I’m on any network besides my home network so I don’t end up wasting battery and network bandwidth going out and coming back in over VPN when I’m on my home network.
For those interested in Stuart’s SSH tunneling approach, see Remote Access Using SSH Tunnel on Android.
Sorry, been busy in the dayjob
so, ive setup vpn server and locked this down with some robust iptables firewall and disabled all that isnt needed.
my vpn client can connect , and all is working fine and far far more responsive than myopenhab but then again i was using it in a manner it isn’t/ wasn’t intended for.
I am slightly concerned exposing a (non std number) port on the WAN , and I’m considering options.
You can rent a virtual server on Amazon AWS, Google, Azure, etc. and set up that as your VPN server and connect your LAN and remote clients to that. That will make it so you don’t have to expose a port to your LAN. https://computingforgeeks.com/setup-personal-ipsec-vpn-with-algo-vpn/ is a good place to start.
Indeed i looked at google but then that’s handing more to Google
obviously the vpn provider is ‘seeing’ all traffic as would my isp before VPN.
do you use any cloud server ricth?
the google cloud model (vpc) pricing is sooooo complex and tbh i don’t understand 90% of it, you need to be a competent network wan/lan guy to figure out what is needed and what the costs will be.
i might as well sub with a vpn provider like nordVPN , no? simple model simple price.?? but then again why would i trust a vpn service over my isp, or google , etc.
in terms of performance , the bottlenecks will be my broadband upload speed which is 20Mbps, so a cloud seems an overkill?
@matt1 where is your addon, i searched for ipcamera in addons, but nothing?
it sounds that it would add value (motion detector)
I use myopenhab.org.
I use Heroku to host Nightscout but my usage is low enough that I don’t have to pay.
Someday I may get a DigitalOcean server but haven’t had the need to so far. I’m reasonably confident in my ability to monitor my OpenVPN instance for compromise and protect it from attack (I have a degree in this stuff). And I have defense in depth on my LAN with lots of sensors so I’m OK, for now, exposing that port to the internet. I know and understand the risks and have accepted them with my eyes wide open.
Algo’s website lists 8 different cloud service providers. You are by no means required to use Google. DigitalOcean is the recommended server and from what I’ve seen it is indeed easy to understand and use both from a billing and usage perspective.
All your ISP will see is that you have encrypted traffic going from your LAN to the VPC. It cannot see anything else. That’s kind of the whole point of setting up a VPN like this. And it’s very attractive from my perspective because my ISP injects crap into my network which breaks things (e.g. I can’t watch my Roku when I’ve reached 50% of my data cap until I open a browser and acknowledge their asinine pop up).
Similarly, any networks that your remote clients traverse will only see encrypted traffic between them and your VPC. So any communication between your remote clients and your LAN is end-to-end encrypted.
However, any network traffic outside your VPN using your VPN service (e.g. browsing the web) will appear to originate from the VPC so your VPC host will be able to see what sites you are visiting and, if it’s not HTTPS, inspect it’s contents should they choose. They don’t have a reason to unless you are doing something illegal and law enforcement is involved, but it’s still a possibility. Typically these services make money by charging for their services, not by collecting unreasonable amounts of data on you and selling that. So they don’t have as much incentive to snoop.
That won’t solve your problem. nordVPN et. al’s sole purpose is to hide your network traffic from your ISP and to allow you to access web services that may be country locked (e.g. I know people who use it to watch BBC streaming because they can appear to be coming in from the UK instead of the US). They do not let your remote machines see your LAN machines. They go to great lengths to make sure that none of the machines connected can see each other.
Trust is always the big question, and trust is transitive (if you trust a service, you also end up trusting all the services that service relies upon). You have to decide which you trust less, your ISP, or a VPN service. As with the snooping by the VPS providers, they have an incentive to not snoop as they will lose that trust and lose all their customers.
I don’t think it has been merged yet.
I’m running ovpn for now, until I explore your insightful and super helpful post thanks Ritch.
By the way, does the IPcam binding implement Network IP Camera Application Programming
Interface (NIPCA). My cam is NIPCA so basically implements all this: http://gurau-audibert.hd.free.fr/josdblog/wp-content/uploads/2013/09/CGI_2121.pdf
So basically HTTP verbs can be used to query, set and get values across the capability set. Rather useful if the binding does indeed implement NIPCA - or would that need to be another Binding (different). ?
That could be added to the binding but I am not keen to do the work for free. Onvif is something I am working on and that opens up more brands. That api seems to be in D-Link cameras only.
Ffmpeg can be used to provide both motion and audio alarms for cameras without an implemented api.
If someone wants to do the work and do a pr then it is not a lot of work as the frame work is already done to support most things.
I find it rather peculiar that you are developing an add-on and want to avoid improving it to attain a level of brilliance and functional capability level of a high standard. I’m a developer myself albeit in embedded real-time safety critical systems, and I sure would do the same. However, three important elements at play here:
- I get paid for my development work.
- I work in a Business Quality and Assurance function so striving to achieve the best is important to myself and the business.
- I don’t need you IPcamera add-on because I can do all that I need to do via http abbreviations.
TBS though, I do not use the ipcamera add-on because I have setup the cam using a simple shell script that runs as a startup service via systemd.
I am not a developer and I only work in my spare time. Since your a developer I am sure you wont mind doing it then as PR are always welcome in an opensource community. There are plenty of ways to work with Openhab and if you have found a way then great.
All contributors to OH are doing so on their own time. As such they get to be their own boss and work on what they want, when they want, and to what ever degree of completeness they want. Adding support for a standard that is only supported by cameras from one maker may not reach a wide enough audience to make it worth Skinah’s time to implement.
i suspect the "audience’ could well be significantly larger than perceptions, given that the list of cameras from just one manfr is
DCS-1100(L), DCS-1130(L), DCS-2102, DCS-2103, DCS-2121, DCS-2130, DCS-2132L , DCS-2136L, DCS-2210, DCS-2230, DCS-2310L, DCS-2332L, DCS-3010, DCS-3112, DCS-3410, DCS-3411, DCS-3430, DCS-3710, DCS-3710 B1, DCS-3715, DCS-3716, DCS-5211L, DCS-5222L, DCS-5230L, DCS-5605, DCS-5635, DCS-6010L, DCS-6112(V), DCS-6113(V), DCS-6210, DCS-6314, DCS-6410, DCS-6510, DCS-6511, DCS-6513, DCS-6616, DCS-681x B1, DCS-6915, DCS-7010L, DCS-7110, DCS-7410, DCS-7413, DCS-7510, DCS-7513, DVS-310-1, DVS-V310-4, DCS-940L, DCS-942L
…just ‘a few’
as i say, i dont need it, dont use, wont shed a tear…just helping, dev to dev.
But that’s the point. This is a standard that is only used by that one manufacturer. D-Link may be big in general, but it’s not a big player in IP cameras.
although in fact, there are 120,000 employees in our sites here, we have access to our company INTRAnet, and a poll from 3,000 +members , revealed they had a Dlink camera at home. Indeed that’s where my recommendation came from and i procured three of them. £20 each, hacked to re-i state RTSP and HLS streams that dlink disable by sw, and we have ourselves perfect H.264 60fps mjepg streams with an array of cgi interfaces to play with
Maybe not a big player is USA, but used by at least 3000 people in just one brit company over here
works for us.
anyway, I’m off to lockdown my vpn
I agree with you that it is worth doing and a valuable thing to add the support, I just value my family time more.
What we need is a volunteer that has a camera for testing (I don’t), knows how to code (I’m a noob) and is patinate about helping others.
You seem perfect for the job, will you rise to the challenge and sign off to give your work away to the Opensource community? It Is probably a 3 to 10 hour job and since I have already done it for multiple brands there are working examples already done for you to follow.
do what, sorry?
if you mean coding, in Java, nope. Python at a push.
Id love to help though, but i value family time also and at 52, the days in front of linux servers, coding drivers for hardware, in i3/4/5x86 assembler till 4am , learning new “high level” languages,… are long gone.
happily would offer my time in something i am capable of doing from the starting gun , though. Just no time nor appetite for investing hundreds of hours unpaid into learning the latest and greatest, only for it all to change in a few months. been there, done it, suffered it. Unlike gurus here, it aint my hobby bro!!
Call me a vagabond why dont you,
I’d be glad for any advice in this matter… especially since video is working in BasicUI both locally and remotely. Thank you.
It is a bad idea to hijack 2 year old topics after opening your own.
This would not give you the answers you want.
The fact nobody answers in your topic might be that nobody actually has an answer for you.
You have to show a bit mor patience.