disable direct viewing of CCTV DVR, and only allow CCTV DVR viewing through OpenVPN -> possible?

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
wowiesy
OpenVPN User
Posts: 25
Joined: Mon Jul 10, 2017 6:33 am

disable direct viewing of CCTV DVR, and only allow CCTV DVR viewing through OpenVPN -> possible?

Post by wowiesy » Thu Jul 13, 2017 2:16 pm

So now that I managed to get Openvpn working properly.. this is one of the main objectives I have in setting up my own Ubuntu server with Openvpn ..

Prior scenario (using off the shelf SOHO router)
CCTV DVR is connected in the LAN. no specific port forwarding is setup to enable http viewing of the DVR, but even if that's the case, iOS and Android iGDMSS Lite still manages to connect to the DVR and receive streams of video from the said DVR.

Objective of this project:
1. Disable streaming through the WAN port of the router from the DVR (whether through http, iOS / Android apps)
2. Enable streaming only from the DVR if connected through the vpn.

I feel that the manufacturers of these DVRs (hardware / software) could have easily provided for a backdoor so that anybody else (with the right knowledge) can access the DVRs. The fact that iGDMSS for Android can access the DVR even without any port forwarding setup on the modem and the router means there is a way..

I just thought that by restricting access through the firewall, and only allowing access through Openvpn... this is much more secure..

Anybody have done this setup before?

User avatar
Pippin
Forum Team
Posts: 1201
Joined: Wed Jul 01, 2015 8:03 am
Location: irc://irc.libera.chat:6697/openvpn

Re: disable direct viewing of CCTV DVR, and only allow CCTV DVR viewing through OpenVPN -> possible?

Post by Pippin » Thu Jul 13, 2017 2:41 pm

CCTV DVR is connected in the LAN. no specific port forwarding is setup to enable http viewing of the DVR, but even if that's the case, iOS and Android iGDMSS Lite still manages to connect to the DVR and receive streams of video from the said DVR
It`s probably using:
UPNP
Disable UPNP in your router/DVR.
Or a relay server (controlled by DVR manufacturer)
Look the DVR manual on how to disable that.

wowiesy
OpenVPN User
Posts: 25
Joined: Mon Jul 10, 2017 6:33 am

Re: disable direct viewing of CCTV DVR, and only allow CCTV DVR viewing through OpenVPN -> possible?

Post by wowiesy » Thu Jul 13, 2017 5:25 pm

now that I'm now using an ubuntu server as my router .. I haven't yet specifically turned on uPnP.. but I will check...

on the DVR itself. uPnP is disabled as well...

my means of connecting to it (when I set it up) was through the 3d bar code that I scanned... (P2P)

there was provision on DDNS on the DVR.. but again it was disabled so I'm not sure if it was using that DDNS service or not..

I'm doing a port scan now to find out what ports are being used..

User avatar
Pippin
Forum Team
Posts: 1201
Joined: Wed Jul 01, 2015 8:03 am
Location: irc://irc.libera.chat:6697/openvpn

Re: disable direct viewing of CCTV DVR, and only allow CCTV DVR viewing through OpenVPN -> possible?

Post by Pippin » Thu Jul 13, 2017 5:39 pm

Code: Select all

netstat -atun

Post Reply