So now that I managed to get Openvpn working properly.. this is one of the main objectives I have in setting up my own Ubuntu server with Openvpn ..
Prior scenario (using off the shelf SOHO router)
CCTV DVR is connected in the LAN. no specific port forwarding is setup to enable http viewing of the DVR, but even if that's the case, iOS and Android iGDMSS Lite still manages to connect to the DVR and receive streams of video from the said DVR.
Objective of this project:
1. Disable streaming through the WAN port of the router from the DVR (whether through http, iOS / Android apps)
2. Enable streaming only from the DVR if connected through the vpn.
I feel that the manufacturers of these DVRs (hardware / software) could have easily provided for a backdoor so that anybody else (with the right knowledge) can access the DVRs. The fact that iGDMSS for Android can access the DVR even without any port forwarding setup on the modem and the router means there is a way..
I just thought that by restricting access through the firewall, and only allowing access through Openvpn... this is much more secure..
Anybody have done this setup before?
disable direct viewing of CCTV DVR, and only allow CCTV DVR viewing through OpenVPN -> possible?
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
- OpenVPN User
- Posts: 25
- Joined: Mon Jul 10, 2017 6:33 am
- Pippin
- Forum Team
- Posts: 1201
- Joined: Wed Jul 01, 2015 8:03 am
- Location: irc://irc.libera.chat:6697/openvpn
Re: disable direct viewing of CCTV DVR, and only allow CCTV DVR viewing through OpenVPN -> possible?
It`s probably using:CCTV DVR is connected in the LAN. no specific port forwarding is setup to enable http viewing of the DVR, but even if that's the case, iOS and Android iGDMSS Lite still manages to connect to the DVR and receive streams of video from the said DVR
UPNP
Disable UPNP in your router/DVR.
Or a relay server (controlled by DVR manufacturer)
Look the DVR manual on how to disable that.
-
- OpenVPN User
- Posts: 25
- Joined: Mon Jul 10, 2017 6:33 am
Re: disable direct viewing of CCTV DVR, and only allow CCTV DVR viewing through OpenVPN -> possible?
now that I'm now using an ubuntu server as my router .. I haven't yet specifically turned on uPnP.. but I will check...
on the DVR itself. uPnP is disabled as well...
my means of connecting to it (when I set it up) was through the 3d bar code that I scanned... (P2P)
there was provision on DDNS on the DVR.. but again it was disabled so I'm not sure if it was using that DDNS service or not..
I'm doing a port scan now to find out what ports are being used..
on the DVR itself. uPnP is disabled as well...
my means of connecting to it (when I set it up) was through the 3d bar code that I scanned... (P2P)
there was provision on DDNS on the DVR.. but again it was disabled so I'm not sure if it was using that DDNS service or not..
I'm doing a port scan now to find out what ports are being used..
- Pippin
- Forum Team
- Posts: 1201
- Joined: Wed Jul 01, 2015 8:03 am
- Location: irc://irc.libera.chat:6697/openvpn