Can't find a clear answer to this on google.
I have setup some IP cameras (Foscam) and can access them all on the LAN. I have already opened each individual cameras' ports on the router and they all report as open (using canyouseeme.org).
My question is: In order to access them remotely, I know I have to setup DDNS (using my NO-IP account). But do I setup DDNS only on the router (and not on the individual cameras) or setup up DDNS on each IP camera (and not on the router)?
thanks for your help.
You make a good point on security, thank you. I'll working on how to do that. I'm guessing that I can setup the VPN on my router.
Technically, as long as any one device on your network updates your DNS records to your (current) public IP, then that domain will be accessible to anyone and anything else afterwards.
For simplicity I'd use the router (rather than remembering which cam you setup DDNS on).
But again, a VPN, or even Chrome Remote Desktop to a local PC with LAN access to the cameras, would be a much safer option. CRD has been consistently reliable and requires no port forwarding or manual configuration, it just works.
Interesting! Instead of a local PC, I might try a cheaper solution using CRD on a Raspberry Pi.
I've not got CRD to ever work on a RasPi unfortunately; none of the Linux builds were compatible when I tried.
However, if you do have a matching build then you'd be set! Debian apparently works via SSH: https://remotedesktop.google.com/headless
Wow… thanks again for that pointer!
Yeah I've often wondered if there's a way for me to connect to my public IP address without having to use DNS. My ISP gives me my public IP address on their customer portal homepage, so I'd just need something that checks that page and connects to the IP listed there… or so I think.
Still probably simpler to use a dynamic DNS service via your router/PC rather than building a script to login and check the portal. No point reinventing the wheel.
Have a look at NGROK, a reverse tunnel that makes a random url. I use it for my 9 3d printers haha.
Caution - like direct ip access you could have unwanted people looking… i just enable the printer software user accounts and add the basic auth on ngrok.
So need to get past 2 "layers". Secure enough for me.. a dedicated vpn costs more to run
you really need to be careful about allowing remote access using port forwarding rules. EVERY port will be frequently probed and any open ports WILL be detected by the port scanners. any configuration errors or vulnerabilities in your cameras firmware and you will be in trouble. best case, they will be watching you via your cameras or worst case your local network will be completed pwned. you probably want to limit remote access to specific ip addresses or limit access to AU only using geoip.
Ok, thank you. The take home message I am generally getting here is that I need to lift my game on camera access security. I will be taking all these comments into consideration moving forward!
You set it up on your router.
The TLDR is your public ip address constantly changes, a DDNS server just gives you a dns name, which constantly updates to reflect your new public ip address.
Disclaimer - your opening up your ip cameras to the internet - its a horrible practice security wise, much better would be using something like a VPN to access the
cameras on your lan.