DS-2XS6A25G0-I/CH20S40 Nightmares

[k9protection]

Just wondering if anyone else has had an absolute mare with one of these Hikvision solar bullets.

We bought this one in a few years ago and never really used it - mainly because the covid panic died down and the client that had a sudden need for lots of remote cameras went back to work, but over the last few months I've been pulling my hair out trying to get it working properly with limited success, and Hikvision support's line has been "we have thousands of these cameras out there working fine".

Issues I've had with it are as follows

Persistent:

DNS has never been right on the 4G side of things - no matter what I do, it will not communicate with a mail server (or an NTP time server) when you put the FQDN in the server field. If you put the IP, it communicates just fine. Looking over a traffic capture from the camera and it clearly states that DNS is failing. This is the main issue as we can't monitor it through WebEye without being able to trigger an email (and it would be too easy to expect them to use a fixed IP for their SMTP server.

Recent:

Since updating to V5.7.52 build 240416, I have two quaint little issues - Firstly, it cannot be seen or communicated with by devices outside of the current subnet.. not just SADP, but it cannot be pinged from outside the subnet, whether on the same LAN and a different subnet, over the VPN and a different subnet, or even when I tried both port mapping it and temporarily DMZ'ing it on the router to enable Hik support to log in to the UI and take a look!

Second recent problem - it does not record video.. at all. It captures jpg images where I've configured capture for testing, but when trying to play back both continuous recordings and event recordings, it shows no files found, and the SD card is showing very little space taken up.

I'm pulling my hair out with this camera now. I've gone through three SIM cards as per Hikvision's "we only support these networks" document, and I've popped a fixed IP card in it for hikvision to hopefully dial in and see what's wrong.. and even more hopefully to admit there is a problem!

Has anyone rolled out any of these cameras? If so, did you have any of the above issues? If not, any clues to what firmware versions actually work reliably and are able to resolve a remote server successfully, I'm all ears.

 

[David]

DNS has never been right on the 4G side of things

I've never used these cameras but have had weird DNS / IP problems with mobile carriers and Carrier Grade Network Address Translation (CGNAT) with VPN remote access. As you say this is solved by using the remote server public IP address to bypass DNS.

Do your SIM cards have true public WAN IP addresses? If yes, how is your router WAN public IP address setup (DHCP client or static)?

Is your mobile carrier forcing you to use their DNS? Carrier DNS web content filtering can give problems, usually this is not intermittent.

Mail servers always use fixed public IP addresses, if this changes it messes up the records held by the DNS servers.

For your recent problems. Does everything work on site when connected locally to the camera subnet?

David

 

[k9protection]

Hi David,

Most consumer SIM cards are CGNAT'd nowadays as I understand it. I've tried with three different networks (Giffgaff that was laying around, Vodafone, and Three as these are the two Hikvision claim to support). I've currently got a fixed IP sim from Simbase in there and this gives connectivity from the outside world, but still has the outbound DNS problem.

All of the SIM cards tried work just fine in a Draytek router and allow the correct DNS settings to be picked up from the network (or overridden with Google's DNS servers).

From what I can see, the Hikvision camera always picks up the default gateway IP and populates this in to the DNS address too - if that is what it's doing, it surely shouldn't be by design, as I can't help but think very few public networks are going to be set up in this way. You can set the DNS for the ethernet side of the communications, but the LTE side is always picked up from the network.

We use webeye for monitoring, and their Hikvision mail server does not use a fixed IP address.. well. It may use a fixed IP, but they change it regularly. Resolving the IP address and putting it in the camera will work for a couple of days and then the IP address changes - something that's OK when it's on test outside the office, but not so much when it's in the wild.

The not recording which has come with the latest firmware is the same regardless of the network it's on - I'll try a new SD in there later on, but I don't think it's a media issue.

I'm hoping now I've put a SIM with an external IP in it that Hikvision can log in and see something obvious that I'm missing. I can't help but think that the subnet limitation is something else they've put in by design that isn't documented. If I'm on the right subnet, I can get access to the web portal, and if I take all SIM cards out, it will communicate perfectly with any mail server using fqdn.

 

[David]

All of the SIM cards tried work just fine in a Draytek router and allow the correct DNS settings to be picked up from the network (or overridden with Google's DNS servers).

What Draytek router are you using and have you enabled their VPN matcher service? It is a good workaround for CGNAT.

We use webeye for monitoring, and their Hikvision mail server does not use a fixed IP address.

ping the hikvision mail server and see what IP DNS resolves to and try that. It may work.

Most consumer SIM cards are CGNAT'd nowadays as I understand it.

Normal user SIM cards are subject to CGNAT when you add the router NAT as well you are double NATting.

Simbase in there and this gives connectivity from the outside world, but still has the outbound DNS problem.

Different mobile carriers and an outbound DNS problem seems to point to the router WAN port setup.

David