01304 827609 info@use-ip.co.uk Find us

Hikvision NVR VPN

M

Maine

Member
Messages
6
Points
1
Hi All,

I am coming here for some advice on the above before I make an investment. Hopefully there are others in a similiar situation and can advise.

I am looking to purchase a Hikvision DS-7608NI-I2-8P with Hikvision DS-2CD2386G2-ISU/SL 8MP cameras, however, I do not wish to use the HIKConnect service in anyway and where possible would like to block all internet access for the NVR/cameras. I want to be able to utilise as many of the features of the cameras/NVR as possible, but lock down the equipment to internet access whilst still maintaining remote access and viewing.

Whilst I understand that I should be able to do this I would like to understand the limitations and what features will not work by adopting this approach.

I intend to only allow the NVR to send email notifcations (STMP firewall rule?) so I am notified of an event whilst away from site and then connect to the VPN server using DynDNS (via Windows PC or IOS app) to check on cameras as required. I believe this will work, but I wondered whether I would lose the two way audio functionality and how long a delay there is an the email notifications.

Would you recommend one of the Hikvision apps or a third party app?

Also, I was also looking to add one of the Intercoms in the near future, but again was not sure whether this would work over VPN at all if two way audio did not work as above.

I would be grateful if anyone has had a smiliar experience or can share their understanding.

Thanks
 
For outbound traffic, as you say you may want to configure a firewall to block anything but the outbound traffic you need like emails or whatever other outbound features you may require.

For inbound traffic - for remote access/viewing you can easily configure a direct IP connection to your NVR and/or cameras assuming you have a static IP and a router which enables you to do port forwarding or NAT port redirection.

However, if you do that you are exposing whatever ports you configure to the world. E.g. if you expose port 8000 so you can use IVMS on a PC or phone remotely then so can anyone else in the world. You are then relying only on your password strength for protection.

With some routers you can configure a filter based on an incoming IP address. e.g. if you are always connecting from another static IP address you can restrict the connection based on that IP address. But that's no good if you want to use a phone where the IP address will change based on where you are in the world or what wifi you connect to.

As for limitations - there are really none if you have the right network kit, it just depends on what features/ports you open inbound or outbound - e.g. by default I think IVMS software uses port 8000 for all traffic. If you want to access NVR/camera web interfaces then ports 80 or 443 depending on your config. If you use RTSP streaming then 554

Edit: best way of course is to use a private VPN/tunnel from whatever remote devices to your local network. But this can be tricky especially on phones.
 
Last edited:
I've never been a fan of the HikConnect service and use the VPN server on my home router to remotely access my cameras. Any notifications are via email from the NVR / cameras, it works for me.

You could put your cameras on a separate lan subnet or vlan and control access to the lan / vlan by only allowing the MAC addresses of approved device interfaces. I've often thought of doing this myself as my router has the capability.

I use pihole as an ad blocking filter on my local network, all the cameras / NVR have no access to external DNS servers. All un-necessary NVR / camera ports are also disabled.
 
Thanks Codlord and David. I would not be keen to open up any ports to internet and would rather use a VPN connection as understand is more secure.
David, I had researched using VLAN's for the cameras and NVR to isolate from other network devices, so will look to do this. I have a Draytek switch which can automatically detect CCTV devices on network. I also have a Draytek router so this is very capable of doing as you suggests.
Just to be sure can you confirm that the Hikconnect IOS app or IVMS app both work over a VPN connection when not on the local network. Does anyone know if the audio also works and also the two way audio?
I suspect that if I have email notifications only then it would render the introduction of a Hikvision intercom rather pointless due to delay in notifcations and paticulary if two audio does not work. Thanks again.
 
Maine said:
Thanks Codlord and David. I would not be keen to open up any ports to internet and would rather use a VPN connection as understand is more secure.
David, I had researched using VLAN's for the cameras and NVR to isolate from other network devices, so will look to do this. I have a Draytek switch which can automatically detect CCTV devices on network. I also have a Draytek router so this is very capable of doing as you suggests.
Just to be sure can you confirm that the Hikconnect IOS app or IVMS app both work over a VPN connection when not on the local network. Does anyone know if the audio also works and also the two way audio?
I suspect that if I have email notifications only then it would render the introduction of a Hikvision intercom rather pointless due to delay in notifcations and paticulary if two audio does not work. Thanks again.
Click to expand...
Hi Maine,
I use a Draytek router 2762ac and have used the VPN server for at least 5+ years now. Working remotely via a VPN connection to my home router is just like being at home, there is no loss of functionality. Obviously the remote internet connection adds latency / delay but that's just normal internet connectivity.

I used to regularly travel to Paris / Istanbul / Chad and had no problems accessing my home VPN server. Draytek also offer a free DDNS and VPN matcher service which will establish a VPN connection if one or both ends of the link are double NATted.
 
Thanks David, I have setup VPN server using teh free DrayDDNS. They are great routers. Do you use the audio function with the NVR/Cameras? If so does this work over VPN?
 
Maine said:
Thanks David, I have setup VPN server using teh free DrayDDNS. They are great routers. Do you use the audio function with the NVR/Cameras? If so does this work over VPN?
Click to expand...
Hi Maine,
VPN with audio works for cameras and NVR. I like Draytek equipment, I may go for a 2765Vac next.
 
You must log in or register to reply here.

Similar threads

M
Double NAT using 4G in a VPN?
Replies
3
Views
226
codlord
C
Evko
Hikvision NVR "unbind" failed?
Replies
3
Views
155
trempa92
trempa92
R
Building a Reliable Parallel System for Smart Event Handling with Hikvision Cameras: Seeking Platform & Hardware Recommendations
Replies
2
Views
191
trempa92
trempa92
R
Which NVR to use with 4 x 8mp Hikvision cameras - DS-2CD2387G2H-LIU?
Replies
4
Views
177
rhino335
R
T
Firmware Latest firmware for my iDS-7716NXI-I4/X(B) NVR?
Replies
12
Views
330
JB1970
JB1970
Back
Top