Cannot route NVR through VPN [FIXED]
I own a VIGI NVR model VIGI NVR1016H v1 and four VIGI C300HP-4 2.0 cameras. All of the equipment is in a remote site. I am able to view the cameras over VPN from my LAN to the remote site, just by entering their IP in the Vigi Android app without linking them to tplink cloud account.
When I try to view cameras through NVR (also reachable and pingable from my LAN through VPN connection) over VPN, the video stream returns over the WAN connection, which I checked by tcpdumping on the remote router.
Also, if I deny NVR internet access but let it connect through VPN back to the LAN, I don't get any video through the app, which makes me think NVR only connects through the WAN.
Is there a way to connect to NVR from the mobile app using only VPN interface and not the WAN/Internet connection?
Thanks,
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
I finally found a fix, but let me explain first what I was trying to achieve in case someone else is looking for the same solution.
My goal was to use the Vigi mobile app through VPN ***only***, meaning NOT through TP-Link cloud services. I denied NVR access to the internet, and allowed access to VPN, so that cloud was blocked. By doing this NVR would not connect to the app since it required internet access. I found a way for Vigi App to connect to a LAN address without binding to TPLink cloud.
Here are the steps:
1) Unbind NVR from Cloud Account
2) Deny NVR from internet access on the router, and allow through VPN.
3) Open the Vigi App and delete NVR device if you have it configured.
4) On the Vigi app Click + sign to add device > Can't Find QR Code > Add device by IP/Domain (at the bottom)
5) Enter NVR LAN IP address and login credentials (not tplink cloud, just admin/password for NVR).
6) Once added, NVR will show under Local devices
7) Allow NVR to connect to Internet again on the router.
If you ALSO want to access NVR through your WAN/Internet connection, you can bind to the TPLINK Cloud Account and Vigi App will show a Cloud NVR and a Local NVR. First one is for WAN access, and second one will only work in the LAN or through VPN.
In my case I have better experience accessing NVR through VPN than over Internet/WAN because of some issues with my ISP.
I hope this helps someone else looking for an answer!
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
I'm also experiencing same issue...
...but I've found out that if I leave IP settings to Auto (DHCP) seems like it works fine... only when I set a static/manual IP address I can't reach NVR via VPN connection...
Also, when static IP is set then NVR cannot check new firmware...
...so I assume it has a connection issue to router if IP is set manually...
Regards,
Josip
- Copy Link
- Report Inappropriate Content
Thanks for posting in our business forum.
Josip_Zagreb wrote
I'm also experiencing same issue...
...but I've found out that if I leave IP settings to Auto (DHCP) seems like it works fine... only when I set a static/manual IP address I can't reach NVR via VPN connection...
Also, when static IP is set then NVR cannot check new firmware...
...so I assume it has a connection issue to router if IP is set manually...
Regards,
Josip
That's kind of strange.
So, if you set it to be a static IP address, then I assume you did this from the NVR. After doing this, is this NVR still accessible in your LAN? From your description, it seems to be off the Internet and local network access.
What is your LAN IP and the static IP address you set for the NVR?
I'd appreciate it if you can provide a network diagram of your config.
And recommend you try the DHCP reservation on your router set a reserved IP address for the NVR and check again. I think something went wrong with your config which causes this.
- Copy Link
- Report Inappropriate Content
Well... You don't need my network diagram... If I want to have my NVR to connect to Internet (or, in that matter, to be accessible throught VPN) I just have to enable DHCP... If I set a manual IP setting, in a way I just rewrite same settings (ip address, netmask, gw, dns servers) it just can't connect to Internet/VPN... same settings, just switch to manual instead of dhcp...
Josip
Clive_A wrote
Thanks for posting in our business forum.
Josip_Zagreb wrote
I'm also experiencing same issue...
...but I've found out that if I leave IP settings to Auto (DHCP) seems like it works fine... only when I set a static/manual IP address I can't reach NVR via VPN connection...
Also, when static IP is set then NVR cannot check new firmware...
...so I assume it has a connection issue to router if IP is set manually...
Regards,
Josip
That's kind of strange.
So, if you set it to be a static IP address, then I assume you did this from the NVR. After doing this, is this NVR still accessible in your LAN? From your description, it seems to be off the Internet and local network access.
What is your LAN IP and the static IP address you set for the NVR?
I'd appreciate it if you can provide a network diagram of your config.
And recommend you try the DHCP reservation on your router set a reserved IP address for the NVR and check again. I think something went wrong with your config which causes this.
- Copy Link
- Report Inappropriate Content
I finally found a fix, but let me explain first what I was trying to achieve in case someone else is looking for the same solution.
My goal was to use the Vigi mobile app through VPN ***only***, meaning NOT through TP-Link cloud services. I denied NVR access to the internet, and allowed access to VPN, so that cloud was blocked. By doing this NVR would not connect to the app since it required internet access. I found a way for Vigi App to connect to a LAN address without binding to TPLink cloud.
Here are the steps:
1) Unbind NVR from Cloud Account
2) Deny NVR from internet access on the router, and allow through VPN.
3) Open the Vigi App and delete NVR device if you have it configured.
4) On the Vigi app Click + sign to add device > Can't Find QR Code > Add device by IP/Domain (at the bottom)
5) Enter NVR LAN IP address and login credentials (not tplink cloud, just admin/password for NVR).
6) Once added, NVR will show under Local devices
7) Allow NVR to connect to Internet again on the router.
If you ALSO want to access NVR through your WAN/Internet connection, you can bind to the TPLINK Cloud Account and Vigi App will show a Cloud NVR and a Local NVR. First one is for WAN access, and second one will only work in the LAN or through VPN.
In my case I have better experience accessing NVR through VPN than over Internet/WAN because of some issues with my ISP.
I hope this helps someone else looking for an answer!
- Copy Link
- Report Inappropriate Content
If you do a packet capture you will notice that even when you access your NVR through VPN using Vigi mobile app, traffic is still routed through the internet if the NVR is bound to your tplink account. I proposed a fix below which is purely over VPN, no internet/wan is used.
- Copy Link
- Report Inappropriate Content
Hi @scott1981
This is right. If you have bound your NVR or camera to the TP-Link ID, then it'll use the cloud primarily. To avoid that, you should keep the NVR or cam in the LAN. So you should not bind it to an ID.
Great findings and understanding of our product. Awesome work!
- Copy Link
- Report Inappropriate Content
Information
Helpful: 2
Views: 1649
Replies: 7