Binding an IP restricted NVR to Cloud
I want to add my NVR to cloud, so I can see the cameras from anywhere.
I have the NVR IP restricted, so only specified IP addresses can access the NVR, because I have it available remotely (web interface).
Is there some lists of IPs I can add, so it can reach the cloud, while still being secure of potential brute forcers?
Thanks in advance.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi @ZippoKs
Thanks for posting in our business forum.
ZippoKs wrote
Hello,
thank you for your response.
I have ran a DNS sniffer on my phone with Vigi App and got the Source IP it requests from to the NVR and allowed it.
But there probably needs to be some kind of contact from the TPLink cloud, to see, if the NVR is offline, and that connection most likely does not go through my phone, but through your servers.
I do not think I can run any sniffers on the NVR, can I?
Is there a diagnostic tool for it there? (not in settings, at least not that I know of).
I am placed in Czech Republic, if that can help to get me the IP addresses.
I can post the DNS requests from the phone as well.
Thank you in advance for your response.
Best Regards
As for the DNS sniff, you could try the port mirroring function on a switch/router because you need to connect the NVR to the Internet. That way, we can track down the port traffic.
For the URL/IP, I will try getting to this information later. I am not certain if this is public information. Will get back to you soon if I have the information.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Hi @ZippoKs
If you put it on the Internet and would like to safely to access it, you should block any other IP but allow some IP. Rules usually like 0.0.0.0/0 deny, and one rule to allow some.
You mean that you want it to stay on the VIGI services like VIGI app? Keep these connections still available? This information is usually hidden and not available anywhere.
If that's the case, due to the region issue, we may have different CDN providers. You can try some software like Process Hacker to view the sessions the software VSM creates. Or some kind of DPI/DNS stuff which can monitor the domain resolution. In this way, you can find out what URLs the system uses in your region. You might wanna resolve the domains and set a proper range for redundant.
- Copy Link
- Report Inappropriate Content
Hello,
thank you for your response.
I have ran a DNS sniffer on my phone with Vigi App and got the Source IP it requests from to the NVR and allowed it.
But there probably needs to be some kind of contact from the TPLink cloud, to see, if the NVR is offline, and that connection most likely does not go through my phone, but through your servers.
I do not think I can run any sniffers on the NVR, can I?
Is there a diagnostic tool for it there? (not in settings, at least not that I know of).
I am placed in Czech Republic, if that can help to get me the IP addresses.
I can post the DNS requests from the phone as well.
Thank you in advance for your response.
Best Regards
- Copy Link
- Report Inappropriate Content
Hi @ZippoKs
Thanks for posting in our business forum.
ZippoKs wrote
Hello,
thank you for your response.
I have ran a DNS sniffer on my phone with Vigi App and got the Source IP it requests from to the NVR and allowed it.
But there probably needs to be some kind of contact from the TPLink cloud, to see, if the NVR is offline, and that connection most likely does not go through my phone, but through your servers.
I do not think I can run any sniffers on the NVR, can I?
Is there a diagnostic tool for it there? (not in settings, at least not that I know of).
I am placed in Czech Republic, if that can help to get me the IP addresses.
I can post the DNS requests from the phone as well.
Thank you in advance for your response.
Best Regards
As for the DNS sniff, you could try the port mirroring function on a switch/router because you need to connect the NVR to the Internet. That way, we can track down the port traffic.
For the URL/IP, I will try getting to this information later. I am not certain if this is public information. Will get back to you soon if I have the information.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Thank you for the list, even though I can not really do much with it.
Test all the ips the domains have is really time consuming, + you can only have 20 IPs in the IP restriction list, so if there is more than 20 needed, it wouldn't work anyways.
For NVR 20 is max whitelisted, 16 for camera.
syslog from camera, when trying to access it via Vigi (not sure if the logs are for that), I have tried adding all 8 IP addresses of n-euw1... and 2 IPs of n-device... to the whitelist, nothing changed, same output in syslog.
Appreciate any further help.
<2>2024-08-16 19:09:08[LOG][ERR][NSD][CLOUDCOM]server(0):-90101 cloudCom tcp error 1206
<4>2024-08-16 19:09:14[LOG][INFO][NSD][CLOUDCOM]TCP req, cloudCom n-device-entry-sur.tplinkcloud.com:443
<2>2024-08-16 19:09:38[LOG][ERR][NSD][CLOUDCOM]server(0):-90000 cloudCom error 1302
<4>2024-08-16 19:09:39[LOG][INFO][NSD][CLOUDCOM]TCP req, cloudCom n-euw1-device-sur.tplinkcloud.com:443
<2>2024-08-16 19:10:08[LOG][ERR][NSD][CLOUDCOM]server(0):-90000 cloudCom error 1302
<4>2024-08-16 19:10:11[LOG][INFO][NSD][CLOUDCOM]TCP req, cloudCom n-euw1-device-sur.tplinkcloud.com:443
<2>2024-08-16 19:10:26[LOG][ERR][NSD][CLOUDCOM]server(0):-90101 cloudCom tcp error 1206
<4>2024-08-16 19:10:32[LOG][INFO][NSD][CLOUDCOM]TCP req, cloudCom n-device-entry-sur.tplinkcloud.com:443
<4>2024-08-16 19:10:33[LOG][INFO][NSD][CLOUDCOM]TCP req, cloudCom n-euw1-device-sur.tplinkcloud.com:443
<2>2024-08-16 19:10:48[LOG][ERR][NSD][CLOUDCOM]server(0):-90101 cloudCom tcp error 1206
<4>2024-08-16 19:10:54[LOG][INFO][NSD][CLOUDCOM]TCP req, cloudCom n-device-entry-sur.tplinkcloud.com:443
<4>2024-08-16 19:10:55[LOG][INFO][NSD][CLOUDCOM]TCP req, cloudCom n-euw1-device-sur.tplinkcloud.com:443
- Copy Link
- Report Inappropriate Content
Any updates on this please?
I really need to get the notifications from NVR, but I do not want it to be exposed to the whole internet.
Thank you for any help.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 390
Replies: 6
Voters 0
No one has voted for it yet.