Remote access is a key component of BI functionality. Users want to see their cameras and alerts remotely either through a browser or their mobile apps. In order to do so, your home or office network needs to be setup so your mobile apps or browsers can connect to your BI server residing in your home or office.
The choices for doing so seem to be growing. This article shares the options available so users can decide what works best for them.
With security and bandwidth concerns, network engineers at companies have definitely added layers of complexity to their network deployment.
There are now plenty of options for addressing bandwidth and security:
- STunnel (Certificates)
- Dynamic DNS (DDNS)
- Software defined networks
Furthermore, home networks have also become more complicated deploying some of the above technologies in addition to having more complicated network topologies such as a mesh router in addition to the traditional router provided by their ISP provider.
Port forwarding and NGROK (DDNS)
The Remote Access topic in Help has details about setting up your network/router.
Port forwarding was the original way of setting up your network for Remote access. Tech saavy folks still use port forwarding, but for many, setting up port forwarding is challenging.
The Remote Access 101 webinar guides you through the process. In the webinar, I walk through port forwarding and NGROK. The Help file also has a NGROK section with details.
Troubleshooting your network and port forwarding is beyond BI support. Research the forum/internet and/or contact a local managed IT services company or security company.
I started with port forwarding but have since switched to NGROK after purchasing an Orbi mesh router and not wanting to deal with cascading routers. Most users are using NGROK (ddns) these days since it's easier. The only gotcha is if the Windows server running BI restarts, you have to restart NGROK and re-enter the url in the mobile app(s). My server only restarts on a Windows update so I can live with it. The paid version gives you a persistent URL. The NGROK section in the Help file provides details.
Web server settings
SSL and HTTPS
DDNS via NGROK provides encryption. If you are instead interested in SSL certificates for encryption, see the SSL and HTTPS section in the BI Help file. STunnel is one solution. Keep in mind, Android recently changed their policy on public certificates.
The Android gotchas article lists examples of fixes to meet these new requirements.
Many users have also moved away from certificates and moved towards DDNS solutions.
If you used port forwarding to setup your network, you can go to the Mobile devices article to complete the app setup. If using NGROK, continue with below steps.
As stated above, download / install NGROK by following instructions in the BI Help file and/or webinar. There is an entire section for NGROK.
Follow steps below to setup BI properly to work with NGROK.
Since the free version of NGROK also includes https access I decided to do so. Better safe than sorry right.
The below instructions provide an https remote connection.
- Web server settings
Note the DDNS address placed in Remote access.
Note STunnel is selected. While NOT using STunnel, this allows users to use https with DDNS solutions as well.
Note Refresh external IP at startup and again every is unchecked.
- Mobile app - Server settings
Note https choice for WAN with ngrok address.
For LAN, I chose to keep my IP address, so the router can access the BI server faster when home.
What's great about BI is if your Global settings -> Web server tab settings are set correctly, the Lookup key will correctly populate the server settings in the mobile app!
Remote device tests
You can test whether your network is setup correctly by using the UI3 browser and the Mobile apps.
Test 1: Localhost
Open a browser window on your BI server.
Go to your BI web server. localhost:<port number>
Does the login page pop up?
If not, the BI web server is not running. Run through diagnostics in the Remote Access Wizard.
Check your anti-virus and firewall settings. See Windows Tuning article.
Test 2: LAN & UI3
From a device on the LAN (laptop or mobile phone), connect to UI3 using the web browser.
Does the login page appear? If not, your BI server or network is not setup correctly.
Run through the Windows Tuning article to make sure Windows is not in conflict with BI.
Run through the Remote Access Wizard and try to see if BI can identify the cause.
Global settings -> Web server tab.
If the web server is not running properly, communication to remote devices is not possible.
Test 3: WAN (internet) & UI3
Turn off Wifi on your mobile phone, i.e. connect to your cellular network.
Can the mobile browser on your phone still connect to the login page?
If not, your router or network is not setup so devices on the internet can communicate with your BI web server.
The Remote Access Wizard may be able to diagnose the problem.
Test 4: WAN (internet) & mobile apps
Confirm Mobile App Server settings.
Login to the web interface from the phone while on your cellular network.
You now have the critical pieces of information to connect your mobile app.
- You can be confident your network is setup correctly.
- Your web server is configured properly to work with your mobile app.
- You confirmed a Username / Password by logging into the web interface.
The gotchas section is about learnings from past tickets.
Gotcha 1: Mobile apps no longer connect
The above diagram was used in the Remote Access Webinar to explain port forwarding. If the above is confusing, first review the webinar which is based on the Remote Access section of the BI Help file. The Help file with the webinar is a good start to understanding Remote Access.
Based on diagram, the ISP provider originally assigned 184.108.40.206 as your WAN address. Based on diagram, the router assigned the BI Server 192.168.1.7 as the LAN address.
After the router restart:
- ISP could have assigned a new WAN address. 220.127.116.11 -> 18.104.22.168
Consequence: Mobile devices will no longer be able to connect to the BI server from the WAN.
Fix: Logout of BI Mobile App -> Edit (server) -> Get IPS button. You should observe the WAN address update.
This will only work if Global settings -> Web server tab -> Refresh external IP at startup... is checked.
For Commercial accounts where the ISP provides permanent IP Addresses, this feature can be unchecked. Commercial accounts are usually guaranteed the same WAN address
For residential accounts, WAN addresses are usually NOT guaranteed. The Refresh external IP... feature comes in handy to get the mobile apps reconnected.
- Router could have assigned BI a new IP address. 192.168.1.7 -> 192.168.1.15.
Consequence: The router's port forwarding is broken.
Fix: Update the router's port forwarding to the new IP address. Also change the router setting to provide a Static IP Address to the BI server so it never changes again to prevent future issues.