Networking - Remote Access

This forum has articles regarding decisions and implementations surrounding BI that need to work.
What hardware is needed to run the BI server?
How should the network be set up?
Post Reply
varghesesa
Posts: 90
Joined: Thu Jul 11, 2019 9:52 pm

Networking - Remote Access

Post by varghesesa »

Introduction

Remote access is a key component of BI functionality. Users want to see their cameras and alerts remotely either through a browser or their mobile apps. In order to do so, your home or office network needs to be setup so your mobile apps or browsers can connect to your BI server. This article has the following sections.

Network setup
The choices for setting up the network seem to be growing. The Network setup section shares the options available so users can decide what works best for them.

Network connectivity
Once the network is setup, the Remote access wizard section helps to confirm the network setup is correct.

The Remote device tests section provides additional tests to confirm what components are working and not working by simply using your mobile phone and a mobile web browser on the phone. If you need support, knowing the results of your tests is important to diagnose the issue.

Network tests
This section documents how to diagnose networking issues. This section is used when troubleshooting issues, not so much during initial setup.


Mobile apps
If you have mobile apps, after this article, jump to Mobile devices article to setup phone/mobile app.

If you have already setup your network and are now facing issues, see the Networking Gotchas article. We document learnings from past tickets.


Network setup

This article complements the Remote access chapter in the Help file. It's a step by step practical guide on how to setup your network for remote access.

Port forwarding and NGROK (DDNS)

The Networking and Router Configuration section in Help provides a nice overview of Port forwarding and NGROK. Port forwarding was the original way of setting up your network for Remote access. Network saavy folks still use port forwarding, but for many, setting up port forwarding is challenging.

The Remote Access 101 webinar guides you through the process of setting up your network using Port forwarding and NGROK. The webinar begins by explaining the concept of port forwarding and walks you through an example. Troubleshooting your network and port forwarding is beyond BI support. Research the forum/internet and/or contact a local managed IT services company or security company.

The webinar then closes by explaining how to implement NGROK for remote access. NGROK is one of many DDNS solution for remote access. Furthermore, NGROK provides https support for free so not only is it easy to deploy, but also provides strong security/encryption. The webinar complements the NGROK section in the Help files.

Mesh networks
Google Wifi, Orbi, Eero etc
I personally started with port forwarding but have since switched to NGROK after purchasing an Orbi mesh router and not wanting to deal with cascading routers. See Multiple routers section in Help for details. Most users are using NGROK (ddns) these days since it's easier.

The only gotcha is if the Windows server running BI restarts, you have to restart NGROK and re-enter the url in the mobile app(s). The paid version gives you a persistent URL. However, the NGROK section in Help provides detailed instructions on how to start NGROK automatically and get Remote access working again.

Other third party solutions

This section shares other networking solutions for remote access that seems to be catching on with users.
ZeroTier
ZeroTier sounds like a more robust DDNS tunneling solution that also bypasses port forwarding.
ZeroTier comes with a free version. It also provides encryption.
Works with the Starlink network from SpaceX.
See details on YouTube.

Web server settings

Once you have the network setup, you can now setup the BI server. Global settings -> Web server tab
The Help button goes to the Web server topic in Help. This is a good time to review Help to get an overall understanding of the fields in the dialog.

Port forwarding
This section talks about the key fields when you choose to setup remote access via port forwarding.
Web server port: You can leave the default 81 or choose another port based on how you setup port forwarding on your router.
Adaptors: BI listens on all available adaptors so leaving selection as is should be fine. See Help for more info.
WAN: Use the refresh button to populate the WAN address. Check the router connected to the internet to confirm the address is correct.


Port forwarding + SSL(HTTPS)
Many users that have implemented port forwarding also want https / encryption for better security. If you are interested in maintaining your own SSL certificates for encryption, see the SSL and HTTPS section in the BI Help file. STunnel is one solution. Keep in mind, Android recently changed their policy on public certificates.
The Android gotchas article lists examples of fixes to meet these new requirements.


NGROK

Follow steps below to setup BI properly to work with NGROK.
The below instructions provide an https remote connection.

NGROK Server
Start the NGROK server if not done so already. Below is the console window after doing so. I told NGROK to use port 7000.

networking_ngrok console.png
networking_ngrok console.png (34.84 KiB) Viewed 14338 times

Web server settings
Since NGROK provides https for free, I took advantage of it. Simply copy the https address into the WAN field.

networking_web server_NGROK.png
networking_web server_NGROK.png (52.28 KiB) Viewed 14338 times

Note STunnel/NGROK is selected.
Note Refresh external IP at startup and again every is unchecked.


Mobile app - Server settings

What's great about BI is if your Global settings -> Web server tab settings are set correctly, the Lookup key will correctly populate the server settings in the mobile app!

networking_mobile app settings.png
networking_mobile app settings.png (46.39 KiB) Viewed 14337 times

Note https choice for WAN with the ngrok address which corresponds to the https setup in the Web server tab above.
For the LAN, I chose to keep my IP address with http, so the router can access the BI server faster when home.


Remote access wizard

BI comes with a diagnostic tool to determine whether you have successfully setup your network and the BI server for remote access.
Global settings -> Web server tab -> Remote access Wizard.
Start the Wizard and in parallel read the Remote Access Wizard section in Help. The Help documentation explains the checks associated with each page and helps you resolve issues.



Remote device tests

You can now test whether your network is setup correctly by using the UI3 browser!

Test 1: Localhost

This test is good because it takes the network out of the equation, but still leverages the server's network card.
Open a browser window on your BI server. Go to your BI web server. localhost:<port number>. Does the login page pop up?

networking_login.png
networking_login.png (109.19 KiB) Viewed 15402 times

When you login is the interface responsive? Do the camera streams appear smooth and healthy?
If not, either the BI web server is not running well or your camera streams are not setup correctly or maybe you do not have the proper Antivirus and Firewall exemptions. I would think using localhost in the URL would not be impacted by firewall / antivirus exemptions, but you never know.

Windows Firewall & Anti-virus
Sophos is an example of anti-virus software that held the video stream for something like 30s before releasing the data to UI3.
See Windows tuning article on how to setup proper exemptions.

Camera streams
Confirm streams are smooth and healthy in the console. Garbage in = Garbage out.
If not, see Console - Live view article.

Web server
The Remote Access Wizard will help you determine whether your web server is running ok.

Test 2: LAN & UI3

After test 1, this test helps determine if your LAN network is setup correctly.
From a device on the LAN (laptop or mobile phone), connect to UI3 using the web browser.

Web server
If the login page does not appear, double check your web server is not blocking access by Limit IP address settings. Global settings -> Web server tab -> Advanced button.

Network configuration
If the login page still does not appear, your network is not setup correctly.
You need to determine why your remote device on the LAN cannot talk to the BI server. You will need to check your Router(s) settings and any equipment that has to do with the routing.

Login
Login to UI3 if the login page appears.
If you cannot login see login gotchas.

Network latency
Do the cameras (video streams) load? After login, does the web interface state "Loading" with a spinning circle?
With Dynamic Group Layout which was released with 5.5, the group stream resolution can be a lot higher than before. The higher resolution takes more CPU time to encode which could be the issue. See the 5.5 Release notes -> Gotcha 8 for details and resolution.

Is UI3 responsive? Are the video streams smooth and current? Any error/warning messages?
Run through the Windows Tuning article just to make sure Windows is not in conflict with BI. Pay attention to Anti-virus and Firewall sections. This is frequently the biggest cause of poor performance or poor remote access.

Use the gear icon (lower right) in UI3 to alter video streams to lower the network bandwidth to meet the constraints of your network!

Endpoint
BI also provides the ability to examine the endpoint device. In UI3, you can right click on Stats for Nerds and observe the stats on the endpoint.
Latency = Network delay + Player delay
If either delay is above 1000ms it could indicate an issue.

High network delay normally indicates a network problem but could also happen if the BI server is overwhelmed and unable to encode the stream properly.

High player delay means there is something wrong with the computer running UI3 (too slow, bad video driver, etc).

If there is 5-11 seconds of video delay that cannot be attributed to the delays in Stats for nerds, then I would suspect internet security software is intercepting the video stream and trying to scan it for viruses for a while before releasing it.

Test 3: WAN (internet) & UI3

Turn off Wifi on your mobile phone, i.e. connect to your cellular network.
Can the mobile browser on your phone still connect to the login page?

If not, your router or network is not setup so devices on the internet can communicate with your BI web server.
Revisit Network Setup section above.


Mobile apps

Confirm Mobile App Server settings.
Login to the web interface from the phone while on your cellular network.
  • You can be confident your network is setup correctly.
  • Your web server is configured properly to work with your mobile app.
  • You know the LAN/WAN addresses needed to connect to the server are correct.
  • You confirmed a Username / Password by logging into the web interface.
If you have a mobile app, connecting the app to your server should be easy. You now have all the critical pieces of information needed to connect your mobile app. The Mobile Devices article walks you through setting up your phone.


Network tests

The Network is a huge dependency for BI to run well. When BI is NOT running well, this section helps diagnose network equipment failures that could be the root cause of the BI issues.

BI Server - Network utilization

Surveillance systems put a heavy load on networking equipment. Users often keep adding cameras to their network without paying attention to the load. The network load can be the reason cameras randomly disconnect from BI.

Below are the stats from the Resource Monitor on my Windows machine. If you are not familiar with resource monitor, there are many good tutorials on YouTube. Here is a link to one such video.

networking_resource monitor.png
networking_resource monitor.png (54.55 KiB) Viewed 13975 times

As you can see, when BI is active, the network card on my PC is close to saturated. When BI is inactive, e.g. off or Inactive profile, the network traffic drops to less than 1 Mbps! When network utilization creeps up, network congestion occurs. Some obvious affects of this situation are dropped camera connections. This example illustrates one of the bottlenecks with surveillance systems, all of the traffic that needs to aggregate into the BI server. The other potential bottleneck are the switch(es) and/or router(s) connecting your camera(s).

Some good tests to determine whether the network is the issue:
  • Leveraging VLC. VLC will validate the network and the camera. A somewhat safer test because all third party apps use the same ports to access the camera.
  • Disable cameras in BI. Do other cameras start working? If so, your network card or your server is dropping frames and camera connections.

Customer anecdotal
I have a problem I cannot seem to solve, I cannot access from WAN for more than a minute only LAN, I go through the access Wizard and everything comes up ok with green ticks and it will work via WAN for a minute and then won't connect "unable to reach server". It will never connect again until I click through the wizard again, still all settings ok and green. The IP address is correct at all times.

I have narrowed it down to the network card, how it could be that I have no idea but it appears to be. So the new NIC has been running now for a few hours and it appears to be working perfectly! How that could be the cause I just don't know, possibly the amount of packets for streaming outbound it had issues with.

Anyway for now it's working, so I'm happy! Should it reappear I'll let you know

Cameras

Some good tests to determine whether the camera is the issue:
  • Always good to restart/reboot/factory reset the camera(s) and see if they start working. Loss of signal could be due to maybe the camera being overloaded. If you are pulling dual streams, does the fps go up if BI only pulls one stream? If you can pull the main stream or the sub stream correctly, but not both together, you may need to reach out to the camera vendor for more information.
    I was in the process of setting up the camera for remote support (opening port) and once got stuck so I did a factory reset and now I don't appear to be having the issues anymore. Weird.... I'll let it it run for a few days and see.
  • Leverage the camera's mobile app or web interface to confirm network connectivity.
  • The easiest way to confirm the camera is working is by seeing if the cameras connect with another 3rd party application. Leverage VLC.
    If another 3rd party player cannot access the camera
    • either the network is not setup correctly
    • the camera/device does not allow 3rd party access
    • there is hardware failure with the network and/or the camera

Network hardware

This section explains how to leverage your cameras to determine whether your networking equipment and cables are functioning. Below are examples of network failures from past customers that led to resolution.

Many customers have a hard time believing their networking hardware is bad or incorrectly configured. Below are a list of issues to provide clues on how to investigate your network.
  • Router: If some cameras work and others do not work, switch the router ports at the router of the non-working cameras with working cameras. Rule out the router has gone bad.

    I had a user with 5 cameras, most of which were high resolution (4 MP+). The issue was the router which was eventually replaced. The problem was not obvious. 4 of the cameras worked for the most part (but they too would lose signal on occasion). The 8 MP camera (PoE) was the most problematic. Even more strange the lower resolution wireless cameras worked better than the 8 MP camera. The user had no issues after replacing his router. Troubleshooting network issues is beyond BI support.
    No, only one camera was initially causing trouble. I have 4 reolink and the amcrest. Interestingly, the wireless reolink worked great. The poe 810A was the most problematic,..and I think also the highest resolution. Hence, perhaps some timeouts or something with my old / bad modem. No problems since I replace the modem.
  • Cables: If you have a camera that you know works well, replace a problem camera with the good camera temporarily. If the good camera also stops working, then you know that particular cable has a problem.
Network

The above are practical tests that can be used to isolate network issues with the server, cameras and network hardware used by your surveillance system.

There are broader network issues that may need to be addressed that goes beyond BI support. BI is also a streaming server. If for example remote access to a phone or UI3 interface on the LAN or WAN is poor, determining the root cause is beyond BI support. These issues need to be addressed by a local networking engineer or local IT managed services company.


Gotchas

If you have already setup your network and are now facing issues, see the Networking Gotchas article. We document learnings from past tickets.


Next steps

We are not networking experts. Nor do we know your ISP provider or their policies.
Basic troubleshooting is to turn features off and reduce complexity (STunnel, VPN etc) and observe whether functionality returns.
Speak with your local experts at Managed IT firms or Video Surveillance firms if your setup is not working.
The forum may be a good place to pose your question. blueirissoftware.com/forum
Post Reply