Networking Gotchas

This forum has articles regarding decisions and implementations surrounding BI that need to work.
What hardware is needed to run the BI server?
How should the network be set up?
Post Reply
varghesesa
Posts: 90
Joined: Thu Jul 11, 2019 9:52 pm

Networking Gotchas

Post by varghesesa »

Introduction

Gotchas are learnings from past tickets. We document issues from past tickets and their resolutions for the benefit of the community.
Click here If you are setting up your network for remote access.

Gotchas

Gotcha 5: LAN connectivity

Issue: On rare occasions, remote endpoints (mobile app, UI3) work on the WAN but NOT on the LAN. This always has to do with network configuration issues. See some documented examples below.

Customer Anecdotes (all network configuration issues)
Maybe triggers ideas as to what is wrong with your network setup.

Anecdotal 1:
Issue from a user where Push notifications worked on the WAN but not the LAN.
  • User switched to dynamic DNS (e.g. NGROK) from port forwarding. Changed mobile app WAN server settings accordingly.
  • Modified his local dns server to map the dynamic dns hostname to the internal IP. This user had a DNS server, perhaps company deployment. Most homeowners do not.
  • BI Server was not using the LAN interface associated with above DNS server, so DDNS URL was not being resolved to correct IP address. (oops)
The above is complicated for the average user and I doubt many have a local dns server. To keep it simple, most users just point the LAN address to the BI Server's IP Address.

Anecdotal 2:
It was a local IP issue. My WiFi LAN router assigned somehow assisted devices on the WiFi network a 192.156.**.*** oddly it assigned things plugged in via cable a 10.0.0.***. It was acting like a double NAT inside the same router/WiFi box. Oddly it had separated the WiFi and wired connections on separate LANs.

I put the WiFi side into bridge mode and let only one side assign the IP addresses. This forced both the wired and wireless devices on to the same IP setup 10.0.0.***. It took a few minutes for the network to rediscover everything. I rebooted everything.

Boom. It works.

Gotcha 4: Multiple Ethernet Adapters

Many users setup their BI servers to have multiple ethernet adapters. A common setup is to use the ethernet adapter exclusively to talk to cameras. Users want to keep their cameras completely off the internet for security reasons. However, they use the WIFI adapter to setup remote access, i.e. to view cameras from the mobile app or remote browser.

Or because of virtual machines, users may have virtual adapters listed. In general, BI will listen on all adapters.
Global settings -> Web server tab

networking_ethernet adaptors.png
networking_ethernet adaptors.png (25.06 KiB) Viewed 19593 times

Service
However, if you are running BI as a service, on occasion Windows can start services before the ethernet adapters are set. Delay the start of the BI service. Select Delayed Start from Windows Services for the BI service. This way Windows has time to set the adapters before starting the BI service.

networking_delay start.png
networking_delay start.png (1.36 KiB) Viewed 19725 times

Even with the delayed start, on occasion the adaptor will not be ready. With 5.5.0.14, the software will now retry the web server connection each 4 seconds after an initial failure until it is successful.

Bind exclusively is not normally needed since the web server will listen by default on all available adapters.


Gotcha 3: Ad blockers

Ad-blockers work by blocking IP addresses they suspect are connecting to serve ads.
Ad-blockers have confused valid BI connections from a web browser or mobile app as ad servers, thus disrupting connections.

Users, for example, would never get the login page.

networking_ad blocker.png
networking_ad blocker.png (34.36 KiB) Viewed 19725 times
Thanks, I figured it out. My host based adblocker, for some reason, started blocking the connection. Whitelisted the blueiris IP and all is well.
The ad-blocker (Adguard) on an Android device caused the mobile app to crash. Error message was lost connection to service 2.

Gotcha 2: Android & STunnel

Issue: I can connect to my server using UI3 on the mobile web browser. However, my mobile app will not connect.

Android / Google came out with tighter certificate restrictions recently. You need to make some changes to your Stunnel config file. The Android Gotcha article documents how other customers resolved issue.

Gotcha 1: Mobile apps no longer connect

Issue: The mobile app or web browser can no longer connect to the BI server.
You may have not done anything. Maybe router restarted? Maybe your ISP provider rotated your WAN address?
Easy to confirm. Email your support info to yourself. Click on the WAN URL. Does the web login page pop up?
If not, something has changed. The Remote Access Wizard will also tell you if there is an issue.

This gotcha ONLY applies to port forwarding setups.
port forwarding.png
port forwarding.png (49.91 KiB) Viewed 19725 times

The above diagram was used in the Remote Access Webinar to explain port forwarding. If the above is confusing, first review the webinar which is based on the Remote Access section of the BI Help file. The Help file with the webinar is a good start to understanding Remote Access.

Based on diagram, the ISP provider originally assigned 97.56.23.168 as your WAN address. Based on diagram, the router assigned the BI Server 192.168.1.7 as the LAN address.


After the router restart:
  • ISP could have assigned a new WAN address. 97.56.23.168 -> 97.56.28.15
    Consequence: Mobile devices will no longer be able to connect to the BI server from the WAN.
    Fix: Logout of BI Mobile App -> Edit (server) -> Lookup key (iOS) / Get IPS button (Android). You should observe the WAN address update.

    This will only work if Global settings -> Web server tab -> Refresh external IP at startup... is checked.
    refresh external IP.png
    refresh external IP.png (13 KiB) Viewed 19725 times

    For Commercial accounts where the ISP provides permanent IP Addresses, this feature can be unchecked. Commercial accounts are usually guaranteed the same WAN address
    For residential accounts, WAN addresses are usually NOT guaranteed. The Refresh external IP... feature comes in handy to get the mobile apps reconnected.
  • Router could have assigned BI a new IP address. 192.168.1.7 -> 192.168.1.15.
    Consequence: The router's port forwarding is broken.
    Fix: Update the router's port forwarding to the new IP address. Also change the router setting to provide a Static IP Address to the BI server so it never changes again to prevent future issues.
Post Reply