Networking - Remote Access

Articles based on common support questions.
Post Reply
varghesesa
Posts: 49
Joined: Thu Jul 11, 2019 9:52 pm

Networking - Remote Access

Post by varghesesa » Tue Aug 17, 2021 3:10 am

Introduction

Remote access is a key component of BI functionality. Users want to see their cameras and alerts remotely either through a browser or their mobile apps. In order to do so, your home or office network needs to be setup so your mobile apps or browsers can connect to your BI server residing in your home or office.

The choices for doing so seem to be growing. This article shares the options available so users can decide what works best for them.



Network Setup

With security and bandwidth concerns, network engineers at companies have definitely added layers of complexity to their network deployment.
There are now plenty of options for addressing bandwidth and security:
  • VPN
  • STunnel (Certificates)
  • Dynamic DNS (DDNS)
  • Software defined networks


Furthermore, home networks have also become more complicated deploying some of the above technologies in addition to having more complicated network topologies such as a mesh router in addition to the traditional router provided by their ISP provider.

Port forwarding was the original way of setting up your network for Remote access. Tech saavy folks still use port forwarding, but for many the Remote access wizard and setting up port forwarding is challenging.
The Remote Access Wizard and the Remote Access topic in Help has details about setting up your network/router.
The Remote Access 101 webinar guides you through the process. In the webinar, I walk through port forwarding and NGROK.
Troubleshooting your network and port forwarding is beyond BI support. Research the forum/internet and/or contact a local managed IT services company or security company.

I started with port forwarding but have since switched to NGROK after purchasing an Orbi mesh router and not wanting to deal with cascading routers. Most users are using NGROK (ddns) these days since it's easier. The only gotcha is if the Windows server running BI restarts, you have to restart NGROK and re-enter the url in the mobile app(s). My server only restarts on a Windows update so I can live with it. The paid version gives you a persistent URL. The NGROK section in the Help file provides details.



Remote device setup

You can test whether your network is setup correctly by using the UI3 browser and the Mobile apps.

Test 1: Localhost

Open a browser window on your BI server.
Go to your BI web server. localhost:<port number>
Does the login page pop up?

networking_login.png
networking_login.png (109.19 KiB) Viewed 209 times

If not, the BI web server is not running. Run through diagnostics in the Remote Access Wizard.
Check your anti-virus and firewall settings. See Windows Tuning article.


Test 2: LAN & UI3

From a device on the LAN (laptop or mobile phone), connect to UI3 using the web browser.
Does the login page appear? If not, your BI server or network is not setup correctly.
Run through the Windows Tuning article to make sure Windows is not in conflict with BI.
Run through the Remote Access Wizard and try to see if BI can identify the cause. Global settings -> Web server tab.
If the web server is not running properly, communication to remote devices is not possible.


Test 3: WAN (internet) & UI3

Turn off Wifi on your mobile phone, i.e. connect to your cellular network.
Can the mobile browser on your phone still connect to the login page?
If not, your router or network is not setup so devices on the internet can communicate with your BI web server.
The Remote Access Wizard walks you through the steps to setup your network.
The Remote Access webinar guides you through the process.
The webinar starts with port forwarding. DDNS via the NGROK utility is discussed later.
  • Most users are using NGROK (ddns) these days since it's easier. In addition to the webinar, the NGROK section in the Help file provides details.
  • Tech saavy folks still use port forwarding. In the webinar, I walk through port forwarding via an AT&T Pace gateway device. Setting up your specific router/gateway is beyond BI support.
    If you replaced your router or the router/network equipment restarted due to a power outage, then port forwarding could be broken.
    Gotcha 9 (Network is setup using port forwarding. Router restarted/replaced by own volition or power outage occurred) shares details on the situation and the fix.

Test 4: WAN (internet) & mobile apps

Confirm Mobile App Server settings.
Login to the web interface from the phone while on your cellular network.
Now you have the critical pieces of information to connect your mobile app
  • You can be confident your network is setup correctly.
  • You know the IP address / Port number to access the BI server if you implemented port forwarding.
    OR you know the URL to access the BI server if using NGROK or alternative DDNS solution.
  • You confirmed a Username / Password by logging into the web interface.
SSL and HTTPS
DDNS via NGROK provides encryption. If you are instead interested in SSL certificates for encryption, see the SSL and HTTPS section in the BI Help file. STunnel is one solution. Keep in mind, Android recently changed their policy on public certificates.
The Android gotchas article lists examples of fixes to meet these new requirements.
Many users have also moved away from certificates and moved towards DDNS solutions.

If you used port forwarding to setup your network, you can go to the Mobile devices article to complete the app setup. If using NGROK, continue with below steps.

NGROK details
As stated above, download / install NGROK by following instructions in the BI Help file and/or webinar. There is an entire section for NGROK.
Follow steps below to setup BI properly to work with NGROK.
Since the free version of NGROK also includes https access I decided to do so. Better safe than sorry right.
The below instructions provide an https remote connection.
  • Web server settings
    Note the DDNS address placed in Remote access.
    Note STunnel is selected. While NOT using STunnel, this allows users to use https with DDNS solutions as well.
    Note Refresh external IP at startup and again every is unchecked.
    mobile article NGROK web server.png
    mobile article NGROK web server.png (60.01 KiB) Viewed 209 times
  • Mobile app - Server settings
    Note https choice for WAN with ngrok address.
    For LAN, I chose to keep my IP address, so the router can access the BI server faster when home.
    mobile article mobile server.png
    mobile article mobile server.png (41.29 KiB) Viewed 209 times


Gotchas

The gotchas section is about learnings from past tickets.

Gotcha 1: Mobile apps no longer connect

port forwarding.png
port forwarding.png (49.91 KiB) Viewed 181 times

The above diagram was used used in the Remote Access Webinar to explain port forwarding. If the above is confusing, first review the webinar which is based on the Remote Access section of the BI Help file. The Help file with the webinar is a good start to understanding Remote Access.

Based on diagram, the ISP provider originally assigned 97.56.23.168 as your WAN address. Based on diagram, the router assigned the BI Server 192.168.1.7 as the LAN address.



After the router restart:
  • ISP could have assigned a new WAN address. 97.56.23.168 -> 97.56.28.15
    Consequence: Mobile devices will no longer be able to connect to the BI server from the WAN.
    Fix: Logout of BI Mobile App -> Edit (server) -> Get IPS button. You should observe the WAN address update.

    This will only work if Global settings -> Web server tab -> Refresh external IP at startup and again every xxx is checked.
    refresh external IP.png
    refresh external IP.png (13 KiB) Viewed 181 times

    For Commercial accounts where the ISP provides permanent IP Addresses, this feature can be unchecked. Commercial accounts are usually guaranteed the same WAN address
    For residential accounts, WAN addresses are usually NOT guaranteed. The Refresh external IP... feature comes in handy to get the mobile apps reconnected.
  • Router could have assigned BI a new IP address. 192.168.1.7 -> 192.168.1.15.
    Consequence: The router's port forwarding is broken.
    Fix: Update the router's port forwarding to the new IP address. Also change the router setting to provide a Static IP Address to the BI server so it never changes again to prevent future issues.
Post Reply