Access cameras from 2nd site [SOLVED]
-
When using the Monocle Gateway, it will act as a tunnel (or proxy) for the camera stream. So … instead of exposing the camera over your firewall, you would need to expose the Monocle Gateway service on port 443. (Amazon will only allow port 443).
Next, in order for the Monocle services to direct your Alexa camera requests to your publicly exposed gateway instance, you will need to put your public IP address in the monocle gateway configuration file. This will override the auto-detected private IP address that the gateway uses by default. Please see this page: https://monoclecam.com/monocle-gateway/custom-configuration#override-auto-detected-ip-address
When the gateway is initially started, you should see something like this:
------------------------------------------------- MONOCLE RTSP SERVICE - INITIALIZED ------------------------------------------------- FQDN = f065fdn6-2e66-433d-axa8-6g3aau7132aae.mproxy.io HOST = 10.1.1.56 PORT = 443 -------------------------------------------------The “FQDN” is the hostname we will use to tell Alexa to find your gateway instance. So this hostname address must resolve (DNS) to your public IP. It may take up to an hour for the new IP address to get propagated downstream to all DNS servers in your path after you change this IP address in the monocle gateway settings and restart the gateway.
Next, I’m sure you are thinking — wait, I have a dynamic DNS hostname … I can use that instead of the public IP address. You could … but that would also require you obtaining your own SSL certificate for your custom DNS hostname as we would need to do some provide some additional configuration to allow you to override the certificates in the gateway. If you are interested in this, we could try and help to get this working, but first let’s make sure everything works just using the public IP first.
Thanks, Robert
-
Sorry haven’t been able to work on this for the past week, kids and wife have been sick with a stomach bug. I’m going to try and work on it this week hopefully when I return to work. I did make the change you recommended (public IP in the properties file) and everything still works internally, so my next test is from the office when I return to work hopefully monday or tuesday.)
Since my public IP is assigned via DHCP from Comcast, a nice future feature enhancement to the gateway service might be to allow the user to specify a port (e.g. eth1) and have the gateway service automatically retrieve the IP when it starts up… this way users w/ dynamically assigned IPs on their public interface will not need to manually edit the file (personally I’m gong to write a script to determine the IP and dynamically create the .properties file prior to starting up the gateway service)
bbl…
-
I’m working (next week) on adding support for another user to allow them to override their DNS hostname with their own custom DNS. Of course this means that they will also have to obtain their own SSL certificate but that puts the entire public IP, DNS, SSL stuff in control by the user. Do you have any interest in that route?
Thanks, Robert
-
probably more work than I’m looking for. I have a small routine in /etc/rc.local
IP=
ifconfig enp3s0 | grep inet | awk '{print $2}'
echo rtsp.register.host=$IP > /etc/monocle/monocle.properties
/usr/local/bin/monocle-gatewayto handle the situation. granted, if my dhcp lease changes between reboots, I have an issue, but I’ve never seen that happen in the 10 years I’ve had Comcast as my ISP.
-
We can probably add some keyword/identifier to allow the system to auto-detect your public IP address. At a minimum it could detect this each time the monocle gateway reconnects. If we got more sophisticated it could run a check several times a day to auto-detect IP changes. I’ll look into this further this week.
Thanks, Robert
-
I have added this new function to try/test out.
In yourmonocle.propertiesfile, change thertsp.register.hostproperty to@PUBLIC_IP#-------------------------------------- # RTSP SERVICE REGISTRATION OVERRIDES #-------------------------------------- #rtsp.register.fqdn= rtsp.register.host=@PUBLIC_IP #rtsp.register.port=443Next, restart Monocle Gateway and look for the block that shows something like this and see if the
HOSTshows your correct public IP address.------------------------------------------------- MONOCLE RTSP SERVICE - INITIALIZED ------------------------------------------------- FQDN = f065fdn6-2e66-433d-axa8-6g3aau7132aae.mproxy.io HOST = 10.1.1.56 PORT = 443 -------------------------------------------------This still only works on a gateway reconnect, but could eliminate your scripting step to get the IP directly from the network interface which may not work for some users who are behind other network layers/routers.
Thanks, Robert
-
… on second thought …
This may be sufficient because its unlikely to get a new public IP from the ISP’s DHCP server if your connection is active. This typically only happens if your Internet connection is down for some time or if you are replacing the modem/gateway/hardware/etc. So this would result in a reconnect anyways. So this may solve all the public IP address issues/workflow needed.With
@PUBLIC_IPidentifier in place we will re-evaluate the client endpoint connected to our servers and extract the public IP address and update the DNS record on our end each and every time the monocle gateway reconnects.Thanks, Robert
-
@Monocle said in Access cameras from 2nd site [SOLVED]:
@PUBLIC_IP
Works for me, haven’t had an IP refresh happen but when i do i will let you know if there are issues, probably an 8 hour check / refresh routine would be smart but not critical
-
Does your IP change regularly and transparently … meaning no downtime on the connection?
Thanks, Robert
-
able to access the camera now from work. Thanks for all the help! Popping a donation over now for this great service!
-
FYI, if you are exposing your monocle gateway (port 443) to the Internet, you may want to have a look at this thread:
We have added additional security in the form of authenticated requests to the monocle gateway for users who want/need to expose the service to the Internet.
This experimental version will significantly enhance the security for incoming requests to the Monocle Gateway.Thanks, Robert
-
@Monocle Thanks for the heads up. I’ll take a look.
