Foscam R2 with Lenovo Smart Tab [SOLVED]
-
Glad to hear the Foscam is working.
If we are going to leave port 443 open to the Internet it would be prudent for us to add some form of authentication to the monocle service to prevent unauthorized access. The current exposure is pretty limited but security by obscurity is really not a good solution. At the moment any consumer would need to know the unique STREAM ID and SESSION ID to be able to get access to any camera streams but a proper authentication mechanism would be better.
Thanks, Robert
-
Yes i agree. I will work on adding the Static IP address to my internet plan. I am assuming that auth would be handled on the gateway which would mean the a new version would need to be developed by you?
If i can assist in any way by testing or whatever you need, i happy to do so. I really appreciate the help in getting this to work.
Many Thanks!
Ryan -
Yes we will need to add support for this in the software … let me look into this next week and maybe we can get a copy out to test with .
Thanks, Robert
-
Thanks, i have most of cameras working now. My doorbird is not working and then a few combined views from BlueIris but i haven’t spent time investigating.
I created a couple other support threads in the lenovo forums
https://forums.lenovo.com/t5/Lenovo-Smart-Tablets-with-Amazon/Lenovo-smart-tab-m10-Camera-Streaming/m-p/4633642/highlight/falseWe will see if the can escalate this and resolve this as well although we have a workaround.
No rush, but once you have a version you would like to test let me know here and i will give it a go.
-
Just a small update … we have added support for a configuration property to automatically detect your public IP address instead of you having to manually define it.
Please see: https://forum.monoclecam.com/topic/485/access-cameras-from-2nd-site-solved/10Plan on looking into the authentication improvement this week.
Thanks, Robert
-
Thank you for tagging me here. I implemented this and it seems to be working with that new function.
Looking forward to testing whenever you are ready. Thanks for following up
-
Im not seeing a way to get the log file. I saw the article on this but the logfile is not created
-
Well … its should be creating a log file (
monocle-gateway.log
) adjacent to (in the same folder as) themonocle-gateway.exe
when running on a Windows machine. That is if you are running it as a service. If you are just launching the executable directly, then there is no log file but the same contents should be printed on screen while the executable is running in a command shell.Thanks, Robert
-
-
Well, that is confusing :-)
I wonder if it’s getting written to a working directory instead. Can you do a search for “monocle-gateway.log” and see if its getting written somewhere else?
It’s possible it’s not getting written anywhere, but that is a function of the “nssm.exe” utility that turns this monocle-gatesway.exe into a service.PS, working on gateway authentication and security today.
Thanks, Robert
-
I will do a search, i was thinking it was being written somewhere else.
-
a search didn’t find it but please don’t worry about this. Its very minor. Don’t want to distract you from the auth piece :)
-
As an alternative, you can always just stop the service and run the
monocle-gateway.exe
from the command line to see the output logging.Thanks, Robert
-
Yeah thats what i did when troubleshooting cams / network stuff
-
Progress update on monocle-gateway authentication …
I now have an optional authentication mechanism in place in both an updated (experimental) version of monocle-gateway as well as the server side infrastructure. I’m finishing up some testing and will post a link for you to download it soon.
The way it works is you add your own textual string as a private authentication key in your
monocle.properties
file. We then share this private key with the monocle servers (via encrypted channel) and use this key to create a unique one-way encrypted hash/signature for each RTSP request from Alexa to your instance of the Monocle Gateway. This way the private key is never included in the public request and never shared with Amazon/Alexa devices. Every unique Alexa request for a camera stream will have a new and unique auth hash/signature such that previously generated authentication hash/signatures are not reusable. The Monocle gateway will only enforce this hash/signature validation if a private key has been optionally configured.This is only really needed in cases where the Monocle Gateway is exposed to the Internet / publicly accessible on the Internet (via port 443). All traffic is already encrypted using SSL/TLS, but this new authentication method will further ensure security in that each an every Alexa request signature is authenticated and validated. If configured with this private key, the Monocle Gateway will not accept any inbound RTSP requests that fail to provide the authentication hash/signature or any invalid authentication hash/signatures.
Thanks, Robert
-
This sounds like awesomeness. Looking forward to giving it a try. Thank you for turning this around so quickly. Much appreciated!
-
I have not tested the Windows build yet, but here it is if you would like to try it out:
Just add the following section to your
monocle.properties
file:#-------------------------------------- # RTSP GATEWAY ACCESS KEY # use if exposing gateway to Internet #-------------------------------------- rtsp.auth.key=WHATEVER_UNIQUE_TEXT_YOU_WANT
You can provide some unique string for the
rtsp.auth.key
property.When attempting to ask Alexa to view a camera stream, you should see something like:
------------------------------------------------- INITIALIZE RTSP STREAM: Basement ------------------------------------------------- - NAME : Basement - CAMERA.MFG : HikVision - CAMERA.MODEL : DS-2CD2042WD-I - CAMERA.LABEL : PRIMARY - RTSP.URL : rtsp://10.1.2.115/Streaming/channels/101 - STREAM.ID : STREAM:000641fb-3f5a-4b35-aec3-af39baa2c882 - SESSION.ID : 3a73207a-dbe6-4f1a-b8bf-66f3212fcd4e - LAST.MODIFIED : Tue Feb 04 2020 15:30:14 GMT-0500 (Eastern Standard Time) - TAGS : @tunnel ------------------------------------------------- 2020-02-05T21:37:56.034Z [INFO] [10.1.2.90:37802 <r123rhufU>] RTSP CLIENT SOCKET CONNECTED ------------------------------------------------- INBOUND RTSP CONNECTION FROM ALEXA: [10.1.2.90:37802 <r123rhufU>] ------------------------------------------------- - CLIENT.IP : 10.1.2.90 ( <-- this should be your Alexa device) - CLIENT.PORT : 37802 - REQ.ID : r123rhufU - REQ.PROTOCOL : RTSP/1.0 - REQ.METHOD : DESCRIBE - REQ.URL : rtsp://_________.mproxy.io:443/STREAM:000641fb-3f5a-4b35-aec3-af39baa2c882?session=3a73207a-dbe6-4f1a-b8bf-66f3212fcd4e - STREAM.ID : STREAM:000641fb-3f5a-4b35-aec3-af39baa2c882 - SESSION.ID : 3a73207a-dbe6-4f1a-b8bf-66f3212fcd4e - AUTH.HASH : 82dcd3504d0234wefsdfsfs3gh36c78b32aff0df ------------------------------------------------- 2020-02-05T21:37:56.163Z [INFO] [10.1.2.90:37802 <r123rhufU>] RTSP GATEWAY AUTH SUCCEEDED: ... 2020-02-05T21:37:56.163Z [INFO] [10.1.2.90:37802 <r123rhufU>] RTSP CLIENT ATTACHED TO STREAM: Basement (STREAM:000641fb-3f5a-4b35-aec3-af39baa2c882)
Notice the “RTSP GATEWAY AUTH SUCCEEDED” message confirming a successful authentication.
Thanks, Robert
-
I downloaded the 64 bit version and installed it. Seems to work just fine. No issues noted. Thank you for this!
-
One thing i noted with this tablet is that the streams will time out exactly after 10 minutes so it makes it rather annoying to keep an eye on my 4 year old during nap time…
Im wondering if there is any type of keep alive signal that can be sent so the server doesn’t disconnect the stream
-
Can you post a monocle-gateway log for this camera stream request? I want to see if there is a session timeout declared in the RTSP communication from the camera. Also what make/model is this camera?
Also, if you are using
@tunnel
try@proxy-tcp
or@proxy
and see if that makes any difference.Thanks, Robert