Access cameras from 2nd site [SOLVED]



  • I have two Echo shows, one at work and one at home.

    I want to be able to view one of my home cameras from both locations.

    I set up the camera at home with a definition pointing to the internal IP address of the camera

    rtsp://192.168.100.248:554/Streaming/Channels/102/ @tunnel, @noaudio with Basic authentication.

    This works well.

    I have the rtsp stream exposed to the internet over port 18554, my firewall maps inbound traffic to port 18554 to 192.168.100.248:554

    I created a second definition, ‘camera from work’, with a definition:

    rtsp://myhost.dyndns.org:18554/Streaming/Channels/102/ @tunnel, @noaudio with Basic authentication

    at work, I cannot connect to the camera.

    in the monocle log, I see:


    INITIALIZE RTSP STREAM: Stable

    • NAME : Stable
    • LABEL : PRIMARY
    • URL : rtsp://my.dyndns.org:18554/Streaming/Channels/102/
    • UUID : STREAM:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
    • SESS : yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy
    • MODIF : Tue Jan 21 2020 18:13:40 GMT-0500 (EST)
    • TAGS : @noaudio,@tunnel

    nothing else appears in the log after this.

    Can someone point me to a direction as to what I am doing wrong?



  • @mikedn from work, can VLC connect to that rtsp stream?
    I suspect, if the camera is tagged with “tunnel” - it is going to the gateway, which is still behind your router with private IP?



  • Yes, i can connect to the stream externally w/ VLC in addition to using the vendor’s app.

    My router is a linux-based system running on an Intel NUC. I am running monocle-gateway on this router.

    I use iptables PREROUTING to take inbound traffic from the internet and map it to my cameras on my private network. e.g. my.dyndns.org:18554 maps to 192.168.100.248:554. Using this process I can use the camera vendor’s android and IOS app to view the cameras.

    However, I cannot view from my Echo Show at work.

    I have configured another device as my.dyndns.org:18554 in monocle, thinking it would tell my echo show to retrieve the stream from “my.dyndns.org:18554”, which the router would send to 554 on 100.234.

    Since the router knows my.dyndns.org is in fact my router that it is not sending the IP traffic through my iptables pre-routing rules and is attempting to establish a connection to port 18554 on which, of course, nothing is running.

    Not sure if I am explaining this clearly or not. Hopefully 🙂

    Unless I’m simply not doing this correctly and I’ve misunderstood how to set things up. If I attempt to connect to the camera from work using the definition which works from the house, it will not connect to the camera (because I assume the Echo Show is attempting to connect to a 192.168.100 address which doesn’t exist at work)



  • @mikedn

    When using the Monocle Gateway, it will act as a tunnel (or proxy) for the camera stream. So … instead of exposing the camera over your firewall, you would need to expose the Monocle Gateway service on port 443. (Amazon will only allow port 443).

    Next, in order for the Monocle services to direct your Alexa camera requests to your publicly exposed gateway instance, you will need to put your public IP address in the monocle gateway configuration file. This will override the auto-detected private IP address that the gateway uses by default. Please see this page: https://monoclecam.com/monocle-gateway/custom-configuration#override-auto-detected-ip-address

    When the gateway is initially started, you should see something like this:

    -------------------------------------------------
    MONOCLE RTSP SERVICE - INITIALIZED
    -------------------------------------------------
    FQDN = f065fdn6-2e66-433d-axa8-6g3aau7132aae.mproxy.io
    HOST = 10.1.1.56
    PORT = 443
    -------------------------------------------------
    

    The “FQDN” is the hostname we will use to tell Alexa to find your gateway instance. So this hostname address must resolve (DNS) to your public IP. It may take up to an hour for the new IP address to get propagated downstream to all DNS servers in your path after you change this IP address in the monocle gateway settings and restart the gateway.


    Next, I’m sure you are thinking — wait, I have a dynamic DNS hostname … I can use that instead of the public IP address. You could … but that would also require you obtaining your own SSL certificate for your custom DNS hostname as we would need to do some provide some additional configuration to allow you to override the certificates in the gateway. If you are interested in this, we could try and help to get this working, but first let’s make sure everything works just using the public IP first.

    Thanks, Robert



  • Sorry haven’t been able to work on this for the past week, kids and wife have been sick with a stomach bug. I’m going to try and work on it this week hopefully when I return to work. I did make the change you recommended (public IP in the properties file) and everything still works internally, so my next test is from the office when I return to work hopefully monday or tuesday.)

    Since my public IP is assigned via DHCP from Comcast, a nice future feature enhancement to the gateway service might be to allow the user to specify a port (e.g. eth1) and have the gateway service automatically retrieve the IP when it starts up… this way users w/ dynamically assigned IPs on their public interface will not need to manually edit the file (personally I’m gong to write a script to determine the IP and dynamically create the .properties file prior to starting up the gateway service)

    bbl…



  • @mikedn

    I’m working (next week) on adding support for another user to allow them to override their DNS hostname with their own custom DNS. Of course this means that they will also have to obtain their own SSL certificate but that puts the entire public IP, DNS, SSL stuff in control by the user. Do you have any interest in that route?

    Thanks, Robert



  • probably more work than I’m looking for. I have a small routine in /etc/rc.local

    IP=ifconfig enp3s0 | grep inet | awk '{print $2}'
    echo rtsp.register.host=$IP > /etc/monocle/monocle.properties
    /usr/local/bin/monocle-gateway

    to handle the situation. granted, if my dhcp lease changes between reboots, I have an issue, but I’ve never seen that happen in the 10 years I’ve had Comcast as my ISP.



  • @mikedn

    We can probably add some keyword/identifier to allow the system to auto-detect your public IP address. At a minimum it could detect this each time the monocle gateway reconnects. If we got more sophisticated it could run a check several times a day to auto-detect IP changes. I’ll look into this further this week.

    Thanks, Robert



  • @mikedn

    I have added this new function to try/test out.
    In your monocle.properties file, change the rtsp.register.host property to @PUBLIC_IP

    #--------------------------------------
    # RTSP SERVICE REGISTRATION OVERRIDES
    #--------------------------------------
    #rtsp.register.fqdn=
    rtsp.register.host=@PUBLIC_IP
    #rtsp.register.port=443
    

    Next, restart Monocle Gateway and look for the block that shows something like this and see if the HOST shows your correct public IP address.

    -------------------------------------------------
    MONOCLE RTSP SERVICE - INITIALIZED
    -------------------------------------------------
    FQDN = f065fdn6-2e66-433d-axa8-6g3aau7132aae.mproxy.io
    HOST = 10.1.1.56
    PORT = 443
    -------------------------------------------------
    

    This still only works on a gateway reconnect, but could eliminate your scripting step to get the IP directly from the network interface which may not work for some users who are behind other network layers/routers.

    Thanks, Robert



  • @mikedn

    … on second thought …
    This may be sufficient because its unlikely to get a new public IP from the ISP’s DHCP server if your connection is active. This typically only happens if your Internet connection is down for some time or if you are replacing the modem/gateway/hardware/etc. So this would result in a reconnect anyways. So this may solve all the public IP address issues/workflow needed.

    With @PUBLIC_IP identifier in place we will re-evaluate the client endpoint connected to our servers and extract the public IP address and update the DNS record on our end each and every time the monocle gateway reconnects.

    Thanks, Robert



  • @Monocle said in Access cameras from 2nd site [SOLVED]:

    @PUBLIC_IP

    Works for me, haven’t had an IP refresh happen but when i do i will let you know if there are issues, probably an 8 hour check / refresh routine would be smart but not critical



  • @skarragallagher

    Does your IP change regularly and transparently … meaning no downtime on the connection?

    Thanks, Robert



  • able to access the camera now from work. Thanks for all the help! Popping a donation over now for this great service!



  • @mikedn

    FYI, if you are exposing your monocle gateway (port 443) to the Internet, you may want to have a look at this thread:

    We have added additional security in the form of authenticated requests to the monocle gateway for users who want/need to expose the service to the Internet.
    This experimental version will significantly enhance the security for incoming requests to the Monocle Gateway.

    Thanks, Robert



  • @Monocle Thanks for the heads up. I’ll take a look.


Log in to reply