Ubiquiti G3 cameras with Echo Show 8
-
To let you all know, I have been successful, in the end I didn’t have to play with firewall rules at all. Turns out the gateway on OS X was the problem, I’m now running the gateway on a Raspberry Pi and everything is working fine. The only thing I’m concerned about is there’s no login credentials required to look at the stream
-
@LosBoricua Yes, VLC plays the RTSP stream just fine.
-
What OS are you tuning the gateway on?
-
Yes, if you can VLC stream it then it is the gateway. Maybe firewall rules on the device you installed the gateway is the issue.
-
@AndyAbbott it’s a Ubuntu 20.04 VM.
-
I forgot to say thank you for all your help with the issue!
Does ubuntu run a firewall as default? Not familiar with that OS sorry, I was originally running gateway on OS X which when disabling firewall ran correctly but took a lot of fiddling. Now running on Pi behind a very secure network so don’t encounter any issues
-
No problem. U have Ubuntu but I think it is Version 18. I think version 20 is not supported.
-
Ive made sure the built in Ubuntu firewall (ufw) was stopped but still nothing on the Echo Show. I’ll start a new thread with background. Glad you got yours running.
-
It may not be supported but the gateway is running fine and the logs show an attempt to connect when the Show is asked. Ive narrowed this down to the DNS rebinding issue, but haven’t figured out how to resolve it on the UDM-Pro.
-
FWIW I’m running Pi-Hole for DNS lookup, more than happy to give you any UDM configurations you need though
-
Did you get this sorted? If the router is blocking DNS resolution to
*.mproxy.io
then that would definitely be an issue. It would not surprise me if a UDM block against DNS REBINDING by default. My PFSense router does and I had to create an exception to allow this hostname to get resolved inside my private network.Thanks, Robert
-
Apologies for the delayed response but I’m glad to see you were able to get it working. I know we started working on an OSX installer but it may not have been released yet – the installer should create the required firewall exceptions to avoid the issue you ran into — although I have seen some odd behaviors where the OSX firewall in the past.
When you say …
“The only thing I’m concerned about is there’s no login credentials required to look at the stream”
What exactly do you mean? The camera not being configured with a password to protect the stream? Or something with the gateway itself?
Thanks, Robert
-
That’s right, that the authentication is set to none, this isn’t a problem with the gateway but seems to be with UniFi Protect, I can view the RTSP stream without any login credentials which leaves me questioning how secure it is?
-
OK, I don’t have any Unifi cameras so I’m not sure why auth has to be disabled on then to get them working. Do you know if they are supposed to support either BASIC or DIGEST authentication?
Thanks, Robert
-
In all honesty I’m not sure but I couldn’t get them to work with either of them options selected, I tried creating a user on my UniFi system specifically for the Monocle gateway but couldn’t get it working this way so had to select none in the end
-
Yes, this is still an issue for me. Everything on the Protect side is working, as I can use the iOS app, NVR and RTSP stream on VLC just fine. When I was using the USG as a router I could get around the DNS rebinding issue with editing a config file on the USG, but since moving to the UDM Pro Ive not found a way to get the feed to display on the Echo Show.
*.mproxy.io is not resolving when querying internally, so Im confident that’s the issue. If I can’t use a config file on the filesystem, is there some other (UDM-P or otherwise) workaround to get those address to resolve internally?
Thanks for reviving the post; any insight will be helpful.
-
I can’t help too much on the Unifi specifics but another option would be if you are able to add your own static DNS record to your router. You could add your specific
*.mproxy.io
DNS entry (show on startup in Monocle Gateway log) and have it pointed to your local IP address of the machine hosting your Monocle Gateway. Alexa devices will only connect to real DNS hostnames, not addresses that only include IP addresses – its stupid but its what Amazon requires.Thanks, Robert
-
Yes, that’s the rub at the moment. I’ve not yet found how to add it as a static DNS entry, either at the FS level or within the UI. My post on this topic at the Unifi forums hasn’t had a reply.
-
Another option would be to use your public IP instead. It’s not ideal, but could at least get you up and running to test out the system. You would have to configure your router to forward port 443 from your WAN connection to the internal IP address of the machine running your Monocle Gateway. Additionally, you would need to configure your Monocle Gateway and override the auto-detected IP with your public IP address. See https://monoclecam.com/monocle-gateway/custom-configuration#override-auto-detected-ip-address
This would cause the Alexa devices to connect to your public IP (WAN side of your router) which forwards to your Monocle Gateway inside your network. So your audio/video data would all still be local to your network.
Thanks, Robert
-
Thanks for the suggestion. Already forwarding 443 for other purposes, and don’t want to poke more holes in the FW for so minor a use case. I’ll keep digging, but if anyone has had success with this combination of hardware/software please relate what you’ve found.