How To Stop Camera Phoning Home To China
I found tons of inspirational stuff on OpenVPN on the Ubiquity forum. And your network situation might be a "bit" dissimilar than mine, so what I did, was harvest bits & pieces from other peoples tutorials, stool some great ideas, ditched some (seemingly less not bad) ideas. But by doing trial and error, you learn from your mistakes 
In general, my communication would be:
- Describe your network layout on paper. Don't start coding / configuration before you have an overview on what you lot want to implement. Keep in listen: networks do change overtime, you might see an iterational process and have to commencement over from this important pace. So go on your documentation for later reference, otherwise you find yourself in a situation like: why on world did I configure vlan 9, clean it up and after a while discover that your smart TV tin't play media files anymore. Likewise important: yous have your Physical Diagram (which outlet goes to which room terminated on which switch/router/access point/...) and your Logical Diagram (which IP range, subnet, gateway, vlan number etc)
- one time y'all have your architectural design, you lot will be able to formulate your requirements:
- if vlans are required: how many, how are they propageted --> this defines whether (or not) you'd require managed switches or unmanaged ones
- if different subnets are required: how many, how are they "full-bodied" --> this defines whether (or non) you'd require (additional) routing capabilities
- in case you want to reach your inner network, OpenVPN is thé no-brainer solution. It runs on ample SOHO routers (eg ASUS) but as well on the Ubiquity gear. With OpenVPN setup, you tin then opt whether you land into a specific vlan, or can connect to restricted subnets.
- in any case of aforementioned options, you lot'd think most "access restrictions". Everybody on this forum is already aware that blocking internet admission TO IPC/NVR is mandatory (which means no port forwarding), however thinking about restricting access TO the internet might be a wise thing too. Exceptions tin can occur if y'all really want to have push notifications. Draw these access rules on newspaper (traffic_in versus traffic_out, by physical interface and/or logical interface (eg which IP can talk with another IP). And call up wide: do you lot actually want your Google Home device residing in the aforementioned network as your NAS with your family pictures? Same applies for your wifi-IOT-fridge? It's not a question whether they would do you harm Now, it's more about in 3-4 years, when your fridge is out of warranty, didn't go any firmware update, and the *zero gets whacked and goes rogue on your network. Then you'll be happy to have it isolated in a vlan.
- so it's play time:
- beginning configuration of your network gear. Do go on regular backups (and keep them in pairs: firmware file + configuration file). Many people only save the configuration file, but if version 4.39 has configuration features which 3.10 does not have, but if your systems breaks downwardly, and you lot'll get a new device nether warranty, but sitting on the manufactory default of iii.ten, you can't just load the four.39 firmware file. But peradventure that firmware file doesn't exist anymore and sits on 5.59, you lack the intermediate four.39 firmware file. And so proceed them both!
- more specifically on OpenVPN: I tend to keep the OpenVPN client in "seamless" way, which means that whenever my OpenVPN connection drops, fifty-fifty when 3g/4g or wifi nonetheless "work", no packets are sent over the air. I do not want to let slip any packets (because maybe my openvpn port is blocked on a public hotspot).
Tasker might help you in the concluding use instance to see "if not connected to trusted wifi - connect openvpn", but in seamless way, you don't actually need it.
Hope this helps!
CC
Source: https://ipcamtalk.com/threads/dahua-camera-phoning-home-to-china.31817/
Posted by: juddwrick1979.blogspot.com
0 Response to "How To Stop Camera Phoning Home To China"
Post a Comment