3 ways to access Blue Iris remotely

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

in this video we are going to talk about remote access to your blue iris server so on your phone or on your computer whether you're inside your house or place a business or outside what are your options now this topic quickly turns into a topic about security because anytime you expose your network to the outside world you are putting your network your internal devices phones computers at risk now how much risk are you putting them at um is debatable there's really three ways you can get to your cameras and to Blue Iris outside of your home or business the first one is traditional port forwarding what port forwarding is is you actually open up a port on your firewall that says if someone from the outside world tries to hit this port on my public IP address which is what your internet service provider assigns to you for that request onto this internal device on such and such Port so it's taking traffic from the outside passing it through what normally is a firewall well still firewall but what normally is blocked by the firewall to the device now you're relying on that device in this case a the blue iris web server to be security patched and not be vulnerable to someone hitting that device from the outside and being able to compromise it so a lot of folks in this surveillance and security World frown upon port forwarding now port forwarding is done for a variety of reasons if you've ever played Xbox or Playstation you might have had to port forward for certain things or if you've had other cameras like an amcrest Network video recorder you have to port forward to be able to get into that so there's other reasons why you might have to do port forwarding again it's a topic for discussion and depending on who you talk to the amount of risk changes in my personal brisk profile of what I'm comfortable with I don't use port forwarding so we'll talk about some of the other options another option you could use is a VPN and a VPN allows you to through your router make a secure connection into your network and then once you're internal to your network that connection secured you then have access to your blue iris system this does require a little bit of work your router has to be able to support a VPN server to allow for you as the client to log in generally it's called an l2tp connection it's one of the common ones there's others but essentially you would take your phone or your laptop and you would have a network connection that you would connect to you'd say connect and you would connect to your your home network so your traffic would actually be routed to your home or business Network I should say in my case it's a home network and that's a great option that's an option I used for years and then you can not only get the blue iris but you can get to other things so if you had a network with attached storage or some other device that you wanted to get to you could get to that as well once you're on with VPN the third option I recommend is something called zero tier now zero tier isn't something that everyone's heard of it's a secure way without having to do what I said on your firewall set up a VPN maybe you have a firewall that doesn't support that you can still use zero tier to securely get into your network and to your blue iris machine how it works is you go to the zero tier website you set up for free kind of a virtual Network and you add your blue iris machine and any of your endpoints your devices that you want to be able to connect back to the blue iris machine this is a bit of a tangent but some people do say well your entrusting a zero tier with management of your network you can actually run your own zero tier is open source you can't actually run your own zero tier servers if you your threat your risk threat profile is that high you can run your own zero tier servers for the most of us uh this will be fine to use zero tier as is uh through their servers so just like having a VPN anytime you want to connect back to your blue iris you will have to open up the zero tier app if you're on your phone um on your computer it'll stay running pretty much all the time if you wanted to and it's gotten better on the IOS and Android apps where it will stay running if you wanted to earlier on a year or two ago when I first started playing with zero tier it would disconnect pretty quickly and you'd have to go back in and reconnect to go in and see your cameras just to be clear zero tier does not require you to port forward on your router the way the technology works is it uses outbound connections to establish inbound connections so you really don't have to touch your router at all there's there's no need to touch your router you could set up your router to be a zero tier endpoint but um for what we're talking about today it would be you would set it up on the blue iris machine configure it in the blue hour software and then set it up on your devices your endpoints I do have a video on setting up zero tier you'll see it at the top and also I'll put it in the description below it's really not that difficult to set up but it there are a few steps to take now that we've talked about some of the options let's click over to Blue Iris and the lovely Frozen butterfly and we are going to go over to the web server section so if we go up here there's a little gear icon click on the gear icon these are the settings it'll pop up and you're going to want to click on web server if your blue iris PC is connected to the internet you'll see an external IP address this is the IP address that others see when you visit a website this is the IP address that your ISP your internet service provider has given to you I have removed that for now just so others don't see that but your ears will populate here you'll also see the internal IP address on your network so if you're in the land the local area network this is the IP address you would hit my personal preference is to not use port 81 it's a very common Port I usually will pick a high number Port like 50 000 plus and use that whether it gives you more security is debatable but pretty much everyone knows for 80 81 443 these are very common ports for servers so choosing a random Port aside from a full port scan security through obscurity go figure there is a nice remote access wizard here that if you are doing port forwarding it'll try to even use UPnP which is basically a protocol that will communicate with your router directly and try to add those port forwarding rules without you even having to log into your router sometimes it works sometimes it doesn't if UPnP is on on your router then it might but you should really not have that on all the time on your router if you do just helpful hint it's not a from a security perspective you should turn off UPnP when you see that those four letters turn them off but if you don't it'll run through but it'll also check to see if you have connectivity both out to the internet and back in from the internet so if you go and make the port forwarding Rule and you want to say see if blue iris is going to work before you've downloaded the app and paid ten dollars on the App Store you can run through this remote access Wizard and see now if you are going to use a VPN or you're going to use zero tier then the external IP is not as important really the internal IP is going to be as important if we click on the adapters here you have the localhost don't worry about that for now but if you are using VPN and you're going to actually VPN into your network well you're going to get a local IP address for your device so for your phone you're going to be on the same so maybe I'll get a 192.168.4.200 address and when I go into blue iris it's going to visit this other local address now that I'm on the network and VPN didn't so I'm really not going to need to know anything about this remote Wan which is the wide array Network um information I'm just going to need to know about the the local area network the LAN if I'm VPN now if I'm using zero tier I'm also going to have another adapter and your if your PC if you you know have multiple land cards or ethernet cards and so you may see other adapters here but there will be if you set up zero tier you will see an adapter an additional adapter that you'll select but if you um uncheck bind exclusively when you're home on or at work on the local network you can use you don't have to use zero tier you can go directly to the IP address when you leave you can go to the zero tier address again still not touching the WAN address your public IP so that's a pretty cool feature when I first experience the Earth here I thought you even when I was home I had to go into zero tier because there is a little bit of lag that when you turn on zero tier in an app it's got to connect to the zero to your server and you know so if you you get an alert from Blue Iris and somebody's in your driveway and you want to open it up quick and you're not already logged into zero tier it can be a little bit annoying so but this allows you if you're home to be able to use the local IP address that's not zero tier but also have the zero tier adapter selected so just make sure that buying exclusively is unchecked then you'll be able to use both of them if we click into advanced there are some additional options remember this is a web server that is intended to be quote unquote out on the internet I would make sure that require authentication so username and password is um on for all connections including internal and also you could set up that if you knew you always had a an i another location for example another site that needed to connect in and that's the only those are the only people that needed to connect you could you could limit it by that IP address but if you're out and about in the world on cell phone towers you're going to get new IPS all the time you won't be able to put that in there so it's not exactly easy um these are all the defaults Auto bands so if someone is trying if you do have that Port forwarded and someone is trying to get into the network and they're failing failing failing you can ban their IP I personally like to log all connections just if there was ever an issue I could go see who connected when especially if you have a larger Network hopefully that was helpful if you are interested in that zero tier video I will put it up above and also in the description below again that is what I use I've started with port forwarding decided it was too insecure then moved to VPN and then learned about zero tier at this point a couple years ago and I've used zero tier for more than just blue RS it's really an incredible incredible uh invention so I hope the folks over there keep developing on it and um if you haven't played with it yet definitely check it out anyway we'll see you in the next video if you found this helpful uh give it a thumbs up and subscribe take care

Info

Channel: Learn Blue Iris

Views: 12,768

Rating: undefined out of 5

Keywords: blue iris, access blue iris remotely, blue iris port forward, blue iris zerotier, blue iris zero tier, blue iris vpn, blue iris security camera, blue iris software

Id: Krd2Syu9huk

Channel Id: undefined

Length: 12min 6sec (726 seconds)

Published: Wed Dec 28 2022