Blue Iris Secure Remote Access Using ZeroTier

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments

How is ZeroTier making money off the free accounts? They have to be farming some sort of data to sell off. IP address of your devices is not enough. I know he said it's all encrypted but it's encrypted by ZeroTier which means they have the key to decrypt that data whenever they want.

👍︎︎ 3 👤︎︎ u/Bodycount9 📅︎︎ Mar 09 2021 🗫︎ replies

Thanks for this. Good tutorial. And tons of ideas will come from this.

👍︎︎ 2 👤︎︎ u/Nixx_Copps 📅︎︎ Mar 09 2021 🗫︎ replies

I'm a big fan of Caddy for setting up auto renewing SSL encryption for your server. Pairs up really nicely if you have your own domain or you could just go snag a free one off of duckdns.org.

👍︎︎ 2 👤︎︎ u/Ramrawd 📅︎︎ Mar 10 2021 🗫︎ replies

Worth mentioning other products out there allow you to accomplish the same end result. Personally use a new product called Twingate and can access my instance on the same internal IP from anywhere. Another is Tailscale which is another Zero Trust solution. All are free when using limited devices / users which is also helpful!!

👍︎︎ 2 👤︎︎ u/mrchris45 📅︎︎ Mar 10 2021 🗫︎ replies

Why not just VPN into the lan?

👍︎︎ 1 👤︎︎ u/misterpc23 📅︎︎ Apr 08 2021 🗫︎ replies
Captions
today i'm going to show you how to access blue iris outside your home without doing any sort of port forwarding or setting up a traditional vpn i've always had some concerns about port forwarding because technically you're leaving a port basically open to the internet on your firewall and setting up a client vpn on all of your devices just sometimes isn't practical or even possible you might ask why now why haven't i brought this to you all sooner well i was faced with a very unique challenge i was working with a gentleman who had recently gotten starlink at his house and he's a blue iris user well for those who don't know starlink is a satellite internet service provided by spacex but the interesting thing about starlink is it uses something called carrier grade nap and what that means is you don't get a public ip address that is routable on the internet you get a hundred dot whatever.whatever.whatever i p address that's actually an internal address in the starlink system the external ip address that the internet sees is probably shared among lots of different clients and it changes regularly not like every six months like maybe your current isp does but we're talking every time you connect every day or even you know multiple times a day so for services that rely on a public ip address like blue iris web server or like a client vpn or a site-to-site vpn it's just not possible with starlink so how did we solve this challenge so how do we solve this problem well with a service called zero tier before i faced this particular problem i had heard of zero tier but really never dove into what it was not only did it solve this problem but i think it opens the doors to a whole new way of networking software-defined networking that's not limited to the firewall and the network you have in your house or in your business in fact the mission of the company is to directly connect the world's devices and enable a new era of decentralized computing pretty cool so what the heck is it how does it work think of it as similar to a vpn but at the same time different how it works is you build a virtual sort of global network and this is separate from your existing local networks you install the zero tier software on whatever device you have laptop phones etc they even have nas and linux and a whole bunch of different clients and then you build out your network and each of these devices join your network from there zero tier hosts these beacons and your devices actually communicate up to these beacons but it's outward traffic outbound traffic from your network once your devices are joined to the network and they're communicating out to one or many of these beacons zero tier is then smart enough to figure out how the traffic should best route for example if i have a device here and a device on the other side of my house to proxy that traffic all the way out to zero tier and back wouldn't be smart so zero tier figures out what's the best route for the traffic and it sends it through there it uses a concept called udp hole punching hopefully i haven't lost you already and if you're not a networking person that's totally fine i know i'm kind of spewing a lot of things out here but stick with me and we'll get it going on blue iris in a second so once you've built this software defined virtual network you can join your blue iris pc to that network and in turn blue iris software and the web server not only does this work great for my regular old comcast internet now i don't have to have port forwarding on my firewall it also works with starlink in this carrier-grade nat scenario and since doing this i found a hundred other ways that i can explore zero tier but those are for future videos alright so before we switch to the computer and i actually show you how to get this set up two more things one everybody's asked well what does it cost for most of us out there who are just doing a simple network it's going to be totally free and that's one of the best things about this there are paid plans if you're going to get into a very very large network or multiple networks if you're doing this for a business or enterprise and it does support that so you could pay and it's even even then it's not super expensive but for most of us it's going to be free so the second thing i'm going to get asked is is it secure and the answer is yes the traffic from each of these devices up through zero tier and back is all encrypted so it's just like a vpn in the sense that it's a tunnel and even if you were to do a packet capture like some other youtubers have done you wouldn't actually be able to see what's going through the lines really the only data that zero tier is going to be able to see are your public ip addresses from each client and where they're connecting from and if you were that paranoid you could actually host your own zero tier beacon and run this on your own that's definitely an edge case and i think most of you will be fine with running it through zero tier so let's switch over to the tutorial i'll show you how to do it it's really not that hard trust me it's it's easy to set up and we'll have you up and running and then you'll be able to turn off that port forwarding and be more secure so the first thing you're going to want to do is go to xerotier.com or just google xero tier and it's going to bring you to their home page if you want to take a look at pricing we'll click on the pricing just for a second shows you some of the statistics network members up to 50. like i said for most people that's probably going to be fine with one admin but if you do want to get up to the professional or enterprise level they do have those options too so what you're going to want to do is click sign up enter your name email and create a password once you log in and verify your email you're going to be brought to this page now you won't have any networks and i'm just blocking my main network this is kind of a dummy network that i use just to test out here but you want to click create network once you create the network you're going to click on it so here's the page for our network so the first thing you can do is name the network so we're going to call this blue iris test and we'll call this test network in most cases you're going to want it to be a private network which means you will personally authorize each member of the network this is your network id it'll also say at the bottom this is what you're actually going to type into each client so your phone your laptop the blue iris pc right here is what you're going to need for them to join onto this virtual network if we scroll down you'll notice that you're automatically going to be assigned a block of ip addresses now you can choose one that doesn't conflict with your network typically these aren't because the second octet won't usually be a network that you're going to use in your home lab or your business so generally you can just choose one or let it auto assign now each device that joins this network right here is going to be issued an ip just like a dhcp ip where like when you plug into your network and your router gives you an ip it's just like this these you can leave uncheck for now all this you can leave the same and we have no devices have joined the network so you really don't have to do anything besides naming it on this page when a new device tries to join it's going to show up here let's download the client so at the top you'll click download and here all the different installers you have so windows mac android ios linux freebsd and nas there is this analogy qnap western digital installer but there's others as well in fact there is an unread docker image but what i'm going to do is actually swipe over to my blue iris machine so i'm going to minimize blue iris for a moment after i've installed the zero tier client which goes really quickly if i click on the tray here you should see zero tier one now if i give that a single click i'll have these options so here's my node id that's unique to each of these devices each computer i'm going to want to click join network now in this box i'm going to put that network id that was at the top of the page here's our network blue iris test we're going to copy this go back over to the blue iris machine we're going to paste it here i'm going to allow default allow global allow dns and allow manage i'm going to allow everything and i'm going to click join when you join to a zero tier network it actually puts a virtual network interface on your computer so in this case on a windows machine i'm going to hit yes if i go over to my networks and i click on change adapter settings so here's my network interface card that i have ethernet plugged into and now here's my zero tier network so it's like i have two network interface cards on this computer so let's close out of that we'll close out of this and let's jump back over to zero tier here's the blue iris machine it says it's online behind this notepad is my public ip address that it sees now this red dotted line means it's not authorized yet on my zero tier network so how do i do that you click the check box it turns green and now it says online and shortly an ip address will show up here because it will be handed out on that network card an ip address there you go and it even shows the version of the client okay our first device is now joined to our zero tier network let's swipe back over to our blue iris machine we'll open up blue iris and we're actually going to close the program this way the program sees that new network card so we're going to do yes we're going to close it and then we're going to reopen it so once blue hours is open you're going to click on the gear icon so you're going to click on web server normally you'll have your external address your wan address here and your internal address here and these should look pretty familiar but you'll notice adapters and now when you click this drop down you should see an additional adapter now this is the ip address of your zero tier network this is the ip that's been assigned to this bluehours machine so if i click that you'll notice that it still adds the port to it and if i click ok now blue iris the blue iris web server is on that zero tier ip address the cameras themselves are still connected to the regular 192 168 ip address but the web server itself is on a different network adapter your zero tier network is now set up your blue iris machine is now added to it and blue iris the web server in blue iris is connected to xero tier so what's left well now your devices that you want to be able to connect remotely from need to have zero tier on them as well and be on the network grab your iphone or android phone or ipad or macbook or whatever you have and download the zero tier client the app is really simple to navigate you're just going to hit the plus sign in the upper right hand corner accept the terms of service you're going to enter that same network id that we see at the top of the page in the zero tier dashboard we're going to enable default route we'll use network dns and we'll click add network now it's going to pop up and say xero tier would like to add vpn connections we're going to hit allow it'll last for your pin so you'll see your network there you'll just have to hit the toggle switch and the device will connect but remember there's one more thing we have to do we have to go accept this connection on our dashboard so we're back over on the computer now and you'll see i have the red dotted line so we're going to hit the check mark and in just a second it'll be issued in ip in the same network as our blue iris machine and there we go 192.168.193.185. this one's 102. so now my phone and the bluers pc are on the same virtual private network now you might say well what happens when i leave the house or the firewall is not going to let that connection in this is where the secret sauce of zero tier happens where that blue iris pc is talking to the beacon my phone is now talking to the beacon and then they're going to figure out how to communicate outside of the confines of a firewall and getting traffic in and out of it but there's one more thing you have to do in the blue iris app on your device before we can view our cameras so let's open up the blue iris app and click edit now what's there is going to be a lan ip and when i p but those aren't the correct ones anymore so what i want you to do is remove the wan ip completely and then in the lan ip section i want you to put the new zero tier ip address from this adapter and then colon and then the port so in my case it's going to be 192.168.193.1 colon 65535 and then we're going to hit save so just to prove this is going to happen properly i'm actually going to turn off my wi-fi completely this way i'm not on the local network i'm on the cellular network which basically is just like i'm coming in from anywhere else in the world so after you switch networks you might have to go back into zero tier and either toggle the network on and off or if it's already turned off turn it back on there is a feature request to zero tier to have an always on for the app so hopefully if you're listening zero tier you'll do that um not sure if it happens on android but definitely on mac and pc it seems to be always on so um yeah i'm going to go back into the app here we'll toggle it off and then we will toggle it back on and i can't take up to 20 seconds to connect kind of for the first time then once it's connected and you're on the same network it shouldn't bump you off again okay so now that we're connected and our blue iris pc is connected and our app has all the correct information in it let's open back up blue iris and we should see our cameras there we are no open ports on the firewall no client vpn so double nat or carrier grade nat or any weird situations it'll get through and we're able to see our cameras and it's good quality perfect quality and if you can't tell i'm pretty excited about zero tier in general not just for blue iris so stay tuned i'm gonna do some other videos on this because it is just so neat to think that you can basically build a virtual network that's still secure but doesn't require a network administrator at each site or sites that don't have a network administrator like for example where we volunteer at a dog rescue i could put that on the server there and then i could build a network that i could manage at their sites i mean it's it's just very cool if you're working in the cloud you have cloud servers you want to not leave rdp open an rdp port remote desktop port but you still want to be able to rdp to it i tested this out it works i have spun up a windows server on aws put zero tier on it and on added it to my network and then i'm able to connect to it no problem at all leaving the completely all inbound blocked off on the security group so anyway point being i think this is a really cool concept i hope zero tier continues to grow it looks like they're hiring so more power to them so if you found this helpful give me a thumbs up like i said if you have questions leave them in the comments below excited to hear what you guys think of this and also thank you to our patreon supporters you are what makes the channel possible as well as everybody who views and shares the video you all are great and lastly if you like this kind of content subscribe to the channel we do lots of blue iris videos tutorials and also home networking cloud computing lots of other fun tech stuff so with that said we will see in the next video take care you
Info
Channel: Cajoling Technologies
Views: 9,691
Rating: undefined out of 5
Keywords: blue iris, zerotier, zero tier, blue iris help, blue iris tutorials, blue iris 5, blue iris remote access, blue iris secure remote access, zerotier double nat, zerotier CGNAT, blue iris setup, blue iris camera setup, blue iris support
Id: dmqrK2Fomqw
Channel Id: undefined
Length: 16min 49sec (1009 seconds)
Published: Tue Mar 09 2021
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.