Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3


31 posts

Geek


  # 1970797 7-Mar-2018 19:16
Send private message

Update on workarounds study for CGNAT

 

 

 

NGROK has been working fine. Typically I start it whenever I'm going out. I'm currently on the free plan.

 

One bug is with copying and pasting from the NGROK window to my email. Once the text is highlighted, it's automatically copied to clipboard... or at least it's supposed to. I have to re-highlight several times in order to finally be able to paste into my email.

 

I read about the -config file. Apparently I can start multiple tunnel instances. This would be handy when I begin switching to IP cameras.

 

I need more study to understand how i can benefit from NGROK paid plans.

 

 

 

The study of using vps as a workaround is proceeding. I started a VPS with Ubuntu on Digital Ocean. Recently I successfully connected using Putty. I've yet to work out how to connect from the Samsung Galaxy. I've installed a Terminal Emulator and SSHDroid hoping these will be my answer. I've learnt quite a bit. Each time I sit down and study I pick up a new piece of the puzzle.

 

 

 

Comments and pointers appreciated. Thanks.


60 posts

Master Geek


  # 1977023 15-Mar-2018 11:35
Send private message

CGNAT:

 

Update on workarounds study for CGNAT

 

 

 

NGROK has been working fine. Typically I start it whenever I'm going out. I'm currently on the free plan.

 

One bug is with copying and pasting from the NGROK window to my email. Once the text is highlighted, it's automatically copied to clipboard... or at least it's supposed to. I have to re-highlight several times in order to finally be able to paste into my email.

 

I read about the -config file. Apparently I can start multiple tunnel instances. This would be handy when I begin switching to IP cameras.

 

I need more study to understand how i can benefit from NGROK paid plans.

 

 

 

The study of using vps as a workaround is proceeding. I started a VPS with Ubuntu on Digital Ocean. Recently I successfully connected using Putty. I've yet to work out how to connect from the Samsung Galaxy. I've installed a Terminal Emulator and SSHDroid hoping these will be my answer. I've learnt quite a bit. Each time I sit down and study I pick up a new piece of the puzzle.

 

 

 

Comments and pointers appreciated. Thanks.

 

 

 

 

Hows things going now mate? Have you tested gaming using a VPS service?


 
 
 
 




31 posts

Geek


  # 1977097 15-Mar-2018 12:29
Send private message

Xplaya:

 

Hows things going now mate? Have you tested gaming using a VPS service?

 

I'm making progress in small steps. No, I've not so much as looked at using VPS for anything else. Digital Ocean isn't proving to be very stable. It can take several minutes just to get past login. It doesn't look like it's the way to go.

 

I've found something much more interesting here :

 

https://www.techrepublic.com/blog/smartphones/securely-connect-your-android-smartphone-via-vpn/

 

https://ipcamtalk.com/threads/vpn-primer-for-noobs.14601/

 

 


28373 posts

Uber Geek

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  # 1977104 15-Mar-2018 12:42
Send private message

CGNAT:

 

Xplaya:

 

Hows things going now mate? Have you tested gaming using a VPS service?

 

I'm making progress in small steps. No, I've not so much as looked at using VPS for anything else. Digital Ocean isn't proving to be very stable. It can take several minutes just to get past login. It doesn't look like it's the way to go.

 

I've found something much more interesting here :

 

https://www.techrepublic.com/blog/smartphones/securely-connect-your-android-smartphone-via-vpn/

 

https://ipcamtalk.com/threads/vpn-primer-for-noobs.14601/

 

 

 

 

I'm a little lost.. you can't establish a VPN since you're on a CG-NAT connection. 




31 posts

Geek


  # 1978534 16-Mar-2018 11:24
Send private message

Yes, I'm going around in circles. I've learnt a huge amount simply by searching, reading and trying. Part of the problem is that much of the available information pertains to port forwarding which I can't use behind CGNAT. Accurate recognition of correct steps, tools and components is another hurdle. Plan is to keep plugging along but I could use some pointers. I really like the idea of being able to remotely connect to my home network. In this day and age it's going to be needed more and more.

 

Thanks.


886 posts

Ultimate Geek

Lifetime subscriber

  # 1978552 16-Mar-2018 11:49
One person supports this post
Send private message

CGNAT:

 

I really like the idea of being able to remotely connect to my home network. In this day and age it's going to be needed more and more.

 

Thanks.

 

 

There is always Teamviewer.





Gordy


defiant
1035 posts

Uber Geek

Lifetime subscriber

  # 1978557 16-Mar-2018 11:56
One person supports this post
Send private message

The fact of the matter is you just need to change to an ISP that doesn't use CGNAT.

 

You'll spend far less time, effort and frustration coming to the realisation that you're severely limited in what you can do because of CGNAT


 
 
 
 


28373 posts

Uber Geek

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  # 1978564 16-Mar-2018 12:02
Send private message

CGNAT:

 

I really like the idea of being able to remotely connect to my home network. In this day and age it's going to be needed more and more.

 

Thanks.

 

 

Yes and no. More connectivity will happen, but not directly via port forwards which are an inherent security hole.

 

Having a CG-NAT connections is actually a fantastic thing for end user security (and security of the Internet as a whole) because it prevents people who do things such as port forwards to CCTV gear that's wide open to the whole internet from being compromised.

 

There are plenty of ways of getting around CG-NAT with applications, using examples of things such as TeamViewer. This is how well build solutions should work.

 

 

 

 

 

 




31 posts

Geek


  # 1978841 16-Mar-2018 19:47
Send private message

Thanks for the responses.

 

I'd forgotten about Teamviewer. Brilliant! It works without fuss, right from the get-go. I installed it on my Android J5, then on my home PC. After putting appropriate user ID's, passwords and activating account from email, the connection sparked up immediately. It's quite a winner. I set the PC to be connected as: unattended. I was able to view my DVR live or historic footage. Thanks to Gordy.

 

Re switching ISP. There's 249 reasons I don't swap ISP. Each of those reasons is a dollar. Yep, it is a contract penalty clause if I bail out early. I suppose it's a good reason not to go with a contract!  I'd had Skinny Mobile for some time and are perfectly happy with it. On the bright side I have a good rate of $68/month, a free ($99) router and unlimited VDSL.

 

And now I've got 2 workarounds..

 

 

 

 

 

 




31 posts

Geek


  # 1983863 26-Mar-2018 22:28
Send private message

Update:

 

I've been using Teamviewer for a couple of weeks and have gotten used to its' ways. Awesome app.

 

I've been researching IP cameras set ups. I note some use P2P which does not require port forwarding or DDNS. As I understand each P2P IP camera has a UID. You cannot view a camera via a browser as it requires the p2p library built into the viewer. It is not possible to build such a library into a browser. It can be accessed by iOS, android and windows apps. There is tunnelling between camera and app so I expect this will work.

 

I'm planning to buy a NVR and Ip cams that are P2P capable according to the documentation so we'll see... workaround #3 ??


22649 posts

Uber Geek

Trusted
Subscriber

  # 1983872 26-Mar-2018 23:01
Send private message

Most of the p2p cameras have a website that works as a reflector. xmeye etc all have one. Have to use the trash activex plugin etc to use it still, but basically when I last looked they would start sending things to and from a non registered camera just knowing its serial number and filling in a captcha, and then you had the default login, and most people seemed to have no password or the default one. No idea if it could be used to access the other ports on the camera like the default open telnet or not because I was already horrified enough to totally block the internet access when I saw it was still talking to the cloud even tho the cloud option was unticked.





Richard rich.ms



31 posts

Geek


  # 1985794 29-Mar-2018 23:56
Send private message

Interesting comments there Richard. Yes, that IE activeX is a menace. Surprising to see they are still using it. I think it's only for viewing via browser though.

 

I suppose the question has to be asked.. Is P2P better or worse than port forwarding? If I understood it correctly, the Chinese P2P server only facilitates the connection and the data between home and remote is encrypted via tunnel. The baddies are always thinking and scheming though. Where there's a will there's a way. They'll take easy pickings first. The thought is to make it easier to go elsewhere.

 

BTW, I fixed my Hikvision DS-2CD2032F-l. It was very unstable, often dropping out and refusing to connect. Even the Sad app tool couldn't find it. The solution was to run winPcap_4_1_3.exe from SADPtool folder.

 

Because IE doesn't get much use these days, I changed the home page to IPCam log in so as soon as I open IE it hits straight on the camera.

 

Anyway I'd interested to hear anyones' thoughts about how to make more secure the P2P setup. Looks like I'm going ahead with a NVR purchase while Aliexpress are having a big anniversary sale.

 

Thanks.


22649 posts

Uber Geek

Trusted
Subscriber

  # 1985863 30-Mar-2018 10:21
Send private message

I have not looked hard enough to see if the tunnel is encrypted or not. I have a feeling it would not be since then the cameras could offer it locally as well. All they have is an open RTSP stream which _may_ need a password depending on the version of the software used. Many xmeye based cameras come with really old software on them still with no password on the RTSP stream, just the login page.

 

Securing anything so its remotely accessible means putting it behind a VPN server, which will not be possible with CGNAT, and also may have problems on some free wifi since they like to block VPNs so that kids cant use it to get around the porno blocks.

 

And the big sale is largly BS on there, look at other sellers of the same things and the upcoming sale prices are often still higher than other sellers.





Richard rich.ms



31 posts

Geek


  # 1986634 1-Apr-2018 00:43
Send private message

Thanks for the thoughts to ponder over.

 

I know what you mean about "really old software". My current DVR is something like that. 

 

I picked up 2 cameras off Aliexpress to play with. Like my lone Hikvision Ipcam, these new cams can be viewed via Teamviewer if P2P doesn't work out. Depending on how they go, I may elect to get a NVR to suit.

 

I looked long and hard, compared prices with features. Viewed all the tutorials I could. Scrolled through endless feedback. Aliexpress won this time...


541 posts

Ultimate Geek

Trusted

  # 1986687 1-Apr-2018 11:00
Send private message

sbiddle:

 

CGNAT won't become more prevalent except for low cost RSP's that don't want to fork out for IPv4 address space. Some such as Bigpipe offer a public address for a one off fee.

 

As your requirements are for a public IP, your best option would be to move to a RSP that offers one rather than CG-NAT.

 

Secondly you should never ever port forward to IP cameras or a NVR/DVR for surveillance. Never. Ever. Most people use port forwards without understanding the massive security risks it opens there networks up to.

 

 

 

 

 

 

 

 

As someone who has built several service provider networks and is still implementing new networks I can assure you that CGNAT for IPv4 will become more and more prevalent, not just on low cost providers. I have recently gone through the process of buying IPv4 space and it is a slow, expensive, difficult and very messy process. You can't just pop up and say, hey I am after a /16 and here is my million bucks who wants it. As mainstream providers run out of IPv4 they are not going to throw millions of dollars out there just to cater for the 0.5% of people who genuinely have a real need for it, instead these people (like myself) will be treated as the exception and they will offer static IP's as needed. I've just gone through the process of building another platform and implemented CGNAT IPv4 + native IPv6 (/56) for every user and I believe this will be the default solution moving forward that providers will offer. Deploying native IPv6 certainly has its challenges (the ISP allocates your "internal" IPv6 range for example), but it is the only real long term solution that works today and moving forward. Anything clinging to requiring a public IPv4 address has very numbered days (*&*$*&%*$ Sony PSN network!). By the way, yes I have made sure that static IPv4 + static IPv6 is available by exception.


1 | 2 | 3
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic



Switch your broadband provider now - compare prices


Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Microsoft Translator understands te reo Māori
Posted 22-Nov-2019 08:46


Chorus to launch Hyperfibre service
Posted 18-Nov-2019 15:00


Microsoft launches first Experience Center worldwide for Asia Pacific in Singapore
Posted 13-Nov-2019 13:08


Disney+ comes to LG Smart TVs
Posted 13-Nov-2019 12:55


Spark launches new wireless broadband "Unplan Metro"
Posted 11-Nov-2019 08:19


Malwarebytes overhauls flagship product with new UI, faster engine and lighter footprint
Posted 6-Nov-2019 11:48


CarbonClick launches into Digital Marketplaces
Posted 6-Nov-2019 11:42


Kordia offers Microsoft Azure Peering Service
Posted 6-Nov-2019 11:41


Spark 5G live on Auckland Harbour for Emirates Team New Zealand
Posted 4-Nov-2019 17:30


BNZ and Vodafone partner to boost NZ Tech for SME
Posted 31-Oct-2019 17:14


Nokia 7.2 available in New Zealand
Posted 31-Oct-2019 16:24


2talk launches Microsoft Teams Direct Routing product
Posted 29-Oct-2019 10:35


New Breast Cancer Foundation app puts power in Kiwi women's hands
Posted 25-Oct-2019 16:13


OPPO Reno2 Series lands, alongside hybrid noise-cancelling Wireless Headphones
Posted 24-Oct-2019 15:32


Waikato Data Scientists awarded $13 million from the Government
Posted 24-Oct-2019 15:27



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.