Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3


30 posts

Geek
+1 received by user: 1


  # 1970797 7-Mar-2018 19:16
Send private message

Update on workarounds study for CGNAT

 

 

 

NGROK has been working fine. Typically I start it whenever I'm going out. I'm currently on the free plan.

 

One bug is with copying and pasting from the NGROK window to my email. Once the text is highlighted, it's automatically copied to clipboard... or at least it's supposed to. I have to re-highlight several times in order to finally be able to paste into my email.

 

I read about the -config file. Apparently I can start multiple tunnel instances. This would be handy when I begin switching to IP cameras.

 

I need more study to understand how i can benefit from NGROK paid plans.

 

 

 

The study of using vps as a workaround is proceeding. I started a VPS with Ubuntu on Digital Ocean. Recently I successfully connected using Putty. I've yet to work out how to connect from the Samsung Galaxy. I've installed a Terminal Emulator and SSHDroid hoping these will be my answer. I've learnt quite a bit. Each time I sit down and study I pick up a new piece of the puzzle.

 

 

 

Comments and pointers appreciated. Thanks.


59 posts

Master Geek
+1 received by user: 1


  # 1977023 15-Mar-2018 11:35
Send private message

CGNAT:

 

Update on workarounds study for CGNAT

 

 

 

NGROK has been working fine. Typically I start it whenever I'm going out. I'm currently on the free plan.

 

One bug is with copying and pasting from the NGROK window to my email. Once the text is highlighted, it's automatically copied to clipboard... or at least it's supposed to. I have to re-highlight several times in order to finally be able to paste into my email.

 

I read about the -config file. Apparently I can start multiple tunnel instances. This would be handy when I begin switching to IP cameras.

 

I need more study to understand how i can benefit from NGROK paid plans.

 

 

 

The study of using vps as a workaround is proceeding. I started a VPS with Ubuntu on Digital Ocean. Recently I successfully connected using Putty. I've yet to work out how to connect from the Samsung Galaxy. I've installed a Terminal Emulator and SSHDroid hoping these will be my answer. I've learnt quite a bit. Each time I sit down and study I pick up a new piece of the puzzle.

 

 

 

Comments and pointers appreciated. Thanks.

 

 

 

 

Hows things going now mate? Have you tested gaming using a VPS service?


 
 
 
 




30 posts

Geek
+1 received by user: 1


  # 1977097 15-Mar-2018 12:29
Send private message

Xplaya:

 

Hows things going now mate? Have you tested gaming using a VPS service?

 

I'm making progress in small steps. No, I've not so much as looked at using VPS for anything else. Digital Ocean isn't proving to be very stable. It can take several minutes just to get past login. It doesn't look like it's the way to go.

 

I've found something much more interesting here :

 

https://www.techrepublic.com/blog/smartphones/securely-connect-your-android-smartphone-via-vpn/

 

https://ipcamtalk.com/threads/vpn-primer-for-noobs.14601/

 

 


27989 posts

Uber Geek
+1 received by user: 7470

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  # 1977104 15-Mar-2018 12:42
Send private message

CGNAT:

 

Xplaya:

 

Hows things going now mate? Have you tested gaming using a VPS service?

 

I'm making progress in small steps. No, I've not so much as looked at using VPS for anything else. Digital Ocean isn't proving to be very stable. It can take several minutes just to get past login. It doesn't look like it's the way to go.

 

I've found something much more interesting here :

 

https://www.techrepublic.com/blog/smartphones/securely-connect-your-android-smartphone-via-vpn/

 

https://ipcamtalk.com/threads/vpn-primer-for-noobs.14601/

 

 

 

 

I'm a little lost.. you can't establish a VPN since you're on a CG-NAT connection. 




30 posts

Geek
+1 received by user: 1


  # 1978534 16-Mar-2018 11:24
Send private message

Yes, I'm going around in circles. I've learnt a huge amount simply by searching, reading and trying. Part of the problem is that much of the available information pertains to port forwarding which I can't use behind CGNAT. Accurate recognition of correct steps, tools and components is another hurdle. Plan is to keep plugging along but I could use some pointers. I really like the idea of being able to remotely connect to my home network. In this day and age it's going to be needed more and more.

 

Thanks.


819 posts

Ultimate Geek
+1 received by user: 115

Lifetime subscriber

  # 1978552 16-Mar-2018 11:49
One person supports this post
Send private message

CGNAT:

 

I really like the idea of being able to remotely connect to my home network. In this day and age it's going to be needed more and more.

 

Thanks.

 

 

There is always Teamviewer.





Gordy


defiant
900 posts

Ultimate Geek
+1 received by user: 491

Lifetime subscriber

  # 1978557 16-Mar-2018 11:56
One person supports this post
Send private message

The fact of the matter is you just need to change to an ISP that doesn't use CGNAT.

 

You'll spend far less time, effort and frustration coming to the realisation that you're severely limited in what you can do because of CGNAT


 
 
 
 


27989 posts

Uber Geek
+1 received by user: 7470

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  # 1978564 16-Mar-2018 12:02
Send private message

CGNAT:

 

I really like the idea of being able to remotely connect to my home network. In this day and age it's going to be needed more and more.

 

Thanks.

 

 

Yes and no. More connectivity will happen, but not directly via port forwards which are an inherent security hole.

 

Having a CG-NAT connections is actually a fantastic thing for end user security (and security of the Internet as a whole) because it prevents people who do things such as port forwards to CCTV gear that's wide open to the whole internet from being compromised.

 

There are plenty of ways of getting around CG-NAT with applications, using examples of things such as TeamViewer. This is how well build solutions should work.

 

 

 

 

 

 




30 posts

Geek
+1 received by user: 1


  # 1978841 16-Mar-2018 19:47
Send private message

Thanks for the responses.

 

I'd forgotten about Teamviewer. Brilliant! It works without fuss, right from the get-go. I installed it on my Android J5, then on my home PC. After putting appropriate user ID's, passwords and activating account from email, the connection sparked up immediately. It's quite a winner. I set the PC to be connected as: unattended. I was able to view my DVR live or historic footage. Thanks to Gordy.

 

Re switching ISP. There's 249 reasons I don't swap ISP. Each of those reasons is a dollar. Yep, it is a contract penalty clause if I bail out early. I suppose it's a good reason not to go with a contract!  I'd had Skinny Mobile for some time and are perfectly happy with it. On the bright side I have a good rate of $68/month, a free ($99) router and unlimited VDSL.

 

And now I've got 2 workarounds..

 

 

 

 

 

 




30 posts

Geek
+1 received by user: 1


  # 1983863 26-Mar-2018 22:28
Send private message

Update:

 

I've been using Teamviewer for a couple of weeks and have gotten used to its' ways. Awesome app.

 

I've been researching IP cameras set ups. I note some use P2P which does not require port forwarding or DDNS. As I understand each P2P IP camera has a UID. You cannot view a camera via a browser as it requires the p2p library built into the viewer. It is not possible to build such a library into a browser. It can be accessed by iOS, android and windows apps. There is tunnelling between camera and app so I expect this will work.

 

I'm planning to buy a NVR and Ip cams that are P2P capable according to the documentation so we'll see... workaround #3 ??


22264 posts

Uber Geek
+1 received by user: 4787

Trusted
Subscriber

  # 1983872 26-Mar-2018 23:01
Send private message

Most of the p2p cameras have a website that works as a reflector. xmeye etc all have one. Have to use the trash activex plugin etc to use it still, but basically when I last looked they would start sending things to and from a non registered camera just knowing its serial number and filling in a captcha, and then you had the default login, and most people seemed to have no password or the default one. No idea if it could be used to access the other ports on the camera like the default open telnet or not because I was already horrified enough to totally block the internet access when I saw it was still talking to the cloud even tho the cloud option was unticked.





Richard rich.ms



30 posts

Geek
+1 received by user: 1


  # 1985794 29-Mar-2018 23:56
Send private message

Interesting comments there Richard. Yes, that IE activeX is a menace. Surprising to see they are still using it. I think it's only for viewing via browser though.

 

I suppose the question has to be asked.. Is P2P better or worse than port forwarding? If I understood it correctly, the Chinese P2P server only facilitates the connection and the data between home and remote is encrypted via tunnel. The baddies are always thinking and scheming though. Where there's a will there's a way. They'll take easy pickings first. The thought is to make it easier to go elsewhere.

 

BTW, I fixed my Hikvision DS-2CD2032F-l. It was very unstable, often dropping out and refusing to connect. Even the Sad app tool couldn't find it. The solution was to run winPcap_4_1_3.exe from SADPtool folder.

 

Because IE doesn't get much use these days, I changed the home page to IPCam log in so as soon as I open IE it hits straight on the camera.

 

Anyway I'd interested to hear anyones' thoughts about how to make more secure the P2P setup. Looks like I'm going ahead with a NVR purchase while Aliexpress are having a big anniversary sale.

 

Thanks.


22264 posts

Uber Geek
+1 received by user: 4787

Trusted
Subscriber

  # 1985863 30-Mar-2018 10:21
Send private message

I have not looked hard enough to see if the tunnel is encrypted or not. I have a feeling it would not be since then the cameras could offer it locally as well. All they have is an open RTSP stream which _may_ need a password depending on the version of the software used. Many xmeye based cameras come with really old software on them still with no password on the RTSP stream, just the login page.

 

Securing anything so its remotely accessible means putting it behind a VPN server, which will not be possible with CGNAT, and also may have problems on some free wifi since they like to block VPNs so that kids cant use it to get around the porno blocks.

 

And the big sale is largly BS on there, look at other sellers of the same things and the upcoming sale prices are often still higher than other sellers.





Richard rich.ms



30 posts

Geek
+1 received by user: 1


  # 1986634 1-Apr-2018 00:43
Send private message

Thanks for the thoughts to ponder over.

 

I know what you mean about "really old software". My current DVR is something like that. 

 

I picked up 2 cameras off Aliexpress to play with. Like my lone Hikvision Ipcam, these new cams can be viewed via Teamviewer if P2P doesn't work out. Depending on how they go, I may elect to get a NVR to suit.

 

I looked long and hard, compared prices with features. Viewed all the tutorials I could. Scrolled through endless feedback. Aliexpress won this time...


488 posts

Ultimate Geek
+1 received by user: 279

Trusted

  # 1986687 1-Apr-2018 11:00
Send private message

sbiddle:

 

CGNAT won't become more prevalent except for low cost RSP's that don't want to fork out for IPv4 address space. Some such as Bigpipe offer a public address for a one off fee.

 

As your requirements are for a public IP, your best option would be to move to a RSP that offers one rather than CG-NAT.

 

Secondly you should never ever port forward to IP cameras or a NVR/DVR for surveillance. Never. Ever. Most people use port forwards without understanding the massive security risks it opens there networks up to.

 

 

 

 

 

 

 

 

As someone who has built several service provider networks and is still implementing new networks I can assure you that CGNAT for IPv4 will become more and more prevalent, not just on low cost providers. I have recently gone through the process of buying IPv4 space and it is a slow, expensive, difficult and very messy process. You can't just pop up and say, hey I am after a /16 and here is my million bucks who wants it. As mainstream providers run out of IPv4 they are not going to throw millions of dollars out there just to cater for the 0.5% of people who genuinely have a real need for it, instead these people (like myself) will be treated as the exception and they will offer static IP's as needed. I've just gone through the process of building another platform and implemented CGNAT IPv4 + native IPv6 (/56) for every user and I believe this will be the default solution moving forward that providers will offer. Deploying native IPv6 certainly has its challenges (the ISP allocates your "internal" IPv6 range for example), but it is the only real long term solution that works today and moving forward. Anything clinging to requiring a public IPv4 address has very numbered days (*&*$*&%*$ Sony PSN network!). By the way, yes I have made sure that static IPv4 + static IPv6 is available by exception.


1 | 2 | 3
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Huawei's scholarship programme showcases international business to Kiwi undergrads
Posted 22-Jul-2019 17:53


Spark Sport launches across a range of new devices
Posted 22-Jul-2019 13:19


Dunedin selects Telensa to deliver smart street lighting for 15,000 LEDs
Posted 18-Jul-2019 10:21


Sprint announces a connected wallet card with built-in IoT support
Posted 18-Jul-2019 08:36


Educational tool developed at Otago makes international launch
Posted 17-Jul-2019 21:57


Symantec introduces cloud access security solution
Posted 17-Jul-2019 21:48


New Zealand government unveils new digital service to make business easier
Posted 16-Jul-2019 17:35


Scientists unveil image of quantum entanglement
Posted 13-Jul-2019 06:00


Hackers to be challenged at University of Waikato
Posted 12-Jul-2019 21:34


OPPO Reno Z now available in New Zealand
Posted 12-Jul-2019 21:28


Sony introduces WF-1000XM3 wireless headphones with noise cancellation
Posted 8-Jul-2019 16:56


Xero announces new smarter tools, push into the North American market
Posted 19-Jun-2019 17:20


New report by Unisys shows New Zealanders want action by social platform companies and police to monitor social media sites
Posted 19-Jun-2019 17:09


ASB adds Google Pay option to contactless payments
Posted 19-Jun-2019 17:05


New Zealand PC Market declines on the back of high channel inventory, IDC reports
Posted 18-Jun-2019 17:35



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.