What's new

What router has enough data throughput for viewing cameras over a VPN?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

sueli

New Around Here
Hello everyone.

I am new here, and I am trying to figure out what router and software I would need to view a camera system over a VPN.

I would like to run 4-6 Dahua 5231 turret style IP cameras to monitor, detect and record activity around our residence for security. We would like to be able to view the cameras with our phones remotely. I plan to use a dedicated PC as a Blue Iris server and recording device.

I am going to record continuously, and want the recorded log to tag intrusion detection, tripwire activity, and missing / abandoned item detection. I want to record ad view the best quality video as possible.

The cameras would be wired directly into a POE switch, and the switch wired directly into the router.

There would be a dedicated Blue Iris PC to control the camera system and DVR record.
I wouldn't need access to that PC from other pc's.

We have Comcast Performance PRO.

I was thinking: MB8600 modem, RT-680U router, Poe switch, merlin software for the router, blue iris software for the cameras, and OpenVPN for the VPN.

Would the VPN server be able to encrypt the video feed data that I would be trying to access in real time with this router at full resolution?


Would I need to use higher level gear than that?
I want to get the best quality camera signal, and not down scale the frame rate. I would rather spend the money to get the equipment that can handle that much data.

Edited to clarify.
 
Last edited:
Hello everyone.

I am new here, and I am trying to figure out how to do something.

I would like to run 6 to 8 IP cameras and view them with my phone remotely. Is this possible? And how would it work?
Would setting up a VPN using OpenVPN accomplish this?
Or do I need a VLAN?

The cameras would be wired directly into a POE switch, and the switch wired directly into the router. Cameras recording full time.

The rest of the network would be used by a few direct wired pc's and people using their mobile devices on Wi-Fi. We don't have any bandwidth problems with our current use. We have Comcast Performance PRO.

I would really like to have a dedicated PC that records the cameras separate from my main PC. But I would like to be able to manage that PC and view the cameras from a different PC. I don't know how that would work.

Would I need a managed POE switch (whatever that means)?
What is POE+
Which router and POE switch would I need?

I was thinking: MB8600 modem, RT-680U router, Poe switch, merlin software for the router, blue iris software for the cameras, and OpenVPN for the VPN.

Would I need to use higher level gear than that?
I want to get the best quality camera signal, and not down scale the frame rate. I would rather spend the money to get the equipment that can handle that much data.

I would appreciate some help.


Yes, that should do it, but...

Based on several of your questions, you don't seem to tech savvy. I think you should consider a more "plug and play" solution like e.g. a synology nas with surveillance center installed, which would require a lot less technical effort to get up and running… It's just ment as a friendly advise, but if you decide to move forward with your original plan, you'll be somewhat an expert by the time you've got it working as planned.

Best of luck.
 
Your switch and router requirements depend on what cameras you are planning to go with and what features you need. Your question is so open-ended, we can't really give much advice here.



I would like to run 6 to 8 IP cameras and view them with my phone remotely. Is this possible? And how would it work?
Would setting up a VPN using OpenVPN accomplish this?
Or do I need a VLAN?
Yes all of this is possible, really depends on the user, security, cost, and feature requirements.

The rest of the network would be used by a few direct wired pc's and people using their mobile devices on Wi-Fi. We don't have any bandwidth problems with our current use. We have Comcast Performance PRO.
You are going to put personal mobile devices on the same network? Are these customer/guest or employee devices? Are you managing those devices? From a security perspective, this sounds like a bad idea. All depends on you goals and requirements for the cameras.

I would really like to have a dedicated PC that records the cameras separate from my main PC. But I would like to be able to manage that PC and view the cameras from a different PC. I don't know how that would work.
RDP, SSH, WebUI. Really depends on what solution you are doing and what technologies are behind the various solutions.

Would I need a managed POE switch (whatever that means)?
What is POE+
Which router and POE switch would I need?
Good chance a managed switch will come in handy, but not required. POE+ generally is nothing more than a higher power delivery capability. You can use injectors or a POE capable switch. What switch you need depends on what cameras you use and what their power requirements are.

I was thinking: MB8600 modem, RT-680U router, Poe switch, merlin software for the router, blue iris software for the cameras, and OpenVPN for the VPN.

Would I need to use higher level gear than that?
I want to get the best quality camera signal, and not down scale the frame rate. I would rather spend the money to get the equipment that can handle that much data.
There is nothing wrong with what you listed, but again, your requirements are not clear.
 
Based on several of your questions, you don't seem to tech savvy.

Yep, but I am working on learning.

a synology nas with surveillance center installed

I looked into that a little, and it doesn't appear that some of the features I want to use would work with the cameras I want to use, such as intrusion detection, line crossing, also abandoned / or missing item detection.

if you decide to move forward with your original plan, you'll be somewhat an expert by the time you've got it working as planned.

Building our own system might be the only affordable way to have a decent system with the functions we want. I think finding a competent security company to set something up would be as difficult as doing it ourselves.
If I can figure out the correct network layout, and get lined out on the hardware I am pretty sure we can figure out the configuration. We are competent with the actual camera installation aspect, and there seems to be a fair amount of information available on configuring things.






Your switch and router requirements depend on what cameras you are planning to go with and what features you need. Your question is so open-ended, we can't really give much advice here.

Thanks for the reply. I will try to be more specific. I am still trying to figure out the best way to configure everything. I don't quite have the knowledge to determine the proper layout.

I want to run 4-6 Dahua 5231 turret style cameras and use a dedicated PC as a Blue Iris server and recording device.
I am going to record continuously, and want the recorded log to tag intrusion detection, and tripwire activity. I want to record the best quality video as possible. I don't have the budget to go up much from those cameras, although I would prefer better quality and better color night recording then they are capable of, I don't think that is feasible.

The other thing I wanted to do was to set up a VPN on the router to be able to remote view the cameras, I am concerned that there will be a remote access bottleneck because the VPN server probably won't be able to encrypt the video feed data that I would be trying to access in real time.

I see now that I will need to manage the Blue Iris camera computer and network from just that computer and the home PC should not be connected to that network, so that is how I intend to do it.


You are going to put personal mobile devices on the same network? Are these customer/guest or employee devices? Are you managing those devices? From a security perspective, this sounds like a bad idea. All depends on you goals and requirements for the cameras.

This is a home network. So there are a few hard wired PC's and our family uses the wifi for their mobile phones.

I am not totally sure what managing those devices means. I guess I manage the network and 1 pc security. I will also manage the camera system. I sort of manage the other pc's by making sure they have security software.

With a managed POE I could separate the home PC network from the Camera network using a VLAN. But the wifi would be served from the same router. So I am not sure about the exposure that would create for the networks on the POE. But I thought the wifi router was behind a firewall and I could bock the cameras from phoning home.

I wasn't sure if I should hook the home pc's up to the router ports, and the cameras to the POE which will be plugged into the router. Or run everything to the POE and separate the networks there as a VLAN and then wire it to the router.

The other option would be a fully separate and closed camera network, with no remote access and no internet access. But I would still have to figure out how to get firmware updates installed.


Good chance a managed switch will come in handy, but not required. POE+ generally is nothing more than a higher power delivery capability. You can use injectors or a POE capable switch. What switch you need depends on what cameras you use and what their power requirements are.
I don't know what an injector is.
 
Ah....didn't get this was a home setup....lots of my response was more from a business perspective.

So some of the same principles apply here, but the risk tolerance is usually quite a bit higher for a home network than for a business network. What I do and allow on my home network is no where near what would be ok on my work network.

What isn't clear still is what are your security requirements? Are you just trying to put cameras to see what is going on around your house? Are you trying to build a fool proof secure video system? Do you care what devices on your internal network can access your video system?

Are you taking into consideration the physical security of the DVR itself? If someone breaks into the house and takes the DVR, have you really improved your security posture with the cameras?

Basic setup
- just buy a PoE switch that meets the requirements of your cameras
- connect all cameras to PoE switch
- PoE switch connects to existing switch and/or router
- use OpenVPN features built into router
- everything sits on a single VLAN with no access controls between them
- this is very simple to build and manage
- drawbacks are that any device on your network can access your video system since it is a single VLAN

Complex setup
- buy a PoE switch that meets the requirements of your cameras
- buy/build a more powerful router to support multiple VLANs and higher performance OpenVPN
- PoE switch connects to dedicated router interface
- FW can control/limit what clients on the normal LAN can access the video system
- drawbacks here are a more advanced FW configuration requirement and possibly additional hardware for the FW and switch

It really comes down to how much time and effort you want to put into the build and more importantly the operations of your home environment.

A power injector is just a device that goes in-line on the Ethernet cable to inject the PoE if you are using a non-PoE switch.
 
What isn't clear still is what are your security requirements? Are you just trying to put cameras to see what is going on around your house? Are you trying to build a fool proof secure video system? Do you care what devices on your internal network can access your video system?

Thanks for the reply.

We primarily want to be able to detect and monitor what is going on around us, and record activity.

I don't know what a fool proof secure video system means, but I do know that some secure government facilities have closed security camera networks.

We only want the Blue Iris dvr pc and the remote phone access to that system over vpn. Other than that we would prefer it was not accessible from other devices. So it sounds like we want the complex setup unless we totally isolate the camera network.

I have 2 questions.

1. If I totally isolate the cameras and Blue Iris DVR PC from the internet, how would I install firmware updates for the cameras, and blue iris.
2. What managed POE Switch, and more powerful router would I need for the complex multiple VLAN setup?



Are you taking into consideration the physical security of the DVR itself? If someone breaks into the house and takes the DVR, have you really improved your security posture with the cameras?

I understand this principle and have considered it. Our plan was to hide the Blue Iris DVR computer in a hidden space.

Our real security posture sort of a novelty compared to physical hardening since cameras and alarms do nothing to stop someone from actually breaking in, or stealing our cameras. The cameras and alarm would be better than nothing though.
 
Last edited:
1. If I totally isolate the cameras and Blue Iris DVR PC from the internet, how would I install firmware updates for the cameras, and blue iris?

2. How would I sync the camera time stamps when recording direct to DVR without internet access?

3. What managed POE Switch, and more powerful Router would I need for the more complex multiple VLAN system?

Thanks.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top