What's new
  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Stock ASUS Firmware & Webcam blocked over internet, available via VPN?

necromancyr

Occasional Visitor
So, I need to use stock ASUSWRT because I'm using AiMesh and am trying to figure out how to do the following:
  1. Block the cameras I have in my house from accessing the internet/sending information anywhere
  2. Be able to access the cameras via the VPN
  3. Do this on stock since I use AiMesh
So...I can do 1 via parental controls. But that kills all connection to cameras even when connecting solely via the VPN.

I've been able to find a number of posts round setting up certain routing rules to accomplish what I'm doing using Merlin, but since I want to use AiMesh, I can't switch.

Any thoughts/ideas would be helpful - even open to using modified firmware on the camera's to stop them from doing the phone home crap they are so well know for (FOSCAMs).

Any thoughts would be appreciated - not sure exactly how to tackle this. For now, my cameras are basically an at home only monitoring service!
 
did you try the "Firewall - Network Services Filter "?
About the foscam phone home, I think they had fix it by provide firmware update which can truly disable the p2p function, I didn't see any phone home for my R2, I had monitor its connection before and I only see it connect to the NTP server I provide.
 
Wouldn't using the Network Services Filter do the same thing as the parental controls? I thought they were equivalent - just a once click vs. customizable.
 
Not that it's for everyone, mind you. But if you don't find a stock solution. You might consider a hybrid approach.

Get another ASUS router, and then run Merlin, to a Mesh router in AP mode w/ any nodes (?). As I said it's not for everyone. It's not much of a learning curve to setup. All the time and energy savings to you might be worth it.
I have gotten several good deals on eBay, though having said that another purchase may not be in everyones budget at this moment, and some don't want the additional complexity. Which is entirely understandable.

I only mention this as I noticed an IOT blocking available in Skynet on Melrin. It could be just what you asked for. I have not tried it, so you would need to research on your own, to see it it meets your requirements.

My setup is in my signature.
 
The three brands of cameras that I have tried all have the ability to disable access to them from the internet usually by disabling the UPnP option and/or P2P options in the camera settings. But if yours don't have that option, then disable UPnP on the router (should be disabled anyhow). That should prevent any devices outside your network from accessing your camera.

If you are trying to stop your cameras from reaching out to the internet, then perhaps the most simple option is to use the "block internet access" feature in the ASUS firmware. In the Network Map page, click on the circle above the text listing the number of clients. That will bring up a list of all the devices on your network. Click on a camera. A window will pop up that includes the option to disable access to the internet.

Setting up the router VPN server pretty straightforward. There are a number of threads discussing it. It does take a little reading to get a feel for the best combination of security settings and performance.
 
The problem is whenever you block the cam access to internet with "block internet access" and "parental controls" it also block access from VPN, that's why I said use the "Network Services Filter" and white list the cam video port, or black list the port 443.
anyway the foscam should not phone home if you never setup it by the mobile app (that means only use the web ui to setup), once you use the mobile app to setup it will keeps phone home to aws. To resolve this you need to factory reset the cam, there is no other solutions yet and I had file a feature request before.

I had 2 setup with some foscam IP cam + 68U/86U, with always on vpn connect to a CCR1009 in other country.
 

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Back
Top