1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

What router has enough data throughput for viewing cameras over a VPN?

Discussion in 'Wireless Buying Advice' started by sueli, Jun 15, 2019.

  1. sueli

    sueli New Around Here

    Joined:
    Jun 15, 2019
    Messages:
    4
    Hello everyone.

    I am new here, and I am trying to figure out what router and software I would need to view a camera system over a VPN.

    I would like to run 4-6 Dahua 5231 turret style IP cameras to monitor, detect and record activity around our residence for security. We would like to be able to view the cameras with our phones remotely. I plan to use a dedicated PC as a Blue Iris server and recording device.

    I am going to record continuously, and want the recorded log to tag intrusion detection, tripwire activity, and missing / abandoned item detection. I want to record ad view the best quality video as possible.

    The cameras would be wired directly into a POE switch, and the switch wired directly into the router.

    There would be a dedicated Blue Iris PC to control the camera system and DVR record.
    I wouldn't need access to that PC from other pc's.

    We have Comcast Performance PRO.

    I was thinking: MB8600 modem, RT-680U router, Poe switch, merlin software for the router, blue iris software for the cameras, and OpenVPN for the VPN.

    Would the VPN server be able to encrypt the video feed data that I would be trying to access in real time with this router at full resolution?


    Would I need to use higher level gear than that?
    I want to get the best quality camera signal, and not down scale the frame rate. I would rather spend the money to get the equipment that can handle that much data.

    Edited to clarify.
     
    Last edited: Jun 27, 2019
  2. jass

    jass Regular Contributor

    Joined:
    Jan 1, 2017
    Messages:
    52

    Yes, that should do it, but...

    Based on several of your questions, you don't seem to tech savvy. I think you should consider a more "plug and play" solution like e.g. a synology nas with surveillance center installed, which would require a lot less technical effort to get up and running… It's just ment as a friendly advise, but if you decide to move forward with your original plan, you'll be somewhat an expert by the time you've got it working as planned.

    Best of luck.
     
    sueli likes this.
  3. MichaelCG

    MichaelCG Very Senior Member

    Joined:
    Jan 4, 2017
    Messages:
    540
    Location:
    Central US
    Your switch and router requirements depend on what cameras you are planning to go with and what features you need. Your question is so open-ended, we can't really give much advice here.



    Yes all of this is possible, really depends on the user, security, cost, and feature requirements.

    You are going to put personal mobile devices on the same network? Are these customer/guest or employee devices? Are you managing those devices? From a security perspective, this sounds like a bad idea. All depends on you goals and requirements for the cameras.

    RDP, SSH, WebUI. Really depends on what solution you are doing and what technologies are behind the various solutions.

    Good chance a managed switch will come in handy, but not required. POE+ generally is nothing more than a higher power delivery capability. You can use injectors or a POE capable switch. What switch you need depends on what cameras you use and what their power requirements are.

    There is nothing wrong with what you listed, but again, your requirements are not clear.
     
    sueli likes this.
  4. sueli

    sueli New Around Here

    Joined:
    Jun 15, 2019
    Messages:
    4
    Yep, but I am working on learning.

    I looked into that a little, and it doesn't appear that some of the features I want to use would work with the cameras I want to use, such as intrusion detection, line crossing, also abandoned / or missing item detection.

    Building our own system might be the only affordable way to have a decent system with the functions we want. I think finding a competent security company to set something up would be as difficult as doing it ourselves.
    If I can figure out the correct network layout, and get lined out on the hardware I am pretty sure we can figure out the configuration. We are competent with the actual camera installation aspect, and there seems to be a fair amount of information available on configuring things.






    Thanks for the reply. I will try to be more specific. I am still trying to figure out the best way to configure everything. I don't quite have the knowledge to determine the proper layout.

    I want to run 4-6 Dahua 5231 turret style cameras and use a dedicated PC as a Blue Iris server and recording device.
    I am going to record continuously, and want the recorded log to tag intrusion detection, and tripwire activity. I want to record the best quality video as possible. I don't have the budget to go up much from those cameras, although I would prefer better quality and better color night recording then they are capable of, I don't think that is feasible.

    The other thing I wanted to do was to set up a VPN on the router to be able to remote view the cameras, I am concerned that there will be a remote access bottleneck because the VPN server probably won't be able to encrypt the video feed data that I would be trying to access in real time.

    I see now that I will need to manage the Blue Iris camera computer and network from just that computer and the home PC should not be connected to that network, so that is how I intend to do it.


    This is a home network. So there are a few hard wired PC's and our family uses the wifi for their mobile phones.

    I am not totally sure what managing those devices means. I guess I manage the network and 1 pc security. I will also manage the camera system. I sort of manage the other pc's by making sure they have security software.

    With a managed POE I could separate the home PC network from the Camera network using a VLAN. But the wifi would be served from the same router. So I am not sure about the exposure that would create for the networks on the POE. But I thought the wifi router was behind a firewall and I could bock the cameras from phoning home.

    I wasn't sure if I should hook the home pc's up to the router ports, and the cameras to the POE which will be plugged into the router. Or run everything to the POE and separate the networks there as a VLAN and then wire it to the router.

    The other option would be a fully separate and closed camera network, with no remote access and no internet access. But I would still have to figure out how to get firmware updates installed.


    I don't know what an injector is.
     
  5. MichaelCG

    MichaelCG Very Senior Member

    Joined:
    Jan 4, 2017
    Messages:
    540
    Location:
    Central US
    Ah....didn't get this was a home setup....lots of my response was more from a business perspective.

    So some of the same principles apply here, but the risk tolerance is usually quite a bit higher for a home network than for a business network. What I do and allow on my home network is no where near what would be ok on my work network.

    What isn't clear still is what are your security requirements? Are you just trying to put cameras to see what is going on around your house? Are you trying to build a fool proof secure video system? Do you care what devices on your internal network can access your video system?

    Are you taking into consideration the physical security of the DVR itself? If someone breaks into the house and takes the DVR, have you really improved your security posture with the cameras?

    Basic setup
    - just buy a PoE switch that meets the requirements of your cameras
    - connect all cameras to PoE switch
    - PoE switch connects to existing switch and/or router
    - use OpenVPN features built into router
    - everything sits on a single VLAN with no access controls between them
    - this is very simple to build and manage
    - drawbacks are that any device on your network can access your video system since it is a single VLAN

    Complex setup
    - buy a PoE switch that meets the requirements of your cameras
    - buy/build a more powerful router to support multiple VLANs and higher performance OpenVPN
    - PoE switch connects to dedicated router interface
    - FW can control/limit what clients on the normal LAN can access the video system
    - drawbacks here are a more advanced FW configuration requirement and possibly additional hardware for the FW and switch

    It really comes down to how much time and effort you want to put into the build and more importantly the operations of your home environment.

    A power injector is just a device that goes in-line on the Ethernet cable to inject the PoE if you are using a non-PoE switch.
     
    sueli likes this.
  6. sueli

    sueli New Around Here

    Joined:
    Jun 15, 2019
    Messages:
    4
    Thanks for the reply.

    We primarily want to be able to detect and monitor what is going on around us, and record activity.

    I don't know what a fool proof secure video system means, but I do know that some secure government facilities have closed security camera networks.

    We only want the Blue Iris dvr pc and the remote phone access to that system over vpn. Other than that we would prefer it was not accessible from other devices. So it sounds like we want the complex setup unless we totally isolate the camera network.

    I have 2 questions.

    1. If I totally isolate the cameras and Blue Iris DVR PC from the internet, how would I install firmware updates for the cameras, and blue iris.
    2. What managed POE Switch, and more powerful router would I need for the complex multiple VLAN setup?



    I understand this principle and have considered it. Our plan was to hide the Blue Iris DVR computer in a hidden space.

    Our real security posture sort of a novelty compared to physical hardening since cameras and alarms do nothing to stop someone from actually breaking in, or stealing our cameras. The cameras and alarm would be better than nothing though.
     
    Last edited: Jun 27, 2019
  7. sueli

    sueli New Around Here

    Joined:
    Jun 15, 2019
    Messages:
    4
    1. If I totally isolate the cameras and Blue Iris DVR PC from the internet, how would I install firmware updates for the cameras, and blue iris?

    2. How would I sync the camera time stamps when recording direct to DVR without internet access?

    3. What managed POE Switch, and more powerful Router would I need for the more complex multiple VLAN system?

    Thanks.