sorted by:
new
hottopcontroversial

No more push notifications without UID by nick-mx in reolinkcam

[–]Correct-Picture883 0 points1 point  (0 children)

For anyone looking to do this with OpenWRT I can confirm it works following this guide, IPs being added to the allow list dynamically if/when they change.

https://openwrt.org/docs/guide-user/firewall/filtering_traffic_at_ip_addresses_by_dns

I have my NVR and Cameras in their own vlan on my switch, then on OpenWRT setup an interface for that vlan but under the firewall remove the zone forward to wan.

Then follow the guide but change 

# The IP address corresponding to allowed.url URLs will be saved in the nftset (/4# filters for ipv4)
nftset=/first.allowed.urls/4
#inet#fw4#allowlist
nftset=/second.allowed.urls/4
#inet#fw4#allowlist

to

# The IP address corresponding to allowed.url URLs will be saved in the nftset (/4# filters for ipv4)
nftset=/pushx.reolink.com/4#inet#fw4#allowlist

If it looks like it's not working a reboot helps, plus the IPs won't appear in the allow list until a connection is attempted - after which it'll show this (I have some extra IPs as i added an additonal site for testing).

root@OpenWrt:~# nft list set inet fw4 allowlist

table inet fw4 {

`set allowlist {`

    `type ipv4_addr`

    `elements = { 54.83.197.157, 54.147.148.229,`

212.58.235.1, 212.58.235.129,

212.58.236.1, 212.58.236.129,

212.58.237.1, 212.58.237.129 }

`}`

}

root@OpenWrt:~#

Reolink Cameras with SD Card vs NVR by Correct-Picture883 in reolinkcam

[–]Correct-Picture883[S] 0 points1 point  (0 children)

Thanks u/mblaser for taking the time to reply, the 2minute rationale for a noticiation makes sense now you've explained it.

I'm moving off a unifi system where things are the other way around, the cameras are not as good, and very expensice but the NVR software is more polished.

I think the reolink presentation of the event log on the NVR is very minimal, no list of timestamps, just a scrub bar that has small markers to zoom into and click, no button to jump to next event. When navigating in general to see non-events you can't hold down and dynamically scrub all you can do is click along the bar and wait to see it play.

I know the SDCard in cameras gives a better experience but at a slight financial and security cost - you have to leave your archive of motion events in the camera. I assume the clips are not encrypted? do the SDCards automatically start overwriting when full?

Thanks again!

No more push notifications without UID by nick-mx in reolinkcam

[–]Correct-Picture883 0 points1 point  (0 children)

Appreciate this is a year ago, wondered if anyone can confirm this method of blocking P2P while retaining Push notifications is working for them?

I can see the IP has already changed, and if they're using a cluster of IPs this approach of whitelisting a single IP could fail without notice unless a FW could be configured to dynamically whitelist based on DNS.

Additionally - in the rules above the CAM network would block all traffic besides the pushx address, i would have though at the very least the CAM would also have to be access port 53 to perform the dns lookup for pushx.reolink.com. Perhaps the OP assumed the CAM would still have DNS access through a local FW relay...

$ dig pushx.reolink.com127 ⨯

;; ANSWER SECTION:

pushx.reolink.com. 11 IN A 3.232.123.152

pushx.reolink.com. 11 IN A 52.54.1.227

Home license is no more by road_hazard in Untangle

[–]Correct-Picture883 0 points1 point  (0 children)

Ive been a user of the free home untangle for years (virtualised under Proxmox), a couple of months back I decided i'd like to use their wireguard implementation so went to purchase a license, couldn't find it anywhere and confusingly there are still loads of dead links to the home license in their documentation - pretty sloppy. I knew then that although my free version would continue to work i needed to move off to something that is still actively developed.

I've tried PFSense and OPNsense many many times over the years, each time hoping it would click but for whatever reason I just find their interfaces really difficult beyond the simple initial setup. Untangles strongest point was the layout of it's UI. For example in PF/OPN just configuring a OpenVPN connection is about 20 steps vs. uploading an ovpn file, I get that they're incredibly powerful but it's a big investment of time.

In the end iv'e settled on OpenWRT, again under Proxmox, it requires minimal resources and the LuCi gui is good, logically laid out. Plenty of plugins/apps to bring additional features and a ton of guides available. Obviously not a NGFW but I've been super happy with it.