Thread Info
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

access ip camera via vpn

Ishai Cohen

hey guys,

 

i hope to get an answer for this issue :)

 

i bought an ip camera by reolink to my house so i could watch my pets.

 

i set it up, and now i can watch it via my home network with my iphone app.

i blocked the camera access to the internet

so, i can watch the camera with the iphone app when its on the same network - so far so good.

next, i already had an ipsec connection from my iphone to my home network, and i even created special rules from vpn to ip camera

but it doesnt work!

 

when i do policy tester, from ip camera to vpn or vpn to ip camera, it says no rule exist.

i dont see any useful information in the log viewer..

 

camera ip is 172.16.16.20 for example, and the vpn ip is 172.16.16.100

 

any help?



This thread was automatically locked due to age.
  • FormerMember
    0 FormerMember

    Hi  

    Could you please take a screenshot of the firewall rules you have created for this connection? Also the output from the Packet Capture tool in the GUI for this traffic.

    Thanks,

    FloSupport | Community Support Engineer

    • 0 in reply to FormerMember

      hi,

       

      here you go:

      the rules:

      the packet capture:

       

      from the camera side, i have alot of dropps because she try to query the external dns server which is blocked because the camera dont have internet access.

       

      and when i filter for dst ip of the vpn, i dont see any packets.

      • 0 in reply to FormerMember

        i also adding this picture:

         

        • FormerMember
          0 FormerMember in reply to Ishai Cohen

          Hey Ishai,

          Could you please enable support tunnel access on your appliance and PM me with the support access ID for further investigation?

          Thanks,

          FloSupport | Community Support Engineer

          • 0 in reply to FormerMember

            are there other things i can check without giving external access?

            and can we do it via team viewer? :x

            i dont really know you

            • FormerMember
              +1 FormerMember in reply to Ishai Cohen

              Hey  

              I understand your concerns regarding this access. I am part of the Sophos Support team, and the code generated from the Support Tunnel is only able to be used internally from our network in Support. I will also only use this access to observe your configurations and will not perform any changes without your consent.

              However, I did notice from one of your screenshots that the firewall rules you have configured are not being used by the traffic. They appear to be matching to your firewall rule ID 5 instead.

              Regards,

              FloSupport | Community Support Engineer

              • 0 in reply to FormerMember

                hi flo,

                 

                can you connect even if im a home user? free sub.

                i will check your suggestion, and if it wont work, i will allow the support tunnel :)

                 

                edit: rule 5 is vpn to lan -> allow

                 

                edit2: ok, it seems when i enabled nat, it worked :x