Best Way For Video Over 4G Cellular?

Hello,

Small personal project...

I am looking for ways to watch over my personal lake place off the grid. We have strong Verizon 4G coverage and power. I purchased a Netgear cellular modem, and while it worked great at my primary residence I had problems with the double NAT and port forwarding. The router didn't seem to support the Verizon band available at the lake either. We get about 20-30mbps down and 3-5mbps up on our cell phones, so that was pretty disappointing.

So what devices are available that would offer coverage and even better, bi-lateral communications? Just had an issue so I'm about to break down and buy Verizon's cell router and get a Ring floodlight, despite having a small cache of IP cameras looking for a purpose. I'm just worried that I will chew through the 10GB cap real quick with Verizon's cell router vs throwing a SIM in a 3rd party modem.

I know Arlo has a new cellular camera but if I am going to pay a monthly fee for data, I would prefer to just have service I can use for other things as well. Their rates were excessive for realistic usage also.

I use a Smartthings hub at home with contacts, PIR, and other devices. I must admit I LOVE the app, ease, and RELIABILITY of push notifications and automatic arming/disarming. I will most likely implement in addition once I lock down internet service.

Just looking for ideas and wondering if their are any new products or 4G connectivity solutions I may have overlooked.

Thanks!

Reactions:

Josh Hendricks

Milestone Systems

Typically when I see a customer with 4G as a part of their solution, they are only streaming video over that connection on demand. So on the remote end we'll see a camera with edge-based storage on an SD card, or one or more cameras along with a Recording Server to record locally. The 4G connection is then only used to connect remotely and access live/playback or perform an edge retrieval.

Most of the time you'll have to pay out the nose for a cellular based connection without double-NAT as the providers don't want you hosting services without authorization. There are a number of cloud-based options available which means you won't need to do port forwarding, though I don't have much knowledge of the consumer oriented options and which ones support edge-based recording vs cloud-based vs hybrid.

A Milestone-based option could be to use Axis cameras with the Axis One-Click feature. That would result in the cameras making an outbound VPN connection to your Recording Server somewhere (either in the cloud or hosted in your home/office). Since the camera initiates the connection, there is generally no issue with the double-NAT in between.

Good luck!

Reactions:

(2)

Undisclosed #1

Edge recording, maybe a couple minutes average live stream per day.

Yes, my lack of the cloud-based, consumer friendly market led me to asking.

The one-click is interesting though, but that would require a constant data stream and have me cutoff within a few days I'm sure.

Reactions:

Josh Hendricks

In reply to Undisclosed #1

Milestone Systems

Not necessarily. We have a water authority who has numerous remote sites (pump houses?) with a single camera on 4g. They only stream on live request, so while it's always "connected" there is only a short http request every minute or two until someone requests a live feed by opening the client or pulling it up via Milestone Mobile.

By combining this with an SD card and motion based edge recording, you can retain a useful amount of video on the camera itself which can be retrieved via Smart Client and pulled back on demand.

Of course you'd be limited to the SD card capacity. The Bosch cameras with iscsi support could help with that, but you're back to the double nat scenario unless you introduce a VPN enabled router behind the 4G gateway device. With your own VPN you can pretty much do whatever you want. There might be some constant overhead related to maintaining the VPN connection though.

Reactions:

(3)

Undisclosed #2

HIK NVR using HIK-connect works well behind double NAT

Reactions:

(1)

Josh Hendricks

Milestone Systems

I have no doubt! Any cloud/p2p based solution would be ideal for this scenario so long as video is only streaming on demand.

Reactions:

Undisclosed #2

Joshua,

I am curios to hear your explanation

Why P2P can easily "penetrate" double NAT and firewall and etc...

Thanks

Reactions:

Josh Hendricks

Milestone Systems

Sure! Let's say we put a plain ol' brand agnostic IP camera out behind a typical consumer broadband router (not 4G) without any cloud or "P2P" functionality.

To remotely access this camera, we need to either setup port forwarding or basically connect he camera directly to "The Internet" (let's ignore VPN for the sake of this explanation).

Port forwarding is the only way to put this camera "online" while allowing other computers on the same network as the camera to access the internet. We are creating an inbound rule in the router to say "any traffic on TCP 80 or TCP/UDP 554 arriving at my WAN IP should be forwarded to the camera's LAN IP.

When you're using a typical consumer 4G router, they "double NAT" the traffic. So your routers WAN interface is probably 10.x.x.x, and your public IP address as seen by websites you visit for example, will be something public like 180.10.15.25.

If you wanted to setup port forwarding on your 4G router, you might be able to do that, but you can only forward traffic from your 10.x.x.x WAN IP to your LAN IP addresses. Nobody on the public internet can send traffic to that 10.x.x.x IP though. They could try to send traffic to your 180.10.25.25 address, but that address is probably only temporary, and you have no control over whether that router will or will not forward "unsolicited" public internet traffic to your personal router. So you will never receive inbound network traffic that was not specifically initiated from within your network.

With cloud/P2P, your camera or NVR will make an outbound network connection to some public address from behind your 4G router. What happens then is that your router records your request in an in-memory table, and forwards it out through your ISP. Eventually it hits the target service, and presumably that connection is kept open.

When you then try to access the camera, you connect to the same cloud/P2P service, and your requests are sent to the camera through that existing open connection, so there's no need to do any port forwarding.

So it ultimately comes down to whether you initiate the connection from outside the network, or whether the camera/NVR/device can initiate half of the connection on it's own from within the network. Since cloud/P2P connections are initiated by the device there's no need to do port forwarding, which is really the only reason why double NAT doesn't work.*

There have been some excellent discussions about P2P or peer to peer here on IPVM covering everything to how it works, what the risks are, and details about individual solutions. I'd recommend searching and browsing through them if you're interested.

* Actually double NAT can work, as long as you have control over both NATing routers. When you don't have control over them both, you can't thread the network traffic through both routers.

Reactions:

(4)

Undisclosed #2

When you then try to access the camera, you connect to the same cloud/P2P service, and your requests are sent to the camera through that existing open connection, so there's no need to do any port forwarding."

Open connection means "open ports"?

Reactions:

Josh Hendricks

Milestone Systems

Basically. "Temporarily open ports because someone on the inside of the network asked for it to be open" more specifically.

When you browse to Google, Google sends you back some data that your browser renders as a web page. But you didn't need to setup port forwarding to receive that inbound webpage. To do so would be incredibly infuriating.

Instead, when your computer opens a connection to Google, your router records this request in its internal NAT table. This table records all your connection requests including your internal IP and the source port, and the destination IP and destination port. When Google sends back that web page, your router checks the NAT table, sees that this connection was expected, and passes it back to your computer using the originally recorded source IP and port.

If it doesn't match anything in the state table, it will then check your statically mapped port forwarding rules for a match before dropping the packet if no match was found.

Reactions:

(2)

Undisclosed #2

I don't agree :)

When you are outside (let say on your ph) trying to connect to your NVR using P2P are ports closed or open?

My understanding THEY ARE closed!

Reactions:

(2)

Josh Hendricks

Milestone Systems

With cloud/P2P the device effectively maintains an open connection to the hosted service provider.

When you access the device, you're not accessing it directly, you're connecting to the hosted service as a middle man.

This is why remote desktop tools like TeamViewer work without setting up port forwarding. Same concept.

Reactions:

(3)

Undisclosed #2

My understanding

Ports are closed even for "hosted service as a middle man"

point of view

Reactions:

(2)

Josh Hendricks

Milestone Systems

I'm happy to be wrong as it's an opportunity to learn something new. However I don't know how it would be possible for the device to know a user on the internet wants data from it if either of the following were not true:

A) The router has a port forwarding rule allowing unsolicited incoming network traffic to pass through to the device.

B) The device maintains a connection or frequently polls a remote hosted service to announce itself and send data up on request.

Reactions:

Undisclosed #2

A) The router has a port forwarding rule allowing unsolicited incoming network traffic to pass through to the device.

B) The device maintains a connection or frequently polls a remote hosted service to announce itself and send data up on request.

--------------------------------------------------------

D) Device has ports closed and wait for "knocks"

port knocking technics

Reactions:

(2)

(1)

Josh Hendricks

Milestone Systems

I very much doubt (m)any consumer or even commercial cameras or NVRs use port knocking, but if you know of one already please do share. I am aware of the concept, but have never used it in practice.

Edit: It is also not possible to use port knocking to get through a double NAT unless you have control over the NAT router touching the public internet.

Here's a brief explanation from Wikipedia:

Port knocking is usually implemented by configuring a daemon to watch the firewall log file for said connection attempts then modify the firewall configuration accordingly. It can also be performed on the kernel level (using a kernel-level packet filter such as iptables[5]) or by a userspace process examining packets at a higher level (using packet capture interfaces such as pcap), allowing the use of already "open" TCP ports to be used within the knock sequence."

Reactions:

(1)

Undisclosed #2

Here is idea

Let IPVM Team research this and tell us

Brian?

Reactions:

(1)

Carter Maslan

Camio

FD I'm CEO of Camio. Websockets are a way to communicate over standard ports 80 (HTTP) and 443 (SSL). This is how Camio enables 4G dashcams without any network configuration. So the video and sensor readings render in the cloud on a map like this as you scroll.

Reactions:

(1)

Undisclosed Integrator #4

In reply to Carter Maslan

That is pretty cool. This seems like a really nice solution for customers who want GPS/DashCam Footage on demand.

Reactions:

Chris Anderson

In reply to Undisclosed #1

You may really want to consider the Arlo solution, maybe augmented just a little bit. It sounds like it would fit your requirements of just a few minutes live streaming per day and it's a baked solution.

1) You could just go with their standard/pro series cameras and connect the base station to cellular. Depending on the amount of motion and clip length you setup you'd probably be OK with just a standard data plan and no static IP required - or you can get tricky and add a local HDD and force a fail over making it locally record.

2) You could go with the "Go" cameras, though they each are more expensive and require a data plan from the carrier directly as well. I think they offer these as add-ons to your existing agreement (i.e. as additional lines) but am not 100% clear on all of their options in this regard.

In both cases you may run in to a need for hardware (cellular modem) technical pointers (forcing fail over) or extended power options for the Arlo (we have some tricks here for extended battery connections) so please feel free to reach out if I can be of assistance.

Thanks & Good luck if I don't hear from you!

Chris

Reactions:

Michael Miller

With Verizon you need to get a M2M account if you want a publicly routable static IP address.

Avigilon's ES cameras work very well with 4G setups like this. All you need is the camera LTE router and power supply and you have a 4G camera solution.

Reactions:

(1)

(2)

Scott Smith

In reply to Michael Miller

IPVMU Certified

We have a M2M account and thought we could get away with a dyndns account. Nope it's double NAT.

We had to pay a 500.00 fee for the static IP.

Without static a private is assigned at the tower.

Reactions:

(1)

Michael Miller

In reply to Scott Smith

Yes you have to pay the $500 fee for the M2M account.

Reactions:

Robert Shih

Independent

First part of your upgrade should probably be Cradlepoint modem/router.

Reactions:

(1)

Michael Miller

In reply to Robert Shih

We had issues with Cradlepoint routers locking up and needing an onsite reboot.

Reactions:

(2)

Scott Smith

In reply to Michael Miller

IPVMU Certified

Dealing with that right now. Cradlepoint looked at the logs and said we had the wrong DNS addresses configured. Time will tell....

Reactions:

Undisclosed #1

In reply to Robert Shih

Thought about it, but still have double-NAT issue.

Reactions:

Chris Anderson

I own a company that has vast experience and specialization in this arena. We manufacture and integrate an array of remote solutions, generally using cellular connectivity for a significant number of projects. Budgetary requirements for this type of solution are somewhat more significant than most other traditional surveillance applications. Good hardware is not inexpensive for remote systems (as compared to current commoditized standards), because reliability is king here.

Most solutions that you might try to build out yourself may also be cost prohibitive in terms of the cellular side of things. You will need a unrestricted static IP for inbound access and you have to pay VZW $500 gain access to these plans.

For hardware we sell a lot of RV50 cell modems integrates as the comms portion in these applications, they are wonderful.

Regardless you’ll only want to use edge recording with alerts. Streaming any meaningful amount of video remotely makes no sense over 4G, the carriers won’t like you :)

Alternatively you’d have to look at either the DIY level of products (Arlo, etc) and their limitations, with several resources already on IPVM outlining details. Or a higher grade solution like Sensera systems, again cost is a big consideration here.

Lastly I do have some specialized solutions and workarounds that can be used though each has their own set of pros/cons whether that be cost, complexity or lack of elegance. Happy to discuss further though it would require a different arena.

Chris

Reactions:

(1)

Undisclosed Integrator #3