mO SharemO Share

Remote access with OpenVPN on Ubuntu 16.04 to IP Cameras

Camera support has been dropped as EoL with Site Controller version 3.0


IP cameras are configured using the web interface. In some cases it may be necessary to access remotely the cameras, through an OpenVPN connection installed on a gateway running Ubuntu 16.06. This article will describe how to configure the Ubuntu Gateway so all the necessary ports are forwarded (NAT) to the camera and the camera's web interface can be reached through the VPN

Step-by-step guide

    1. Login to the gatewat and get to the Linux Shell. Go to root mode (sudo su).
    2. Modify the /etc/sysctl.conf file:

      1. Edit the sysctl.conf 

        root@user-desktop:/home/user# vi /etc/sysctl.conf
      2. Add or uncomment this parameter 

        net.ipv4.ip_forward=1 

        This change will come into effect after the next reboot. To make it have immediate effect execute this command:

        sysctl -w net.ipv4.ip_forward=1
  1. Put the following commands on the shell. Replace the IP with the correct IP from the camera to be accessed.

    iptables -t nat -A PREROUTING -i tun0 -p tcp --dport 554 -j DNAT  --to-destination 172.16.53.101:554
    iptables -t nat -A PREROUTING -i tun0 -p tcp --dport 80 -j DNAT  --to-destination 172.16.53.101:80
    iptables -A FORWARD -p tcp -d 172.16.53.101 --dport 554 -j ACCEPT
    iptables -A FORWARD -p tcp -d 172.16.53.101 --dport 80 -j ACCEPT
    iptables -t nat -A POSTROUTING -j MASQUERADE
  2. Check the NAT table with the following command

    iptables -t nat -L -n -v
  3. Once than that, the access the camera with the web browser, using the VPN IP from the router
  4. After the camera configuration is done, it is convinient to delete the NAT routes from the router. To do so paste the following commands (again, replace the IP with the one of the camera)

    iptables -t nat -D PREROUTING -i tun0 -p tcp --dport 554 -j DNAT  --to-destination 172.16.53.101:554
    iptables -t nat -D PREROUTING -i tun0 -p tcp --dport 80 -j DNAT  --to-destination 172.16.53.101:80
  5. Check again that the NAT table is correct


Filter by label

There are no items with the selected labels at this time.