Remote Connection without Router Based DNS

[12eward]

For various reasons, beyond the scope of this post, my parents switched from an Apple AirPort Extreme Wi-Fi mesh, to a Ubiquiti Amplifi HD mesh system.

We went with the Amplifi for a couple reasons.

1) It was really robust per the reviews and our house does not get along with Wi-Fi very well thanks to steel ceilings

2) Super easy setup, I wanted my technologically limited dad to be able to adjust and upgrade it

3) we didn't care about speed that much because my parents are hardly power users, they just want to watch Youtube/Netflix, and our service is only 100 Mbps.

....In the back of my mind was also Linus's great experience with Ubiquiti.

 

So we've had this Wi-Fi setup for a year, and it works great. The only catch is my Dad now wants to upgrade to a bona fide, remotely accessible home security solution. Right now we have one 720P nest cam, and it sucks. You can tell someone creeped around our driveway but we have no idea who they are because the resolution is bad and the compression for cloud storage is worse.

Ideal upgrade would be a NUC server, attached to 1440p off the shelf security cameras off Amazon. Plan was to install open source security camera software on the NUC, and then remotely access it from mobile apps.

However, preliminary testing on a VM with the security camera software has revealed an issue.......

We can't set up our router to use either a VPN or dynamic DNS, so we have no way to expose the router to the outside world. It's all locked down by the manufacturer.

On one hand: great, super secure router, nice job Ubiquiti

On the other hand: We can't access our network from outside (unless we use Ubiquiti's proprietary solution which only works when plugged into another LAN), so not cool Ubiquiti

 

 

Current ideas:

1) There's some kind of magic voodoo to make the Amplifi HD use Dynamic DNS, and then we can easily remotely access into our network

2) Set up the NUC to connect to a VPN server offsite, and remote viewing clients can connect to that same server, this is the idea I've just came up with and it seems the most sane. I can get a DigitalOcean Applet server for $5/month, that would be acceptable to my parents I think. Plus we could use it for stuff while traveling. 

3)Set up the NUC as a VPN server (is this possible without access to dynamic DNS at the router level)

4) Something else? Open to suggestion.

 

What we can't do:

1)Set up some other device to act as a router. I don't want to add that complexity for my parents to deal with, the Amplifi HD's routing workload needs to stay put

2)Some enterprise solution

3)Something that takes up a lot of space or is garish. Our Wi-Fi gear etc is in my mom's dressing room/home office (honestly makes a lot of sense, who is in the home office at 8 AM and can't wait 10 minutes). If it's a giant orange box that says "RTX  ⬇️" like Linus's shirt this week, I've moved out, but my Dad will have to deal with my mom being reminded we put that tacky box in her dressing room every morning, which won't be a good time. It's gotta be shoebox sized or smaller. 

4) Something with an expensive subscription, my Dad (who is doing the upgrade) doesn't mind capital expenditures, but *does not like* monthly fees. $5 a month for DigitalOcean or similar is fine $25 a month would be a no go

 

What we don't care about:

1) Super Duper security, all we need is a password we are not concerned about someone hacking into a video of our driveway.

2) Command Line, I can command line in a pinch. So NBD

 

Re Idea #2: If I just connect the NUC to a private VPN made with software like Algo (https://blog.trailofbits.com/2016/12/12/meet-algo-the-vpn-that-works/), will the NUC be able to see other devices on the VPN, or will they both just have their traffic routed through the VPN? All the setup guides I've read make no mention of whether that is possible. Do I need to turn on SSH tunneling for that to work? 

[brwainer]

All “dynamic DNS” means is that you have a DNS record that is updated whenever your public IP changes. When it is built in to your router, it can notify the DNS provider every time it gets a new IP lease - but that is not the only way to make it work. Nearly all dynamic DNS providers provide software you can run on a computer that checks the public IP on an interval, say every 5 minutes, and updates the DNS record if it has changed. Some providers have an alternative - they make a special URL unique to your domain name that updates the IP to whatever host requests it every time it receives a request - this allows you to do something like make a cron job to wget the URL every 5 minutes.

[ChalkChalkson]

The problem mainly seems to be that you don't have a VPN server running. DDNS built into the router shouldn't be an issue. You can get something as simple as a raspberry pi anywhere in the network and install OpenVPN and some DDNS on there. I wrote a detailed how to for unraid, but the exact same thing works on every linux distro on which you can get docker running.  All you need to do with the router is forward some ports

[beersykins]

As above dynamic dns and VPN are completely separate.

 

If you wanted to rig up something fast install openvpn access server on your nuc, route 172.27.224.0/20 on the amplifi to the nuc and port forward TCP 443 and 943 to the nuc.  

 

Then you can just VPN to your external IP, once you authenticate then you can access any lan resources

[Zagna]

Maybe AXIS Companion Recorder? Fits your mom's requirements.

AXIS Companion software claims

Quote

Axis Secure Remote Access technology allows users easy access to live or recorded video even from remote directly on a mobile device or PC with no need for network or router configuration. 

Good selection of cameras.