Tag Archives: vpn

Remote Access Without Port Forwarding

The usual way to set up remote access to our macOS CCTV software SecuritySpy running on your Mac is via port forwarding (see Installation Manual – Remote Access). This method allows direct incoming connections to SecuritySpy from the Internet, and is enabled by some configuration in your router (which, for most routers, SecuritySpy can do automatically). This method is great for most users, as it usually allows high-performance remote access with minimal configuration.

However, some users may want to consider other methods for the following reasons:

  • Port forwarding only works when your ISP gives you a true public IP address, which is not always the case, especially with cellular or satellite internet connections (e.g. 4G, 5G, Starlink).
  • If you have two routers between the Mac and the Internet (e.g. your ISP router plus your own router), port forwarding configuration is difficult – the usual solution is to switch one of these routers to bridge/passthrough mode, but this isn’t always possible.
  • ISP routers sometimes prevent users from setting port forwarding rules.
  • Institutions with very strict network policies may have a blanket ban on allowing any kind of incoming connections from the Internet.

If you can’t use port forwarding for any reason, the solution is to set up a VPN or Tunnel (sometimes called a proxy) via a third-party service in order to access your system. A number of these solutions are described below, with setup instructions.

The two VPN solutions described below are “peer to peer” systems: a central server sets up the connection between clients, who then communicate directly (in the minority of cases where this is not possible, the system falls back to relaying data via the server). On the other hand, with tunnel/proxy solutions, the data is always relayed via a central server.

Many tunnel/proxy providers apply data transfer limits, so you should take steps to minimise your bandwidth usage when accessing remotely, such as avoiding viewing live video in web browsers where streaming is done using high-bandwidth JPEG encoding, avoiding large file downloads, and generally using the connection sparingly.

All installation and setup must be done on the Mac running SecuritySpy. You will also need to enable SecuritySpy’s HTTP web server (even though the connection to SecuritySpy is via plain HTTP, this connection is happening within the Mac itself – when data leaves the Mac to travel over the Internet, it is encrypted by the VPN/Tunnel software).

Virtual Private Network (VPN) Solutions

VPN client software is installed on the SecuritySpy Mac and on all devices you want to use for remote access. All devices on the VPN can communicate freely with each other, via their VPN IP addresses, just as though they were on the same physical local network. Devices are not accessible outside the VPN.

Continue reading