Outside access to SecuritySpy from IPV6 (StarLink) or CgNAT?
I've got a client who wants to install a CCTV camera system 'just like mine', and he's got a number of poor options for internet connectivity, from DSL with a DHCP address (I've made this work, but I'd rather not revisit it), to CgNAT(*), to StarLink, which appears to be IPV6-only(?).
Are there any good solutions to remotely viewing SS cameras in the 'modern' no-more-simple-port-forwarding world?
Thanks!
(*) I make it work on my CgNAT system by opening a VPN tunnel to my condo, and going to the condo's IP address, but telling my client to buy a condo in FL and a couple of new routers is probably a non-starter. 😎
Comments
-
It may be possible to configure incoming connections via Starlink over IPv6, but there are a couple of issues. Firstly, the regular Starlink routers basically don't have this functionality - you'd need to put this into bypass mode and use your own router. Secondly, the IPv6 address provide by Starlink isn't static, so you'd need an IPV6-aware DDNS solution.
The best solution here would be to use a virtual network like Tailscale or ZeroTier, as described here: Remote Access Without Port Forwarding.
-
Tailscale is the bomb; and the other solution which I also implemented is Cloudflare's zero-trust application service, which is basically running a cloudflared process that punches out to cloudflare and then cloudflare routes incoming requests to my mac - and I figured out how to integrate the cloudflare/okta authentication in front of the SecSpy web server, so it's secure beyond just relying upon SecSpy's login.
I really should write it all up at some point, as much to help myself solidly remember the configuration steps as well as helping others. It's a totally free service from Cloudflare.
Tailscale was easier (for me) to configure and understand once I wrapped my head around the notion of software mesh networks, but then I wanted to be sure I could also reach my SecSpy server if I was ever in a scenario where I didn't have access to devices on my tailscale network. So I figured out both. All bases covered. And yes, I'm on Starlink too.
-
+1 for tailscale. I have a load balanced internet solution of StarLink and Tmobile Home Internet. Tailscale allows this to work seamlessly once setup correctly. I was using tailscale for another use case, but when we moved houses and my internet providers became limited I had to solve for CgNAT - it was perfect.
Their Funnel feature is really useful if you want others to have access to your SecuritySpy's URL without having tailscale installed.
