Access to a local network from the Internet - DDNS using no-ip as an example. Create your own permanent IP address Dynamic IP service

Trust payment

I am rather paranoid and until now I have kept all access to the local area from the Internet closed. Although, on the other hand, even a physical shutdown does not provide a full guarantee, as removable media remains. And if transmission, bttorrentsync, etc. works... In general, several applications have been invented that require external access to the local area - owncloud, remote backup via the Internet, etc. Let's start with DDNS

Let me warn you right away that Captain Obvious is with me. Just for a beginner, I’ll try to put it in simple words.

Let's start with a simplified theories. On the global network, the right to use an IPv4 address (for example 95.24.156.147) can be obtained from the authority, IANA. Total addresses 2^32 (~ 4 billion), part given for special purposes - not enough for everyone. This is partly why an isolated home network usually uses addresses like 192.168.0.0/16, which are the same in all such networks. This allows you to save address space. But as a result inside the home network and outside the addresses are different. Your network receives one external address, from the provider (to whom you pay for the Internet). And they give him away for rent for a while, and can be changed at any time. Therefore, it is somewhat difficult to reach your home network via IP. There are two main ways - rent a permanent (static address) from your provider. For example, with my provider it costs 130 rubles/month. This is worth doing if you have important applications, client-bank type, because a static address has a positive effect on security. But in most cases, the second method is easier - DDNS.

The essence DDNS in what you entrust to someone ( DNS server) track changes in your real, dynamic, IP address and associate this address with a permanent name, for example vasia_pupkin.ddns.com. In order for the DNS server to know about the changes, someone from your network must periodically connect to this DNS server, log in and report their current IP. Usually this work is performed by the router.

The good news is that in its simplest, home-friendly form, DDNS services can be found for free. Choosing a provider DDNS- the topic is long, start with the list that your router supports. Google yours, many routers can do this. If it doesn’t, nas4free can take over this role, Services|Dynamic DNS (I didn’t set it up, but everything is similar there). , for example, suggests the following

As seen, I chose no-ip. Simply because it works. Let's set it up.

1) Register at https://www.noip.com/newUser.php, this is free option. Many places will offer paid upgrades, this is not required for the home.
As always, you will need an address Email. It’s bad that mail.ru won’t work. yandex.com and google.com - accepts.

2) Go in and get to the graphic menu


Select "Add Host"

3) We get into the dialogue below (you can also get into it through the menu - Add Host)


There are a lot of fields, there are more below. But in the simplest case, you only need to fill in two
Hostname- choose something instead of vasia_pupkin
And from the long list to the right you need to select a second-level domain. no-ip.info good for free service. Most of the rest are offered for the opportunity to ask you for money.
There is no need to fill in the IP address - the system determines it itself. But if you fill it out, nothing will change.
Click the orange Add Host button below - you're done.
Note - the functionality of the service is broader - it may come in handy later.

4. Now all that remains is to configure the router (or NAS) to knock on no-ip and report your address. Using my router as an example, yours (and nas4free) are all the same.

Follow the checkboxes - enable the DDNS service, select the no-ip provider from the list, provide the name of the created host, login and password for connecting to no-ip, and apply.

5. Communication check. All that remains is to check. The natural instinct is to type vasia_pupkin.no-ip.info in your browser's address bar (do this)
Oops! We are asked to log into the router's webgui! So, now any kulkhatskher will come to visit me as if it were his own home?!!
The answer is both yes and no. That is, the robots will break in and, if you later open the channel, they can pick up or even eavesdrop on your passwords.
No, because you haven't discovered anything yet. You simply led those who knew your domain name vasia_pupkin.no-ip.info to the router door that was closed from the outside. By the way, this is a reason not to highlight your chosen domain name in vain.

And you see an invitation to enter the router login password because you approached the same door from INSIDE, from the trusted zone.
You can verify its functionality by pinging your domain from the command line
ping vasia_pupkin.no-ip.info
If it works you will get something like
PING vasia_pupkin.no-ip.info (96.28.157.147) from 192.168.1.34: 56 data bytes
64 bytes from 95.27.155.134: icmp_seq=0 ttl=64 time=0.283 ms
64 bytes from 95.27.155.134: icmp_seq=1 ttl=64 time=0.292 ms
64 bytes from 95.27.155.134: icmp_seq=2 ttl=64 time=0.198 ms

Here you can see that (1) the name (vasia_pupkin.no-ip.info) is resolved to the external IP (96.28.157.147) - which means the service is working and
(2) that the transit time is very short, fractions of a millisecond, that is, the packets travel locally.

6. To get outside, you need to go outside :). It's not so easy at home. You either need to go to work, visit a neighbor or friend, or connect to another provider from home. An ordinary user can do the latter by connecting via mobile communications. For example, I plugged a 3G modem into my laptop.
Let's ping again. As a result, the name should still be resolved to the same IP, but if you have a normal router, there should be no ping. If your router is already pinging from the network, this may not be so scary, but it’s a bad sign and a reason to think about replacing it. My option, let me remind you, asus

  1. The ddns service will help you when you do not have an external permanent IP. Using this service you can connect your computer + ddns + Another service, it can be a video camera or video recorder. You can connect your server without an external IP, with your computer, or connect a domain and make an http server. The domain can be obtained in your account settings, no-ip. This video shows how to set up a domain and how to configure the program on the computer itself. If you do everything as in the video, the connection with your computer will be through this domain. You can register the settings in the router without installing the program on your PC, just enter the domain + login + password from no-ip. Actually, just as you configured and specified the authorization data, the same data will be required to configure the device with which you need to communicate without a permanent IP.

    2. Description of registration on the NO-IP service

  2. 1. Having entered the noip website, click one of the green “Sign Up” buttons, which allows you to proceed to the registration procedure.
  3. 2. Fill in the “Username”, “E-mail” and “Password” fields. Please note that when you enter a password on the right, its strength is automatically assessed. For the security of your account, achieve the maximum security level “Strongest”.
  4. 3. Check the “Create my hostname later” checkbox. If you do not want newsletters to be sent to your e-mail, then uncheck the “Send me newsletters & special offers” checkbox. Special offers"). Here you can compare the capabilities of paid and free accounts (“Enhanced” and “Free”), and choose any of them as desired. In our example, a free account, select the “Sign Up” button.
  5. 4. After completing registration, click “Sign In” in the upper right corner. On the page that opens, fill in the fields with your registration data and click on the “Sign In” button.
  6. 5. Once in Personal Area, use the “Add a Host” button to add a new host name for the computer device with which you want to communicate, if you did not add it during registration as in the video.
  7. 6. In the “Add Host” dialog that opens, select the “Host Type” – “Port 80 Redirect”. Next, fill in the “Hostname” field with an arbitrary combination letters A-Z and numbers 0-9, and select any domain name from the “No-IP Free Domains” drop-down list. The “IP Address” field is automatically filled in with the address from which you accessed the site. In the “Port” field, enter an arbitrary value for the HTTP port other than 80. The same value for this port will need to be configured on the router (router), another device that you want to configure to connect to the service.
  8. 7. At the bottom of the page, click the “Add Host” button to complete the process of creating a new host.
  9. 8. You will be notified that the host has been created successfully, and the host will appear in the list of hosts sorted by domain. You do not need to make any additional settings on the site. If the HTTP port has already been reassigned in your router settings, then you can check the connection by connecting to the IP address indicated in the middle column. The connection should work successfully.
  10. In this simple way, you can find your router or computer on the Internet without having a permanent external IP. The video shows how to configure a computer or laptop by installing the program. Below I will show how to configure a router to connect to the no-ip service and constantly monitor it if the external IP address is changed. The example below using the TP-LinK AC-750 router, in fact, all routers have almost the same menu name, picture below:

  11. 1. Select the menu item "Dynamic DDNS" Dynamic DDNS.
  12. 2. Select the no-ip service from the drop-down list.
  13. 3. Enter your login as indicated on the no-ip service.
  14. 4. Enter the password that you also specified on the no-ip service.
  15. 5. Specify the domain name you chose on the no-ip service.
  16. 6. Click the save settings button.
  17. 7. On some routers, including this model, you can check the connection to see if you have entered the data correctly.
  18. Actually, everything is simple: if you watched the video and paid attention to the description, there should be no questions. This service will replace a paid external IP address, in its place your device does not matter that it can be found by domain name.

Start of article:

Preface

Since providers often issue a gray IP address, before our file HTTP servers from the global Internet, accordingly, there will simply be no access. But there are wonderful free services that will help make our gray IP address permanent (white). IN in this case, we will consider, in my opinion, the simplest and most reliable way to implement our idea, through the NO-IP service.

Registration on the NO-IP website and creating a host

By typing in the browser in the address bar noip.com we get to the main page.

Note. I use Yandex Browser based on Chromium with default settings and I have this button. If you don’t have it, try digging into your browser settings and setting it to offer translation of the page and words, or maybe something else related to automatic translation...

Move to the very top and click “Registration”.

In the window that appears, we need to come up with and fill in our unique, non-repeating name (as you will be represented on the NO-IP website), enter your Email, enter a password and confirm it. You don’t have to enter the name of your future host; we will enter it later.

After filling out the fields, you must check the “Create your host later” box. I apologize for the clumsy Google translation, but as you can see, this phrase was translated to us like this.

Note. Either my Opera browser is somehow not working correctly, or something else, but the checkbox in the “Create your host later” window did not appear after I clicked the mouse. Anyway, we put it there.

After entering the registration data and host name at the bottom of the page, click the “Free registration” button.

Open yours Mailbox and to confirm registration, click on the appropriate link.

After this, a window will appear notifying you that your account has been successfully activated on NO-IP.

We have completed registration on the NO-IP server. It's time to create our host. Go to the NO-IP main page and click “Log in”.

In the window that appears, enter your username and password, and then click the “Log in” button.

So, click the “Add host” button.

Let's enter a unique host name (you need to come up with a host name yourself, so that the host is not already occupied by anyone) and its ending. In the example I chose the hostname failovi-server and its ending no-ip.org. And in the future my address will be like this http://failovi-server.no-ip.org.

Note. You must select any host ending you like from the free hosts below, after the expression “No-IP Free Domains”. As above, all hosts are paid.

After filling out the fields, click the “Add Host” button.

Congratulations, you have created your host.

Half the job is done. All that remains is to configure your “Experimental” router.

Setting up a router for the NO-IP service

Note. Since my main connection to the Internet is TP-Link router TL-WDR4300, then I will make the DDNS settings on it (as in the picture below). But, it doesn’t fundamentally matter where you configure the DDNS service on the main router or on the “Experimental” router - everything will work. Or you can generally configure both the main and “Test” routers with different registered domain names. If you are setting up your only router on OpenWRT firmware, then for you a description of setting up the router for the DDNS service will be immediately after this figure...

To configure dynamic DNS on OpenWRT firmware, you need to install the following package

luci-app-ddns

After refreshing the page, the “Services” tab will appear, and in it the “Dynamic DNS” tab. Let's fill in the required fields by entering our registration data.

Note. I have a Lan connection with the main router, which is why I specified it in the settings. If you are establishing a connection via Wan, then you need to specify the event interface Wan.

After filling out the fields, save the settings by clicking “Save and Apply”.

Checking access to a file server from the Internet

So, access to our file server We checked it over the Lan network in the previous article, we will check its performance over the Internet. Let's enter our registered NO-IP address in the browser and indicate the port http://failovi-server.no-ip.org:2221/ - this link worked at the time of writing this article, now there is no point in using it...
As we can see, everything works.

And they sing songs...

This completes the setup of the NO-IP service.

The development of the Internet has not bypassed video surveillance systems, and now remote control of objects is available from anywhere in the world. IP cameras connect directly to the network, video archives are recorded in cloud storage, and tariffs are available for all categories of users, for example, from Ivideon.

  1. Video broadcasts from cameras pass through third-party servers, and the archive is stored there. Despite all the assurances of maintaining confidentiality and encrypting data, it is impossible to completely eliminate the risk of unauthorized access, and for sensitive objects such an organization of surveillance is unacceptable. From a security point of view, it is better to connect to the equipment directly, through a secure VPN connection, without unnecessary intermediaries.
  2. Each camera or video recorder must be provided with its own Internet connection, which can be technically and financially expensive, especially if most of the surveillance is done inside local network object and remote access via the Internet is not a frequently requested function. It’s easier to connect all devices via one Internet connection using a router and set up remote access using DDNS technology.

As an example, we useTP-Link TL-WR740N. This router, with a good price/quality ratio, is widely used among home users and small businesses, and is often offered by Internet service providers with their own firmware. We use an English-language interface to avoid confusion. DDNS settings and partition names are the same on equipment from any manufacturer, but the Russian translation is sometimes different.

DDNS or DynDNS technology will connect via the Internet to video cameras and DVRs located on the local network using a router and dynamic IP addresses.

This formulation is incomprehensible to most users, so we will analyze the network connection process in detail.

Each router contains an internal list of IP addresses, which are automatically assigned to each connected network device(computer, smartphone, IP video camera, video recorder, etc.). With each new connection, the address is selected randomly - this is dynamic IP addresses :

In addition to dynamic ones, constant or static IP addresses, both for the router and for connected devices:

Internet providers also work according to the same scheme for distributing IP addresses. When a connection is established, the computer or router turns on global network provider and through DHCP server gets a new dynamic IP address:

A static IP address is provided by providers for a fee, and it happens that it is impossible to obtain an address:

  1. Small providers work through larger ones and clients have access to a small range of their own static addresses;
  2. Mobile Internet for almost all providers works only through dynamic IP addresses.

DDNS services control changes in the router's dynamic address for permanent access to local network devices through a special static level 3 domain:

In more detail, the access scheme via DDNS is as follows:

  1. A local network device, such as an IP camera, receives a dynamic address from the router;
  2. We configure port forwarding on the router and gain access to the equipment according to the scheme “router address + port”;
  3. The provider assigns an external dynamic IP address to the connection;
  4. The DDNS service replaces the router’s IP with the address of our static 3rd level domain;
  5. Now we have access via the Internet using a domain name or “domain + router IP”;
  6. We watch video from the camera through the browser.

Port forwarding

Forwarding, or port redirection (Port Forwarding) is a prerequisite for access via the Internet to network devices connected through a router.

If port forwarding is not configured, a situation arises when by contacting the router address directly or through the DDNS service, only access to the admin section is available and nothing more.

Go to the local address of the camera, recorder or local server also does not give anything - only folders or a blank page are visible. Only assigning individual ports and setting up redirection in the router makes it possible to “reach” the desired camera or computer.

DDNS setup

Routers establish a connection to the Internet provider network via NAT technologies, which uses two types of addresses:

  • external (WAN) assigned by the provider when establishing a connection;
  • internal (LAN), which the router gives to network devices;

For normal functioning The WAN port forwarding address should not fall into the IP address zones starting with 10.0, 192.168. and 172.16.

If the external address is within the specified ranges, you will have to purchase a static “white” IP address or change the provider.

Local Address Reservation

Since with each connection, network devices are assigned a new dynamic IP, to access via DDNS we need to convert the current IP address to a “local static” one, otherwise we will not be able to get permanent access, because The router changes address when reconnecting or rebooting:

A unique MAC address must be specified in the documentation and network settings. We repeat this procedure for all devices that we plan to access via the Internet.

Setting up port forwarding

Go to the menu "Forwarding" => "Virtual Servers" and add a new port (“Add New...”):

  • Service Port – enter the device port for redirection;
  • IP Address – local IP that we have reserved for this MAC address;
  • Status And Common Service Port – leave unchanged.

Security Settings

Disable firewall router:


Port forwarding has been configured.

Automatic redirection

You can simplify the forwarding process by using the UPnP function. By default, it is activated in most routers and looks like this:


Here we see that the Skype and uTorrent ports are automatically forwarded. If your video equipment supports UPnP mode, then most of the ports will be forwarded without your participation.

Solving possible problems

  1. All settings are made correctly, but when accessing a network device, the router’s admin page continues to load. Try changing the value of http and media ports, forwarding and testing the connection from an external rather than local network.
  2. If nothing happens when you access the local device, check the following:
  • Antivirus tools and firewalls must be disabled or exceptions added to all forwarded ports;
  • The required ports can be opened by the provider only for static IP addresses;
  • Check that the NAT connection function with your provider is enabled;
  • When manually configuring network parameters, make sure that the gateway address of the device to which port forwarding is performed matches the IP address of the router;
  1. Connect an external open DMZ server. Now all external Internet requests are automatically redirected to the specified IP within the local network.
  2. Opening the required port on the device and router may not give the desired effect, even with a static IP, if it is closed by the provider. In such cases, you need to contact technical support with a request to open the required port.

Let's proceed to the next step and register on the free service no-ip.com. On home page click “Sign UP”:

Enter your email, login and password. The name of the static domain (host) through which access will be provided can be specified during registration or selected later (“Create my hostname later” in the registration form). Choose free tariff plan to get acquainted with the service. To confirm registration, follow the link sent by email.

Login to the created account and select « AddHost", enter the host name and select domain zone from section « Free DNS domain". We leave the remaining parameters unchanged.

Turn on the item "Port 80 Redirect" and specify the new port through which DDNS accesses the router.

The new management port is usually set to 8080. Settings in the admin area:


The No-IP account setup is complete, go back to the admin section of the router and select a service from the list of supported DDNS:

Enter your open account details and domain name. Turn on « EnableDDNS", click “Login” and after establishing a connection with the server, save the parameters.

Now, by accessing the website indicating the camera port, we get access to the video broadcast:

Network equipment may support proprietary services, for example, from D-Link and ASUS. Here's what the D-Link DDNS setup looks like:

The account only supports one host, which is enough for personal use and testing, but for larger systems use paid packages, for example from Dyn.com.

Setting up DDNS in IP cameras and DVRs

Cameras and DVRs support direct connection via a separate Internet connection without additional equipment. Setting up DDNS follows the same procedure as in routers: we create a DDNS domain and register its settings in the WEB interface of the device.

Example for IP camera RVi-IPC22DN:

and for Dahua HCVR4104C-W-S2 DVR:


As you can see, all parameters are standard and setup is not difficult. The only difference from a router is that via the DDNS domain it is possible to access only one device, since port separation is not used in this case.

A logical question arises: why such difficulties, if to establish a connection with the camera and access the video archive you just need to type the digital IP address in the browser?
Two arguments in favor of DDNS:

  • Remembering a domain name is easier than remembering a sequence of numbers;
  • Hacking passwords is simplified if the device's IP is known. Manufacturers assign addresses in their specially designated range, which is known to everyone and it will be easy for an attacker to understand that this IP relates specifically to video surveillance.
  • Make sure that on all cameras and recorders the gateway address matches the router, only the IP addresses should differ. Do not rely on automatic settings; check all parameters manually.
  • If the browser shows a blank page, make sure that the required plugins are from software cameras or recorders are installed and working correctly. Most equipment works in modern browsers by default, but there are models with non-standard video encodings.
  • When purchasing a static IP address from mobile providers, there may be a situation where a “static” IP address is only guaranteed legal entities, and for individuals it periodically changes “slightly”. This does not affect browsing the Internet in any way, but connecting to a router or IP camera is no longer possible without using DDNS.
  • Ports defined by UPnP are blocked at the provider level. In this case, try changing and forwarding the ports manually - devices usually reserve several ports through which they operate.
  • Check access and port forwarding only from a computer not connected to the local network. That's the only way they're visible possible problems settings and connections.
  • Use HTTPS or a VPN connection to encrypt your video and protect it from hackers.

Video surveillance via the Internet is becoming more popular and accessible every day, but not everyone has the opportunity to use a dynamic IP address or resort to services. An alternative option for connecting CCTV cameras to the Internet and then viewing the image on any device with Internet access is to set up DDNS, or assign each IP camera or DVR a separate permanent domain name.

DDNS stands for Dynamic Domain Name System, and can convert your dynamic IP address into a domain name, which you can then simply type into the address bar of your browser from any device connected to the Internet and access the camera image.

Step 1: register on the NO-IP service

One of the services that provides the opportunity to create a domain name for an IP address for free is Noip.com. We follow the link to the site, and in the first line you are immediately asked to enter the desired domain name. Enter any name that comes to mind and click on the green button.

You will now be redirected to the registration page. We enter a username and password, and also indicate an email address to which you must have access, since a link to activate your account will be sent to it. After all the data has been entered, click on the “Create My Free Account” button.

After registration, you will have your own free domain (for example, nabludaykin.hopto.org), now NO-IP will offer you a small guide on the necessary steps:

  • Step 1 - Create a hostname. (This step has already been completed);
  • Step 2 – Download the Dynamic Update Client (DUC). DUC stores your hostname, and is updated with the current IP address. (You don't need to download this tool as IP cameras and DVRs have built-in DUC);
  • Step 3 – Forward the router ports. We will dwell on this point in more detail.

Step 2: Router Port Forwarding

Now let's move on to the router settings. Port forwarding is the process of setting up a router to gain access to the DVR, cameras or any other network device from computers and other gadgets located outside the local network. Port forwarding allows you to assign an IP address and port number for routing network requests to specific devices.

You need to do port forwarding for the IP address of the NVR or . For example, the local IP address of the DVR is 192.168.0.188, then you need to go to the router port settings (usually located in the “virtual server” tab) and add port forwarding rules. Below are the interfaces of the 4 most popular manufacturers. Keep in mind that your router may display a different interface, but the logical structure in almost all devices is the path to settings virtual server intuitive.

Step 3: set up DDNS on the DVR

After entering the settings of your DVR, go to Settings > Network > DDNS Setting, check the “Enable DDNS” checkbox, then select “No-IP” in the “server type” line. For each equipment manufacturer, the names of the items may differ slightly, but the principle remains the same.

Fill in your information about account No-IP service:

  • Server type: No-IP
  • Server name: dynupdate.no-ip.com
  • Port: 80
  • Username: admin@site
  • Password: ******
  • Confirmation: ******
  • Domain: nabludaykin.hopto.org

Then log into your DVR's web interface, go to Network Settings > DDNS Settings, check the "enable DDNS" box, and then select "No-IP" from the list provided. Fill out the form with your available domain name, and then enter your account login and password.

After completing the above steps, you can visit your NVR with a free domain from any device by going to the address you provided, in our case nabludaykin.hopto.org.

Step 4: connect cameras

For correct settings DDNS for CCTV, you need to make sure that the IP cameras and DVR are connected to the same router and are also on the same LAN. To do this, you need to check the network settings of each device. We enter the IP address of each camera in the address bar of the browser, and we get to the network interface of the device. Here we need to tidy up the IP addresses of each camera and place them in the same subnet with the DVR.

If we configured the DVR as follows:

  • IP address: 192.168.0.188;
  • Subnet mask: 255.255.255.0;

Then the IP camera parameters should look something like this:

  • IP address: 192.168.0.21;
  • Subnet mask: 255.255.255.0;
  • Default gateway: 192.168.0.1.

Other dynamic IP address services

ChangeIP.com. Another reliable DDNS service. Today, the service offers free assignment of a domain name to a dynamic IP address; you can get up to 7 free sub-domains.

DNSExit.com. This service offers free DNS hosting for your own domains. If you don't have your own domain, you can also use theirs free service DNS with domains like publicvm.com and linkpc.net, after registration you can get two free sub-domains.

DNSExit is a professional DNS service provider. The company offers a free dynamic DNS service to users all over the world, and you can register your domain for free, or use a free second-level domain (sub-domain). A free second-level domain allows you to create a host name and specify a dynamic or static IP address.

Afraid.org. Quite an old provider of free DDNS reception – the company provides free registration dynamic DNS since 2001. Until now, their website is still open for free DDNS registration.

You may also be interested
Converting an FB2 File to a Microsoft Word Document
Trust payment 0
Converting an FB2 File to a Microsoft Word Document
Doc (word) to Fb2 converter A high-quality, free program in which you can...
Preparing for the flashing procedure
Trust payment 0
Preparing for the flashing procedure
Provides active customer support, releasing updates and upgrades for its...
Quick review of the Samsung Galaxy S6 Edge smartphone Memory, RAM, performance
Trust payment 0
Quick review of the Samsung Galaxy S6 Edge smartphone Memory, RAM, performance
A modification of Samsung's 2015 flagship, equipped with a unique curved display...
Selecting and connecting an antenna for the Internet at the dacha Homemade internal antenna for a 3g modem in a laptop
Services 0
Selecting and connecting an antenna for the Internet at the dacha Homemade internal antenna for a 3g modem in a laptop
A 3G modem is a good solution for accessing the Internet outside the city, where there are no local...
Blank certificate templates download
Trust payment 0
Blank certificate templates download
Beautiful options for ceremonial documents The momentous day has come when...
The meaning of binary code - why computers work with ones and zeros Message in binary code
Services 0
The meaning of binary code - why computers work with ones and zeros Message in binary code
Because it is the simplest and meets the requirements: The fewer values ​​there are in...