I'm tasked with setting up access to IP cameras in remote construction sites in the Philippines.
The internet access is provided via Ubiquiti Power Beam from the only supplier available in the area. They have 6 or 7 levels of NAT and only basic load balancing between their providers there's no possible dedicated IP addresses and they can't reconfigure their network to allow remote access to the cameras.
It's my hope we could set up a VPN tunnel from the LAN with the cameras to a public web server (running some VPN software), allowing remote users to connect to the public web server IP address to be routed to the cameras on the LAN.
Possibly a separate port for each camera and no more than 3 cameras per site. This tunnel would hardly be used at all with only an occasional connection from a single remote viewer in the event of an alert being sent.
Is this even possible? What software/packages are recommended? What terminology should I be using for this type of setup?
And of course: Is there an easier way with the existing infrastructure?
Any info much appreciated.
Best Answer
The main solution for such scenarios is a reverse-connection. As the service(s) (cameras in your case) are not accessible directly, you have to make a tunnel/connection from that private network back to a public server of yours, to which users have access. The idea is to make a mapping like:
where CameraLANServer must be default gateway for the cameras and must connect back to public server using any available tunneling protocol, SOCKS proxy or SSH port forwarding, and the ports X,Y,Z to be available (opened on its firewall).
Packet/Port Forwarding must also be activated and configured on PublicServer towards the incoming connection/tunnel from CameraLANServer. (details depends on the platforms e.g. Windows, Linux, ... used at each side)