Jump to content

Got network?

Guest asrequested

By Guest asrequested
in Hardware

 Share

Recommended Posts

Tur0k

Tur0k   143

Posted
Posted

Which cameras are you going with? I am thinking of going w/ the Unifi outdoor gear, reviews are good and I love my other Ubiquiti stuff.

I am on the fence. I am going to pick up a G3 dome and play.

 

From a hardware perspective I know for sure that I want digital 1080p or higher video. I probably need onvif and or RTSP streaming support.

 

I definitely want to host my NVR on a server (probably Linux). I am looking at a Ubiquiti or zoneminder NVR. My hope is to tie in LPR capture into the system. My HA server can be configured to integrate with my security cameras too but need to make sure that I can get it to work with either RTSP or ONVIF.

 

 

Ubiquiti cams support microphone, HD, and night vision. And the video and mic performance is highly rated. They are also priced really well considering the feature set.

Ubiquiti has their own NVR software and they don't charge for it. so I could host the server on just about anything. I don't think the NVR is compatible with non Ubiquiti cams though.

 

I think the Ubiquiti cams are still passive POE though so they won't work in conventional POE switches. I would either need the Ubiquiti passive power injector, a Ubiquiti POE switch (and set the sw-port to passive Poe), or a ubiquiti Poe af/at converter.

 

I have heard that the G3 bullet and dome cams support RTSP but still does not support ONVIF for the feed.

 

 

Sent from my iPhone using Tapatalk

Link to comment
Share on other sites
mastrmind11

mastrmind11   717

Posted
Posted

I am on the fence. I am going to pick up a G3 dome and play.

 

From a hardware perspective I know for sure that I want digital 1080p or higher video. I probably need onvif and or RTSP streaming support.

 

I definitely want to host my NVR on a server (probably Linux). I am looking at a Ubiquiti or zoneminder NVR. My hope is to tie in LPR capture into the system. My HA server can be configured to integrate with my security cameras too but need to make sure that I can get it to work with either RTSP or ONVIF.

 

 

Ubiquiti cams support microphone, HD, and night vision. And the video and mic performance is highly rated. They are also priced really well considering the feature set.

Ubiquiti has their own NVR software and they don't charge for it. so I could host the server on just about anything. I don't think the NVR is compatible with non Ubiquiti cams though.

 

I think the Ubiquiti cams are still passive POE though so they won't work in conventional POE switches. I would either need the Ubiquiti passive power injector, a Ubiquiti POE switch (and set the sw-port to passive Poe), or a ubiquiti Poe af/at converter.

 

I have heard that the G3 bullet and dome cams support RTSP but still does not support ONVIF for the feed.

 

 

Sent from my iPhone using Tapatalk

Yeah that's what I've been reading.  They definitely support RTSP but has to be enabled manually.  I've seen several posts re them working with Blue Iris, but their NVR stuff definitely locks out 3rd party stuff.... for good reason IMO.  I'm not sure I'd pay for their NVR box, I'd just install their software on my Emby server alongside everything else.  I've read great things about their software... biggest gripe is that it's not integrated into the exiting controller dashboard (which seems retarded but I'm sure it'll get there).  My biggest hurdle is trying to figure out the cable runs, since I'm basically 75% MoCA (1942 house).  This PoE stuff is amazing for new construction or remodels, but it's a true pain in the dick for old homes (fwiw, so is home automation....  went down that route as a trial and realized pretty damn quickly it doesn't jive for existing old home infrastructure).  

  • Like 1
Link to comment
Share on other sites
Tur0k

Tur0k   143

Posted
Posted

Aww man! My wheels are spinning, again. Even though I have two 10G switches, that work very well. Now I want this Unifi 10G switch, and this Unifi POE switch, LOL

 

I guess I could sell one of the others... :D

That looks sick. Do note that the us-24-250w's only have SFP ports. Those are rated for 1Gbps only. The US-48-xxx models have SFP+ ports that are rated for 10Gbps.

 

 

Sent from my iPhone using Tapatalk

Link to comment
Share on other sites
Guest asrequested

Guest asrequested  

Posted
Posted (edited)

That looks sick. Do note that the us-24-250w's only have SFP ports. Those are rated for 1Gbps only. The US-48-xxx models have SFP+ ports that are rated for 10Gbps.

 

 

Sent from my iPhone using Tapatalk

Yeah, that switch will handle all the extraneous stuff. AP, AVR etc. My computers are all SFP+, that's why two switches. I'll probably sell my Quanta.

Edited by Doofus
Link to comment
Share on other sites
Guest asrequested

Guest asrequested  

Posted
Posted (edited)

ah ok fair enough. you can make it HTTPS quite easily. a free lets encrypt cert and a program called keystore explorer - https://blog.awelswynol.co.uk/2017/07/unifi-controller-install-and-ssl-https 

 

@@Swynol 

 

Reading through your guides (awesome, btw), you state the prerequisites. To get the cert I have to have a domain. I don't have one, and I don't want to make one. I don't want to create more layers that I have to manage. Is there no way to encrypt the controller without having to go through that procedure? I may just disable cloud access if it can't be secured.

 

I'm just going to put the whole machine behind my VPN client. That way, everything is encrypted.

Edited by Doofus
Link to comment
Share on other sites
Swynol

Swynol   375

Posted
Posted

It depends how your accessing your UniFi controller. I'm guessing your accessing it internally on your network. Which means you don't have to use https, as its internal and you don't need to encrypt traffic. If your accessing it externally then HTTPS is preferred obviously, but without a domain name how would you access it externally?

 

If your using a ddns then you could use a self signed cert

 

 

Sent from my iPhone using Tapatalk

Link to comment
Share on other sites
Swynol

Swynol   375

Posted
Posted

Otherwise yesVPN is the answer. UniFi has a built client that uses L2TP and the built in radius server. I use this sometimes when accessing anything from untrusted public places

 

 

Sent from my iPhone using Tapatalk

Link to comment
Share on other sites
Tur0k

Tur0k   143

Posted
Posted (edited)

Yeah that's what I've been reading. They definitely support RTSP but has to be enabled manually. I've seen several posts re them working with Blue Iris, but their NVR stuff definitely locks out 3rd party stuff.... for good reason IMO. I'm not sure I'd pay for their NVR box, I'd just install their software on my Emby server alongside everything else. I've read great things about their software... biggest gripe is that it's not integrated into the exiting controller dashboard (which seems retarded but I'm sure it'll get there). My biggest hurdle is trying to figure out the cable runs, since I'm basically 75% MoCA (1942 house). This PoE stuff is amazing for new construction or remodels, but it's a true pain in the dick for old homes (fwiw, so is home automation.... went down that route as a trial and realized pretty damn quickly it doesn't jive for existing old home infrastructure).

That does sound rough. I haven't had to mess with MOCA much. What kind of bandwidth do you get out of it?

 

Ease of cabling, a usable basement, an attic, and a three car garage were on my list of needs when we were in the market to buy. My house is a ranch style, with a walkout basement. I have a storage room in the basement where the furnace is. There is also a large cavity that follows the ducting, in the basement, over to the opposite side of the structure that I can run cables through. There is also a attic space over everything except for the living room and stairwell.

 

I setup a central patch panel on the wall in my storage room, and ran 2 Cat6 network drops to my living room, both bedrooms upstairs, the basement bedroom, my office area and the HTPC room. I ran a single drop to the attic for my wireless AP. I need to run two more to my master bedroom.

 

For my security camera system I want to run cat 6 runs to:

1 to the front entry,

2 to each of the corners of the front of house,

1 to the garage entrance,

1 to the walk out basement

1 to upstairs deck entrance.

2 to the south west corner of the house.

 

My house was not pre-wired for home automation. I ended up going with a Z-wave wireless network for HA control.

 

Right now I am automating all exterior lighting based on dusk/dawn.

 

I have routines for controlling holiday lighting for all the holidays we observe.

 

I am automating interior lighting based on motion, time of day, and door open/close, switch scene (how many times you push the paddle). I also, control brightness based on time of day. I have my front entry way, my kitchen, dining room, living room, hallway, stairwell, basement living area/office, basement HT room, master bedroom.

 

I am controlling my HVAC system based on occupancy and outside temp.

 

I am controlling and synchronizing my ceiling fans with the furnace fan.

 

I am working on Washer dryer status and notifications.

 

I can override my automated sprinkler control.

 

Voice control using Amazon dot in main living room.

 

I have pushover configured for system notifications.

 

I also am working on moisture detection and notification in:

1. All bathrooms

2. the furnace room

3. At the main waterline coming into the house.

4. The laundry room.

5. The kitchen sink.

6. Behind the refrigerator and freezer.

 

I am working on adding in:

1. automated blinds

2. integrated alarm system so I can capture open/close state on all all entry points and windows.

3. Attic temp monitoring and attic fan control in the evening.

4. whole home audio integration (I will need to add in more CAT6 and speaker wiring).

5. Further developing home occupancy detection.

6. Control of the garage door, front door and garage side door.

7. Voice control in my HTPC/basement living area.

8. Home security camera integration.

9. Exterior accent lighting and control.

10. Lighting control of the downstairs hallway.

11. Lighting control of all three remaining bedrooms.

12 Lighting control of the laundry room.

13. Lighting control of the storage room.

14. A light and Lighting control of the water main closet.

15. ceiling fan control of the fans in two of the bedrooms.

16. Humidity level and on/off state of my subfloor fan.

17. control brightness during the day based on outside cloud cover.

18. Detect Pause/play state on INTERIOR Emby clients.

19. Send notifications to Emby Theatre from the HA controller (ex: on washer dryer state, or someone being at the front door).

20. Turn off/on network device based on occupancy state.

 

 

Sent from my iPhone using Tapatalk

Edited by Tur0k
  • Like 2
Link to comment
Share on other sites
Tur0k

Tur0k   143

Posted
Posted (edited)

@@Swynol

 

Reading through your guides (awesome, btw), you state the prerequisites. To get the cert I have to have a domain. I don't have one, and I don't want to make one. I don't want to create more layers that I have to manage. Is there no way to encrypt the controller without having to go through that procedure? I may just disable cloud access if it can't be secured.

 

I'm just going to put the whole machine behind my VPN client. That way, everything is encrypted.

If you are hosting your controller internally I don't think you need to worry much for internal network access. If you make the management interface accessible publicly (I don't recommend this), I would recommend working out a way to either use a publicly trusted cert or import a self signed certificate into your system.

 

you could stand up an internal certificate authority and import the trusted root cert to your client systems (do the import while on your internal network to minimize the potential for an MITM attack).

 

Purchasing a domain is pretty cheap. You could by one for $10-$15 annually. I went with google but you could opt for a namecheap domain too. After that you would need a publicly trusted SSL certificate. Lets encrypt is a free SSL cert that can be used with any real domain. You other alternative is to pickup an SSL certificate for your domain, I would recommend comodo for this. Their low end SSL cert should be around $15 annually.

 

Most DDNS subdomains won't allow you pickup publicly trusted SSL certificates (though I have heard that Duckdns supports this).

 

 

Sent from my iPhone using Tapatalk

Edited by Tur0k
Link to comment
Share on other sites
Guest asrequested

Guest asrequested  

Posted
Posted

It depends how your accessing your UniFi controller. I'm guessing your accessing it internally on your network. Which means you don't have to use https, as its internal and you don't need to encrypt traffic. If your accessing it externally then HTTPS is preferred obviously, but without a domain name how would you access it externally?

 

If your using a ddns then you could use a self signed cert

 

 

Sent from my iPhone using Tapatalk

 

Otherwise yesVPN is the answer. UniFi has a built client that uses L2TP and the built in radius server. I use this sometimes when accessing anything from untrusted public places

 

 

Sent from my iPhone using Tapatalk

 

 

If you are hosting your controller internally I don't think you need to worry much for internal network access. If you make the management interface accessible publicly (I don't recommend this), I would recommend working out a way to either use a publicly trusted cert or import a self signed certificate into your system.

 

you could stand up an internal certificate authority and import the trusted root cert to your client systems (do the import while on your internal network to minimize the potential for an MITM attack).

 

Purchasing a domain is pretty cheap. You could by one for $10-$15 annually. I went with google but you could opt for a namecheap domain too. After that you would need a publicly trusted SSL certificate. Lets encrypt is a free SSL cert that can be used with any real domain. You other alternative is to pickup an SSL certificate for your domain, I would recommend comodo for this. Their low end SSL cert should be around $15 annually.

 

Most DDNS subdomains won't allow you pickup publicly trusted SSL certificates (though I have heard that Duckdns supports this).

 

 

Sent from my iPhone using Tapatalk

 

It's mostly because I have to sign in. I wasn't feeling comfortable not having that info encrypted. 99% of the time, I'm accessing it from home. But that does raise a question. The only way I access it remotely, I use the app on my phone. Is that secure? Is there encryption in the app. I hadn't thought about that...

Link to comment
Share on other sites
mastrmind11

mastrmind11   717

Posted
Posted

It's mostly because I have to sign in. I wasn't feeling comfortable not having that info encrypted. 99% of the time, I'm accessing it from home. But that does raise a question. The only way I access it remotely, I use the app on my phone. Is that secure? Is there encryption in the app. I hadn't thought about that...

Yes, the app just redirects through the ubqt server which is https.

Link to comment
Share on other sites
mastrmind11

mastrmind11   717

Posted
Posted

That does sound rough. I haven't had to mess with MOCA much. What kind of bandwidth do you get out of it?

 

 

I'm using the new-ish Actiontec bonded adapters, which are MoCA 2.0.  Theoretical bandwidth is 1 Gbps, I'm averaging 800Mbps internally, which is more than enough obviously.  The biggest pain in the ass was to find all the coax splitters scattered throughout the house and upgrade them to 1500Mhz so they'd work with 2.0....  I was dropping connection to the internet every couple of minutes until I figured out that little bit....   wife and kids were not happy for a couple days lol

 

I'm actually very impressed w/ MoCA... beats the hell out of the powerline stuff I was using previously.

  • Like 1
Link to comment
Share on other sites
Tur0k

Tur0k   143

Posted
Posted

I'm using the new-ish Actiontec bonded adapters, which are MoCA 2.0. Theoretical bandwidth is 1 Gbps, I'm averaging 800Mbps internally, which is more than enough obviously. The biggest pain in the ass was to find all the coax splitters scattered throughout the house and upgrade them to 1500Mhz so they'd work with 2.0.... I was dropping connection to the internet every couple of minutes until I figured out that little bit.... wife and kids were not happy for a couple days lol

 

I'm actually very impressed w/ MoCA... beats the hell out of the powerline stuff I was using previously.

That is interesting I kinda had a learning curve when I added a HDHomerun and cable card to my LAN and COAX home network. I monitor ISP up/down by pinging IPv4 and IPV6 addresses on the public Internet from my firewall. I have notifications setup to send me pushover messages when the ISP goes down. I ended up noticing that my modem was dropping network connectivity to the public Internet.

 

I found that my downlink power, downlink SNR, and uplink power were out of excellent requirements. Last Friday, I picked up some new 6 coax cables and a 3.5DBmV two way splitter. Now my internet has been rock solid since Friday.

 

 

Sent from my iPhone using Tapatalk

Link to comment
Share on other sites
Tur0k

Tur0k   143

Posted
Posted

That isn't bad at all. I need to check the connection on the outside of my house to ensure I am not fighting any corrosion. think I will pick one of these.

 

 

Sent from my iPhone using Tapatalk

Link to comment
Share on other sites
Guest asrequested

Guest asrequested  

Posted
Posted

That isn't bad at all. I need to check the connection on the outside of my house to ensure I am not fighting any corrosion. think I will pick one of these.

 

 

Sent from my iPhone using Tapatalk

It works very well.

Link to comment
Share on other sites
mediacowboy

mediacowboy   438

Posted
Posted

So, apparently my new Unifi 10G switch is going to be free :D

WHAT!?!? How?

 

Sent from my SM-G955U using Tapatalk

Link to comment
Share on other sites
Guest asrequested

Guest asrequested  

Posted
Posted

WHAT!?!? How?

 

Sent from my SM-G955U using Tapatalk

 

Well, the delivery company (Ontrac sucks so badly), screwed up so much, that Amazon have written it off and are refunding my money. The switch arrived, today. Wanna know what's really nuts? In the process to get it sorted out, Amazon have shipped two more to me. They are still in transit. I have no idea what's going to happen with those. They may or may not show up... lol

  • Like 1
Link to comment
Share on other sites
Tur0k

Tur0k   143

Posted
Posted (edited)

Yea, I know a lot of people who have had tons of trouble with the sub-par performance of the outsourced delivery drivers. They are saving bucks going with these guys but there is no avenue to measure performance or file complaints against a specific person. This is why people use real delivery services to ship and deliver, having a guy in a car do a crappy job at the end doesn't instill trust in amazon's services.

 

 

Sent from my iPhone using Tapatalk

Edited by Tur0k
Link to comment
Share on other sites
Guest asrequested

Guest asrequested  

Posted
Posted

Yea, I know a lot of people who have had tons of trouble with the sub-par performance of the outsourced delivery drivers.

 

 

Sent from my iPhone using Tapatalk

 

UPS and FedEx have been great. Ontrac have actually lost 50% of my deliveries, and failed to deliver most of the rest.

  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...