How to configure no ip for surveillance. Free dynamic DNS from No-IP. Description of registration on the NO-IP service

DDNS – Dynamic DNS (dynamic DNS).
Very often, Internet providers provide an external dynamic IP address when connecting to the network (Stream, Beeline/Corbina, etc.). This is enough for the vast majority of users. However, in some cases (for online games, to access your computer from outside), an external static address is required. Not all providers provide this service, and if they do, it is for an additional fee. You can get around this problem using DDNS technology, which allows you to associate an external dynamic IP address and a permanent domain name. You can use DDNS completely free of charge!

Port 80 forwarding. It will be useful for those who have configured their web server on a non-standard port. Eliminates the need to enter a port number in address bar browser.
TTL equal to 4 hours. Suitable for those whose address changes relatively rarely (computer, router works all day or longer). In this case, the access speed will be higher, because DNS caching mechanisms will be used.

For myself, I chose no-ip.com because of the longer account validity period.

Now let's move on to registering on the site.

Registration on no-ip.com

Fill out the registration form:

It is necessary to fill in all fields except Zip/Postal Code.

Currently, a glitch has emerged related to mail.ru addresses.. When I try to register I get an error - “Enter a valid email address”. The solution is to use any other mailing address. It has been verified that with mail from Yandex, and even more so Gmail registration goes through without problems.

After clicking the I Accept, Create my Account button, an email will be sent to your address with a link to activate your account. After activation, go to the site again and enter your username/password. After logging into your account, go to the Add a Host section:

and go to the host settings:

Hostname – select a third-level domain name. In the drop-down list on the right, select the second-level domain (whichever you like best).
Host Type – to bind to an IP address, select DNS Host(A). DNS Host(Round Robin) – for linking a domain name to several IP addresses (for load balancing, paid function). DNS Alias(CNAME) – binding to domain name(creating a synonym). Port 80 Redirect – redirection of port 80 (otherwise similar to DNS Host(A)). Web Redirect – binding to URL.
Mail Options – leave unchanged.
Finally, click Create Host.

Before starting installation, make sure you are connected to the Internet.

Let's launch the installer. Everything is standard: select the location, check the Launch No-IP DUC option (to launch the updater immediately after installation is completed).

Let's move on to the settings.

First, you need to enter the username and password you are using. If the login and password are correct, you should see a list of registered hosts (see Hosts).

To update DNS, you need to check the boxes next to the hosts (domains) you need. The update process begins immediately after checking the box (no additional buttons need to be pressed). Under the list of hosts, the program displays the IP address used for updating (highlighted in red in the screenshot).

To access additional settings Click the Options button.

Standard tab. There are four options:

• Run on startup. Automatic start programs when the user logs into the system. Also adds a program icon to the tray.
• Use alternate port. Use an alternative port. Instead of connecting to port 8245 (by default), the program will use port 80. This setting should be used in case of problems connecting to the no-ip server (for example, if the provider blocks port 8245).
• Run as a system service. Run as a service. The setting is very useful if you have multiple users on your system. Starts the no-ip client before the user logs in. Indispensable for servers. This setting can be combined with Run on startup (if the user does log in, he will have a no-ip icon in the tray).
• Require password to resore window from system tray. Require a password when opening the configuration window. Allows you to protect client settings with a password. The only way to bypass the password is to uninstall and reinstall the client.

Connection tab. Standard sub-tab. There are three options here:

• Override automatic connection detection and Override automatic ip detection. These options are useful for users who have several network cards and at the same time several active connections. For example, connected by local network and simultaneously via wi-fi. The first option allows you to manually define the interface through which the connection to the no-ip server will be made. The second option allows you to manually define the interface through which your external IP address will be determined.
• The third option allows you to change the frequency with which the client checks for changes in the external IP address. By default, this interval is 30 minutes. I advise you to change this option only if your IP changes very often (reduce the interval to 5-10 minutes).

Connection tab. Proxy subtab.

If your connection to the Internet is made through a proxy server, then here you can define the parameters for connecting to it.

Typically, proxy servers are almost never found on home networks, so this tab is of no interest to ordinary users. The same can be said about the Scheduling/Autodial and Other bookmarks; I will omit their description.

Configuring a router (D-link DI-804) to work with DDNS
Setup is very simple (it’s similar on other routers that support DDNS).
Go to the DDNS settings section.

Set the DDNS Enabled option.
In the Provider field, select no-ip.com or dyndns.com.
In the Host Name field, enter the domain name (for example example.no-ip.org).
In the Username / E-mail field and in the Password / Key field, enter the login / password with which you registered on the DDNS provider’s website.
Save the settings. Reboot the router. All.

No-IP is best app in its class, which is also capable of working with dynamic IP addresses. In fact, it doesn’t matter what kind of Internet connection you use and what your address is, as well as what subnet it is from. With this program, users can easily visit the server installed on your computer because... Instead of four sets of numbers, you can be found by an easy-to-remember domain name.

Get a name for your computer that is very easy to remember.

Typically, IP addresses that are assigned to a computer are very difficult to remember. You don’t type the address “66.218.71.113” in your browser in order to get to the page of one of the most popular search engines, which is available for viewing at yahoo.com? With this program, your computer will have a name, not just a numeric address. Using this software, you can have servers on your computer that will be as accessible as the largest sites on the Internet.

Make your location permanent

If every time you connect to the Internet your computer is assigned a dynamic IP address, then by installing this program you can solve this problem. But that's not all, regardless of where, when, to which provider and using what type of connection (Dial-up, DSL, high-speed cable connection or wireless connection) you connect, you will always have the same address in in the form of your chosen name.

Ability to shorten your favorite URLs

If you want, you can shorten and simplify links to your favorite Internet pages. For example, the link "www.someisp.com/subscribers/j/s/~jsmith" can be turned into a simpler version like "jsmith.hopto.org" for free.

Key Features and Functions

• the ability to automatically configure the network, which makes the installation process much faster;
• ease of use. The client downloads everything from hosts that are associated with yours account. Just check the ones you want to update;
• ability to use encrypted data. When updating, requests are encrypted to ensure data integrity;
• can work as an NT service. You do not need to launch the client every time you restart your computer.

Special Requirements

• processor: 266 MHz or better;
• RAM: 64 MB;
• free hard disk space: 5 MB;
• Internet connection.

Note: No-IP is free for personal use only. If you expect high traffic or commercial use, then check out the No-IP Enhanced or No-IP Plus programs.

The development of the Internet has not bypassed video surveillance systems, and now remote control of objects is available from anywhere in the world. IP cameras connect directly to the network, video archives are recorded in cloud storage, and tariffs are available for all categories of users, for example, from Ivideon.

1. Video broadcasts from cameras pass through third-party servers, and the archive is stored there. Despite all the assurances of maintaining confidentiality and encrypting data, it is impossible to completely eliminate the risk of unauthorized access, and for sensitive objects such an organization of surveillance is unacceptable. From a security point of view, it is better to connect to the equipment directly, through a secure VPN connection, without unnecessary intermediaries.
2. Each camera or video recorder needs to be provided with its own Internet connection, which can be technically and financially expensive, especially if surveillance most of the time takes place within the local network of the object and remote access via the Internet is not a frequently requested function. It’s easier to connect all devices via one Internet connection using a router and set up remote access using DDNS technology.

As an example, we useTP-Link TL-WR740N. This router, with a good price/quality ratio, is widely used among home users and small businesses, and is often offered by Internet service providers with their own firmware. We use an English-language interface to avoid confusion. DDNS settings and partition names are the same on equipment from any manufacturer, but the Russian translation is sometimes different.

DDNS or DynDNS technology will connect via the Internet to video cameras and DVRs located on the local network using a router and dynamic IP addresses.

This formulation is incomprehensible to most users, so we will analyze the network connection process in detail.

Each router contains an internal list of IP addresses, which are automatically assigned to each connected network device(computer, smartphone, IP video camera, video recorder, etc.). With each new connection, the address is selected randomly - this is dynamic IP addresses :

In addition to dynamic ones, constant or static IP addresses, both for the router and for connected devices:

Internet providers also work according to the same scheme for distributing IP addresses. When a connection is established, the computer or router is connected to the provider’s global network and, through DHCP, the server receives a new dynamic IP address:

A static IP address is provided by providers for a fee, and it happens that it is impossible to obtain an address:

1. Small providers work through larger ones and clients have access to a small range of their own static addresses;
2. Mobile Internet for almost all providers works only through dynamic IP addresses.

DDNS services control changes in the router's dynamic address for permanent access to local network devices through a special static level 3 domain:

In more detail, the access scheme via DDNS is as follows:

1. A local network device, such as an IP camera, receives a dynamic address from the router;
2. We configure port forwarding on the router and gain access to the equipment according to the scheme “router address + port”;
3. The provider assigns an external dynamic IP address to the connection;
4. The DDNS service replaces the router’s IP with the address of our static 3rd level domain;
5. Now we have access via the Internet using a domain name or “domain + router IP”;
6. We watch video from the camera through the browser.

Port forwarding

Forwarding, or port redirection (Port Forwarding) – required condition for access via the Internet to network devices connected through the router.

If port forwarding is not configured, a situation arises when by contacting the router address directly or through the DDNS service, only access to the admin section is available and nothing more.

Jump by local address camera, recorder or local server also does not give anything - only folders or a blank page are visible. Only assigning individual ports and setting up redirection in the router makes it possible to “reach” the desired camera or computer.

DDNS setup

Routers establish a connection to the Internet provider’s network using NAT technology, which uses two types of addresses:

• external (WAN) assigned by the provider when establishing a connection;
• internal (LAN), which the router gives to network devices;

For normal operation of WAN port forwarding, the address should not fall into the IP address zones starting with 10.0, 192.168. and 172.16.

If the external address is within the specified ranges, you will have to purchase a static “white” IP address or change the provider.

Local Address Reservation

Since network devices are assigned a new dynamic IP each time they connect, to access via DDNS we need to convert the current IP address to a “local static” one, otherwise we will not be able to get permanent access, because The router changes address when reconnecting or rebooting:

A unique MAC address must be specified in the documentation and network settings. We repeat this procedure for all devices that we plan to access via the Internet.

Setting up port forwarding

Go to the menu "Forwarding" => "Virtual Servers" and add new port(“Add New…”):

• Service Port – enter the device port for redirection;
• IP Address – local IP that we have reserved for this MAC address;
• Status And Common Service Port – leave unchanged.

Security Settings

Disable the router's firewall:

Port forwarding has been configured.

Automatic redirection

You can simplify the forwarding process by using the UPnP function. By default, it is activated in most routers and looks like this:

Here we see that the Skype and uTorrent ports are automatically forwarded. If your video equipment supports UPnP mode, then most of the ports will be forwarded without your participation.

Solving possible problems

1. All settings are made correctly, but when accessing a network device, the router’s admin page continues to load. Try changing the value of http and media ports, forwarding and testing the connection from an external rather than local network.
2. If nothing happens when you access the local device, check the following:

• Anti-virus tools and firewalls must be disabled or exceptions added to all forwarded ports;
• The required ports can be opened by the provider only for static IP addresses;
• Check that the NAT connection function with your provider is enabled;
• At manual setting network parameters, make sure that the gateway address of the device to which port forwarding is performed matches the IP address of the router;

1. Connect an external open DMZ server. Now all external Internet requests are automatically redirected to the specified IP within the local network.
2. Opening the required port on the device and router may not give the desired effect, even with a static IP, if it is closed by the provider. In such cases, you need to contact technical support with a request to open the required port.

Let's get started next step and register on the free service no-ip.com. On the main page, click “Sign UP”:

Enter your email, login and password. The name of the static domain (host) through which access will be provided can be specified during registration or selected later (“Create my hostname later” in the registration form). Choose free tariff plan to get acquainted with the service. To confirm registration, follow the link sent by email.

Login to the created account and select « AddHost", enter the host name and select the domain zone from the section « Free DNS domain". We leave the remaining parameters unchanged.

Turn on the item "Port 80 Redirect" and specify the new port through which DDNS accesses the router.

The new management port is usually set to 8080. Settings in the admin area:

The No-IP account setup is complete, go back to the admin section of the router and select a service from the list of supported DDNS:

Enter your open account details and domain name. Turn on « EnableDDNS", click “Login” and after establishing a connection with the server, save the parameters.

Now, by accessing the website indicating the camera port, we get access to the video broadcast:

Network equipment may support a proprietary service, for example, from D-Link companies and ASUS. Here's what the D-Link DDNS setup looks like:

An account only supports one host, which is sufficient for personal use and testing, but for larger systems, use paid packages such as those from Dyn.com.

Setting up DDNS in IP cameras and DVRs

Cameras and DVRs support direct connection via a separate Internet connection without additional equipment. Setting up DDNS follows the same procedure as in routers: we create a DDNS domain and register its settings in the WEB interface of the device.

Example for IP camera RVi-IPC22DN:

and for Dahua HCVR4104C-W-S2 DVR:

As you can see, all parameters are standard and setup is not difficult. The only difference from a router is that via the DDNS domain it is possible to access only one device, since port separation is not used in this case.

A logical question arises: why such difficulties, if to establish a connection with the camera and access the video archive you just need to type the digital IP address in the browser?
Two arguments in favor of DDNS:

• Remembering a domain name is easier than remembering a sequence of numbers;
• Hacking passwords is simplified if the device's IP is known. Manufacturers assign addresses in their specially designated range, which is known to everyone and it will be easy for an attacker to understand that this IP relates specifically to video surveillance.

• Make sure that on all cameras and recorders the gateway address matches the router, only the IP addresses should differ. Don't rely on automatic setup, check all parameters manually.
• If the browser shows a blank page, make sure that the required plugins are from software cameras or recorders are installed and working correctly. Most equipment works in modern browsers by default, but there are models with non-standard video encodings.
• When purchasing a static IP address from mobile providers, there may be a situation where a “static” IP address is guaranteed only to legal entities, and individuals it changes “slightly” periodically. This does not affect browsing the Internet in any way, but connecting to a router or IP camera is no longer possible without using DDNS.
• Ports defined by UPnP are blocked at the provider level. In this case, try changing and forwarding the ports manually - devices usually reserve several ports through which they operate.
• Check access and port forwarding only from a computer not connected to the local network. That's the only way they're visible possible problems settings and connections.
• Use HTTPS or a VPN connection to encrypt your video and protect it from hackers.

I am rather paranoid and until now I have kept all access to the local area from the Internet closed. Although, on the other hand, even a physical shutdown does not provide a full guarantee, as removable media remains. And if transmission, bttorrentsync, etc. works... In general, several applications have been invented that require external access to the local area - owncloud, remote backup via the Internet, etc. Let's start with DDNS

Let me warn you right away that Captain Obvious is with me. Just for a beginner, I’ll try to put it in simple words.

Let's start with a simplified theories. IN global network The right to use an IPv4 address (for example 95.24.156.147) can be obtained from the authority, IANA. Total addresses 2^32 (~ 4 billion), part given for special purposes - not enough for everyone. This is partly why in isolated home network Addresses of the form 192.168.0.0/16 are usually used, which are the same in all such networks. This allows you to save address space. But as a result inside the home network and outside the addresses are different. Your network receives one external address, from the provider (to whom you pay for the Internet). And they give him away for rent for a while, and can be changed at any time. Therefore, it is somewhat difficult to reach your home network via IP. There are two main ways - rent a permanent (static address) from your provider. For example, with my provider it costs 130 rubles/month. This is worth doing if you have important applications, such as client-bank, because... a static address has a positive effect on security. But in most cases, the second method is easier - DDNS.

The essence DDNS is that you assign someone (the DNS server) to track changes in your real, dynamic, IP address and associate this address with a permanent name, for example vasia_pupkin.ddns.com. In order for the DNS server to know about the changes, someone from your network must periodically connect to this DNS server, log in and report their current IP. Usually this work is performed by the router.

The good news is that in its simplest, home-friendly form, DDNS services can be found for free. Choosing a provider DDNS- the topic is long, start with the list that your router supports. Google yours, many routers can do this. If it doesn’t, nas4free can take over this role, Services|Dynamic DNS (I didn’t set it up, but everything is similar there). , for example, suggests the following

As seen, I chose no-ip. Simply because it works. Let's set it up.

1) Register at https://www.noip.com/newUser.php, this is a free option. Many places will offer paid upgrades, this is not required for the home.
As always, you will need an address Email. It’s bad that mail.ru won’t work. yandex.com and google.com - accepts.

2) Go in and get to the graphic menu


Select "Add Host"

3) We get into the dialogue below (you can also get into it through the menu - Add Host)


There are a lot of fields, there are more below. But in the simplest case, you only need to fill in two
Hostname- choose something instead of vasia_pupkin
And from the long list to the right you need to select a second-level domain. no-ip.info good for free service. Most of the rest are offered for the opportunity to ask you for money.
There is no need to fill in the IP address - the system determines it itself. But if you fill it out, nothing will change.
Click the orange Add Host button below - you're done.
Note - the functionality of the service is broader - it may come in handy later.

4. Now all that remains is to configure the router (or NAS) to knock on no-ip and report your address. Using my router as an example, yours (and nas4free) are all the same.

Follow the checkboxes - enable the DDNS service, select the no-ip provider from the list, provide the name of the created host, login and password for connecting to no-ip, and apply.

5. Communication check. All that remains is to check. The natural instinct is to type vasia_pupkin.no-ip.info in your browser's address bar (do this)
Oops! We are asked to log into the router's webgui! So, now any kulkhatskher will come to visit me as if it were his own home?!!
The answer is both yes and no. That is, the robots will break in and, if you later open the channel, they can pick up or even eavesdrop on your passwords.
No, because you haven't discovered anything yet. You simply led those who knew your domain name vasia_pupkin.no-ip.info to the router door that was closed from the outside. By the way, this is a reason not to highlight your chosen domain name in vain.

And you see an invitation to enter the router login password because you approached the same door from INSIDE, from the trusted zone.
You can verify its functionality by pinging your domain from the command line
ping vasia_pupkin.no-ip.info
If it works you will get something like
PING vasia_pupkin.no-ip.info (96.28.157.147) from 192.168.1.34: 56 data bytes
64 bytes from 95.27.155.134: icmp_seq=0 ttl=64 time=0.283 ms
64 bytes from 95.27.155.134: icmp_seq=1 ttl=64 time=0.292 ms
64 bytes from 95.27.155.134: icmp_seq=2 ttl=64 time=0.198 ms

Here you can see that (1) the name (vasia_pupkin.no-ip.info) is resolved to the external IP (96.28.157.147) - which means the service is working and
(2) that the transit time is very short, fractions of a millisecond, that is, the packets travel locally.

6. To get outside, you need to go outside :). It's not so easy at home. You either need to go to work, visit a neighbor or friend, or connect to another provider from home. An ordinary user can do the latter by connecting via mobile communications. For example, I plugged a 3G modem into my laptop.
Let's ping again. As a result, the name should still be resolved to the same IP, but if you have a normal router, there should be no ping. If your router is already pinging from the network, this may not be so scary, but it’s a bad sign and a reason to think about replacing it. My option, let me remind you, asus

Start of article:

Preface

Since providers often issue a gray IP address, there will simply be no access to our HTTP file server from the global Internet. But there are wonderful ones free services, which will help make our gray IP address permanent (white). In this case, we will consider, in my opinion, the simplest and most reliable way to implement our idea, through the NO-IP service.

Registration on the NO-IP website and creating a host

By typing in the browser in the address bar noip.com we get to home page.

Note. I use Yandex Browser based on Chromium with default settings and I have this button. If you don’t have it, try digging into your browser settings and setting it to offer translation of the page and words, or maybe something else related to automatic translation...

Move to the very top and click “Registration”.

In the window that appears, we need to come up with and fill in our unique, non-repeating name (as you will be represented on the NO-IP website), enter your Email, enter a password and confirm it. You don’t have to enter the name of your future host; we will enter it later.

After filling out the fields, you must check the “Create your host later” box. I apologize for the clumsy Google translation, but as you can see, this phrase was translated to us like this.

Note. Either my Opera browser is somehow not working correctly, or something else, but the checkbox in the “Create your host later” window did not appear after I clicked the mouse. Anyway, we put it there.

After entering the registration data and host name at the bottom of the page, click the “Free registration” button.

Open yours Mailbox and to confirm registration, click on the appropriate link.

After this, a window will appear notifying you that your account has been successfully activated on NO-IP.

We have completed registration on the NO-IP server. It's time to create our host. Go to the NO-IP main page and click “Log in”.

In the window that appears, enter your username and password, and then click the “Log in” button.

So, click the “Add host” button.

Let's enter a unique host name (you need to come up with a host name yourself, so that the host is not already occupied by anyone) and its ending. In the example I chose the hostname failovi-server and its ending no-ip.org. And in the future my address will be like this http://failovi-server.no-ip.org.

Note. You must select any host ending you like from the free hosts below, after the expression “No-IP Free Domains”. As above, all hosts are paid.

After filling out the fields, click the “Add Host” button.

Congratulations, you have created your host.

Half the job is done. All that remains is to configure your “Experimental” router.

Setting up a router for the NO-IP service

Note. Since my main connection to the Internet is TP-Link router TL-WDR4300, then I will make the DDNS settings on it (as in the picture below). But, it doesn’t fundamentally matter where you configure the DDNS service on the main router or on the “Experimental” router - everything will work. Or you can generally configure both the main and “Test” routers with different registered domain names. If you are setting up your only router on OpenWRT firmware, then for you a description of setting up the router for the DDNS service will be immediately after this figure...

To configure dynamic DNS on OpenWRT firmware, you need to install the following package

luci-app-ddns

After refreshing the page, the “Services” tab will appear, and in it the “Dynamic DNS” tab. Let's fill in the required fields by entering our registration data.

Note. I have a Lan connection with the main router, which is why I specified it in the settings. If you are establishing a connection via Wan, then you need to specify the event interface Wan.

After filling out the fields, save the settings by clicking “Save and Apply”.

Checking access to a file server from the Internet

So, access to our file server By Lan networks We checked it in the previous article, we will check its performance via the Internet. Let's enter our registered NO-IP address in the browser and indicate the port http://failovi-server.no-ip.org:2221/ - this link worked at the time of writing this article, now there is no point in using it...
As we can see, everything works.

And they sing songs...

This completes the setup of the NO-IP service.