Streaming Security Camera Video with VLC
Goal
Setup a streaming video solution that small locations can use easily for broadcasting small events, security video or other uses. Because those locations may not have a static IP, route video traffic from your main static IP (on your openvpn server) over a tunnel to the remote location.
Overview
The remote location will require internet access. They will be provided with the following equipment:
- Minibox style x86 computer
- Monitor/Keyboard/Mouse
- Axis P1344 camera w/ POE injector
- network + power cables
Setup instructions
Axis camera
- Power up camera.
- Connect to web interface of the camera.
- Set admin password (example root:test123).
- Setup -> Video Stream -> Audio -> Check Enable Audio checkbox.
- Setup -> Video Stream -> Image -> Resolution = 640x480.
Minibox
- Setup USB key w/ Alpine Linux 2.4.5.
- Enable apk cache.
- Install the following packages:
alpine-base xscreensaver xf86-input-evdev openssh vlc rsync vim openvpn gawk bash vlc-xorg alsa-utils alsaconf alsa-lib vlc-daemon gstreamer gstreamer-tools gst-plugins-ugly gst-plugins-good gst-plugins-base chrony xf86-video-vesa linux-firmware pciutils usbutils iptables dnsmasq beep shorewall dnscache slim udev nmap tcpdump xf86-video-openchrome abiword busybox evince firefox gnumeric lxdm ristretto sudo xf86-input-keyboard xf86-input-mouse xfce4 xorg-server iftop
- /etc/network/interfaces
auto eth0 iface eth0 inet dhcp auto eth1 iface eth1 inet static address 10.14.197.1 netmask 255.255.255.224 auto lo iface lo inet loopback
- /etc/ssh/sshd_config - disable password auth
- /root/.ssh/authorized_keys - install all needed keys
- adduser jbilyk
- /etc/chrony/chrony.conf
chrony/chrony.conf # default config server time.nrc.ca initstepslew 10 time.nrc.ca commandkey 10 keyfile /etc/chrony/chrony.keys driftfile /etc/chrony/chrony.drift cmdallow 127.0.0.1 allow all
- rc-update add chronyd
- /etc/conf.d/dnscache
# DNSCACHE configuration variables: # IPSEND - ip address to use for requests use 0.0.0.0 for default route IPSEND=0.0.0.0 # CACHESIZE - Num bytes to use for the cache CACHESIZE=1000000 # IP - IP addr to listen on IP=127.0.0.1 #------------------------------------------------------------------------ # The following are flags. Setting them to ANY value # (even "false" or "off") will turn the feature on. #------------------------------------------------------------------------ # HIDETTL - always return TTL as 0 #HIDETTL= # FORWARDONLY - servers/@ are parent caches, not root servers #FORWARDONLY= # UPDATEHINTS - refresh zone hints UPDATEHINTS=1
- rc-update add dnscache
- /etc/dnsmasq.conf (replacing MAC and IP on dhcp-host line as required)
domain-needed bogus-priv no-resolv no-poll server=10.14.197.1 interface=eth1 except-interface=lo bind-interfaces expand-hosts domain=example.com dhcp-authoritative cache-size=0 # dnscache does caching no-negcache log-dhcp dhcp-range=10.14.197.10,10.14.197.20,255.255.255.224,12h dhcp-option=option:ntp-server,10.14.197.1 dhcp-option=6,10.14.197.1,10.14.0.1 dhcp-option=option:domain-search,example.com dhcp-host=00:40:8c:c4:7e:99,10.14.197.5,24h # Axis Camera dhcp-option=option:ntp-server,10.14.197.1 dhcp-option=2,-18000
- rc-update add dnsmasq
- /etc/openvpn/openvpn.conf
client dev tun proto udp remote public.ip.addr.ess 1194 resolv-retry infinite nobind persist-key persist-tun ca ca.pem cert cert.pem key key.pem comp-lzo verb 3 script-security 2 up /etc/openvpn/up.sh down /etc/openvpn/down.sh
- Extract your openvpn cert parts into /etc/openvpn/
openssl pkcs12 -in %CERTPFX% -cacerts -nokeys -out ca.pem openssl pkcs12 -in %CERTPFX% -nocerts -nodes -out key.pem openssl pkcs12 -in %CERTPFX% -nokeys -clcerts -out cert.pem
- rc-update add openvpn
- /etc/resolv.conf.tail
nameserver 127.0.0.1
- /etc/conf.d/vlc
# Sample vlc params suitable for running as a daemon ## --daemon detach from prompt ## --file-logging enable file logging ## --logfile logfile name/path ## -vvv verbose logging ## -I dummy disable X11 interface ## --sout PARAMS encoding parameters ## Do NOT quote 'PARAMS' otherwise shell expansions will broke vlc VLC_OPTS="-I dummy --daemon --file-logging --logfile /var/log/vlc/vlc.log --loop --rtsp-caching=200 rtsp://10.14.197.5:554/axis-media/media.amp?videocodec=h264 --sout #standard{access=http,mux=ts,dst=0.0.0.0:8080}"
- rc-update add vlc
- /etc/shorewall/params
A_IF=tun0 B_IF=eth1 E_IF=eth0
- /etc/shorewall/interfaces
A $A_IF detect dhcp B $B_IF detect dhcp E $E_IF detect dhcp
- /etc/shorewall/policy
A all REJECT info B A ACCEPT B E ACCEPT all all REJECT info
- /etc/shorewall/rules
# FW management ACCEPT A fw tcp 22,80,443 # Manage the camera from the HQ if need be ACCEPT A B tcp 80 ACCEPT fw all icmp 8 ACCEPT fw E tcp 53,80 ACCEPT fw E udp 53,1194 ACCEPT fw B ACCEPT B fw udp 53 ACCEPT B fw tcp 53 ACCEPT A fw tcp 8080
- /etc/shorewall/zones
fw firewall A ipv4 B ipv4 E ipv4
- /etc/shorewall/shorewall.conf
STARTUP_ENABLED=Yes ... IP_FORWARDING=On
- rc-update add shorewall
- rc-update add lxdm
- home/jbilyk/.config/autostart/firefox.desktop
[Desktop Entry] Encoding=UTF-8 Version=0.9.4 Type=Application Name=firefox Comment= Exec=nice -n 5 firefox OnlyShowIn=XFCE; StartupNotify=false Terminal=false Hidden=false
- Set FF homepage to 10.14.197.5 (replacing with ip address of Axis)
- lbu commit
- Plug in internet connection to eth0.
- Plug in crossover cable to axis PoE injector and straight through to Axis.
- Plug in line-out from mixer to axis.
- Power up blackbox with monitor, keyboard, mouse connected.
- Once desktop appears, power on axis.
OpenVPN router
- /etc/shorewall/rules
DNAT E G_196:10.14.196.10 tcp 8080 - public.ip.addr.ess
- /etc/shorewall/masq
tun0 0.0.0.0/0 10.14.196.1 tcp 8080
End User Instructions
Please verify that all of the following components shipped properly:
- Router
- Monitor
- Camera
- Camera power injector
- 2 x 50' blue network cables
- 1 x 14' red network cable
- 2 x 6' black power cables
- 1 x AC power brick
- 1 x monitor video cable
- 1 x keyboard
- 1 x mouse
- Place router in desired location. It should be placed on a flat, stable surface.
- Place monitor nearby to the router.
- Use one 6' power cord, connect to the monitor and power the monitor on.
- Connect the monitor video cable from the monitor "RGB" port to the corresponding port on the router.
- Place camera power injector in desired location.
- Connect red network cable from the "Data In" jack on the power injector to the router port labelled "Camera".
- Connect Internet connection to the router port labelled "Internet" using a blue network cable.
- Connect keyboard and mouse to USB ports on the rear of the router.
- Plug the AC power brick into the router and then an available power outlet. The router will turn itself on automatically.
- Wait for a 3 toned beep from the router and the desktop environment to appear. (Note: Mozilla Firefox will open with the error message "Well, this is embarassing". This is normal.).
- Connect blue network cable from the camera to the "Data & Power Out" jack on the power injector.
- Once the light on the top of the camera turns green, click "Start New Session" in Firefox. A video window should appear after a brief delay.
- Adjust the focus and zoom of the camera manually using the dials on the front of the camera.
- To test the stream on the remote location end, open VLC on a computer with Internet connectivity, then run File -> Open Network Stream and connect to http://public.ip.addr.ess:8080.