Streaming Security Camera Video with VLC

From Alpine Linux
Revision as of 20:57, 4 July 2013 by Jbilyk (talk | contribs) (Add Axis Q7401 box as tested)
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Goal

Setup a streaming video solution that small locations can use easily for broadcasting small events, security video or other uses. Because those locations may not have a static IP, route video traffic from your main static IP (on your openvpn server) over a tunnel to the remote location.

Overview

The remote location will require internet access. They will be provided with the following equipment:

  • Minibox style x86 computer
  • Monitor/Keyboard/Mouse
  • Axis P1344 camera w/ POE injector OR Axis Q-7401 capture box
  • network (2 blue cables are straight through, red is crossover) + power cables

Setup instructions

Axis camera

  • Power up camera.
  • Connect to web interface of the camera.
  • Set admin password (example root:test123).
  • Setup -> Video Stream -> Audio -> Check Enable Audio checkbox.
  • Setup -> Video Stream -> Image -> Resolution = 640x480.

Axis capture box

  • Power up box.
  • Connect to web interface of the camera.
  • Set admin password (example root:test123).
  • Setup -> Video Stream -> Audio -> Check Enable Audio checkbox.
  • Setup -> Video Stream -> Image -> Resolution = 720x480.
  • Enable anonymous video viewer.

Minibox

  • Setup USB key w/ Alpine Linux 2.4.5.
  • Enable apk cache.
  • Install the following packages:
alpine-base xscreensaver xf86-input-evdev openssh vlc rsync vim openvpn gawk bash vlc-xorg alsa-utils alsaconf alsa-lib vlc-daemon gstreamer gstreamer-tools gst-plugins-ugly gst-plugins-good gst-plugins-base chrony xf86-video-vesa linux-firmware pciutils usbutils iptables dnsmasq beep shorewall dnscache slim udev nmap tcpdump xf86-video-openchrome abiword busybox evince firefox gnumeric lxdm ristretto sudo xf86-input-keyboard xf86-input-mouse xfce4 xorg-server iftop
  • /etc/network/interfaces
auto eth0
iface eth0 inet dhcp

auto eth1
iface eth1 inet static
	address 10.14.197.1
	netmask 255.255.255.224

auto lo
iface lo inet loopback
  • /etc/ssh/sshd_config - disable password auth
  • /root/.ssh/authorized_keys - install all needed keys
  • adduser jbilyk
  • /etc/chrony/chrony.conf
chrony/chrony.conf 
# default config

server time.nrc.ca 
initstepslew 10 time.nrc.ca
commandkey 10
keyfile /etc/chrony/chrony.keys
driftfile /etc/chrony/chrony.drift

cmdallow 127.0.0.1

allow all
  • rc-update add chronyd
  • /etc/conf.d/dnscache
# DNSCACHE configuration variables:

# IPSEND - ip address to use for requests use 0.0.0.0 for default route
IPSEND=0.0.0.0

# CACHESIZE - Num bytes to use for the cache
CACHESIZE=1000000

# IP - IP addr to listen on
IP=127.0.0.1

#------------------------------------------------------------------------
# The following are flags.  Setting them to ANY value
# (even "false" or "off") will turn the feature on.
#------------------------------------------------------------------------

# HIDETTL - always return TTL as 0
#HIDETTL=

# FORWARDONLY - servers/@ are parent caches, not root servers
#FORWARDONLY=

# UPDATEHINTS - refresh zone hints
UPDATEHINTS=1
  • rc-update add dnscache
  • /etc/dnsmasq.conf (replacing MAC and IP on dhcp-host line as required)
domain-needed
bogus-priv
no-resolv
no-poll
server=10.14.197.1
interface=eth1
except-interface=lo
bind-interfaces
expand-hosts
domain=example.com
dhcp-authoritative
cache-size=0 # dnscache does caching
no-negcache
log-dhcp
dhcp-range=10.14.197.10,10.14.197.20,255.255.255.224,12h
dhcp-option=option:ntp-server,10.14.197.1
dhcp-option=6,10.14.197.1,10.14.0.1
dhcp-option=option:domain-search,example.com
dhcp-host=00:40:8c:c4:7e:99,10.14.197.5,24h # Axis Camera
dhcp-option=option:ntp-server,10.14.197.1
dhcp-option=2,-18000
  • rc-update add dnsmasq
  • /etc/openvpn/openvpn.conf
client
dev tun
proto udp
remote public.ip.addr.ess 1194
resolv-retry infinite
nobind

persist-key
persist-tun

ca ca.pem
cert cert.pem
key key.pem

comp-lzo
verb 3

script-security 2
up /etc/openvpn/up.sh
down /etc/openvpn/down.sh
  • Extract your openvpn cert parts into /etc/openvpn/
openssl pkcs12 -in %CERTPFX% -cacerts -nokeys -out ca.pem
openssl pkcs12 -in %CERTPFX% -nocerts -nodes -out key.pem
openssl pkcs12 -in %CERTPFX% -nokeys -clcerts -out cert.pem
  • rc-update add openvpn
  • /etc/resolv.conf.tail
nameserver 127.0.0.1
  • /etc/conf.d/vlc
# Sample vlc params suitable for running as a daemon

## --daemon			detach from prompt
## --file-logging		enable file logging
## --logfile			logfile name/path
## -vvv				verbose logging
## -I dummy			disable X11 interface
## --sout PARAMS		encoding parameters
##				Do NOT quote 'PARAMS' otherwise shell expansions will broke vlc

VLC_OPTS="-I dummy --daemon --file-logging --logfile /var/log/vlc/vlc.log --loop --rtsp-caching=200 rtsp://10.14.197.5:554/axis-media/media.amp?videocodec=h264 --sout #standard{access=http,mux=ts,dst=0.0.0.0:8080}"
  • rc-update add vlc
  • /etc/shorewall/params
A_IF=tun0
B_IF=eth1
E_IF=eth0
  • /etc/shorewall/interfaces
A	$A_IF		detect		dhcp
B	$B_IF		detect		dhcp
E	$E_IF		detect		dhcp
  • /etc/shorewall/policy
A	all	REJECT		info
B	A	ACCEPT
B	E	ACCEPT
all	all	REJECT		info
  • /etc/shorewall/rules
# FW management
ACCEPT		A		fw		tcp	22,80,443

# Manage the camera from the HQ if need be
ACCEPT		A		B		tcp	80

ACCEPT		fw		all		icmp	8
ACCEPT		fw		E		tcp	53,80
ACCEPT		fw		E		udp	53,1194
ACCEPT		fw		B
ACCEPT		B		fw		udp	53
ACCEPT		B		fw		tcp	53
ACCEPT		A		fw		tcp	8080
  • /etc/shorewall/zones
fw	firewall
A	ipv4
B	ipv4
E	ipv4
  • /etc/shorewall/shorewall.conf
STARTUP_ENABLED=Yes
...
IP_FORWARDING=On
  • rc-update add shorewall
  • rc-update add lxdm
  • home/jbilyk/.config/autostart/firefox.desktop
[Desktop Entry]
Encoding=UTF-8
Version=0.9.4
Type=Application
Name=firefox
Comment=
Exec=nice -n 5 firefox
OnlyShowIn=XFCE;
StartupNotify=false
Terminal=false
Hidden=false
  • Set FF homepage to 10.14.197.5 (replacing with ip address of Axis)
  • lbu commit
  • Plug in internet connection to eth0.
  • Plug in crossover cable to axis PoE injector and straight through to Axis.
  • Plug in line-out from mixer to axis.
  • Power up blackbox with monitor, keyboard, mouse connected.
  • Once desktop appears, power on axis.

OpenVPN router

  • /etc/shorewall/rules
DNAT		E		G_196:10.14.196.10	tcp	8080	-	public.ip.addr.ess
  • /etc/shorewall/masq
tun0			0.0.0.0/0	10.14.196.1	tcp	8080

End User Instructions

Please verify that all of the following components shipped properly:

  • Router
  • Monitor
  • Camera
  • Camera power injector
  • 2 x 50' blue network cables
  • 1 x 14' red network cable
  • 2 x 6' black power cables
  • 1 x AC power brick
  • 1 x monitor video cable
  • 1 x keyboard
  • 1 x mouse
  • Place router in desired location. It should be placed on a flat, stable surface.
  • Place monitor nearby to the router.
  • Use one 6' power cord, connect to the monitor and power the monitor on.
  • Connect the monitor video cable from the monitor "RGB" port to the corresponding port on the router.
  • Place camera power injector in desired location.
  • Connect red network cable from the "Data In" jack on the power injector to the router port labelled "Camera".
  • Connect Internet connection to the router port labelled "Internet" using a blue network cable.
  • Connect keyboard and mouse to USB ports on the rear of the router.
  • Plug the AC power brick into the router and then an available power outlet. The router will turn itself on automatically.
  • Wait for a 3 toned beep from the router and the desktop environment to appear. (Note: Mozilla Firefox will open with the error message "Well, this is embarassing". This is normal.).
  • Connect blue network cable from the camera to the "Data & Power Out" jack on the power injector.
  • Once the light on the top of the camera turns green, click "Start New Session" in Firefox. A video window should appear after a brief delay.
  • Adjust the focus and zoom of the camera manually using the dials on the front of the camera.
  • To test the stream on the remote location end, open VLC on a computer with Internet connectivity, then run File -> Open Network Stream and connect to http://public.ip.addr.ess:8080.
Retrieved from "https://wiki.alpinelinux.org/w/index.php?title=Streaming_Security_Camera_Video_with_VLC&oldid=9147"