• 0 Posts
  • 4 Comments
Joined 1 year ago
cake
Cake day: June 9th, 2023

help-circle
  • I’ve been happy with the tp link TV-IP324PI, it’s a Poe bullet cam with a simple web interface (I don’t think it requires JS, but at any rate you just need to log in once to set a password, make sure upnp is off, and adjust camera/encoding/fps/text overlay settings to your liking). There’s also the amcrest IP5M-B1186EW-28MM, another similar Poe bullet cam with night vision that works local only. I’ve used both for several years and I think they support onvif but I had no issues using the rtmp url with zoneminder


  • I would recommend getting a separate client radio device for several reasons:

    • You can position it better for reception
    • Get a device with directional antenna so you can point it at the best AP
    • You won’t use up 1 band of a dual-band router
    • You won’t be limited in your main router firmware choice to only those that support client mode on a radio

    Personally I would get a nanostation loco 5ac (non-loco is bigger and probably isnt needed) and flash openwrt on it (that will free any airmax radio from the proprietary airmax limitation), configure the 5GHz radio to client mode with the apartment wifi details, and put in the desired mac into the mac field if you need a specific mac besides the device default. Make sure the radio is set to wan zone so that forwarding works and plug the lan cable from the radio to the WAN of whatever nice router you have.

    I used to carry around a nanostation with this config set to xfinity access points with a small script that would pick a random MAC from a list I gathered from wardriving client MACs that I saw authenticated with xfinity hotspots. That way if I ever needed an ethernet connection for a non-wifi device I could just power up the radio and run the script to pick a new mac until I got one that was “remembered” in someone’s xfinity account.

    Edit: to clarify, I think the way I set it up was to run dhcp client on the radio’s uplink and then hand out IPs via dhcp server on the lan port, so I think you’d be triple natted, but since you would need to double nat anyway to get around the MAC authorization it probably isn’t hurting speeds any more than it already would be.


  • This is the solution. I reverse proxy from a digitalocean droplet running haproxy which sends traffic via send-proxy-v2, then I set the tunnel subnet as a trusted proxy ip range on traefik which is what haproxy hits through the tunnel, which causes traefik to substitute in the reverse proxied original ip so all my apps behind traefik see the correct public IP (very important for things like nextcloud brute force protection to work)