I have recently purchased the hap ax Lite LTE6 router.
I’m also using a HikVision camera which I have enabled UpnP which include 5 ports.
The problem is that Mikrotik never gets the UpnP info from HikVision.
I’m checking /Firewall/Nat and I see only the default masquarade. The NAT checkbox is enabled.
Check the screenshots. Do you have any idea, what are the correct settings in order Mikrotik gets the UpnP info from the camera?
This procedure supposed to be automatically.
Thank you.
Not directly related, but does your SIM provide an unfiltered public IP as most either block inbound traffic or use CGNAT which renders UPnP useless.
Setting up port forwarding either manually or with UPnP is only required on older Hikvision devices, more recent ones can be configured to establish an outgoing connection to their cloud servers and you connect via those.
The SIM provider unfortunately does not give me public IP, so I’m under cgnat.
Cgnat renders UPnP useless ?
I know that port forwarding and DDNS are not working , but cgnat also cut the transmission of UPnP between camera and router locally? Is that possible?
Yes. UPnP merely automates port forwarding on your router, it doesn’t cascade the forwarding rules/requirements to the providers CGNAT infrastructure. There are newer protocols such as PCP which does do this but almost no router manufacturers have implemented it, and it would also require communications providers to support it which they can’t be bothered to do.
but cgnat also cut the transmission of UPnP between camera and router locally? Is that possible?
That is a separate issue, but as you don’t have external inbound access there is little point trying to fix it.
I have established external access through redirection using a raspberry and my server. So I have remote access to my camera even under cgnat.
My main problem is despite the fact I have access to my camera’s web UI just fine, but I don’t have image. It says: “Live view failed”.
I have the impression that the plugin (hikvision still requires an ancient plugin) is searching for the Public IP and obviously it takes the internal IP. That’s why I want to fake camera’s UPnP to send data to Mikrotik and fortunately Mikrotik is offering an option to set an external IP (my server’s static IP) to overwrite the internal IP so eventually the UPnP of the camera wil! take the static IP instead of 0.0.0.0 which is now.
My main goal is to change IP address of my camera"s UPnP from 0.0.0.0 to Static IP (my server) . The only way to achieve that is only through UPnP but Mikrotik seems that does not “talk” with the camera.
This doesn’t make sense, UPnP on ROS is creating dynamic dst-nat rules only (convenient for UPnP clients that randomizes/or some range that cannot be controlled/ open port or local client IP is not static) which are also possible to create manually, no need to spoof anything if si dst-nat issue. Which streaming protocol is used for video feed?
If is RSTP then you may have issue that rtsp video urls (rtsp://) from response (see protocol wiki) are generated with public IP of router (which is behind CGNAT) from which camera has internet connection and browser over plugin tries to access stream from that IP on port that is not exposed (TCP/UDP 554), you will need to find out how camera is getting public IP or is it possible to override it in web admin (like P2P clients which have such option). Ofc. then RTSP ports needs to be redirected because of CGNAT if not all port connections to camera are.
If other protocol is used you will need investigate it, still I suspect in general that video streaming protocol is providing feed endpoint with public IP behind CGNAT and not sure how UPnP will resolve this issue (maybe I’m wrong).
Why the mikrotik cannot "speak"through UPnP with the camera?
At the connections I noticed that IP’s camera is trying to connect with Mikrotik to port 1900.
So I opened 1900 port (see attachment).
I noticed some incoming packets which mean that camera transmits data but MikrotiK does not reply
Do you have any idea why?
Check the connection I was talking about. When I enable UPnP from the camera It tries to connect to Mikrotik, That’s why I opened 1900 port.
Mikrotik does not reply.
