Hi all,
We've a few clients who have recently installed security camera recorders (NVRs) on our network. The problem is that they are unable to view live feeds using the peer to peer option (P2P) on their phones.
Has anyone seen this problem before?
I wouldnt imagine that by default Router OS would block P2P connections, is there anything else I need to do?

Thanks

NTB

I think you need to tell a bit more about what you mean by p2p, what are phone doning, what are carmera doing, what are the router doing eg.

Probably something to do with uPnP not being enabled with correct firewall rules. Most IP Cameras use uPnP to forward some ports for those apps and communication to their cloud service for easier connection and work around dynamic public ip's..

I always rather do manual port forwarding to DVR's.

I think the p2p option is too unreliable.

Thanks for the replies everyone. I think the whole point of the P2P option is to avoid any portforwarding on the router with or without uPNP enabled. We've had reports that these systems were working before the oweners became customers of ours

Any other ideas?

We still need to know what the camera and client are doing, that isn't working any longer...

We still need to know what the camera and client are doing, that isn't working any longer...

Sorry to jump in on this thread as I'm facing an identical problem unable to connect to my DVR that is behind mikrotik.

p2p =

With P2P cameras – use a smartphone, download the app, scan the QR code and start viewing a live feed of the camera. Before P2P IP camera came along, cameras used to be a nightmare to setup. Setup the camera, then login to the router and setup a DDNS and open ports to allow access.
P2P stands for “Peer to Peer”. It is a technology that makes it simple to link the camera with a smartphone.
In camera speak, there is a UID (unique ID) assigned to each camera. When the smartphone app is opened, it pings the P2P server which in turn looks for the listed UIDs and where they are located. If the camera can be pinged, it shows as online, others are offline.
Once the cameras are reached, it creates a direct connection between the app and the camera. Just like the popular Bittorent peer to peer file sharing platform.


If I were to connect the DVR directly to the modem, the p2p option works perfectly.


Sent from my SM-G935F using Tapatalk

Hmmm I use an ARLO (netgear hub) on my network and from my smart phone through the hub I can do what you state and I have no issues with my MT (no special settings).
I guess it depends what the DVR(hub) is capable of ????

We still need to know what the camera and client are doing, that isn't working any longer...

Sorry to jump in on this thread as I'm facing an identical problem unable to connect to my DVR that is behind mikrotik.

p2p =

With P2P cameras – use a smartphone, download the app, scan the QR code and start viewing a live feed of the camera. Before P2P IP camera came along, cameras used to be a nightmare to setup. Setup the camera, then login to the router and setup a DDNS and open ports to allow access.
P2P stands for “Peer to Peer”. It is a technology that makes it simple to link the camera with a smartphone.
In camera speak, there is a UID (unique ID) assigned to each camera. When the smartphone app is opened, it pings the P2P server which in turn looks for the listed UIDs and where they are located. If the camera can be pinged, it shows as online, others are offline.
Once the cameras are reached, it creates a direct connection between the app and the camera. Just like the popular Bittorent peer to peer file sharing platform.


If I were to connect the DVR directly to the modem, the p2p option works perfectly.


Sent from my SM-G935F using Tapatalk

Have you ever managed to fix this issue? I'm also behind Mikrotik and it somehow blocks p2p connections to my Dahua cameras. When I put let's say tp-link router, it works fine.

Have you ever managed to fix this issue? I'm also behind Mikrotik and it somehow blocks p2p connections to my Dahua cameras. When I put let's say tp-link router, it works fine.

The only way how two devices, each behind its own NAT (or chain of NATs), can talk to each other without themselves controlling their NAT via uPNP or without manual port forwarding all the way from the public IP, is that they somehow determine the outermost public IP of the other one and the port assigned at that address, and start sending to that address and port. If it is a UDP flow, there is no way how the firewalls could find out that this trick has been used - at each side, the pinhole is created by the LAN => WAN packet, and the WAN => LAN packets come from the expected address and port.

The above method depends on two things:

• there must be some element (the cloud server) to which both the participants (the camera and the application running on the phone) can connect and exchange the information about each other's public IP and port,
• that the NAT assigns the same port on the public IP to the connection the LAN side device opens to any external IP, otherwise the port seen by the cloud server would be useless for the mobile application

Mikrotik normally doesn't change the port used by the LAN side device if it is free on the WAN. So if two cameras on the same LAN used the same source port when talking to the cloud server, one of them would get a different port, but if that one opened the connection towards the mobile application's IP sooner than the other one, the port would still be free so the magic would not happen, as the mobile application would expect another port, based on the information from the cloud server.

So there are too many unknown factors, and only sniffing the actual traffic on the Mikrotik itself may help understand why the p2p mode connection doesn't work.

As stated, I have a multitude of smart devices, at least two brands of camera systems, air quality system, solar panel monitoring, door controls etc.......... they all work behind the MT without issue.
They are all accessible via apps on the smartphone. THe devices and the smart phone talk to a central 'cloud' server I imagine.

The devices and the smart phone talk to a central 'cloud' server I imagine.

That's the key - if all data, including the video streams, run through the central server, no tricking of the firewalls/NATs is necessary. The purpose of p2p mode is to avoid loading the central servers with all the video streams, and send them directly from the camera/DVR to the mobile app. And for this, tricking the firewalls/NATs is necessary. You have to use the central server too, but only to determine the parameters of the endpoints and negotiate the direct path between them. So the load of the central server is several orders of magintude lower.

I suggest to configure VPN service on your mikrotik router. And use VPN service for camera access it will be more secure option. It is not hard to configure for example pptp server with simple user authentication.

I suggest to configure VPN service on your mikrotik router. And use VPN service for camera access it will be more secure option. It is not hard to configure for example pptp server with simple user authentication.

Please, no PPTP, it's a security hole, PPTP should actually be removed from new MikroTik firmware releases.Use L2TP/IPsec or Wireguard instead.

P2P here works fine with no blocking of ports / outgoing traffic on its firewall. Also standard NAT rules are active.

These are the outbound ports used by Dahua and X-Security teams to connect to the P2P cloud.

P2P Relay Service Port: 8900-8903 TCP Port
P2P Server Service Port: 8800-8803 TCP/UDP Port
P2P AS Service Port: 12366 TCP Port
WEB Service Port: 80 or 443 TCP Port
GMS Service: 8180 TCP/UDP Port
+ALL UDP ports
Source: https://support.visiotechsecurity.com/h ... 2P-Service