I have a Foscam IP camera that I like to connect to remotely. The problem is that the free Foscam Viewer app for Android does not support HTTPS logins which means that the password could be transmitted over the network in plain text.
I discovered a solution that is sort of complex and time consuming but works.
After following the this guide on setting up a remote access VPN connection and logging into the user portal to download the encryption certificate and install it on your Phone or tablet or even laptop, do this: This posts assumes you have correctly setup your camera with a username password and the appropriate webcam viewer app. This could probably be used with any method to log into a web camera.
What the goal here is: to have a secure way to port forward into your IP camera, and prevent access to the camera over a non-encrypted tunnel. It won't be possible to access the camera without being connected to the VPN. After the proper DNAT rul is in place, the ports the camera is listening on will be stealthed, and Sophos will drop the packet unless the person is connected to the VPN server first.
Create (or edit the pre-existing) NAT rule:
Rule type: DNAT
Traffic from: VPN Pool (or VPN username)
Service: The service you created prior, based on the static IP address of the camera, that states the port to be forwarded to.
Going to: External (WAN)
Action: Change the Destination to the Network Definition related to the static IP address of the camera.
Automatic firewall rule: enabled
Result: all connections to your IP camera will be encrypted through your VPN connection even when using an HTTP login credential. Port forwarding to the camera will not be allowed until a VPN connection has been established.
Verification: after the DNAT rule is successful, connect to the internet normally and head to What's my IP and enter the port the camera is listening on. If all went well, the result should be stealthed.
This thread was automatically locked due to age.
