Multiple Remote Location IPCams Setup

[Holbs]

I just started research this and this seems like it could be pretty effective. Could the cloud gateway ultra's be used with out the flex mini's if the Camera had its own power supply vs POE? Essentially are the ethernet ports on the cloud gateway ultra only Wan capable or could they be used as Lan? It seems I would also need a management device like the UDM pro to link all the cloud gateway ultra's. With this setup it seems I wouldn't have to mess with VPN's at all. am I following right?

Constructions Site #1 / Pole #1 has it's own ISP internet service from Construction Site #1 / Pole #2 ? If so, yes... can do Ubiquiti Ultra routers that do 4 port POE. If Pole #1 and Pole #2 share same ISP, you list 5 cameras but the Ultra router only has 1 WAN and 4 LAN ports. Hence, the need for a Unifi switch in between somewhere.
I just like the Unifi ecosystem when it comes to multiple site VPN's. It's a breeze. And leaves a lot open for future edits/changes/moves & adds.
You would not need the UDM pro to manage all gateways.
Just need 4 or 5 cloud gateway Ultra's.
You manage via Unifi account & webpage.
Yes, you would still 'mess' with VPN's. But VPN setup is a breeze with Unifi. Scan QR code for each gateway Ultra and whalla. Done (mostly).

 

[precisionpete]

You don't need static IPs for this. That's going to save you money on every T-Mobile plan.

The challenge with your current setup is that you'd need to configure port forwarding on every cellular router to let Blue Iris reach the cameras. With 5+ routers, each with 2-3 cameras, that's a lot of forwarding rules to maintain. And if T-Mobile ever puts you behind CGNAT (which they do), static IP or not, port forwarding may not work at all.

A simpler approach: put a small device at each pole (a Raspberry Pi or similar) on the same switch as the cameras. It acts as a gateway. Install the same software on your Blue Iris PC. Every camera at every site becomes reachable from your office through an encrypted tunnel, no port forwarding, no static IPs, no router configuration.

Your setup would look like:

• Blue Iris PC: runs the gateway software
• Each camera pole: Inseego router > UniFi Switch Flex > cameras + Raspberry Pi
• Blue Iris connects to cameras as if they were on the local network

We have a customer running this exact setup across construction sites on cellular connections. Works fine behind CGNAT too, since the tunnel is outbound only.

I wrote up how the gateway model works here: Managing Customer Sites with Conflicting Networks

The article focuses on conflicting subnets, but the gateway concept is the same. Happy to answer questions about the setup.

 

[TonyR]

^^^ So you are selling the solution callled "Netrinos" ?

 

[precisionpete]

^^^ So you are selling the solution callled "Netrinos" ?

I am the author of software called Netrinos, designed specifically to solve this problem, yes. I hope my post is not viewed as spam. I genuinely think I can help, since we have customers who are doing exactly what he needs.

We are also a VPN similar to Tailscale or ZeroTier, but optimized for non-routable networks, as in the original post. To the best of my knowledge, the others cannot do this.

You need a cheap IoT device on the pole to act as a gateway. We have tested that even on a $10 Raspberry Pi Zero (though not the best choice). Then the gateway connects to you rprivate mesh outbound. So you do not need a static IP. Your laptop also connects to the mesh. It's self-configuring. Then the gateway acts as aproxy to the other devices on the pole LAN. As the software was designed for this, configuration is mostly automatic.

Also, I would not use a Unifi switch unless you are running a Unifi network on the pole. It will work. But it's an unnecessary complication. I am a big fan of Unifi. But it's overkill here. The firewall in the cell modem is all you need.

 

[TonyR]

So you do not need a static IP.

You mean "public" ?