Tag: Tunneling

Categories
Knowledge Support Cloudvue Cloudvue Cameras Cloudvue Gateway Support Categories

Remote Port Forwarding using the Reverse Tunneling Script

Description 

At times you may need to remotely access the web interface of either a Cloudvue Gateway or camera.  The following instructions can be used to establish a tunnel, gain ssh access and setup remote port forwarding via the reverse tunnel script.  Once setup you will be able to access the terminal (ssh) or the Web Interface of equipment local to the video device, such as Cloudvue Local or C2C cameras (reverse port forwarding).

Product 

  • C2C
  • Cloudvue Gateway

Solution

From Cloudvue Manager

  • Setup a Tunneling port, see “Cloudvue SSH Tunneling” KB# 13051

From your Tunneling Machine

Terminal Window #1 – Establish a Tunnel

./createTunnel.sh -t PNUM

Note: PNUM is the port number created in Cloudvue Manager

Terminal Window #2 – Establish SSH Connection

./sshTunnel.sh -p PNUM

$ watch -n 30 ls -alh

Note: PNUM is the port number created in Cloudvue Manager and the watch command is used to keep the connection from timing out use Ctrl+c to stop the watch command.

In the event the following warning appears run the full “ssh-keygen” command found in the message to clear the /root/.ssh/known_hosts file, then try establishing the ssh connection again.

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

Terminal Window #3 Establish Port Forwarding via Reverse Tunnel

./reverseTunnel.sh -p 80 -l 80

NOTE: it may be necessary to manually configure the correct tunneling port by changing ./config/tunnelInfo.txt

Categories
Knowledge Support Cloudvue Support Categories Products

Migrating or Recovering a Cloudvue Tunneling Machine

Description

Use the following instruction to recover your tunneling machine or migrate  to a new one

Assumptions

  • Your old tunneling machine was configured and working
  • You know the hostname of your old tunneling machine
  • You have a copy of the following files from your old tunneling machine
    • ~/.ssh/id_rsa
    • ~/.ssh/id_rsa.pub

Solution

  • Create a new tunneling Machine
  • See KB#13051 “Cloudvue SSH Tunneling” for instructions and recommendations
  • Copy both of these files from the old tunneling machine onto the new one
    • ~/.ssh/id_rsa
    • ~/.ssh/id_rsa.pub
  • Change the hostname of the new tunneling server to match the hostname of the old tunneling server

Example

Display hostname

$ hostnamectl

Static hostname: Your-Virtual-Machine
Icon name: computer-vm
Chassis: vm Machine ID: 54acc6559a574f06b8b66a7f7ffe90a4
Boot ID: 71d58b5f2ebc40969b795e25392425c3
Virtualization: microsoft Operating System:
Ubuntu 22.04.2 LTS
Kernel: Linux 5.19.0-35-generic
Architecture: x86-64
Hardware Vendor: Microsoft Corporation
Hardware Model: Virtual Machine

Change hostname

$ sudo hostnamectl set-hostname


Pro Tip:  Quick recovery hinges on you having a backup of both, id_rsa and id_rsa.pub , and a record of the hostname of your tunneling machine

Categories
Knowledge Support Cloudvue Cloudvue Gateway Support Categories Products

Tunneling to a Cloudvue Gateway From a Local Windows Machine

Description 

At times it may be necessary to access either the Gateways local Cloudvue interface and/or a connected cameras web interface. PuTTY Portable can establish an SSH connection with or without port forwarding from a local  Windows machine which once established will allow access to these resources  from a web browser on the local machine.

Product 

  • Cloudvue Gateway
  • C2G Cameras

Solution

Installing PuTTY Portable

  • Download PuTTY Portable here 
  • Browse to the location which the PuTTYPortable _x.x.paf.exe file was downloaded
  • Double-click the file to start the installation
  • Follow the on-screen prompts and select the location you’d like to install to
  • If the installer detects an existing PortableApps directory on one of your attached drives or within your USERPROFILE folder, it will automatically select that. Otherwise, the current directory will be selected by default. Within the directory you select, a PuTTYPortable directory will be created containing the portable app. Note that installing to the C:\Program Files or equivalent is not supported.

Standard SSH Connection

  • Navigate to the directory created during the install
  • Double Click the PuTTYPortable.exe file
  • The PuTTY Configuration window will appear
  • Enter the LAN/NET IP address in the Host Name (or IP address) field
  • Note: The IP address can be found in the Network Settings section via Cloudvue or Cloudvue Manager
  • Change the Port to 7627
  • Click Open
  • A terminal window will appear and prompt you to login
  • The username is smartvue
  • You will be prompted for the password
  • This is the SSH password found on the device page in Cloudvue Manager
  • Enter the password and press enter
    • TIP:  Right click your mouse to paste into the terminal window
  • If successful a welcome will display, and you should now have an SSH connection to the Cloudvue Gateway

SSH with Port Forwarding

At times you may need to access  Cloudvue Local or cameras connected to the Cloudvue Gateway “C2G” from a web browser.   You can use PuTTY Portable to setup port forwarding in addition to the SSH connection.

  • Enter the IP Address of the Cloudvue Gateway
  • Enter the SSH port (7627)
  • Before Clicking Open Click the + next to SSH to expand the section
  • Select Tunnels
  • Use the Source Port and Destination fields to add port forwarding entries for C2G cameras
  • Source Port can be any unused port the on the local machine
  • Destination Port is a combination of the C2G Cameras IP address and port, typically port 80

NOTE:  If unknown, camera IP addresses can be found in the Cloudvue Gateways Cameras section of Cloudvue Manager

Pro Tip: To verify a local port is available run the following from either PowerShell or a Command Prompt. 

netstat -ano | findstr :80

Uninstalling PuTTY Portable

  • Once work has been completed it is best practice to uninstall the software from the customers machine
  • Unlike traditional apps, a portable app isn’t ‘installed’ with an entry in Add/Remove programs, so uninstallation is quick and easy
  • Delete the PuTTYPortable folder to completely remove the app and all its settings.

Example

Standard SSH Connection
Tunneling Configuration
  • port 80 of the Cloudvue Gateway has been forward to port 80 of the localhost and is accessible using http://localhost/
  • port 80 of Cloudvue Gateway camera 1 has been forwarded to port 8000 of the localhost http://localhost:8000/
  • port 80 of Cloudvue Gateway camera 2 has been forwarded to port 8001 of the localhost http://localhost:8001/

Note:  PuTTy will display the forwarded ports with an “L” before the Local port

Categories
Cloudvue Cloudvue Cameras Knowledge Support Cloudvue Gateway Support

Cloudvue SSH Tunneling

Description 

Certain information gathering or troubleshooting tasks such as gathering logs, doing software or firmware updates require remote access to devices.  This is where tunneling comes into play and the following instructions explain the process.

Products

  • C2C
  • Cloudvue Gateway

Tunneling Machine Setup

To properly setup your tunneling machine the following must be completed once.  The basic steps are:

  1. Choose your environment
  2. Generate an SSH key pair and submit your public key
  3. Install jq
  4. Install Visual Studio Code (optional)
  5. Download and install tunneling scripts

Also available is the How to use tunnel scripts to upgrade firmware remotely video available here.

Choosing Your Environment

For ease of setup and overall usage it is recommend that you choose a machine running Linux.   This can be a full VM such as provided by Hyper-V or using the recommended method, Windows Subsystem for Linux (WSL).  Ubuntu 22.04.1 LTS or higher is needed and we have found that using WSL supplies access to useful tools such as MobaXterm.

Generating  SSH Key Pair Without a Password

A ssh key pair must be generated from the machine you will be tunneling from. An AES ticket should be created requesting your public key (id_rsa.pub) be added to the Cloudvue SSH Tunneling Server and Cloudvue Software releases for C2C devices. Once added to the Cloudvue SSH Tunneling Server you can begin tunneling from your machine to Cloudvue Gateway devices and after the next Cloudvue Software release you will be able to tunnel to updated C2C devices.

To generate an SSH key pair, use the following command:

ssh-keygen -t rsa

By default, your keys are saved as follows:

Private Key

~/.ssh/id_rsa

  • RSA authentication identity
  • Should be kept secret
  • ssh will read this file when a login attempt is made

Public Key

~/.ssh/id_rsa.pub

  • RSA public authentication key
  • No need for secrecy
  • Will be be added to C2C and Cloudvue Gateway devices for public key authentication

NOTE: A copy of your public key should be attached to the AES ticket requesting ssh access.

Install jq

jq is a lightweight and flexible command-line JSON processor and is required. It can be downloaded from https://stedolan.github.io/jq/download/ or by using the following commands

Use the following command to install jq

sudo apt update 
sudo apt upgrade
sudo apt install jq

Install Visual Studio Code in Ubuntu (Optional)

Visual Studio Code is a free, lightweight but powerful source code editor that runs on your desktop and is available for many platforms.  It will allow you to easily display the contents of the extracted files especially useful for viewing help information and examples.  See the following links for information on various ways to install on VM or WSL.


https://code.visualstudio.com/docs/setup/linux

https://code.visualstudio.com/docs/remote/wsl

Setup Tunneling Scripts

Download the tunneling tar containing the needed scripts HERE

Create a sub folder called tunneling

Copy or move the tarball to the tunneling directory

Use the following command to extract the contents of the tarball

sudo tar -xf tunneling.tar.gz

Example

Tunneling

Cloudvue Manager

Access the camera from Cloudvue Manager in this example we will be using the development site instead of production.

Development https://dev-dashboard.cloudvue.com/login

Production https://dashboard.cloudvue.com/login

Search for the desired video device typically by MAC address

Open the device and Locate the Port Number field in the lower left

NOTE: You won’t see the tunneling option unless your staff user account has a role of either Global Admin or Support Specialist

Enter a random port number then click tunnel

A popup will appear indicating that the tunnel is being created

If successful the following popup will appear

If unsuccessful the following popup will appear, and it will be necessary to repeat the process trying a different port number

Once a tunneling port has been successfully created run the following command from terminal from the tunneling directory (~/Downloads/tunneling) using the port created above

./createTunnel.sh -t 4445

The script will return a lot of feedback. However before running other scripts verify that the last line is the same as the following


Back in Cloudvue Manager expand Network Settings to obtain the IP address of the device

Open a second tab or instance of terminal and run the following command from the tunneling directory (~/Downloads/tunneling) using the devices IP Address found in Cloudvue Manager.

./reverseTunnel.sh -u -i 10.1.1.64


The camera should now be available from a web browser at https://localhost:8080

The Username is admin and the password is obtained from the SSH field located on the devices Cloudvue Manager page.

Maintenance Page

Remote Access Page

About Page

SSH Access

After establishing the tunnel you can run the following command to gain SSH access using the port created earlier

./sshTunnel.sh -u -p 4445

Example