Recommendation for outdoor cameras in a secure system?

maxmoon · June 29, 2024, 12:19pm

I am looking for 4 outdoor cameras, which meet the following requirements:

Motion detection
Zones
No-Wifi (Only ethernet)
PoE
High resolution (at least 1080p)
Alarms/Notifications on motion (best, if I could catch them and use them in my own software/scripts or open source software like Zoneminder)

That’s the first time I am setting up a system like this and I am not sure if the cameras itself are doing the work or the computer, which is connected to them. But the plan is to have an old NUC and 4 cams within a VLAN to isolate them, not letting them into the internet.

PeteRage · June 29, 2024, 12:30pm

I use Amcrest POE cameras they do basically that. But they don’t detect the difference between a bird flying in front of the camera and a person approaching the steps. For that you need image recognition and some compute hardware. On the plus side I’ve had these cameras mounted outside for 4 years, they have been flawless and still work. You’ll want some type of camera platform. I use Synology surveillance station, mostly because I have a Synology NAS and it came with a free 2 camera license. Other folks use Frigate. You’ll also want a bunch of disk to record images too. It was pretty easy to route the camera events to HA, so I’m able to use them as motion sensors in HA.

TH3xR34P3R · June 29, 2024, 12:45pm

I currently use a Hikvision Dome camera outside my front door and 2 HiLook bullet style cameras for the other sides I monitor for my place.

They are ONVIF cameras that come up as generic_hikvision when connected to my synology surveillance station (you can use frigate which is what is generally used the most I just had my setup before I started with HA so its what I use).

I have internet access blocked for them at the firewall level so they only have internal access to connect to the NAS for the feeds which I can run 1440P60 with H265+ for better compression.

The only thing that would need to be kept in mind with them is that you need to buy and connect a microphone separately if you need it for certain spots to make sure you have recorded what is said during an event (I have not done this with my setup since I don’t want to break any laws in that regard here in Sydney).

The dome camera that is setup above my front door I am using as a doorbell camera for when my shelly button 1 is pressed so that it captures an image of the person that pressed it and with timestamp that gets sent to my phone via notification.

When I am out I just use openvpn to remote into my network to keep connected to my HA instance and NAS to keep things secure.

For storage in my NAS I have a 10TB Ironwolf pro HDD dedicated to the camera snapshots with 30 day rotations.

tmjpugh · June 29, 2024, 1:49pm

Amcrest + frigate

Amcrest has best low light performance

Frigate does great object and motion detection

IP8M-2796E or lower cost models
This model has can do detection but I dont use camera. Mic and floodlight as well

maxmoon · June 29, 2024, 3:30pm

It would be very important to have cameras, which know the difference between a bird and a human. But in this case I have to ask if the work is done by the computer, which is connected to the cam or if the camera itself is able to do that? And if a computer is doing the work, what cpu does it need? Would a NUC with a i5 cpu be enough?

Am I getting it right that the actual work is the computer doing and not the camera itself? I hope a NUC with a i5 cpu will have enough power for that.

Why so many? My plan was to connect one external 2.5" disk with 2TB to the NUC, encrypt the disk and save all data there.

Or can it be even critical to only have one disk connected to it (too much data on one USB bus)?

This part is very interesting. How exactly is your system build up? I want to use VPN and VLANs. But I still don’t know how exactly one can access cameras in a VLAN, outside of the VLAN or if it is possible at all to access a VLAN if you’re not part of that VLAN.

Where or what exactly is your firewall? Do you have something like a Raspberry Pi, where you put all the traffic though and it has the firewall filtering out everything?

Is your VPN server running on a home made server, like NUC or Raspberry Pi?

10TB sounds a lot, but I guess you need a lot of space for 30 days. Is it possible to calculate how much space 4 cams would need to a 1 week rotation?

How are your experience with Frigate and have you used popular ones before, like Homezoner?

Do they have nightvision/infrared or are they just really good at night?

Oh, okay, this means the actual computer and not the cameras itself do all the work. What computer do you have connected to it? I really hope an old Intel NUC with an i5 cpu would be enough.

Am I understanding it right, that it has an LED in front of it? Isn’t this a little bit annoying if the cameras lighting up the garden all night? And how exactly do the internal storage work? Are they a buffer, because I thought you need a computer connected to the same network, which will process AND store all the data. hmm… I am a little bit confused about which work the computer and the cameras are doing.

Thank you all for your help. It helps me a lot to understand all of it and hopefully I can set up a secure system the next week

TH3xR34P3R · June 29, 2024, 3:49pm

I just have the internet access blocked via the router settings at this time for devices that don’t need internet access, the router I use is an RT-AX88U at this time and I use a Synology DS216Play until I can afford to upgrade to a 2.5GbE setup and a NAS with more drive sleds (full setup is at Workstation).

I have about 1TB assigned to each camera at this time for the max storage before it needs to rotate to allow me the option to add another camera or two down the line. I don’t have issues with rotating out the motion captures as majority of the time if I need to archive a video or snapshot of an event for the local cops it’s already done on the day or the day before then I just hand it to them on a USB or email it to a contact after I copy it to a dedicated archive share.

All my stuff is on an internal VLAN and I just have a Guest Device VLAN to keep it simple for when I need to work on devices that I don’t want to connect to the internal lan.

The other option instead of VLAN’s is to have 2 nics on the NAS that you want to use so that one NIC is for the internal network and the other is for your cameras and does not have any internet access at all but uses the dedicated DHCP settings via the NAS for its network, or use another router for physical separation but still using the 2 nic setup.

For a VLAN setup you use firewall rules to allow traffic to go to and from specific IP’s and ports or IP ranges and ports.

i.e if your main VLAN for the internal network is 192.168.1.0/24 and your NAS or HA instance is 1.250 or 1.251 then you forward either the VLAN2 range of 2.0/24 to that IP only blocking access to other devices as a global from the source range or do the specific IP from the source.

OpenVPN server is setup on the router and I have the OpenVPN client installed on the phone which via tasker is enabled and disabled based on if it detects the phone is connected to my SSID or not it will toggle the VPN connection on or off (this only works when the phone is unlocked so I have to make sure that I unlock the phone when I step out for longer than I am say taking out the trash or checking the mail).

The only issue I have using the vpn for connecting home to check my cameras via dscam and manage my HA instance when out is that if I am in a car I have to make sure I rem to bring a usb cable to use android auto as it conflicts trying to use the BT connection.

tmjpugh · June 29, 2024, 4:03pm

For reference, I have dual Xeon server with about 96GB ram. Processing is not big issue even with my processors being older.

Motioneye (2019) was hard to review and slow. It was easy setup and did do basics well, just when things happened going through ui was slow

Shinobi (2019) just was a mess. I didn’t use docker compose so maybe that had effect but it just was bad

Zoneminder (2019) was difficult to setup and really not great

Frigate uses yaml files which can be hard for many but i literally got it working first time in about 20 minutes. Most of that time was reading docs and this was at first release when no info existed in forum and no one to ask. I can quickly find any event. It works well and live playback is smooth. Recent changes make it amazing

Yes. I turn it off and set it to color at night, no black/white. I live in country with no streeetlight or light from home. I need see in dark area 100 foot from camera and I can. I say it is comparable to iPhone 12 or newer low light performance. Be careful with noise reduction as it may think poorly light animal in very dark is noise and remove. I turn this off. If you are in city you will have no issues. I’ve literally looked at image on camera and thought sun was up. Look outside and it’s completely dark. This was dusk just after sun drop out of site below horizon

The camera I suggest can but I don’t use it. I5 is OK but you will want to get google coral.

Cam has IR and LED floodlight. I use neither.

It has SD card slot
It is optional to use the SD card. I do t use this. My cameras are connected to local network and computer connects and records the video

Both camera and computer may record on any camera. I choose to only use computer

Both camera and computer can do object and/or motion detection. I choose to only use computer

maxmoon · July 6, 2024, 8:58am

This is a pretty smart move, because I think the highest risk in a secure system are sometimes friends or family members with infected devices, who don’t update their devices or installed dozens of random apps, not knowing what they doing and those people aren’t able to sandbox those apps or have any control of their devices. (Attack from inside).

But how exactly does the setup look like? Do you have VLAN Switches for all your internal devices or does your router create those VLANs including wireless devices? This will be the first time using VLANs at all, so my questions might be weird.

This is a pretty cool idea. But you need a rooted device to completely use tasker, right?

I didn’t understand this part correctly. Why exactly do you need an usb cable for the Bluetooth connection?

Do camera processing systems need so much RAM or do your servers need it for other tasks, too?

I read a lot about different open source software, but it looks like Frigate might be the best atm.

Is it possible to do all the stuff with Frigate:

human recognition (No recording, if animals/insects walk around)
zones (Do not record, if something happens in some zones)
nice to have: face recognition. Only record if the face is unknown.

Google and other privacy invasive companies are a no-go and reading the headline on the website of Google Coral let me think I am in a parallel universe:

Build beneficial and privacy preserving AI

And I can’t believe that one of the biggest data collectors on this planet write stuff like private and offline:

Coral is a complete toolkit to build products with local AI. Our on-device inferencing capabilities allow you to build products that are efficient, private, fast and offline.

I am skeptical about this product. Do you have it isolated in an offline vlan? And do you have it on a stick or is it installed on your server?

Oh, okay, so it would make even sense to buy “normal” ip cameras without special features, but let the machine do all the work, which is connected to the cameras.

Thanks a lot to all of you. There is a lot to learn, but I have a direction, now

UPDATE: I’ve created a new thread, which should cover the whole system and not only the cameras. I even created a plan showing, which devices are connected and which device is in a VLAN. But is this setup secure?

TH3xR34P3R · July 6, 2024, 9:36am

I have a 24 Port HP Enterprise switch I got for free a while back which lets me assign each port to a tagged VLAN number, i.e 1 is untagged traffic. 2 is internal, 3 is guest devices.

All my personal gear is on VLAN 2 via my ax88u, for guest devices I just have a dedicated mikrotik router handle that traffic in its own subnet on VLAN 3. I got it for free so using what I have until I pick an upgrade path for 2.5GbE or 10GbE overhaul.

As for tasker no you don’t need root to use it.

Due to the fact I use an OpenVPN connection to connect to my internal network when I am not home to access my files and home assistant instance without the need to pay for a cloud service; android auto does not like having the vpn active when trying to use it via bluetooth connection as such using a usb cable work without issue and I can keep my vpn connection active when I am in a car that lets me use android auto for my needs.

tmjpugh · July 6, 2024, 11:22am

Frigate doesnt do facial recognition but you can do person detection and only send these image to another service for person/fave detection

Coral is local device. No different than cpu from intel or gpu from nvidia

It is USB or PCIE

It what i do but either can work. I have never done camera side processing so have no useful opinion. PC side works well for me.

No. I dont believe so. Server cost $25USD and ram was included. I use for many services.

Homeassistant
Immich
Frigate
Jellyfin
Unifi
Many more