Starlink Remote Cameras

Enable Inbound Remote Access

Enable secure, remote access to your IP Surveillance Camera on your Starlink network

No public IP, no VPN, no port-forwarding needed.

Overview

A common home or small office security camera setup requires inbound IP access. The only downside? If you are not at home, on your home network, you cannot access your security cameras through Starlink. Or can you?

In Starlink Port Forwarding we discussed how Carrier-Grade NAT (CGNAT) works, and how Agilicus AnyX can be used to connect through the Starlink into an internal environment, even though there is no public IP.

In this article we describe how a user setup their Starlink and an IP Security Camera (e.g. Hikvision) with Agilicus AnyX, achieving anywhere secure access, from any device, despite the CGNAT limitation. They can access their home surveillance video from anywhere.

Will this work with my security camera?

Many security cameras have a web interface. If you have a URL you can use from your browser at home, then you can use it while away with Agilicus AnyX.

Do I need to install any Software?

The Agilicus AnyX platform is almost entirely cloud SaaS. In order to work with your Starlink network, you will be installing the Agilicus Connector on a device you already have. This software will facilitate the incoming network traffic.

What type of device can I install the Agilicus Connector on?

The Agilicus Connector supports many device types. Windows, Linux, OpenWRT, Synology. You can see more information on the product guide page. In general, the machine will need about 100MB of storage, 20MB of ram to operate.

How can this work? I thought Starlink used CGNAT with no public IP?

You can see an animated diagram on the Agilicus Connector page. But in general, this works the same way e.g. a Google Nest thermostat works. Something inside your home network makes a persistent outbound connection to our cloud. When you are away, you will connect to our cloud, it will confirm your identity, and bridge you across these two outbound connections.

How much will this cost for just me and one other user?

You can see the pricing here. If you have only 2 users there will be no ongoing cost.

Is this a good solution for me?

Agilicus AnyX is an excellent solution for web applications, for SSH (e.g. command line access), for a Share (e.g. file access), and for remote desktop (Microsoft Remote Desktop, VNC). If you have complex networking needs that require layer-3 routing this is probably not the right solution for you.

How is this secure?

Agilicus AnyX is an implementation of Zero Trust, a security best practice. You will use single-sign-on authentication via your Google or Microsoft account (there are no passwords). You can optionally enable multi-factor authentication. All traffic is encrypted with TLS 1.3 HTTPS. You can configure firewall rules in this system for e.g. geo-ip based access, as well as other more complex rules. You will have a full audit trail of who used what when.

Do I need to install any Hardware?

No. The Agilicus AnyX is a SaaS solution, cloud based. In order to work with your Starlink network, you will install a small piece of software on a single device you already own.

I’m not sure, can we discuss?

Certainly! Please either open the chat icon in the lower-left, fill in the form, or email us (info @ agilicus.com) and our team would be happy to discuss further with you.

Data Flow

The high-level data flow is shown at the right. A managed SaaS system (Agilicus AnyX) acts as the intermediary. A program installed on the local network (Agilicus Connector) makes an outbound connection, thus overcoming the limitation of the NAT.

User-based authentication via Single-Sign-On and End-To-End Encryption round out the feature set of getting the User to their Data without caring about the network.

The Setup

The setup is super simple. Its all self-served.You can view the pricing and Signup and try along. The high-level steps are:

Signup. Create your Account

The signup process asks you what you want to call your account. You then have the option of using your own domain-name (so your share and web-applications will be something like https://my-app.mydomain), or one of ours. The Signup process is very simple, detailed instructions are here.

Install. Install the Connector on the network

In the Agilicus Admin UI, create a Connector. Give it a name (e.g. my-nas).This can be installed on a Raspberry PI, an OpenWRT Router (if it has enough flash), a Mikrotik, pfSense, a synology, a windows machine… many options exist.

Configure. Create a Web Application

We assume your IP Camera has a web interface. Create a web application in Agilicus Admin interface, referencing the camera’s IP or hostname as the ‘upstream host’ and port 80 (typically)). This will proxy you, after proving your identity, to the ip camera. From anywhere.

Explore

Open https://profile.MYDOMAIN, sign in. Try your share. Try the admin interface of the Camera. Now, do this from a network that is not at your home (e.g. LTE, a Cafe). Observe it works without regard to where you are. No VPN.
Feel free to try additional services, e.g. a VNC or RDP remote desktop to your Mac, Linux, Windows machine. Connect to your home Building Management System. SSH to a NAS (web or command line) from remote, whatever works for you.

Next Steps

In the case study above, the User’s objective was to use their IP Surveillance Camera from anywhere, without interference of the CGNAT of the Starlink.

The user can see their home surveillance video. From anywhere, on any device, with single-identity and single-sign-on, with multi-factor authentication.

Contact Me

Try Now

Book a Meeting