Starlink Remote Cameras
3-Steps to Enable Inbound Remote Access
Enable secure, remote access to your IP Surveillance Camera on your Starlink network
No public IP, no VPN, no port-forwarding needed.
Overview: Starlink Remote Camera
A common home or small office security camera setup requires inbound IP access. The only downside? If you are not at home, on your home network, you cannot access your security cameras through Starlink for remote surveillance. Or can you?
In Starlink Port Forwarding we discussed how Carrier-Grade NAT (CGNAT) works, and how Agilicus AnyX can be used to connect through the Starlink into an internal environment, even though there is no public IP for remote surveillance and security operations.
In this article we describe how a user setup their Starlink and an IP Security Camera (e.g. Hikvision) with Agilicus AnyX, achieving anywhere secure access, from any device, despite the CGNAT limitation. They can access their home surveillance video from anywhere.
The simplest, and most powerful method of using your cameras remotely is to invest in a network video recorder (NVR), such as Synology Surveillance Station. This platform provides a location to run the Agilicus Connector, as well as a location to store the video when motion is detected. It also acts to aggregate your cameras and make them available via HTTP.
FAQ
No, Apple does not provide a server platform since the XServe. The connector is supported on Linux, Windows, various embedded platforms like Synology, pfSense, Mikrotik, etc. To run the connector on an Apple Mac, you may use the Docker instructions (see Install Docker Desktop on Mac).
If you are an enthusiast, consider running the connector under Docker on your Mac.
No. The Agilicus AnyX is a SaaS solution, cloud based. In order to work with your Starlink network, you will install a small piece of software on a single device you already own.
Yes, the end user can use the web-based profile as well as the desktop based launcher. The desktop-based launcher requires OSX 11 (last supported version by Apple) or later.
You can see an animated diagram on the Agilicus Connector page. But in general, this works the same way e.g. a Google Nest thermostat works. Something inside your home network makes a persistent outbound connection to our cloud. When you are away, you will connect to our cloud, it will confirm your identity, and bridge you across these two outbound connections.
Agilicus AnyX is an implementation of Zero Trust, a security best practice. You will use single-sign-on authentication via your Google or Microsoft account (there are no passwords). You can optionally enable multi-factor authentication. All traffic is encrypted with TLS 1.3 HTTPS. You can configure firewall rules in this system for e.g. geo-ip based access, as well as other more complex rules. You will have a full audit trail of who used what when.
Agilicus AnyX is an excellent solution for web applications, for SSH (e.g. command line access), for a Share (e.g. file access), and for remote desktop (Microsoft Remote Desktop, VNC). If you have complex networking needs that require layer-3 routing this is probably not the right solution for you.
The Agilicus Connector supports many device types. Windows, Linux, OpenWRT, Synology. You can see more information on the product guide page. In general, the machine will need about 100MB of storage, 20MB of ram to operate.
It is very unlikely the Agilicus Connector will install on your camera.
We do not recommend using the RTSP feature of your camera with Agilicus AnyX. Instead we recommend using the HTTP interface.
Many security cameras have a web interface. If you have a URL you can use from your browser at home, then you can use it while away with Agilicus AnyX.
In most cases, if you have an NVR, this will work. If your camera supports ONVIF, we have specific support for some NVR with that.
Many people use Synology Surveillance Station or Shinobi NVR with Agilicus AnyX.
Sample setups for generic ONVIF cameras are here.
A sample setup for an older Hikvision is here.
Data Flow
The high-level data flow is shown at the right. A managed SaaS system (Agilicus AnyX) acts as the intermediary. A program installed on the local network (Agilicus Connector) makes an outbound connection, thus overcoming the limitation of the NAT.
User-based authentication via Single-Sign-On and End-To-End Encryption round out the feature set of getting the User to their Data without caring about the network.
The Setup
The setup is super simple. Its all self-served.You can view the pricing and Signup and try along. The high-level steps are (see NVR Setup for a detailed example):
Signup. Create your Account
Install. Install the Connector on the network
Configure. Create a Web Application
Explore
Feel free to try additional services, e.g. a VNC or RDP remote desktop to your Mac, Linux, Windows machine. Connect to your home Building Management System. SSH to a NAS (web or command line) from remote, whatever works best for you.
Next Steps
In the case study above, the User’s objective was to use their IP Surveillance Camera from anywhere, without interference of the CGNAT of the Starlink.
The user can see their home surveillance video via their Starlink Remote Camera. From anywhere, on any device, with single-identity and single-sign-on, with multi-factor authentication.
No VPN is used, no overlapping or private IP issues Any network with out bound Internet access, whether fixed, mobile, corporate, will have direct access to the home or small business camera system. The Starlink Remote Camera access is simple, seamless, reliable, non-disruptive.
