Remote Access

From ARGUS TV Wiki
Jump to: navigation, search

This information describes the steps and services you have to perform to get remote access. Remote access in this article's context means: access from outside of your network through the Internet.
It is not related to remote Web Access of ARGUS TV. Please consult the section ICN WIKI INLINE.PNG Web-Access to read about that.
Professionals may want to jump directly to the various ports used for operation. You will need to know about these to connect to ARGUS TV from clients and from outside your local network.

Contents

Prerequisites

To be able to contact your network or individual PC's in your network, you need

  • An IP address that is known or being able to be retrieved by your clients, either a static IP address (common for larger institutional companies) or a free dynamic DNS service, that delivers the current IP address of your network to the client. This service can freely be found in the internet.
  • To set up your router to deliver the currently assigned public IP address (from your provider) to this dynamic DNS service - OR -
    • To use a small (free) helper application that does so
  • To set up your router to route incoming requests to certain ports (see "the various ports used for operation") to the ARGUS TV services on your used PC's within your network
  • To set up your firewall on the various machines (and potentially on your router) to allow this incoming and outgoing network traffic.

Service Setup: Dynamic DNS

To find and address your network, the client, which tries to connect, needs to know the IP address of your network. Usually most of the (private) Internet users get a dynamic DNS when connecting to the Internet through their provider.
This means, the IP address of your network is subjected to more or less often changes.

To have a kind of "dictionary entry" (DNS) of your network that follows the actual current IP address, you may find several (free) services throughout the Internet. With these services you usually have to register and set up a (free) account, define the (sub-) domain, under which the current IP address of your network shall be listed and set this active.
One (but by far not the only) free service can be found under ICN WEB INLINE.PNG dyndns.org. Your network may after registration, activation and router setup (see next section) then be addressed through an address like "mynetwork.dyndns.org"

Router Setup to support Dynamic DNS

To maintain your network's dynamic IP address synchronized with the dynamic DNS service you set up, you need to refresh this information on your DynDNS service provider every time your network's address changes.
Most modern routers provide this as a configurable service within their (usually Web) configuration. Search for a configuration headline like "DynDNS" or "dynamic DNS" and set this up according to your registered information: address of your DynDNS service provider, your account name, your password and usually also the name of your registered subdomain.
If you don't find such a configuration section on your router's config page, please read the following section.

Helper Applications to support Dynamic DNS

This section must only be read, if your router doesn't mutually supports dynamic DNS service updating as described in the section before.
If so, you may find several (free) helper applications in the Internet that updates your network's currently used IP address with the registered DynDNS subdomain. This application must be run (automatic start) on one of your network's PC.
Search the Web for "Dynamic DNS updater freeware" or search the page of the DynDNS provider you selected before. See for example ICN WEB INLINE.PNG the free updater clients that dyndns.org provides.

Router Setup: NAT or Port Forwarding

Nearly all modern routers provide a Network Address Translation (NAT) or Port Forwarding service.
NAT is the comfortable variant: you may define incoming ports (from WAN/Internet) and map them to a local machine name, IP address and destination port.
Port Forwarding is a kind of limited version of NAT: you may define incoming ports (from WAN/Internet) and map them to a local IP address - it will then use the same as the incoming port as destination port.
We do not recommend using Port Triggering, if you find this service in your router's configuration: this leads ALL network traffic to a local machine after a certain port was used once. This usage "triggers" ALL network traffic to be routed to one machine that you define until usually a timeout encounters. Only if you don't have one of the services described above, you may want to try this out. But this makes your network a bit more vulnerable and other services that you might have active in your network (e.g. a Web Server on another machine) are not reachable during the trigger period.

Configure the ports that you want to be forwarded with the destination machine name/IP address and (if NAT is used) destination ports. See the used ports below under the various ports used for operation.

ICN INFO.PNG Remark - potential constraint: many routers unfortunately don't support the usage of machine names, but only of their IP addresses. In this case, you may need to fix the IP address of the desired destination machine within your local network. If so, please read the section below this one.

Fixing local IP Addresses of your Machines

There are two ways to fix the IP address of a machine within the local network.

  • Setup your router / DHCP-Server to assign a fixed IP address to a certain MAC address (should absolutely be preferred)

Nearly all modern routers support assigning fixed / reserved IP addresses to either certain machine names or (more common) MAC address. Find this configuration usually under router's configuration under LAN / DHCP Server and define the machine to be addressed from outside with a fixed IP address you select. This IP address will be kept free and will not be assigned to other clients in your network.

  • Fixing the machine's IP address and disconnect it from the DHCP service of your router

Find the settings to assign a fixed IP address on the desired destination machine under Network Center / Change Adapter Settings / <Network Card> / Properties. Select Internet Protocol Version 4 in the list of services and hit Properties. Select here "Use following IP address" and enter the IP address, the Address Mask (usually 255.255.255.0) and as Standard Gateway the IP address of your router that is connected to the Internet.
Potential constraint: you may not be able to connect to the machine anymore through the machine name - at least for up to several minutes after the startup of the machine. Therefore you should prefer to use the first method described above.

Firewall Setup: Allow ARGUS TV to communicate through your Firewall

This section can't provide a step-by-step guide on how to open the ports, that you want to use, as there are many software- and hardware-based firewall solutions on the market.
We can just support you generally on which measures you have to take to enable the communication with your destination machine.
Generally you can take two roads to open up the communication - of which we strongly recommend the first way!
"Opening" the firewall usually means from the point of view of your firewall "adding an exception" or an "allow rule" (depending on the firewall you use) to the general existing rules: "Except from THIS port or application, the rules will be applied!"

  • Open specific ports for the specific ARGUS TV applications (inbound and outbound)

Search for the ARGUS TV application(s) you want to be enabled to be accessed or to be enabled to communicate outbound. For each of these applications you may enter specific ports to allow inbound and outbound traffic (usually seperately). In addition you may need to define, if this traffic is allowed for private and/or public networks. Select only private network, if this doesn't seem to work (and your machine is a stationary PC) and you have to open the firewall for public networks as well, you carefully should re-check your server's network setup, as long as you're not a professional.

  • Open all ports for ARGUS TV applications (inbound and outbound)

Only if you don't succeed in opening specific ports in your firewall solutions, you may add applications to be completely open. You should try to avoid this, and never do this, if you have to use "public networks" as described above.

Firewall Setup on your Router

This section concerns only users which encounter problems after having followed the steps before! Usually you wouldn't need it.
Only on older routers you may have to configure the firewall rules on the router as well. Newer routers limit this service to block incomplete blocks, DoS attacks, etc. This would not influence your remote access. Search for your firewall rules in your router's configuration pages and free the same ports as you did following the firewall rules as described before.
As there are numerous routers on the market, please consult the router's administration guide provided by the supplier.

Potentially needed Client's Firewall Changes

Don't forget your client machine. By default, the (outbound) access rights of ARGUS TV Scheduler Console and ARGUS TV Notifier are allowed in "Private Networks" only.
If you want to use your client while connected to public or commercial Internet Access Points to remotely being connected to your private network, you probably defined the network connection as "public" and this won't allow your client's ARGUS TV Scheduler Console, ARGUS TV Recorder Console or ARGUS TV Notifier to get through.
Do NOT declare this network then as "private" - other participants in this network would then be able to at least see your client machine - if not more. Prefer instead to change the properties of ARGUS TV Scheduler Console, ARGUS TV Recorder Console and ARGUS TV Notifier within the client's firewall. Select to allow also the outbound access for these applications on public networks to enable ARGUS TV Scheduler Console, ARGUS TV Recorder Console and ARGUS TV Notifier to work remotely.
Attention: in these cases, if you also use public network access points, ONLY use HTTPS connection protocols as connection type - see below.


Which Ports must be opened and forwarded?

Port Protocol Configurable Client Confirmed Remark
8554 RTSP Yes VLC,... No
ICN OK.PNG Outbound only, no security issues
49952 TCP No ARGUS TV Recorder No
ICN ATTN.PNG UNSAFE for remote access: no password protection or encryption
42080 HTTP Install time ICN WIKI INLINE.PNG See ARGUS TV Web Access No
ICN OK.PNG Password protection through Web Server (if activated during installation)
49941 HTTPS (xml) Install time ICN WIKI INLINE.PNG See
  • {{ATVRC]] (remote)
  • XBMC PVR ARGUS TV-Plugin (using https)
  • NO more WCF API (obsolete since ARGUS TV 2)
No
ICN OK.PNG Password protection (defined during installation) and encryption
49942 TCP Install time ICN WIKI INLINE.PNG See ARGUS TV Scheduler Console (local) No
ICN ATTN.PNG UNSAFE for remote access: no password protection or encryption
49943 HTTP Install time ICN WIKI INLINE.PNG See
  • REST API
  • ARGUS TV Mobile
  • XBMC PVR ARGUS TV-Plugin (using http)
No
ICN ATTN.PNG UNSAFE for remote access: no password protection or encryption when using HTTP - please prefer using HTTPS
49944 HTTPS (binary) Install time ICN WIKI INLINE.PNG See WCF api No
ICN OK.PNG Password protection (defined during installation) and encryption
80, 443, 1863 TCP No ARGUS TV Messenger No See ICN WEB INLINE.PNG Microsoft Knowledge Base


Remotely connect your local ARGUS TV Recorder Console & ARGUS TV Scheduler Console Applications

ICN INFO.PNG Remark:
Please also refer to Potentially needed Client's Firewall Changes above.

ARGUS TV Notifier

Right-click on the icon, select Options, leave ARGUS TV Services (local) empty and select HTTPS (xml) in the remote section, fill in DynDNS address and user name / password (as selected during setup for example) - see image below.
Port 49941 on your remote router has to be translated/forwarded to your ARGUS TV core machine and has to have a dynamic DNS service active.

ARGUS TV Scheduler Console

Select "Settings" and hit in Section ARGUS TV Server "(Re-) Connect". Fill in as described above and see see image below. For your needs you can name the profiles for each of your friends or family members. When you launch the application the next time you will be asked, which profile to connect with.
Port 49941 on your remote router has to be translated/forwarded to your ARGUS TV core machine and has to have a dynamic DNS service active.

ARGUS TV Recorder Console

ICN ATTN.PNG Attention: NOT recommended, no access password protection or encryption, your machine would be freely accessible for users exploring your ports!

Select "Settings" and hit in Section ARGUS TV Recorder "(Re-) Connect". Fill in as described above and see see image below. Again: for your needs you can name the profiles for each of your friends or family members. When you launch the application the next time you will be asked, which profile to connect with.
Port 49952 on your remote router has to be translated/forwarded to your ARGUS TV Recorder machine and has to have a dynamic DNS service active.
Argus "Argus-TV" ArgusTV ATV "A-TV" ForTheRecord 4TR "For The Record" Scheduler Recorder Console "Remote Access" "Web Access" "Internet Access" router configuration switch "port forward" ports used NAT

Namespaces

Variants
Actions
Navigation
Toolbox