How to activate remote access in MobotixLive

Before getting started the camera needs to be configured for remote control.

The use of an HTTPS connection for a more secure remote access to the camera is recommended.

In the MobotixLive go to the app menu and then to the camera settings and select remote address.

live%20image%20redmenu1242×2208 320 KB

camera%20selection%20reddd1080×2280 78.4 KB

Here you can set your cameras remote address and port.

When you are done go back one menu and to the menu point Locations. There you have to activate remote address under the location of your choice. In this example in the location Abroad.

If a remote address is available, we recommend to use the Abroad Location as a default. In this way, a connection is guaranteed regardless of your location. The environment At Home is suitable for permanently installed devices such as built-in wall tablets. The environment Limited should be used for the case of Low Bandwidth connections if necessary.

remote%20en%20red%20remote1080×2280 73.1 KB

Now that you have configured everything you just have to choose in the main menu of the app the appropriate Location profile

menu%20en%20re%20location1080×2280 95.3 KB

If all is been done correctly you should see live picture and get Push Notifications from your camera.

Unfortunately I can not open a new topic here (greyed out), but my question well matches to this topic for remote access (and this is why I write in English as the original article was in English)

I understand, that the intended way (by Mobotix) for remote access to the camera from the MobotixLive App is to open an inbound port in my network forwarded directly to the camera and add the remote (DynDNS) URL to the App.

From a security perspective however, this is not the best approach, as the camera itself is now reachable directly from public internet, only the security settings and mechanisms on the cameras’ embedded Linux will apply (and in case of a vulnerability or misconfiguration there is immediate impact))!

As a camera is a (security) sensitive device, alternative options should be available and supported, e.g. by utilizing an existing VPN.

When looking at mobile operating systems like iOS (Apple), there are several very nice options to trigger a VPN connection “on Demand” every time, when a predefined “internal” URL is requested from the device (e.g. Safari Browser).
This also works with several Apps by default and when the Apps try to reach an internal host (like xyz.intern) and a “VPN on Demand” configuration Profile is configured on the iOS device, the VPN is triggered automatically and the Application can reach out to the internal destination after a few seconds (IKEv2 is quite fast establishing a connection).

However, this does not work with the MobotixLive App and I did some investigation.

The App, to trigger VPN on Demand, will only trigger when you use Apple libraries that utilize WebKit (NSURLSession, NSURLConnection, etc.).
So it seems that Mobotix is not using such libraries, but maybe other means like socket-based network requests which are unable to trigger Apple’s On-Demand VPN.

I would highly appreciate, if the Developers at Mobotix could look into this, there might be very simple options as workarounds like

“One workaround is to launch a dummy request through the usual NSURLSession / NSURLConnection to the correct domain to just trigger the VPN.”

Additional Information could be found here.

Please get in touch if you need someone for testing.

This improvement in the MobotixLive App would immediately significantly improve the security options for your customers with ow implementation effort, at least for iOS easily to implement!

Best regards,

Uwe