Unfortunately I can not open a new topic here (greyed out), but my question well matches to this topic for remote access (and this is why I write in English as the original article was in English)
I understand, that the intended way (by Mobotix) for remote access to the camera from the MobotixLive App is to open an inbound port in my network forwarded directly to the camera and add the remote (DynDNS) URL to the App.
From a security perspective however, this is not the best approach, as the camera itself is now reachable directly from public internet, only the security settings and mechanisms on the cameras’ embedded Linux will apply (and in case of a vulnerability or misconfiguration there is immediate impact))!
As a camera is a (security) sensitive device, alternative options should be available and supported, e.g. by utilizing an existing VPN.
When looking at mobile operating systems like iOS (Apple), there are several very nice options to trigger a VPN connection “on Demand” every time, when a predefined “internal” URL is requested from the device (e.g. Safari Browser).
This also works with several Apps by default and when the Apps try to reach an internal host (like xyz.intern) and a “VPN on Demand” configuration Profile is configured on the iOS device, the VPN is triggered automatically and the Application can reach out to the internal destination after a few seconds (IKEv2 is quite fast establishing a connection).
However, this does not work with the MobotixLive App and I did some investigation.
The App, to trigger VPN on Demand, will only trigger when you use Apple libraries that utilize WebKit (NSURLSession, NSURLConnection, etc.).
So it seems that Mobotix is not using such libraries, but maybe other means like socket-based network requests which are unable to trigger Apple’s On-Demand VPN.
I would highly appreciate, if the Developers at Mobotix could look into this, there might be very simple options as workarounds like
“One workaround is to launch a dummy request through the usual NSURLSession / NSURLConnection to the correct domain to just trigger the VPN.”
Additional Information could be found here.
Please get in touch if you need someone for testing.
This improvement in the MobotixLive App would immediately significantly improve the security options for your customers with ow implementation effort, at least for iOS easily to implement!
Best regards,
Uwe