Remote DVR on Guest Network?

I have some family members that live in other houses and successfully use Remote DVR in their homes. But when they visit my home, and their iOS devices connect to my Guest network, Remote DVR doesn't work, even when selecting "Away from Home" ("DVR Access Failure, The request timed out"). When they connect to my primary network, everything works fine, but I don't want to give everyone access to my primary network for security reasons.

Is there something about guest networks that prevents Remote DVR from working? I realize that the guest network prevents communication within the network, and only provides internet access, but isn't that exactly what the remote DVR service is designed for?

(I'm using a mesh network comprised of three Synology WRX560 router/AP's with wired backhaul, configured via Synology Router Manager (SRM), in case that matters).

I could be wrong (its happened before) but I think the issue is that on many routers the Guest and IoT networks are not port forwarded. Meaning that any port forwarding on the main network is not shared with the guest network. This would include the forwarding needed by Channels. I think is may be possible in some routers but you would have to look into the Synology router manager software to see if this is possible on your guest network.

If you’re in the guest network and try to go to my.channelsdvr.net will it load your server page? Probably a hairpin NAT issue.

It will not. I’m not familiar with NAT, is this something I can fix with a setting change, or do I just have to live with it?

Maybe, maybe not. If you have a local DNS server you can point it to your server. Otherwise, this may be a setting that your router exposes and does not enable by default, but that would vary based upon your router. But this is not something within Channels that can be set; this is a network level thing.

If you can't control your local DNS or enable hairpin NAT routing in your router, yes.

If you can’t enable hairpin nat on your router you could try the built in Tailscale on the server and their device. I’m not really sure if it will work in this senario but it’s easy enough to try.

Not sure if i would use a vpn to overcome 2 vlans not being able to communciate with each other.
@kentrd i would just enable a firewall rule to allow traffic from the guest vlan to the channels server ip on port 8089. Disocvery probably wont work but they can manually connect to the ip address. Not sure this is possible as i dont use consumer router/firewalls. Worst case enable nat reflection (hairpining)

Most consumer routers do not allow users to modify firewall rules in this manner. Some do, and that would work for them. But in my personal experience many consumer products don't allow users to actually use their devices as they wish ...

YMMV

Yeah i havent used a consumer router in over 10 years. Pfense with access points.. never realized how much consumer routers suck until i switched.

Even "prosumer" models have their issues. I find my UniFi network lacking at times. Even when I used UI's EdgeRouters.

The best network management I ever found was PCEngines' APU4C4 running OpenBSD. (Pfsense uses a forked version of Pf from ages ago ... current Pf on OBSD is far better than anything shipped with any other BSD!)

I can't find NAT loop-through or hairpin settings in Synology Router Manager, but Google suggests that it's enabled by default. Setting up a DNS server or VPN to solve this edge case is not worth the effort for me, but before I give up and live with it, are there any other settings I should look at?

So you're using a Synology router? If so, check their forums for hairpin settings. (I have no experience with Synology's networking.)

I'm sure this won't be a surprise to anyone on this string, but I remembered that I actually have an active VPN account (it's for one of my family members to access poker websites), so I tested it, and sure enough, Remote DVR works on the guest network with the VPN active. So that's probably the easiest solution (for me). Thanks for the assist!

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.