It probably is doing some connectivity checks that have to timeout before they display. hacking them or the NVR to point to an IP of the PC they're hardwired to should speed things up. Or the browser is confused by trying to find the route to the hardwired subnet. Disable auto configure / proxy / etc. in internet options > connection > LAN
- Nov 17, 2019
- 6,613
- 3,819
- 106
That was all unticked, but I also unticked 'Auto Detect Settings" and it's working a lot faster. I really don't use IE for anything other than this, so it isn't a big issue.
At this moment, it all seems to be working on the internal LAN and none of them seem to have web access.
I can't view them on the manufacturer's mobile programs for example.
At this moment, it all seems to be working on the internal LAN and none of them seem to have web access.
I can't view them on the manufacturer's mobile programs for example.
That's where the internet connectivity is needed for DDNS to setup back to the cams.
Since you don't want them to be reachable or able to get out it's a small sacrifice.
Leaking data for convenience vs privacy.
- Nov 17, 2019
- 6,613
- 3,819
- 106
Not really a sacrifice since I had no reason to do that to begin with and didn't really want to. Thing is, I guess I can simply plug that one LAN cable back in as I'm going out the door if I want to be able to look at them while I'm away for some reason.
Sure, or setup a port trigger to activate the connection remotely through the firewall.
Port Knocking is a way to activate things remotely but, it depends on what kind of router / FW / etc. you're using as to whether that's an option or not.
With a Linux based DIY router / FW though it's a potential feature you could use. Also, it would enable you to lockdown the cams a bit more granularly than the segregation method.
Depend son how deep you want to get into personalizing things. From effort to $$.
Port Knocking is a way to activate things remotely but, it depends on what kind of router / FW / etc. you're using as to whether that's an option or not.
With a Linux based DIY router / FW though it's a potential feature you could use. Also, it would enable you to lockdown the cams a bit more granularly than the segregation method.
Depend son how deep you want to get into personalizing things. From effort to $$.
VirtualLarry
No Lifer
- Aug 25, 2001
- 53,501
- 7,834
- 126
If that were the case it should be happening on all Chrome versions not just mobile.
I've done all of the tricks mentioned from disabling private DNS and so on and while it glitches after toggling things and blocks ads they come back after another refresh.
I have 2 things in play here to block this junk. 1 pihole / 2 vpn - disabled SIM data to make sure it's not circumventing the static IP info.
The thought of Chrome bundling in some sort of VPN on itself in A12 comes to mind as it seems all of the browsers are jumping on the VPN bandwagon lately. I'm also pondering the idea that OnePlus might have rolled something into the update to permit / bypass the DNS manual settings. I haven't bothered really debugging it yet to see where the leak is coming from.
So, my phone apparently knows I'm looking to fix the issue and a new browser popped up in the news app while scrolling through headlines.
Vivaldi Browser | Now with built-in Translate, Mail, and Calendar
It’s a browser. But fun. It comes with a bunch of clever features built-in. It’s freakishly flexible and private too. Get Vivaldi for desktop or Android!
vivaldi.com
It's just bothersome that windows / linux machines are abiding by the rules like they have been for years but, the stupid phone update allows it to bypass things.
- Nov 17, 2019
- 6,613
- 3,819
- 106
Vivaldi isn't new, but it's pretty cool in many ways. I have it on my notebook, but haven't put it on a mobile yet.
It's just another Chromium clone though, same as Brave and Opera.
In fact, I may try it on mobile as I'm not overly satisfied with Brave, DDG or Adblock's attempts.
It's just another Chromium clone though, same as Brave and Opera.
In fact, I may try it on mobile as I'm not overly satisfied with Brave, DDG or Adblock's attempts.
I hadn't heard of it before seeing the mention of it on the news feed. Of course chromium based options have existed for quite awhile ( decades ). Chrome though has worked fine for quite awhile and no need to look into other options until this. If it's bypassing DNS though it makes me wonder what else it's leaking in the process.
Just another annoyance to deal with.
- Nov 17, 2019
- 6,613
- 3,819
- 106
I've always considered anything from the G to be spyware. I've never trusted their stuff. I use only what cannot be avoided and then only very sparingly. No 'Tube or anything similar. G's entire business plan is gathering and selling personal information.
.
mxnerd
Diamond Member
- Jul 6, 2007
- 6,411
- 983
- 126
You should use UNBOUND as Pi-Hole's upstream server
docs.pi-hole.net
unbound - Pi-hole documentation
docs.pi-hole.net
I agree but, in my book G is the lesser of 2 evils when it comes to some things. For the phone I don't use it for much that they can track or would want to sell anyway. Everything is entwined with G anyway in one shape or another. It's about limiting things as much as possible from being siphoned in the process.
I guess the ease of cross device sync is the appeal for me and using SSO with the same login makes things smooth. Each platform OS though acts a bit different from Windows / Linux / Android they all have their quirks in how they handle G products.
@mxnerd - I haven't had any issues until the phone update. Switching the backend won't resolve the issue. The phone is bypassing pihole completely on Chrome as it's not hitting the server. I suppose I could add a rule to the FW forcing all DNS traffic to hit pihole but, that shouldn't be needed if the IP info is set static to push everything in that direction.
I guess the ease of cross device sync is the appeal for me and using SSO with the same login makes things smooth. Each platform OS though acts a bit different from Windows / Linux / Android they all have their quirks in how they handle G products.
@mxnerd - I haven't had any issues until the phone update. Switching the backend won't resolve the issue. The phone is bypassing pihole completely on Chrome as it's not hitting the server. I suppose I could add a rule to the FW forcing all DNS traffic to hit pihole but, that shouldn't be needed if the IP info is set static to push everything in that direction.
mxnerd
Diamond Member
- Jul 6, 2007
- 6,411
- 983
- 126
VL's suspicion seemed correct.
Android Update End-Running Pi-Hole Ad Blocking
Solution: On the Chrome browser on the phone, I see a "Use Secure DNS" entry set to auto on both. That could be DNS over TLS, but I don't see DoH. Still, the
community.spiceworks.com
I've moved onto the FW side and forcing DNS to hit the PIHOLE instead of relying on Android to abide by what I tell it to do and then not do it.
Problem is the suspect APP is still able to reflect ads which means it's DOH/443 which blocking turns into a S-Show for any https site. I added some rules to the FW to see where DNS traffic is headed and I'm getting hits across different ports / protocols which makes things a bit more interesting.
I guess I have something to keep an eye on and potentially switch up the browser as a starting point to close the hole that G has created somehow or maybe it's OnePlus that did it through the A12 upgrade. Might be a coincidence or it could be both in tandem.
All other apps though adhere to the DNS / blocking. While looking around it seems this might have reared its head back in 12/2021 with an update that rolled out with the security patch on A12 but I was running A11 w/ 3/2022 patch.
SMH...... Looks like there's some other issues others are experiencing from another standpoint of admins not being able to hit local resources on the LAN.
mxnerd
Diamond Member
- Jul 6, 2007
- 6,411
- 983
- 126
Probably something to do with this. Where DoT use port 853
developers.google.com
Secure transports for DNS | Public DNS | Google Developers
developers.google.com
mxnerd
Diamond Member
- Jul 6, 2007
- 6,411
- 983
- 126
Found it.
Chrome < settings < privacy and security < secure dns < disable
Similar to the phone settings m menu but within the app itself. It doesn't allow using an ip and has a drop down for providers or a URL.
The odd thing is this secure DNS option was enabled on the laptop but didn't bypass the PIHOLE restrictions. Which begs to question how the hell is the phone allowing Chrome to supersede the IP configuration that's blocking ads / domains. There must be something in A12 that wasn't in A11 that basically tunneled the DNS Chrome option to allow it to unblock things. It's a head scratcher as to exactly which chicken / egg option allowed for the exception to occur.
Chrome < settings < privacy and security < secure dns < disable
Similar to the phone settings m menu but within the app itself. It doesn't allow using an ip and has a drop down for providers or a URL.
The odd thing is this secure DNS option was enabled on the laptop but didn't bypass the PIHOLE restrictions. Which begs to question how the hell is the phone allowing Chrome to supersede the IP configuration that's blocking ads / domains. There must be something in A12 that wasn't in A11 that basically tunneled the DNS Chrome option to allow it to unblock things. It's a head scratcher as to exactly which chicken / egg option allowed for the exception to occur.
Last edited:
- Nov 17, 2019
- 6,613
- 3,819
- 106
I had this set up sort of as follows.
Connections from this notebook:
LAN >> Intranet
--- < OR > ---
LAN >> WAN
And also:
Wireless (Built in) >> WAN
The intranet is effectively fully disconnected from the web, but connected to each other via that left over modem/router.
I'm on wireless most of the time, but I like to go wired for certain things. With the above, I could have WAN from either wired or wireless, or I could have WAN from wireless and intranet from LAN, or some other combination.
Problem was, I had to physically unplug/plug the LAN cable to change which I wanted to connect to.
I was trying to figure out how to do away with that step. Somehow, I would need either a switch of some kind I could flip, or another IP port/address.
Then I remembered I had a few old USB >> wireless LAN dongles from years past. I found one that is rated at 150M and plugged that into a USB hub already in place. Once I got the IPs figured out, I now have:
Wireless 1 (Built in) >> WAN
Wireless 2 (USB) >> Intranet
LAN >> Can be plugged into either at will.
IPs are all set to Static, so I have three assigned to this laptop.
Connections from this notebook:
LAN >> Intranet
--- < OR > ---
LAN >> WAN
And also:
Wireless (Built in) >> WAN
The intranet is effectively fully disconnected from the web, but connected to each other via that left over modem/router.
I'm on wireless most of the time, but I like to go wired for certain things. With the above, I could have WAN from either wired or wireless, or I could have WAN from wireless and intranet from LAN, or some other combination.
Problem was, I had to physically unplug/plug the LAN cable to change which I wanted to connect to.
I was trying to figure out how to do away with that step. Somehow, I would need either a switch of some kind I could flip, or another IP port/address.
Then I remembered I had a few old USB >> wireless LAN dongles from years past. I found one that is rated at 150M and plugged that into a USB hub already in place. Once I got the IPs figured out, I now have:
Wireless 1 (Built in) >> WAN
Wireless 2 (USB) >> Intranet
LAN >> Can be plugged into either at will.
IPs are all set to Static, so I have three assigned to this laptop.
The things we do for tech. That's not going to be confusing at all!
I was going to say... take the spare router and put it on a different subnet and hook the WAN up to the primary...
ISP <> Primary router
Primary <> LAN / primary subnet
Primary <> Spare / different subnet
Then you could do a VPN into the cam's or a one way route into the cam subnet. Or as you mentioned the easier way would be a L2/L3 switch w/or VLANs. Depends on a few different ways of setting it up but, if what you did works long term no need to pump more money into it.
- Nov 17, 2019
- 6,613
- 3,819
- 106
Yeah, well ....
With the LAN disconnected and the two wireless on line, I get a conflict and can't always browse the web. It seems to come and go. If I disable the one on the intranet, I can browse fine.
But I'm too dumb to try and figure it out.
With the LAN disconnected and the two wireless on line, I get a conflict and can't always browse the web. It seems to come and go. If I disable the one on the intranet, I can browse fine.
But I'm too dumb to try and figure it out.
I would do one wired / one wireless to avoid the conflict. That machine could be your RDP gateway to viewing things and isolating them at the same time. Lazy doesn't mean dumb... you've already done more than most would ever take on. Just take a break from it and come back to it later when it comes to mind. Focusing for long periods of time leads to frustration when dealing with this stuff.
- Nov 17, 2019
- 6,613
- 3,819
- 106
| Thread starter | Similar threads | Forum | Replies | Date |
|---|---|---|---|---|
| P | Question IPv6-related question. | Networking | 1 | |
| T | Solved! Switch (Arista) And NIC (Mellanox) Compatibility Question | Networking | 5 | |
|
Question NAS Noob question | Networking | 6 | |
| E | Solved! Network password question | Networking | 11 | |
| G | Question question about upgrading my wifi dongles | Networking | 4 |
TRENDING THREADS
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 17K
-
-
-
Info 64MB V-Cache on 5XXX Zen3 Average +15% in Games
- Started by Kedas
- Replies: 4K
-
Speculation: Zen 4 (EPYC 4 "Genoa", Ryzen 7000, etc.)- Started by Vattila
- Replies: 6K
Facebook
Twitter