Tommy's Notes Repository

Church Reolink Doorbell

4 min read

Troubleshooting:

  • Are you connected to tailscale?
  • Is the “exit node” of tailscale set to be “Doorbell”
  • Try removing / deleting the NVR in the reolink app, and then adding it again
    • Process for adding the NVR again:
      • add device
      • choose manual input instead of scanning a qr code
      • choose IP instead of UID at the top
      • type in the IP 192.168.132.36 and the port should be 9000
      • add
      • enter password ( which should be in the files )
  • If neither of those work, make sure uPNP is disabled on the NVR.
    • reolink app nvr settings on a device that can access the nvr network settings advanced upnp should be DISABLED

What is tailscale?

Tailscale is a service which allows for you to create a virtual network so you can connect two networks that are seperate. That is, of course, a more techie explanation than is necessary though.

When you run something on your network, it is only accessible, on your network. For example, a doorbell. Networks have firewalls which stop data from the outside from getting in. This is a good thing, because it means shady hackers cannot watch what goes on through your doorbell all the time. This is an annoying thing though, because it means you have to find a way through that firewall in order to see your doorbell from outside of your network. So, if you are at home, and want to see your doorbell, you must find a way into your network. Tailscale does this for you. We run a tailscale “exit node” on a device on the network ( the windows computer attached to the doorbell ), and we can allow our internet traffic to be relayed through that computer via tailscale. When you install tailscale on your iphone, and enable it, it starts relaying any traffic you do, for example, going to google.com, to the tailscale servers. The tailscale servers then send that traffic to the doorbell computer. The doorbell computer then makes the actual request. This is how VPNs work. Tailscale cannot see anything in the middle, as it is all encrypted in transit.

Requests look like this iphone asks for google tailscale receives this request and asks the computer for google computer asks for google for itself, and relays back what it gets

This means, that we can access anything the computer has access to. Because the computer is on our local network, we can access the doorbell, which is also on our local network, without having to do anything that would make our network less secure ( like port forwarding, to make the firewall not apply for that device ).

Explanation of setup

I have installed tailscale on the doorbell computer I have installed tailscale on each person’s phones

You have to connect to the tailscale vpn and set the doorbell as your exit node in order for it to work.

the tailscale account is the christianchurchfirst7 account the email and passwords are in the packets.

On the doorbell computer, when I installed tailscale, I clicked the tray icon, and made it ask to be an exit node

On the tailscale admin dashboard, I then approved that request, to make it an exit node.

I then followed tailscale’s tutorial on subnet routing ( https://tailscale.com/kb/1019/subnets#set-up-a-subnet-router ) to allow access to the 192.168.132.0/24 subnet ( which is the one the doorbell is on ).

In order for the clients to be able to connect over the VPN, you must disable uPNP on the NVR, which is done through nvr settings network settings advanced disable upnp

I have already disabled uPNP but my understanding is that might undo itself if reolink updates the firmware for the NVR. You could, of course, disable the NVR’s ability to update it’s firmware, and then never have to worry about this. That is a bad idea though and don’t do that.