TRENDnet TV-IP310pi Night Vision Fix

Let’s face it, it’s not fun when things don’t work properly which is why I was a little annoyed recently – very big understatment! – when I discovered my TRENDnet TV-IP310pi cameras had a slight flaw, a flaw which is scarcely documented but fairly fundemental to the overall use of the camera… oh and did I forget to mention I own 5 of these cameras, all installed around my house, all which had the same problem? Yup!

So what is the actual problem?

Well the cameras work perfectly in the day delivering 25 frames per second of crisp 1080p footage which is great BUT when the night time comes – as it does – performance takes a dramatic hit and you are lucky to get a maximum of 4 frames per second… which is pretty rubbish! For months I’ve been thinking it  was a problem with my home server – an Intel I7 920 quad core 2.4GHz  running VMware – and I came to the conclusion that I needed a new rig as it just couldn’t cope with the amount of data passing thrdropough but oh was I wrong!

Anyway, long story short after pestering my friend Chris at work – who also runs his own CCTV system, only with the identical Hikvision DS-2CD2032F-I cameras – some extensive testing was done – I’ll spare you the details – but we came to the conclusion that the hardware was good, the network was good and were stumped until we found an Amazon review which also mentioned the same problem!

This unfortunatley opened up a can of worms and what followed was a very stressful 3 days which involved not sleeping much, scouring forums, downloading all sorts of firmware and almost losing ALL hope and contacting support! However, I’m very pleased to report that all of my cameras are now running the latest TRENDnet firmware – v5.3.4 – and are delivering 25 FPS 1080p footage at night time – Wow!

So how easy is it to fix?

The fix is easier than you might think, but you do need to be brave as we are essentially going to ‘brick’ the camera and make it an expensive paper weight by installing the Hikvision firmware, then we will reload the TRENDnet firmware fresh and enjoy ALL the frames per second! You might think this is a mad idea, but the TRENDnet TV-IP310pi is actually a rebranded version of the Hikvision DS-2CD2032F-I, so deep down the hardware is the same it just has a different sticker on the side.

I used the following files found below, combined with an XP laptop that was connected by cable directly to the PoE switch, this was connected to the camera directly and ideally  you’ll want to unplug all other devices so you only have the camera and the laptop plugged in but I might have got a bit lazy towards the end… Also, my Windows 7 laptop struggled to transfer the firmware as the TFTP file transfer kept looping and wouldn’t complete, hence using an old XP machine.

I’m up for the challenge!

Great! Before you continue please be aware that I won’t be liable if this goes wrong and it will reset your camera back to the factory default settings! I’ve done this process 5 times flawlessly so far but still – proceed at your own risk!

Whenever the camera boots it scans a predefined IP for a TFTP server, if it finds this server it looks for a specific file and because of this we can do the recovery without having to open the camera up or get ‘hands on’! I reflashed all my cameras with them still fixed in position on the house, minimal effort required!

Update 24/03/2017 –

I can confirm the same process below works on Windows 10 Pro, the firewall had to be switched off but that was all – 79 seconds from start to finish!

  1. Download the files found here, extract them somewhere safe and keep reading
  2. Change your computers network settings so the IP address is 192.0.0.128, see picture below:
    trendnet_tv-ip310pi_recovery-network-config
  3. Connect your computer to the switch along with the camera, disable any other connections network – FLASH VIA ETHERNET CABLE ONLY!
  4. Copy the Hikvision_5-1-6–digicap.dav file into the TFTP Server folder and rename it digicap.dav
  5. Run tftpserv.exe and then restart your camera, after a few seconds you should see the following:
    trendnet_tv-ip310pi_recovery-tftp1
  6. Now you won’t get any confirmation here, so leave it 2 or 3 minutes then unplug your camera, close the tftpserv.exe and repeat step 3 but this time use the Trendnet_5-3-4–digicap.dav file
  7. Now start tftpserv.exe again and connect your IP camera, this time after a few minutes you’ll see a system update complete message like below:
    trendnet_tv-ip310pi_recovery-tftp2
  8. Close of tftpserv.exe and reboot the camera, after a few minutes check your router and you’ll have a fresh IP camera sat on DHCP waiting be configured! If you can’t find your camera straight away, don’t panic! Install the auto discovery program (SADPTool_V3.0.0.100.exe) and find the camera that way

Conclusion

I did try updating to the latest TRENDnet firmware via the web interface before going down the TFTP route but it still gave me low frames per second at night using the identical 5.3.4 file… I’m guessing installing the Hikvision firmware first completely screwed things up, after that the camera is left fresh, ready for the TRENDnet firmware? Either way it worked and I’m a happy nerd!

Notes

  • Again, I can’t be liable if this goes wrong for you!
  • The files in the link above were all found on the Internet, I take no credit, all  credit belongs to the respective authors (presuming that is Hikvision? Thanks!)
  • If you get really stuck I can reflash your cameras, after all not everyone has an old XP relic lying around! Drop me an email, pay for postage and send your camera in a box along with a little gift!
  • I found an easy way to tell the camera state during the reflashing process which is to do a constant ping to the IP addresses below – Note that in order to use this method you’ll need to assign your network card two IP addresses (192.0.0.128 and 192.168.1.128):
    • 192.0.0.64 – Camera is in rescue mode
    • 192.168.1.64 – Camera firmware has updated but not yet rebooted
    • No response from either – Somethings not right!
  • You can find the latest TRENDnet firmware direct from their website here
  • From various forum posts I read some people were saying you can flash using any TFTP server software, however this isn’t the case as you must use the Hikvision TFTP server as there is a special initiation process which waits for certain key to be sent back and forward before the firmware updating process begins
  • Make sure you clear your browser cache before logging in again otherwise things might not work properly
  • The default user/password combination is admin/admin

A word of warning about Kimsufi and ESXi

Kimsufi are well known for offering cheap dedicated servers and over the years I’ve had no problems until recently.

I purchased a KS-5 for running VMware ESXi on, it was a fairly good spec Xeon with 16GB of ram and 2TB disk space for about £30 a month plus a one time setup fee. It was quickly provisioned which was great, but after logging into my account I found a problem – There was no obvious place to order additional IPv4 addresses which rendered the server completely useless to me. I was prompted to select an operating system, so I did thinking this would make ordering IP addresses possible, but still nothing.

I contacted support immediately and asked if ordering additional IP addresses was possible, and if not to cancel and refund my account. They responded in a nut shell saying its not possible, and that because I’d installed the VMware template that they provided they wouldn’t refund me which was annoying, they also implied that because the service was so cheap I should be grateful and suggested using their sister brand SoYouStart, amusing.

Luckily I paid with PayPal so I opened a dispute and got my money back. It’s not about the money though, its about Kimsufi not making the facts clear and then fobbing you off. I’d usually recommend them, but not anymore.

I’ve since found a better provider, Online.net offering similar spec servers capable of running ESXi with, wait for it, the option to order additional IP addresses! Amazing.

Upgrade Windows Phone 8.0 to 8.1 Before Main Release Using Developer Preview

Recently I lost my smartphone and after lots of searching decided to give up and buy a new phone. As I only really use my phone for checking emails, a little remote desktop access and the odd bit of mobile banking I didn’t need anything overkill and I fancied a change from Android so I went for a Windows based Nokia Lumia 520.

The Lumia 520 can be picked up for £69.00 on O2 pay as you go (as of 01/07/2014, see here) but I paid a little extra and got mine the same day. I was initially blown away by the Windows Phone operating system as it was better than expected and I couldn’t find any flaws. I’d setup my email, installed the mobile banking app and so on which lead me to my final task which was to install the Remote Desktop app. You’d think this would be a straight forward task installing a Microsoft product on something Microsoft powered but no, when heading to the Microsoft Store on the phone the Remote Desktop app wasn’t showing so I searched the Microsoft Store online and it came up saying that it wasn’t compatible with the Windows Phone 8.0 operating system that was currently on the phone.

I had three options, to cry in the corner, wait for the update to be released or to try upgrade the phone manually. After a little research the update was said to be released within the “…first two weeks of July…” but there was no exact date and I just couldn’t wait.

After more research it turns out that you can use a free app called Preview for Developers which allows you to basically get the update there and then instead of having to wait.

Upgrading Windows Phone 8.0 to 8.1

Below you’ll find a guide on how to upgrade the Windows Phone operating system. Please note that any changes you do here are irreversible and this will no doubt void your warranty.

  • First things first we need to create a free account with Microsoft’s App Studio using the link found here as this will give you access to the developer previews service and give you the magical updates – I used my main Microsoft account that’s linked to the phone to keep things simple
  • Once you’ve created the account go to Microsoft Store on the phone, search Preview for Developers and install the app
  • Once the app has installed launch it and you will be asked to accept the terms and conditions and login using the account details created previously
  • Next you’ll see information about what the app does and so on, all we need to do here is tick the box next to Enable Preview for Developers and press done
  • Now that’s enabled head to Settings > phone update and press check now and then follow the on screen instructions – You may need to repeat this process several times as it took me two updates to prepare the phone before the update to Windows 8.1 was offered
  • After a little while you will now be running Windows 8.1! – You can check this by viewing Settings > about > more information under the OS version heading

Notes

  • Make sure your phone is fully charged before attempting any updates as things could seriously go wrong otherwise!
  • As with anything in development stages things may be a little buggy so be aware that you may stumble across the odd glitch every now and again
  • Although not tested I assume the same steps will work for phones other than the Nokia Lumia 520, if you can confirm this I’d be grateful

A Sticky Problem with Glue Records and 1&1 Internet

Recently I had a tidy up with my hosting infrastructure which involved moving a slave DNS server from one IP address to another. The easy part was setting up the server and changing the existing DNS A record to point to the new IP address, the fun started when it came to updating the Glue record held with 1&1.

If you weren’t already aware a Glue record is something set by the domain registrar (1&1 in this case) that points directly to the server where the domains DNS records are kept. This makes it possible  to have domain names with nameservers that are a subdomain of itself, for example nerdkey.co.uk could point to ns1.nerdkey.co.uk and ns2.nerdkey.co.uk.

The last time I’d update Glue records with 1&1 was a good few years ago, but it was a simple case of logging into the control panel, searching for the domain and then heading to the record for subdomain, hitting an edit button and then changing the existing A record IP address for a new one but it wasn’t that easy this time round.

After a little trial and error and a lot of head scratching it seems that since they rolled out their new control panel it just isn’t possible anymore to set or update Glue records – you could see the records don’t get me wrong, just not update them. Not to worry though, their technical support team will be able to update the records, right? WRONG! I emailed them several times, making things as clear as possible whilst at the same time thinking that their support advisers would be savvy enough to understand terms used within the industry they work in, didn’t go too well.

In a nutshell, here is the correspondence between us:

  • [Me] – Outlined the domain, that I wanted Glue records updating and the exact subdomains and IP addresses
  • [Them] – Asked me to confirm if these changes has already been made as my website was working fine (not what I asked?)
  • [Me] – Sent a slightly reworded version of the first, again outlining the essential details and that it hadn’t been updated
  • [Them] – Confirmed that website was working fine again, asked me to clear my cache and reply with any error messages (did they even read the email?)
  • [Me] – Sent a similar email along the lings of the first and second stating that they are the domain registrar and this is something they need to do, again included essential details
  • [Me] – Emailed them to see if any updates available
  • [Them] – Replied asking me to confirm that I wanted the NS2 record updated as well (because the last emails didn’t state that?)
  • [Them] – Responded saying the nameservers may possibly need to be reverted back to them for this to work, but they used a special “tool” instead and said to wait up to 48 hours
  • [Them] – Replied this morning (after the domain was transferred and Glue set correctly with a different provider) saying that everything is now set correctly

Enough was enough, it got to a point where I’d given them over a weeks worth of my time and they’d done little more then send me a few standard responses and ask for confirmation which was already given. My last attempt to gain faith in them involved changing the nameservers back to them to see if it would work and allow me to set the records, it partly did – I managed to set the NS1-4 subdomains to the correct A records then updated the domains nameservers to another provider temporarily straight after to avoid any downtime and left it a few hours. I came back a few hours later and tried to set the nameservers back to ns1-4.koserver.co.uk but got an error message saying the nameservers weren’t registered and found out that the update to the temporary nameservers hadn’t taken affect, slowly grinding my entire hosting network to a halt – great!

I know I hadn’t waited the standard propagation times, but given the past experience and useless support and the fact that everything was slowly grinding to a halt, it was time to transfer. After research I’d narrowed things down to two providers – I wanted to give Name.com a try, but as their system for transferring in .UK’s wasn’t automated I abandoned that plan and went for NameCheap. Within an hour the domain was with them and Glue records were set through the control panel and things are slowly coming back online.

In all my years of website hosting I have never had such a catastrophic outage, aside from looking into a second domain to host nameservers all my domains with 1&1 will be transferred elsewhere.

So in summary, if you know what you’re doing don’t go with 1&1. You’ll be treated like an idiot and just wasting your time throwing emails back and forth with them. They don’t really read your emails and the fact they removed such a critical feature without telling anyone speaks volumes in my opinion, I mean they still have an old support article on how to set Glue records, obviously doesn’t work though. It is a shame, but that’s life.

 

pfSense on SonicWALL SRA 4200

By now if you haven’t already guessed, I like to tinker! Couple that with the fact I have a few saved sellers on eBay that keep me surround with EoL hardware and it quickly becomes a dangerous situation for my wallet.

My latest find is a pair of SonicWALL SRA 4200’s, my ultimate goal is to get pfSense installed and revive these beasts. As it stands the units both work as “Secure Remote Access” servers, they don’t include any licenses for the included OS, so are kinda useless, but normally they’d be dedicated VPN servers for massive companies with millions of employees that need to connect in and from remote locations.

I’ve only been playing with them for a couple of hours so far but I’ve managed to get pfSense installed. There are two issues at the moment which I’ve yet to resolve:

  1. There’s a driver issue with the network cards, so the setup wizard can’t detect any NIC’s and can’t continue
  2. By default it wants to boot off the internal CF card, so I have to manually keep changing it to boot of my USB flash drive – If you remove the CF card completely the unit doesn’t even attempt to boot, it beeps twice then powers off so there’s some sort of security mechanism in place

So how did I get this far?

Well it was fun! I started by trying to get console output to my ancient Dell laptop (which has an ACTUAL serial port,  woah!).

I bought a run of the mill RJ45 to DB9 cable but that didn’t work, so I had to get my soldering iron out and knock something up – See original diagram here or pictures below:

As you can see from above, whilst I did get output it was AFTER P.O.S.T. so in other words, it was output from the SonicWALL operating system and of no use to me.

Next I went to extremes and tried changing on the AMIBIOS chip for a spare I had floating around from the WatchGuards, not a lot happened so it was back to square one.

After that I went on a pin hunt and noticed “VGA” markings and then a set of 15 pins, I didn’t expect it to work but I hooked up a monitor and had output!

 

I couldn’t get into a “classic” BIOS screen, although here’s what I found through trial and error:

  • Mashing F5/F8 takes you to slightly different FreeDOS screens
  • Mashing F11 takes you to a familiar looking boot device menu screen

The unit is running Wind River’s VxWorks operating system, which looks pretty cool, although I had never heard of it until now.

I installed pfSense 2.3.5 (x86) by connecting a CD drive to one of the internal SATA headers, connected a 16GB Sandisk Flash Drive to one of the USB ports and then mashed F11 and selected the disk drive.

What followed was the familiar installation screens of pfSense – Notice how the colours keep changing, it was loose cables or artistic flare, I’ll let you decide!

What’s next?

Well, this was just a bit of fun but when I get chance I’ll look at sorting the network card drivers out and see if I can re-purpose the CF card, worst case I’ll move the USB drive inside the chassis and make the CF card the second boot device.

Encrypted AES VPN tunnel between pfSense 2.3 and Draytek 2830

For a long time now I’ve managed several VMware ESXi servers and for easy management I’ve created a local area network on each making backups, monitoring and the usual sysad tasks a breeze.

The icing on the cake is that I recently swapped from m0n0walll to pfSense and went about setting up a lan to lan VPN tunnel to my home network, so now I can access everything locally as if I was on the same network.

Home Network

My home network uses a Draytek 2830 connected to a Virgin Media Superhub. Unfortunatley the Draytek is getting on a little bit now and doesn’t have the processing power to deal with my 100mbit connection speed, so I’ve had to double NAT the network using the Superhub in router mode and then DMZ everything towards the Draytek.

This isn’t a bad thing though as all the “dumb” wireless devices (mobile phones, Roku’s, Nest thermostat, etc) connect direct to the Superhub whilst my home server and everything crucial connect via the Draytek. All in all I get 70mbit through the Draytek on average and there’s plenty of bandwidth left for the devices connected to the Superhub.

In the example below the home network subnet will be 192.168.100.x

Remote Network

The remote network is pretty simple, they are all setup the same apart from x is a different number based on the virtual host name – a pfSense machine sits at x.1 and deals with traffic to the local network.

In the example below the remote subnet will be 192.168.150.x

Important

  • Each local area network must be on a seperate subnet, otherwise things can quickly get messy and conflict!
  • Make sure you use a secure pre-shared key, anything above 32 characters will do nicely
  • The example details below are fake, replace them with your own details if you want this to work

Configuring pfSense

The guide below lists only the parts you need to change, if the option isn’t listed then leave it as is

Fairly straight forward, go to VPN > IPSec > Click Add P1

  • Enter the Remote Gateway as the WAN IP address of the Draytek (or the Superhub in my case)
  • Enter a brieft description in the Description box
  • If you are double NAT’d like me select Peer identifer as KeyID tag then enter the WAN2 address of Draytek else leave as Peer IP address
  • Enter your pre-shared key in the Pre-Shared Key box
  • Press Save

That’s your Phase 1 entry configured, now for Phase 2:

Go to VPN > IPSec > Click on Show Phase 2 Entries for Home

  • Enter Remote Network as the home network subnet – 192.168.100.0/24
  • Put a brief description in the Description box
  • Set PSF Key Group to 2
  • Press Save and then hit Apply Changes

Finally, we need to create a firewall rule to allow traffic to pass over the VPN:

  • Go to Firewall > Rules > IPSec and click Add
  • Change Protocol to any
  • Enter a brief description in the Description box
  • Press Save any hit Apply Changes

Configuring the Draytek

Now it is time to configure the Draytek – Go to VPN and Remote Access > LAN to LAN

For Common Settings:

  • Enter a Profile Name
  • Tick Enable this profile
  • Make sure Call Direction is set to Both

For Dial-Out Settings:

  • Set type of server to IPSec Tunnel
  • Enter the Remote WAN IP in the Server IP/Hostname for VPN box
  • Enter the pre-shared key set previously in the Pre-Shared Key box
  • For IPSec Security Method set it to High (ESP)AES with Authentication
  • Under Advanced set IKE phase 1 propsal to AES256_SHa1-G14 and IKE phase 2 proposal to AES256_SHA1 then press OK

For Dial-In Settings:

  • Set the Allowed Dial-In Type to IPSec Tunnel
  • Tick the box to Specify Remote VPN Gateway and enter the remote network WAN IP
  • Enter the pre-shared key set previously in the Pre-Shared Key box
  • For IPSec Security Method untick all apart from High (ESP) – AES

Under TCP/IP Netowrk Settings:

  • Set Remote Network IP as the remote network subnet – 192.168.150.0

Hit OK at the very bottom to save the profile, leave it a few seconds and it should connect. If it doesn’t connect automatically, head to the IPSec Status page in pfSense and hit Connect manually

Install EPEL Repository on CentOS 7 (x64)

The simple one line command below will enable the EPEL repository on CentOS 7

rpm -Uvh http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-2.noarch.rpm

Once ran you will see confirmation that it has been installed successfully, that’s it!

Notes

  • You can find out more about the EPEL repository here
  • If you don’t already have a server, I’d strongly recommend starting with DigitalOcean