Is it possible to livestream on LAN only - No recording No Cloud

Hi everyone,

I’m interested in using a wyzecam v2 as a baby monitor. I have a router connected to internet so the initial handshake to authorize credentials to create a peer to peer connection is fine.

Our baby sleeps in a crib in our bedroom but I want to use this so that we can be free to do chores around the house while she is sleeping. Given this use case, I don’t care to record the baby. I just want to check in on the baby once in a while when we are not in the room.

And of course, since it’s my baby sleeping, I’m not interested in having the video uploaded to the cloud.
Is it possible to use this for live streaming WITHOUT uploading any video to the cloud?

As a bonus questions, is it a pain in the butt to start a live stream on demand? I’d rather not have the camera continuously recording when it’s not necessary like if we are changing her diaper so I would prefer that the stream only start when we request it.

Thanks!

1 Like

If you don’t turn on motion/sound detection, then nothing is sent to the cloud.

If you are on the same local network as the camera, the stream is point to point and stays within your network. You do need outside internet access briefly to authorize and start the stream.

Starting the stream is a simple a tapping the camera thumbnail. It runs through three steps to connect, usually within a couple of seconds.

3 Likes

That sounds great!

Is it possible to DISABLE remote access? This would help us feel more comfortable about the privacy.

That’s something you would have to do in your router by blocking incoming requests. Here’s a list of ports used by the cameras:

Port What it does What it’s used for
TCP: 80 Local timelapse download Timelapse
TCP: 123 Internet time check Confirming camera’s time zone
TCP: 443 Cloud data transfer Uploading Events
TCP: 8443 Cloud API Keeping connection with Cloud server
TCP: 8605 Upgrade package download Firmware Upgrades
TCP: 10001 P2P streaming connection Local live streaming over WiFi
TCP: 10002 LAN firmware upgrade Firmware Upgrades
TCP: 22345 TCP control Making sure connection stays open when viewing the Live Stream
UDP: 80 Heart beat & streaming data For all UDP ports: Loading the Live Stream and keeping the connection between camera and server even when it’s not actively being used
UDP: 443 Heart beat & streaming data

I’m guessing that blocking TCP 10001 from outside access would disable outside access while still allowing local streaming. But I don’t know of anyone that’s tried that.

UPDATE: I tried that and it didn’t work for me. But I’m not much of a networking expert.

1 Like

This list of ports are the ports used by the Wyze cam to connect TO the Wyze servers. (i.e., these are the ports that are open on their servers for incoming connections from the cameras). Blocking any/all of these ports to incoming connections to the user’s home router will accomplish nothing. The NAT mapping in the user’s router effectively blocks all incoming connections from the internet (unless a port forwarding rule has been defined).

As you found, your guess about blocking TCP:10001 from outside access was not correct. It won’t stop the camera from streaming video to the cloud. What might prevent video traffic to the cloud would be to block outbound connections from the Wyzecams to port 80. Most consumer routers don’t provide the user with that degree of control. Some have the ability to block all outbound connections for a specified device. If one were to do so, the Wyze cam would lose the ability to check/update the time setting, check for new firmware, send events to the cloud, etc. However, it might still be able to stream video locally to the Wyze app on the same subnet. I suspect that this configuration ( internet connection blocked) is a use case that Wyze hasn’t tested. It’s certainly not part of their design intent.

2 Likes

@kyphos Thanks for popping in; I was hoping you would.

I don’t think blocking all outbound connections from the camera will work because I don’t think the local stream will start without an authentication from the server to get it started. So perhaps there’s no easy way to block outside streaming but still allow inside streaming.

@Loki
I haven’t tested it lately, but in the past I’ve used a V2 ‘off-the-grid’ with no problems. My setup is a little battery- powered travel router with integrated AP. Connect the cam to its WiFi. Connect my iPhone to its WiFi. The Wyze app finds the camera, does Live View, lets me set up Time Lapse recordings, etc. Later (after the time lapse is done), I would download the TL video from the SDcard to the iPhone, view it, etc. While doing all of the above, there was no internet access of any kind.

The only ‘trick’ was that the cam has to be added to the app prior to going off the grid. Internet access is required for the initial registration, but after that, the cam + app + hotspot worked just fine with no internet connectivity. The local stream (Live View) started without any remote authentication from WyzeHQ required.

That was a while ago. I will be testing my off-grid setup with a new MT300N-V2 travel router soon.

1 Like

What is your purpose?
It’s my understanding that someone has to be able to log into your account to view.
Good password security should prevent the next door neighbor or wardriver from logging in.
Wyze writes they are working hard on 2 factor authorization to make it more secure.
And they design the cameras with security in mind.

My purpose is described in the original post. In my ideal scenario, I can use the wyze cam locally without cloud and remote access because (1) I don’t need to monitor my baby when I’m away (I’d just use facetime with my wife) and (2) the crib is in my bedroom and the field of vision is large enough to include my bed.

It seems kinda arcane for me to unplug the camera but I guess I could just do that. It’d be easier if I could just disable remote access. I don’t think everyone wants or needs access to a feed off site.

@Loki @wannabewiseguy
The OP got me interested in this use case, so I’ve done a test with a V2 cam. On the router that hosts my IOT network (including my Wyze cams), I defined an access rule that blocks all internet access by the camera. Most modern routers have such a feature, named Access Control, or Parental Control, or something like that. It was a couple of clicks to define an ‘always block’ rule for the camera.

Having done so, I can still view the Live Stream when my iPhone is connected to the IOTnet’s WiFi. As expected, it can’t view the camera if I attempt to connect from outside my network (ie., over cellular data). Even knowing my Wyze credentials, the app can’t access the camera from the internet.

The little blue LED on the back of the camera started blinking shortly after I blocked its internet access. It’s announcing it’s not happy that it can’t connect to WyzeHQ, but the unhappiness is not sufficient to prevent local Live Stream viewing. Note that with access blocked, it won’t be able to obtain network time from NTP servers, check with WyzeHQ for firmware updates, stream to the cloud, send notifications, etc.

Occasionally, while viewing the Live Stream, an error message appears on screen indicating "Connecting camera (1/3), Connections attempts (1/3)… If I wait a few seconds, the stream usually resumes automatically. If I return to the Wyze home screen and then tap on the camera again, the stream resumes.

In summary, it appears that blocking all outbound access is an effective way to prevent streaming of video to the cloud (or to other far-away places) without inhibiting local live viewing. However, internet access is required to initially set up and register a camera with the app.

TL;DR,
Ideally, to block a particular LAN device reliably, it’s best that the device be assigned a static IP address by the router. Some routers insist on it; some routers don’t care. Most consumer routers provide this functionality with a DHCP Reservation feature. There are lots of articles about DHCP reservation on the web. Ms. Google is your friend.

1 Like

To add to this, after blocking internet access for my cameras, i also have spun an OpenVPN server on my RasPi, if im out and about i can just connect to the VPN and i am able to look at the feed.
Hope this helps!

1 Like

Thank you @kyphos this is exactly what I am looking for.

so here is the deal. You can’t block ports via any firewall. Anytime the camera is restarted, say a power loss or you move location, the camera needs to connect to china to start the stream. So if you block it with a firewall that process cant happen and local LAN viewing is not possible. So you need to leave ports open and give the device full freedom to connect to china and stream who knows what in order to get it working. Why not enable local LAN support? that will make the product so much better. There is no technical need to have this process, it is call data harvesting. They want to know where the cameras are, what your settings are and who knows is they take the occasional picture here and there.

There is still a major privacy issue with this cameras, All my IP cameras from all brands are blocked outside my LAN and i access them via VPN. Now, i cant do this with the wyzecam as it requires a “start-up” and “maintenance” connection to china which is effectively punching a hole in your network to let this traffic pass. If you enable RTSP you can do this though (need to use different app for viewing) which is ok, but you are capped at 10fps which is just too low

Would you STOP going from post to post telling everyone the cameras are reporting to China? This is UNTRUE, and just starts a new round of paranoia. They require Internet for SECURITY REASONS, to assure you have authorization to view the live stream.

Just trying to find the information on your forums on local LAN support, the cameras hit DNS servers every 5s, what type of information is needed every 5s if i have no active streams going through the app or anything else. Why does the camera needs to go to the cloud every 5s when there is no user connected?

Yes i am paranoid because i thought this product was more secure and had user privacy in mind. So i am trying to learn from it and figure out what is the reality of my privacy with it.

That is why i am asking the questions on your “SECURITY REASONS” which is a blanket statement that i will trust when you provide an answer or data to back it up.

Bottom line:

  1. Why does the cameras need to go to the cloud every 5 seconds even with no users connected?
  2. What is the advantage of your 'SECURITY REASONS" of having to authenticate in the cloud?
  3. Why not authenticale locally like you do with RTSP and give the option to people that have a firewall to block the camera to “phone” to the internet when there are no users connected

Some companies usually “ban” people when you ask this questions…hopefully you are not one more of those

I don’t know about the every 5s is but there is an authorization heartbeat that goes out about every 3 mins. No live stream exits your house unless you are sharing the camera or viewing from outside the house. Exception is 12-second event clips, which are stored in the cloud.

Please read this link, it has actual responses from actual Wyze Team employees: