Why Wyzecam requires Local Network access to work?

#1

I have several Wyzecams (v2 and pan cam), and all were working just fine, connected to my regular Wifi network (where all clients have access to the local network and between them).

Because of security concerns, I moved them to a separate wifi network, and all was working just fine, same as before. But, if I uncheck the “Allow Guests To Access My Local Network”, cameras “seem” to continue to work (blue steady light), but they are not reachable for live stream. If I allow them access to the local network, they are reachable again.

This is kind of troubling, as I don’t understand why the cameras need local network access, to work. They do have internet access, and that is all they should need.

Wyzecam team, could you explain this to me? Tks.

#2

Try and join your other network and then try connecting. Let me know if that works. If it does, it’s your firewall restricting the access between the intranet.

Does your router have a built in DMZ?

#3

If what you are suggesting (“Try and join your guest network and then try connecting”) is to connect my phone to the same SSID as my cameras, I did that, while having the option “Allow Guests To See Each Other” enable in my router, and did work. If I uncheck the option to allow visibility between clients, it doesn’t work.

My question remains: why I can’t see the live stream when connected to my other, secured, network? Is like I was in a different network, outside my home, except that in my first test, my public IP for both the camera and the wyzecam app would be the same, but they will not have visibility of each other internally, only thru the internet…in any case, I would expect to be able to access the live stream, when my cameras are inside my network but isolated from the local network and from each other.

#4

I edited to state “other network”.

Are the two networks on the same subnet? I.E.: 192.168.x.x

What router/app do you have?

Most normal routers, not enterprise, when different SSIDs are made, they still use the same subnets. Meaning that option you selected is blocking all access internally between devices with that subnet. So yes, same public IP but it’s NATing to internal IPs and your internal firewall is blocking access between internal clients. More so between both networks.

#5

TPLink Archer C9.
And yes, all clients are within the same subnet.
So, what you are saying, is that this behavior is by design? Since I have my wyze app and cameras in the same subnet, but not visible between them, that is why this doesn’t work? If I had to subnets, since both will have the same external IP , is my understanding this will continue to not work?

I also did another test, connected by phone to a VPN (so the external IP for the cameras and wyze app are different), and I couldn’t access my camera connected to this secured SSID (AP isolated and no local network access). If I enable the “Allow Guests To Access My Local Network” option in the wyzecam SSID, I regain access to the live stream while connected thru the VPN.

So, to all accounts, the only way I can access the live stream, is granting Wyzecam camera, access to my local network; all other settings, like AP isolation, doesn’t matter. And that is what is troubling me, why the camera needs Local Network access

#6

I wish I could see your config. It sounds like when disabling access to internal clients, it is also blocking other things such as ports and services that Wyze may use. Can you edit what it’s actually blocking under advanced?

If the router supports DMZ you could also throw it on a DMZ or point it as a DMZ address which should eliminate the issues of the firewall blocking it. Since Wyze requires your account to access the camera, I wouldn’t worry so much about security putting it on a DMZ.

#7

Using DMZ is not possible for me, as I can only have one device in the DMZ.
As for editing what is blocking, I can’t do that only for this SSID, but I did a test, disabling all security (firewall. etc), rebooted the router, and still no luck, no connection to the live stream.
As for ports, not quite sure about that, as the camera seems to be connected OK when Local Network access is disabled (steady blue light), is just the app that fails to connect to the stream.

#8

I would try submitting a support ticket if you have not already. Make sure to include the logs. I am not sure what else we can troubleshoot other than removing it from the app and trying to add it with the new router.

Can you tell what DNS it is pointing to and from the other network?

#9

I will send a support ticket. Can you tell me where can I find the logs you mentioned?

#10

When you send the ticket from the app it gives you the option to send the logs.

#11

ah, ok…just wanted to take a look at the logs, before sending the email for the creation of the ticket.
Tks for all your help.

#12

They are a zip file. You probably could extract them but not sure what they use to view them. I personally have not looked at them.

#13

The zip files that contain the logs are password protected.

#14

That’s good to know. I have never even tried to access them. I just knew they were there.

1 Like