Tailscale and Blue Iris

/0 Comments/in /by

Let’s face it, the internet is full of bad actors, bots and other scary stuff.  If you like to live dangerously, go ahead and open ports on your router.  If you prefer not waking up to a cyber incident, consider using a VPN instead.  Setting up a VPN used to be difficult, but today you’re only a few clicks away from securing access to your internal systems and resources.

Now you’re thinking, “Hey, I have a Blue Iris system that is accessible on the internet.  Can I use Tailscale to improve my security posture?”  You sure can!  Here’s how…

Sign up for Tailscale

First, head over to https://login.tailscale.com/start and create an account using your preferred identity provider (Google, Microsoft, etc).  After signing up, download the Windows installer on your Blue Iris server and… you guessed it… install it!

Configure Tailscale on the Blue Iris server

Once the client is running on your Blue Iris server, we recommend taking a few extra steps:

  1. Set it to run in unattended mode – this way you won’t have to start it manually if the server reboots.  To do this, click on the Tailscale icon in your Blue Iris server’s system tray, select Preferences and check the Run Unattended option.

  2. Consider turning on automatic updates if you have easy access to the system.  If you’re 500 miles away, it’s probably not a good idea to risk the machine falling off the Tailscale network due to an aborted automatic upgrade.  To do this, click on the Tailscale icon in your Blue Iris server’s system tray, select Preferences and check the Automatically install updates option.

  3. You’ll probably want to disable key expiry to save you from having to re-authenticate every few weeks.  This can be done at https://login.tailscale.com/admin/machines.  Find your machine in the list, click the … icon and select Disable Key Expiry.

Install the Tailscale app on your mobile device(s)

Tailscale VPN is now running on your Blue Iris server, so it’s time to add your phones, tablets, etc.  Pull up your device’s app store and search for Tailscale or click these direct links: iOS, Android.  Install the app and sign in using the same identity provider or email from the first step in this article.  Once you’re signed in, you should see your Blue Iris server listed.

Update the Blue Iris mobile app to use Tailscale

Now we’re cooking!  Open the Tailscale app on your mobile device and click on your Blue Iris machine’s name.  This will bring you to a screen showing DNS information.  Click the blue copy icon next to the MagicDNS address.

Now open the Blue Iris mobile app and edit the server to use the MagicDNS address from Tailscale.  Remember to leave off http(s):// from the start of the hostname and include your Blue Iris web server port at the end (8080 in this example).  The address should be something like your-machine.tailXYZ.ts.net:8080.

Test the connection

If you’re on-site, disable your WiFi and attempt to connect to the server in the Blue Iris app.  It worked, didn’t it?  Hooray!

Clean up

If you had a port forward on your router for Blue Iris, go in there and disable or remove it.

Things to remember

You have to be connected to Tailscale VPN on your mobile device in order to connect to Blue Iris.  If you’re not on the VPN, you’re not getting in!  You can leave the Tailscale mobile app running and connected to make it easy.  Or, if you like to tinker, you can set up an Automation (in the iOS landscape) to connect to the VPN any time you open Blue Iris (and disconnect when you close Blue Iris).  And now that I’m writing this, you could probably base the Automation off your location using geofencing.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *