Honestly, it's so that I can route outbound traffic from my Arlo system over my VPN provider. So, Arlo sends all outbound connectivity across VPN. But then, the Arlo Servers see that IP from my SmartHub, and tries to send traffic from the App to that IP to list the recordings. I don't control that IP and cannot forward that port on that IP. I want it to know that when connecting inbound, it needs to use a different IP. I have a static IP, so it could be that, or yes, it could be a domain name, that most folks could register with a DDNS provider.

Either way, inbound is different than outbound in a VPN use case.

Not a network geek so can't answer with any sense of intelligence. Maybe @StephenB ?

---

@jguerdat wrote:

Not a network geek so can't answer with any sense of intelligence. Maybe @StephenB ?

---

I understand why @jbhardman2 wants to specify the IP, but clearly that can't be done now.

In order for this to work inbound, you need to get a dedicated IP address from a VPN provider that supports port forwarding and NAT.  FWIW, I don't think Nord supports port forwarding (though there are some other providers who do).

Outbound traffic (the recording from the smarthub in this case) might still go directly over your ISP network unless  there is a VPN router at home that is set up to route all traffic through the VPN.  

As an aside, if you use a dedicated IP address with a VPN, then you are losing the privacy benefit (since the IP address you are using is only used by you).  Arlo's traffic flows are already encrypted/secured, so I am not really seeing much benefit to this setup as far as Arlo is concerned.  And it would of course add more latency, since all the traffic is routed through the provider's VPN network.

For sure, a dedicated IP with port forwarding would solve this. I'd argue that it would defeat the purpose of the VPN. Also, most providers don't offer that combination of features precisely because of this.

Anyway, I think it would be a worthwhile feature, but of course, Arlo is not my product.

---

@jbhardman2 wrote:

For sure, a dedicated IP with port forwarding would solve this. I'd argue that it would defeat the purpose of the VPN. Also, most providers don't offer that combination of features precisely because of this.

 

---

Agreed.

---

@jbhardman2 wrote:

Anyway, I think it would be a worthwhile feature, but of course, Arlo is not my product.

---

The setting you are talking about is used to make an inbound connection from the app to the smarthub.  So you would need the combination I gave you above in order to make it work.  Sending the connection request to the VPN direct IP address wouldn't be enough, as the connection can't reach the smarthub without forwarding.

Unless I am not understanding what you are asking for - is the app showing you the VPN IP instead of your ISP IP???

IMO the right answer here is for the Arlo Cloud to act as a traversal server for the recordings.  It already is doing that for livestreaming, so certainly something that is not difficult for them to do.  Then there is no need for port forwarding.

Yes, the removal of direct inbound access would be great. But, that will incur a cost for Arlo and thus require a subscription. I am subscribed, so no big deal for me. I believe many people see local storage as a way to avoid a subscription and Arlo pitches that you can get the system with no ongoing subscription cost.

With no subscription cost, they are not going to want to "ferry" all of that traffic to/from their servers in the cloud.

That would mean the Arlo app needs to directly connect to the Hub. That means the app needs to know the IP and the Port to establish that connection. Right now, it automatically determines the IP based on what it sees from the Hub. And it assigns a Port to me. 

If it would just ask me the IP instead of assuming it, this whole thing would work. My Hub would go outbound on the VPN connection. The App would go inbound to my Hub on the IP I assign.

---

@jbhardman2 wrote:

With no subscription cost, they are not going to want to "ferry" all of that traffic to/from their servers in the cloud.

---

I get that it does raise their costs some.  But they are already doing that for livestreaming, and they are losing some camera and hub sales due to the complexity of port forwarding.  

And there are some scenarios where forwarding simply can't be done - most mobile broadband providers don't support port forwarding, and neither to providers that use CGNAT due to ipv4 address depletion. 

---

@jbhardman2 wrote:

 

If it would just ask me the IP instead of assuming it, this whole thing would work. My Hub would go outbound on the VPN connection. The App would go inbound to my Hub on the IP I assign.

---

At the moment they are getting the IP address from the hub (not exactly assuming it). I am puzzled on how you would connect inbound to the Hub using the VPN IP address???   Also, what would force the hub outbound traffic to route through the VPN? 

FWIW, if the phone is connected to your home network over a VPN, then there is no need to use port forwarding, so you could disable it.