sorry I wasn't clear...
Check the firewall software on your Blue Iris Server (not pfsense) to see if there is an exception for https, the blue iris executable, and/or port 443.Phone will not connect via https either locally or via the internet. It will connect via http both locally and WAN.
Active Connections
Proto Local Address Foreign Address State
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
RpcSs
[svchost.exe]
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
Can not obtain ownership information
TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING
TermService
[svchost.exe]
TCP 0.0.0.0:5985 0.0.0.0:0 LISTENING
Can not obtain ownership information
TCP 0.0.0.0:9999 0.0.0.0:0 LISTENING
[BlueIris.exe]
TCP 0.0.0.0:47001 0.0.0.0:0 LISTENING
Can not obtain ownership information
TCP 0.0.0.0:49152 0.0.0.0:0 LISTENING
[wininit.exe]
TCP 0.0.0.0:49153 0.0.0.0:0 LISTENING
EventLog
[svchost.exe]
TCP 0.0.0.0:49154 0.0.0.0:0 LISTENING
Schedule
[svchost.exe]
TCP 0.0.0.0:49155 0.0.0.0:0 LISTENING
[spoolsv.exe]
TCP 0.0.0.0:49156 0.0.0.0:0 LISTENING
Can not obtain ownership information
TCP 0.0.0.0:49170 0.0.0.0:0 LISTENING
[lsass.exe]
TCP 127.0.0.1:25 0.0.0.0:0 LISTENING
[stunnel.exe]
TCP 127.0.0.1:110 0.0.0.0:0 LISTENING
[stunnel.exe]
TCP 127.0.0.1:143 0.0.0.0:0 LISTENING
[stunnel.exe]
TCP 127.0.0.1:50123 127.0.0.1:50124 ESTABLISHED
[stunnel.exe]
TCP 127.0.0.1:50124 127.0.0.1:50123 ESTABLISHED
[stunnel.exe]
TCP 127.0.0.1:50125 127.0.0.1:50126 ESTABLISHED
[stunnel.exe]
TCP 127.0.0.1:50126 127.0.0.1:50125 ESTABLISHED
[stunnel.exe]
TCP 192.168.5.2:139 0.0.0.0:0 LISTENING
Can not obtain ownership information
TCP 192.168.5.2:58046 192.168.5.183:554 ESTABLISHED
[BlueIris.exe]
TCP 192.168.5.2:58047 192.168.5.129:554 ESTABLISHED
[BlueIris.exe]
TCP 192.168.5.2:58048 192.168.5.123:554 ESTABLISHED
[BlueIris.exe]
TCP 192.168.5.2:58049 192.168.5.124:554 ESTABLISHED
[BlueIris.exe]
TCP 192.168.5.2:58050 192.168.5.126:554 ESTABLISHED
[BlueIris.exe]
TCP 192.168.5.2:58051 192.168.5.188:7008 ESTABLISHED
[BlueIris.exe]
TCP 192.168.5.2:58052 192.168.5.128:554 ESTABLISHED
[BlueIris.exe]
TCP 192.168.5.2:58054 192.168.5.101:34567 ESTABLISHED
[BlueIris.exe]
TCP 192.168.5.2:58055 192.168.5.127:554 ESTABLISHED
[BlueIris.exe]
TCP 192.168.5.2:58056 192.168.5.125:554 ESTABLISHED
[BlueIris.exe]
TCP 192.168.5.2:58060 192.168.5.101:34567 ESTABLISHED
[BlueIris.exe]
TCP 192.168.5.2:63598 192.168.5.121:8999 ESTABLISHED
[BlueIris.exe]
TCP 192.168.5.2:63599 192.168.5.121:8999 ESTABLISHED
[BlueIris.exe]
TCP 192.168.10.100:139 0.0.0.0:0 LISTENING
Can not obtain ownership information
TCP 192.168.10.100:3389 192.168.10.2:41422 ESTABLISHED
TermService
[svchost.exe]
TCP 192.168.10.100:9999 192.168.10.2:55064 ESTABLISHED
[BlueIris.exe]
TCP 192.168.10.100:9999 192.168.10.2:57112 ESTABLISHED
[BlueIris.exe]
TCP [::]:135 [::]:0 LISTENING
RpcSs
[svchost.exe]
TCP [::]:445 [::]:0 LISTENING
Can not obtain ownership information
TCP [::]:3389 [::]:0 LISTENING
TermService
[svchost.exe]
TCP [::]:5985 [::]:0 LISTENING
Can not obtain ownership information
TCP [::]:9999 [::]:0 LISTENING
[BlueIris.exe]
TCP [::]:47001 [::]:0 LISTENING
Can not obtain ownership information
TCP [::]:49152 [::]:0 LISTENING
[wininit.exe]
TCP [::]:49153 [::]:0 LISTENING
EventLog
[svchost.exe]
TCP [::]:49154 [::]:0 LISTENING
Schedule
[svchost.exe]
TCP [::]:49155 [::]:0 LISTENING
[spoolsv.exe]
TCP [::]:49156 [::]:0 LISTENING
Can not obtain ownership information
TCP [::]:49170 [::]:0 LISTENING
[lsass.exe]
UDP 0.0.0.0:3389 *:*
TermService
[svchost.exe]
UDP 0.0.0.0:5355 *:*
Dnscache
[svchost.exe]
UDP 192.168.5.2:137 *:*
Can not obtain ownership information
UDP 192.168.5.2:138 *:*
Can not obtain ownership information
UDP 192.168.10.100:137 *:*
Can not obtain ownership information
UDP 192.168.10.100:138 *:*
Can not obtain ownership information
UDP [::]:3389 *:*
TermService
[svchost.exe]
Yes, Windows firewall is set to allow Blue Iris in and out.
2020.12.28 10:17:24 LOG5[main]: stunnel 5.57 on x64-pc-mingw32-gnu platform
2020.12.28 10:17:24 LOG5[main]: Compiled/running with OpenSSL 1.1.1h 22 Sep 2020
2020.12.28 10:17:24 LOG5[main]: Threading:WIN32 Sockets:SELECT,IPv6 TLS:ENGINE,OCSP,PSK,SNI
2020.12.28 10:17:24 LOG5[main]: Reading configuration from file stunnel.conf
2020.12.28 10:17:24 LOG5[main]: UTF-8 byte order mark detected
2020.12.28 10:17:24 LOG5[main]: Configuration successful
2020.12.29 10:17:24 LOG5[main]: Log file reopened
2020.12.30 10:17:24 LOG5[main]: Log file reopened
2020.12.31 10:17:24 LOG5[main]: Log file reopened
2021.01.01 10:17:24 LOG5[main]: Log file reopened
2021.01.02 10:17:24 LOG5[main]: Log file reopened
2021.01.03 08:18:15 LOG5[main]: Active connections:
2021.01.03 10:17:24 LOG5[main]: Log file reopened
2021.01.04 10:17:24 LOG5[main]: Log file reopened
2021.01.05 10:17:24 LOG5[main]: Log file reopened
The netstat output I posted above or something else?if you can post the netstat output that will tell us whether BI is listening via 443 ...
thank you.
okay so I don't see 443 with a listener at all. Without a listener. nothing is going to connect via https on your blue iris server - pfsense configuration or no.
Let me ask another stupid question, and I admit I'm not a BI expert.
Are you trying to access Blue Iris without having it configured for HTTPS but using HTTPS as transport? If so that would imply configuring a front end proxy for Blue Iris that handles the HTTPS encrypt/decrypt (whether pub certificate or private certificate).
so there's this...Code:Active Connections TCP 192.168.10.100:9999 192.168.10.2:55064 ESTABLISHED [BlueIris.exe] TCP 192.168.10.100:9999 192.168.10.2:57112 ESTABLISHED [BlueIris.exe] TCP [::]:9999 [::]:0 LISTENING [BlueIris.exe]\
I cuold be wrong , don't think the reboot will fix this.The netstat output I posted above or something else?
yes and I do not believe that BI is configured to use HTTPS right now based on the netstat output. sooo let me research this really quick. If BI does not support HTTPS natively then you'd have to configure a front end for it or decide to figure out vpn for your phone to come into your LAN and then access BI.Yea, port 80 works but it's not https.
yeah you betchya... gotta make your blue iris https issue go away first.... Like I said nothing lilstening on port 443 - which is what BI is telling you.Found something.
yeah you betchya... gotta make your blue iris https issue go away first.... Like I said nothing lilstening on port 443 - which is what BI is telling you.
see my last post for ideas using stunnel alternatively you may be able to reverse proxy via squid ... basicall you need to pick your poison here.
edit:
btw, if it were me I'd just spin up a nginx vm and use that to front end HTTPS/SSL traffic. but that's just me.
edit:
using pfsense and squid example
using nginx to front end BI example
edit:
and apologies you have BI http running on port 9999 - earlier I talked about 80 - but should have been 9999