How we built our DIY Home Security Camera System

How we built our DIY home security camera CCTV system - Network Map - VueVille

Our DIY Smart Home Network Map

A few years ago, my wife and I decided to get a CCTV security system. We didn’t know much about home security or security cameras at that point. But we wanted to be check in on our home while we were away.

If we were not DIY-crazy, we would have probably gone the Easy-DIY route and bought an all-in-one home security kit from Ring or Simplisafe.

But we felt deep unease about these brands storing our video footage on the cloud, especially indoor videos. Cloud-reliant security cameras were getting hacked left, right and center. Moreover, many useful features of these cameras such as advanced motion detection were locked behind monthly paid subscription plans. Even basic things like being able to review recorded clips!

So while the upfront costs looked low, ongoing costs would quickly balloon. This is the downside of the subscription-based model of business that most security camera companies are turning to these days. Don’t get me wrong, cloud backup is fine and serves as off-site backup. But having it shoved down our throats and having to pay for it is simply unacceptable.

But being the DIY and tech-crazy people we are, we decided to do it ourself – the ProDIY way, learning by doing, using excellent stand-alone IP cameras (like the Reolink E1 Pro), and high-quality yet affordable prosumer networking gear (like Ubiquiti’s Unifi range).

Today, we have a DIY CCTV home security camera system that we chose and set up ourselves based on months of research. It is ultra-reliable and has highly useful features such as interfacing fully with our Home Assistant and HomeSeer HS4 home automation system, yet is very affordable.

We often get questions about our DIY CCTV setup, such as how we are able to view our home security cameras securely from anywhere in the world. So we thought we would share our journey with you, our readers.

We will list our complete security camera setup and how we are able to safely and securely connect to our home from just about anywhere. Also we will go into not just a list of the different devices that form the system, but also how they all come together to help us achieve our specific security goals.

A quick note: As an Amazon Associate I earn from qualifying purchases. This post contains affiliate link(s). An affiliate link means I may earn advertising or referral fees if you make a purchase through my link, at no extra cost to you.

Our DIY Home Security Camera System goals were:

  1. Be able to simultaneously view multiple cameras on a single screen. This could be from a tablet while indoors and from our mobile phones and laptops remotely.
  2. Be able to record motion-detection clips and have the option to at record at least 2 weeks worth of 24/7 video footage.
  3. Be able to inform my home automation system whenever motion was detected so that I could take action such as turning on lights
  4. Get motion detection alerts by email with snapshots within seconds of the intrusion.
  5. High enough resolution to get a clear picture at day or night.
  6. Our privacy is paramount. All camera footage needs to be stored locally. No cloud-reliant stuff for us! We do not want to port forward cameras leaving the entire network vulnerable to hackers and botnets.
  7. Push notifications – a nice to have if it doesn’t compromise network security.
  8. The system should be flexible enough to grow and change according to our evolving needs.
  9. All of this should not break the bank! No monthly fees, no ongoing cloud subscriptions.

The End Result:
Here is a screenshot of how we live-view our IP cameras from our laptops and on the TV:

Monitor - How to set up your own DIY NAS NVR using QNAP Surveillance Station - VueVille

Our DIY Home Security System – QNAP QVR Client for Surveillance Station

We can also access the cameras from our smartphones using either the tinyCAM Monitor Pro app or QNAP’s VMobile app to access the NAS (Network Attached Storage) NVR’s clips archives.

How to access your DIY security cameras remotely using a NAS VPN server - tinyCAM Monitor Pro - VueVille

Whenever motion is detected by any of the IP cameras, the QNAP NAS informs our HomeSeer HS3 home automation system. HomeSeer then informs Home Assistant which can then turn on lights, play a siren alarm, send me video clips, anything I can think of really.

HomeSeer - IP Camera Motion Detection - VueVille

My step-by-step guide shows you how to connect QNAP Surveillance Station to Homeseer HS3/HS4. Eventually I plan to write how-to guides to replicate my entire smart home system setup.

Now let’s see what the security camera system part of our smart home network looks like (also see how we built our DIY Smart Home Automation system)

Our DIY Home Security System Network Setup

A topology is a representation of how a system is connected together. Network topologies may be either physical or logical. A physical network topology shows the actual physical layout and the connections between different elements. A logical network topology shows how they are functionally linked to each other.

Here’s a physical map of our entire smart home network. For a reliable and scalable surveillance system, you got to have the right network set up to support it. So let’s begin there.

How we built our DIY home security camera CCTV system - Network Map - VueVille

Our DIY Smart Home Network Map

The first thing you will notice is that there are a lot of different network components, and that devices are nicely siloed off into neat compartments (LAN, VLAN1, VLAN2…etc.).

Usually people just connect a Wi-Fi router to the ISP modem and call it a day. If you are just using a couple of wireless cameras, that will probably do.

But for our Pro-DIY system that is security and privacy-focused, we need to go further. We need to be able to defend our network from hackers and botnets. For this we need a strong and powerful hardware firewall.

We need to be able to isolate security cameras so that they cannot ‘dial home’ or leak data outside our network. Any device in our network we do not trust (like a Chinese security camera) shouldn’t be able to access sensitive personal devices like laptops and mobile phones of its own volition. For this we need the ability to create Virtual LAN (VLAN) networks.

Every consumer Wi-Fi router has a built-in firewall that offers basic protection. But they are often not very customizable. For example, in most cases you can’t create your own firewall rules. And most of them cannot create VLANs. So after dabbling with overpriced ‘prosumer’ ASUS router for some time, I switched to enterprise standard networking gear. I went with Ubiquiti’s Unifi range.

We have a large home and getting reliable Wi-Fi throughout has been an issue. I had realized we needed multiple Wi-Fi access points. But the house is already wired for gigabit Ethernet. So this was another reason to skip the consumer-grade mesh networks and just go with a reliable established enterprise brand.

Also when your network gets large and you have multiple devices (router, switches, Access points), it becomes difficult and time-consuming to configure and manage multiple devices.

Here are the advantage of the Ubiquiti Unifi line of enterprise class networking gear:

  1. Enterprise-grade hardware with higher reliability
  2. Central management dashboard
  3. Seamless Wi-Fi mesh network with Ethernet back-haul
  4. Affordably priced
  5. Ability to create VLANs

The easiest way to understand Unifi’s product line is this: a typical Wi-Fi router like Asus or Netgear is an all-in-one device.

There’s a router, a firewall, and Wi-Fi access point all rolled into one device for convenience. However this means that if you want advanced features, you have to shell out a lot of money.

Also if one function (like the wireless radios or the router part) fails, the entire network fails and you have to junk the whole device. Not great for redundancy or your wallet.

Full equipment list

How we built our DIY home security camera CCTV system - Network Map - VueVille

Our DIY Smart Home Network Map

The Networking Gear

Starting from the top left, we have a symmetric 500 mbps up/down fibre broadband connection. So the first device is the ISP modem which we cannot avoid. However, everything after that point is of our design.

Check Amazon

After the ISP modem, comes the Unifi Security Gateway (or USG). This is our hardware firewall, serves as the DHCP router for the whole network and manages all the VLANs. The USG has a Dual-Core 500 MHz processor with 512MB RAM. It can handle up to 1,000,000 packets per second and a line rate of 3Gbps. It can more than handle our 500 Mbps broadband connection.

The ISP modem plugs into the WAN1 port. The USG has two physical LAN ports – LAN1 and LAN2. Each port will create a unique sub-net. I use only the LAN1 port for my network – I will refer to this as LAN. The Unifi system uses a central management portal for all device configuration and logging. You can run it off a computer and use it only when you need to configure devices.

Or you can get a Cloud Key, a small PoE device that hosts the controller software and logs network statistics locally 24/7. I don’t want a computer running all the itme, but I like to log all the data I can. So I went for the Cloud Key.

As mentioned in our goals earlier, we didn’t want to forward ports from the cameras to the Internet. The alternative to forwarding ports from the camera to the router and exposing them to the Internet, is to create a VPN connection to your home network so that you can dial in securely. For this you need an Internet-facing device in your home network that can act as a VPN server.

The Unifi USG does not natively support OpenVPN or Wireguard, like it does the L2TP or PPTP protocols. L2TP and PP2P have been compromised either by the government or by hackers.

Now QNAP has built into their NAS a VPN server app that supports all the major VPN protocols. In the beginning I used our QNAP TS-253A NAS as the VPN server for the entire home network. But I learnt that this is not secure, so I have PiVPN running on an Orange Pi Zero that also runs PiHole on my network. I chose the Wireguard protocol as it requires less resources than OpenVPN.

The Pi Zero’s Wireguard port is forwarded to the Unifi USG. No other port forwarding is present. The USG is configured with Dynamic DNS (DDNS) and so is always accessible from the internet using a friendly name, instead of the public dynamic IP address which ISPs change every so often. I use the excellent and free service.

We use the official Wireguard VPN client on our Android phones or laptops to connect to our home network, the Orange Pi Zero acting as the Wireguard server for the entire home network. This lets us access all our network resources as if we never left home, live-viewing and reviewing recorded footage is so easy.

I also recommend checking out the Unifi UDM Pro which is a newer device that fuses the USG and a managed 8-port switch into the same device. It is rack-mountable and so may be a better fit if you plan to have a server rack or cabinet.

Let’s explore LAN first. If you just want to create VLANs for WI-FI devices you don’t need a managed Ethernet switch – the Unifi wireless access points (WAP) can do that. But to create Ethernet-based VLANs, you need a managed switch.

I wanted to create a separate VLAN for my Ethernet connected devices: my Raspberry Pi4 running Home Assistant, Home Automation laptop running HomeSeer HS4, and another VLAN for my IP cameras.

I could use Wi-Fi for the laptop but I wanted Ethernet instead of Wi-Fi for 100% reliability of my Home Aautomation system. So I got the Unifi US-8-60W (image below), an 8-Port fully managed 802.3af PoE Gigabit switch. It has a fan-less design and thus is silent in operation.

Check Amazon

The switching capacity is up to 8 Gbps total, and it can provide up to 15W output per PoE port. I use one of the PoE ports to power the Unifi Cloud Key.

The Unifi Wi-Fi Access Points are widely acclaimed for solid wireless performance. I went for the cheapest AP in their product range – the Unifi AP-AC-LITE (image below). Described as an 802.11ac Dual Radio Access Point, it can do up to 300 Mbps in the 2.4GHz band and up to 867 Mbps in the 5GHz band simultaneously.

Check Amazon

You can power it via standard 802.3af PoE or Ubiuiti’s proprietary 24V PoE (if you are already invested in their older equipment).

I am able to create separate Wi-Fi VLANs for my personal devices (VLAN6), media devices (VLAN4) and indoor Wi-Fi cameras (VLAN5) because the AP-AC-LITE supports VLANs. I am very happy with this Access Point as a single AC-LITE covers my entire home.

I no longer experience dropped frames on my Wi-Fi cameras and overall responsiveness while browsing on my Samsung Galaxy S20 has improved noticeably.

The DIY Security Camera System

Outdoor IP Cameras

We have a few Hikvision IP cameras and some Reolink IP camera recording on motion detection to a Network Attached Storage (NAS) system from QNAP. They are connected to the TP-Link PoE switch which in turn is connected to the Unifi Managed Switch.

I created a VLAN (numbered as VLAN3) to group these 4 IP cameras together. The Unifi USG firewall allows me to then set up strict rules on what these cameras can and cannot do in my network.

For example, they cannot phone home to their Chinese manufacturers if they wanted to, they cannot access the Internet, they cannot even initiate any connection outside of the VLAN they are in. They can only respond to ONVIF and RTSP connection requests (using port number access controls on the Unifi USG). That’s what an advanced enterprise-grade firewall like the Unifi USG can do.

Here’s a review of one of the cameras I use:

Review: Reolink RLC-511 5MP PoE Bullet IP Camera

Review: Reolink RLC-511 5MP PoE Bullet IP Camera

It's been quite a while since we've had a Reolink IP camera review here at VueVille. We already reviewed the 5MP ...

Check out my recommendations for the best outdoor IP cameras without a monthly fee.

Reolink RLC-820A
8MP sensor
Smart motion detection
IP66 weather-proof

Amcrest IP8M-T2669EW
8MP sensor
Smart + Advanced Motion detection
IP67 weather-proof

Reolink RLC-823A
8MP sensor
IP66 weather-proof

Indoor IP Cameras

We have 3 indoor security cameras. The Reolink C1 Pro and C2 Pro are connected via Ethernet and monitor the front and back doors. The Reolink E1 Pro is a Wi-Fi only camera and we use it as our baby monitor camera.

Reolink C2 Pro
  • 5MP
  • PTZ
  • 2.4/5 GHz WiFi, Ethernet

Reolink C1 Pro
  • 4MP
  • Pan-Tilt
  • 2.4/5 GHz WiFi, Ethernet

Reolink E1 Pro
  • 4MP
  • Pan-Tilt
  • 2.4/5 GHz WiFi only

Check out my recommendations for the best indoor IP cameras without a monthly fee.

Other Switches I use

TP-Link Gigabit PoE switch

Check Amazon

The TP-Link TL-SG1008P Gigabit PoE switch powers the PoE cameras, and is connected to the Unifi Managed Switch. Read our review of this capable little switch.

Netgear 8-port Switch

Check Amazon

You can never have enough Ethernet ports! The Netgear GS-308 8-port gigabit switch is an unmanaged switch. This means there are no settings to configure, it is truly plug and play. It has a sturdy metal chassis, auto-sensing 10/100/1000 Mbps port support and excellent real-world performance.

It also has LED activity, link speed and status LEDs per port. I have been using it for over 6 months now and it has been super reliable. Highly recommended plug and play switch for setting up your home surveillance network!

DIY Network Attached Storage (NAS) NVR

QNAP NAS TS-253A with 2x 3TB WD Red hard drive (WD30EFRX)

Now let’s move on to the NVR where the camera footage is recorded. You could take one of 3 Pro-DIY routes for recording video streams from your cameras:

  1. use an IP camera and NVR kit
  2. use a NAS as the NVR.
  3. use a PC as your NVR using NVR software like BlueIris

The main reason we went for the NAS is because it allows us to integrate the security cameras with our Home Assistant / HomeSeer HS4 home automation system without needing a powerful energy-guzzling computer to run BlueIris software 24/7.

Read: EasyDIY or ProDIY – The VueVille Smart Home DIY Framework

NAS devices today are much more than just network storage, they are more like mini-servers. Generally they run their own Linux-based operating system that is accessed through a web browser.
Common uses for a NAS are centralized network storage, as a backup target, as a VPN client/server, and as a DLNA server for streaming your media across the house to multiple devices.

Synology and QNAP make NAS models that have powerful software running on them which makes them more like computers than dumb hard drives. But since they use Linux and specialized software, they can do a lot of things far more efficiently. So we use the NAS as the NVR, a VPN server, backing up our laptops, phones, and as a DLNA server. All for a few watts of energy usage.

The QNAP TS-253A we chose is an affordable yet powerful NAS that is the hub of our surveillance system and an integral part of our home automation system. From my round-up of the best DIY NAS NVR options, you can see the choice was between the TS-253A and the Synology 416play.

We settled on the QNAP because it had slightly more powerful hardware, more features such as HDMI out ports, and 2 extra camera licenses over the Synology 416play. Both Synology and QNAP are great brands and both claim to be able to send push notifications to their respective mobile apps, but I haven’t tested this on our QNAP NAS.

The QNAP NAS has a built-in NVR software called Surveilance Station. So the QNAP records full resolution video streams from my 3 Hikvision cameras to its internal hard drives. You could get a dedicated NVR but as I said, we had other uses for the NAS.

QNAP now also have an alternative free NAS NVR app called QNAP QVR Pro which grants you 8 IP camera channels regardless of how many channels your NAS originally came with. Here’s a rundown of QVR Pro and how it compares to QNAP’s standard Surveillance Station software. This is incredible value and I highly recommend trying it out.

Read: QNAP TS-253A Hands-on Review
Read: My recommendations for the best NAS for Surveillance Cameras
Read: How to set up your own DIY NAS NVR using QNAP Surveillance Station

Please note that some QNAP NAS models come with only a license for 2 channels in the Surveillance Station app instead of the 4 channels included with the QNAP TS-253A. If you want to record more the included free channels, you will have to purchase additional licenses.

For the hard drive, I use the WD RED NAS drives. Check out my recommended surveillance hard drives for both NAS NVRs and dedicated NVRs.

Accessing the security camera system while at home

The QNAP NAS Surveillance Station can be accessed either via the web interface or the Windows QNAP QVR client software that you saw above in the screenshot.

The tinyCAM Monitor Pro app on our smartphones are all configured using the local IP address of the QNAP NAS and Hikvision cameras. At home, we just open the app and it simply works. No fuss. No hassles.

Accessing the security camera system from outside the home

Outside our home network, I simply need to connect to the VPN server (running on the the Orange Pi Zero as mentioned earlier), and all the apps and the QVR client on the laptop simply continue to work. This is the detailed process: So I use the Wireguard client on my laptop or phone to connect to the Wireguard server on the Pi Zero. Once connected, my PC is virtually part of our home network.

So our Hikvision & Reolink cameras are not directly exposed to the Internet. The Pi Zero running Wireguard server is, but this is a far better option because the Wireguard server is built for this purpose and has attack defeat measures such as IP exclusion, automatic IP bans based on rules etc. which the IP cameras simply don’t have.

Also the VPN server allows me to access the data on my QNAP NAS without hassle – my laptop or smartphone will think that they are in the local network. So all network drives automatically re-connect and the experience is seamless in terms of recently used files etc.

Read: How-to view your cameras remotely using a VPN

External IR Illuminators

Check Amazon

Two basic IR illuminators for the backyard and 12V power adaptors that have lasted nearly a year now and are still going strong. These are of the 60 degree coverage variety, and you can also get wide-angle illuminators.

Ethernet Cables

Check Amazon

For Ethernet cables that run outside the home, I recommend using cables that are designed specially for this purpose – outdoor heavy-duty burial-grade CAT-5e or CAT-6 Ethernet cables.

This will ensure that you do not face issues with the cables such as breakage, little animals chewing the cables etc. Ensure that the cables are 100% pure copper and not the cheaper and inferior Copper Clad Aluminium(CCA) variety.


Check Amazon

A CyberPower BRICs BR650ELCD (Line-interactive UPS – 390W/650 VA) to protect and power the entire system (13% load for all the above kit + a couple of other devices). I got a cheap yet reliable UPS which is officially compatible with the QNAP NAS.

If the power fails or supply voltage is outside the tolerance, it informs the NAS which is programmed to shut down gracefully. I also have a schedule to turn it on automatically every morning, which ensures the NAS will turn itself on the next morning if the power fails and it shuts down.

I believe the UPS has paid for itself. On several occasions, the NAS has informed me that it had shut down as instructed by the UPS.


Check Amazon

64GB SD cards for all the cameras. 128 GB SD cards should also work but some cameras are a bit picky about which 128GB cards they will accept.

Make sure you use at least a Class 10 speed card so that you don’t suffer from dropped frames in the recordings. I use the SD cards to record motion detection alert clips. This is then yet another location where the clips are backed up.


The QNAP NAS comes with the free QVR Pro app. It supports all the features a good NVR has and it works very well.

We use tinyCam Monitor PRO app on Samsung Galaxy S9, Samsung Galaxy A5, Samsung Galaxy M10S and a Nexus 7 tablet. The tablet is our dedicated IP camera monitoring screen running the Imperihome Android app.

Storage capacity needed for QNAP Surveillance Station

Initially I recorded all my 3 external IP cameras 24/7 at 6Mbps bitrate and 10fps. This meant that the 1.5TB that I had set aside was good for 8-10 days of CCTV footage for all 3 cameras put together.

But I have since realized I don’t really need 24/7 recording and that replacing hard drives every year or so is no fun. Modern surveillance hard drives are rated for no more than 1 year of continuous operation. So now I just use alarm recording which places markers on the QVR Pro timeline so that I can jump directly to motion events.

The amount of storage you need depends on the quality and frame per second settings. After 3 years of experimenting with various quality settings, I have settled at 2Mbps and 6fps as we couldn’t see any improvement with higher settings.

I have also set the QVR Pro app on the QNAP to use only 1.5 TB (out of the 3TB available). So it automatically overwrites older recordings to maintain the 1.5TB quota. You can also specify number of days instead.


We hope this article gives you an insight into how you can set up your own DIY home security camera system. If you have any questions at all, please do not hesitate to get in touch through the comments field below.

A quick note: This article may contain affiliate links. If you click on one of these links and then purchase something, we may receive a fee. This does not cost you anything extra. Also note that Hikvision and Dahua do not consider certain platforms including Amazon as an authorized seller platform. So if you need warranty support please purchase from authorized resellers of Hikvision and Dahua products in your country.

Get notified when I post new content

Join 131 other VueVille fans! Don't worry, I hate spam too!

Daniel Ross

Daniel Ross

I am Daniel and VueVille is where I document my DIY smart home journey. I focus on 100% local-processing and local-storage because that’s the only way to secure my family’s safety and privacy. Oh and I don’t like monthly subscriptions!

  1. Hi Daniel

    Thank you very much for all the detail in this post. I’m using this guide to setup my first system. Please excuse any novice questions and comments below.

    If you dont mind, could you please give me some advice regarding some alternatives to the network gear? Reason being – it’s incredibly difficult to buy some Ubiquiti products here in Australia.

    Can you suggest an alternative to the Unifi Security Gateway? Current lead times for these are 6-7 months with probable further delays.

    I considered the UDM Pro, but I can confirm that it does not offer port isolation (confirmed by a Ubiquiti engineer). He said that port isolation needs to be via a dedicated UniFi switch. One of your replies above suspected this. How important is it to be able to isolate ports? I dont plan on using any Chinese cameras etc. I would prefer to have separate network components, but am under some time pressure to get this done.

    I look forward to your reply. Thanks again for sharing your work on this site, it’s really helped me out.

    • Hi Anthony,

      Thanks for your kind words. The COVID induced supply chain issues have resulted in long lead times for most networking gear, especially Ubiquiti’s. I am sure the UDM Pro supports port isolation and VLAN tagging on a per-port basis. This is one of the biggest selling-points of the UDM Pro! In fact, I will be updating this article soon to recommend the UDM Pro as it is more modern than the USG.

      See this Unifi documentation and I quote:

      “The UniFi Security Gateway (USG) and UniFi Dream Machine (UDM and UDM-Pro) can be used to manage DHCP server, routing, and VLANs on networks. It would also use the Settings > Networks area to define subnets. A corporate network has no restrictions, whereas a guest network cannot communicate with other subnets on your network. The guest control settings are also applied to guest networks (i.e. wired guest portal).

      The default physical LAN interface’s network is, by default, using untagged VLAN 1. There can be multiple VIFs (virtual interface/VLANs) per physical LAN interface. The VLAN ID of the untagged subnet (it is 1 or 4010, depending on if it’s LAN or VoIP subnet) cannot be edited. The settings window looks similar for both corporate and guest networks, so only a corporate network will be shown below. Basically, enter the desired IP with CIDR, and then choose the VLAN ID.”

      You can also see a Youtube tutorial video showing how to do this step by step on the UDM Pro, and see here a user posting screenshots of how to do this on a UDM Pro.

      I would suggest asking your Unifi engineer contact to comment on the above. I think he/she is misinformed.

      There are alternatives to Ubiquiti – TP-Link, Mikrotik, D-Link, Cisco Meraki, or DIY options such as pfSense on a spare computer. Basically any decent managed switch will allow you to set up firewall rules on a per-port basis.


      • Thank you for this in-depth reply Daniel. I’ll go ahead with the UDM Pro as it is available. I’ll send you an email with the original response from the engineer as it was a screenshot, and I’ll follow up the conversation with them including the helpful info above. Looking forward to your updated article mate. If there’s a way I can buy you a virtual beer or a coffee, please let me know.

        • Anthony, I saw your post on the Ubiquiti forums. I wanted to explain briefly how port isolation can be achieved in Unifi devices depending on the degree of isolation you need: 1) Total isolation – by applying the ‘guest’ option in the network’s profile, 2) Partial isolation- using firewall rules.

          This is the Total isolation method – Firstly you create a network (VLAN) profile – here you would apply the ‘guest’ option. Next, you create a switch profile and specify the network you created earlier. Then you go to the port that you want to isolate and apply the switch profile to that port – then all traffic through that port is tagged as a VLAN -> You can see the ‘Switch Port Profile’ dropdown in the screenshot you put on the Ubiquiti forums – I assume this is the one you got from the engineer.

          Note: You most probably don’t want to use the “Guest portal” option – this is solely to create a captive portal to create a dedicated Wi-fi like in a cafe or at an airport.

          The partial isolation method – is similar to the total isolation steps but instead of applying the ‘guest’ option, you leave it as ‘corporate’ but then use firewall rules to secure the VLAN. The process is detailed in my blog post here. Hope this helps.

  2. Hi Daniel.

    Amazing site, thanks for sharing your configuration. It answered some of my questions. It would have saved me so much time.

    You said that you can record video at any time, 24x7x365. It will keep for one week. It’s something I have thought about, but what do you think?
    I am waiting for your response.

    • Yeah I do only motion-based recording on my QNAP NAS. I don’t personally need 24/7 recording right now, and this saves my NAS hard drives from wearing out in just 2 years.

  3. Hi Daniel,

    I enjoyed reading your article on your home network set up and I am planning to adapt some of your ideas to my own network to increase security.

    After you segmented your devices into the various VLANs, I am curious to know how much communication you needed to implement between the virtual networks by setting up security rules in the router. Have you documented some examples of security rules setups somewhere on your blog?

    I have a 16 channel Laview NVR with 12 cameras that I access remotely using P2P and I would like to first isolate this hardware from the rest of my network using a managed switch. I believe that a managed switch alone would allow me to do this. Am I missing something? Would I need a VLAN capable router upfront along with the managed switch? (I am looking to increase my network segmentation gradually over time.)

    Thanks in advance for any feedback.


    • Thanks! Yes, see this example of VLAN firewall rules I use to prevent my cameras from accessing the Internet.

      Yes a managed switch will let you create a VLAN to isolate your NVR. However putting it downstream of a router is tricky and complicates your network setup if you still want the router to act as the DHCP/DNS server. You will end up having two different networks – 1 created by the router and 1 by the managed switch. Moreover, the switch can only identify where traffic is coming from / going to through its own physical ports. I don’t think it will be possible to control which device on the router network can or cannot access which VLANs on the managed switch. You can overcome this challenge by making the managed switch your DHCP/DNS server but then if you want Wi-Fi at all, you will need more hardware (like an access point). That’s why I just went with Unifi across the board.

  4. Hi Daniel,
    What kinds of communications did you need to provision for (using the USG) between the various VLANs to facilitate your day to day needs? I am trying to get a sense of how much VLAN segmentation can be done using just a managed switch, before setting up special security rules in the router. Also, have you created any how to guides for the router set up with regards to VLANs? Thanks in advance for your feedback!

    • RTSP for security cameras while blocking all other protocols. I also blocked all the security cameras and the NAS from accessing the Internet except for OpenVPN ports. Yes see here for a guide to creating VLANS – for wireless devices and for wired devices.

  5. Hi Daniel.
    As has been said many times before, great information! Thank you very much for sharing.

    I am looking to setup cameras running on QNAP NAS. I have a question about substituting certain components to accommodate what I already have in place.
    I purchased the ASUS ZenWiFi AX mesh system with two nodes [main plus 1] about a year ago. This finally resolved the WiFi issues I had always experienced around our home and so I am very happy with this option. Had I seen your blog before, I may have gone with the Ubiquiti Unifi for WiFi instead, but do not want to retire the ASUS system yet.

    My system is: ISP modem to ASUS router, then I have various ethernet connections either directly to the router or via a TP Link unmanaged switch connected to the router. These connections are media devices, laptop and the NAS.

    I am wondering whether I could achieve what you have with VLANs and your hardware firewall by going ISP modem–>Ubiquiti Unifi USG–>Unifi Managed Switch–>ASUS router [for wifi in the home]. IP cameras I assume would then connect to an unmanaged switch, with that switch connecting to the Unifi managed switch? I guess, to put it more simply, can my ASUS ZenWiFi be substituted directly into your setup in place of the Ubiquiti Unify AP AC Lite to run the WiFi?

    As an alternative, if I decided to forgo the USG hardware firewall, could I leave the ZenWiFi router in place directly after the ISP modem, then still run the Unifi managed switch from that? Would I still be able to run VLANs this way, or is the USG necessary for the VLANs?

    Any advice on these setup options would be greatly appreciated.
    Thank you.

  6. Hi Daniel,

    This guide is providing us a great start to designing our own security camera system. I have a few questions:
    1. How did you decide which outdoor camera to use for each spot? We have several locations to cover outside? Was it the the MP, FOV, form factor or ? The cameras listed are all somewhat similar. We have some challenges to cover the most area with the least number of camera/cable runs but want to make sure we have quality video if needed.
    2. Some of the Hikvision cameras show on Amazon to be OEM labeled vs. the brand label. Is there a difference that I should be aware of that would make one vs. the other not work with QNAP?
    3. You mention in one of your responses that you don’t record the interior cameras. Is that because of privacy or that they can’t be added to the NVR/NAS?
    4. Do you have any other recommendations on what to avoid/look out for when you did your setup? Just trying to avoid any expensive mistakes.

    Thanks in advance – your article and responses have been a great help.

    Will Howard

    • 1) Bullets are fine for most locations, but ones that are physically accessible easily should be domes which are vandal proof and so cant be easily knocked off target
      2) Its better to get the Hikvision branded ones
      3) Purely for privacy reasons
      4) Stick with big brands, you may want to avoid Chinese brands if you are in the US due to legal reasons

  7. Hi Daniel, thank you so much for this great effort. I have followed your system design over here in Oz and I am IT challenged but your great articles and guides have helped immensely. I am wanting to clarify a few points if I could:
    – is there a need to have both the firewall rules for cameras as well as have the NAS running as a VPN to stop the cameras being attacked?
    – I am thinking the “router” for port forwarding in the system is the USG?

    • You’re welcome!

      > is there a need to have both the firewall rules for cameras as well as have the NAS running as a VPN to stop the cameras being attacked?
      Two different things altogether actually, the firewall rules for the cameras prevent them from connecting to the Internet, the VPN rules allow you to VPN into your NAS and thus the home network when you’re away.

      > I am thinking the “router” for port forwarding in the system is the USG?
      That’s right

  8. hello Daniel,
    Thanks for this write up!

    Do you think it would be effective / possible to run the controller software on the NAS instead of the cloud key?


    • Yes it is possible but I wouldn’t recommend it – I like having dedicated devices for these kind of jobs so that I can switch off the NAS every night when I am not using it, this extends the hard drive life a lot.

  9. Wow…..Daniel, you write it and I am doing it! I have been trying to fanagle consumer stuff into the house while staying private, I am here trying to figure out the cameras. I have Google Wifi running a Home VLAN and a Guest VLAN. I have a ton of wifi switches that are controlled with Home Assistant on a Pi. The Wifi list is long and a mess, but this solution seems to clean all that up!

    I can run a media VLAN, Home Assiatant VLAN, CCTV VLAN and a Guest VLAN. You didn’t mention this, but did you create a guest VLAN?

    • Hey mate glad you are liking it. I have also recently been dabbling with Home Assistant on the Raspberry Pi-4B with 8GB RAM running DietPi . I put the HA-Pi on the same VLAN as my IoT devices. Loving it so far, I am thinking of slowly moving over everything from HomeSeer to Home Assistant.

      Yes I have a guest VLAN also that is isolated from the rest of the home network and only has Internet and is bandwidth throttled 😀

      • Just Ordered the Unifi Dream Machine Pro; integrates the USG, the Cloud Key and the managed switch….Going to have a failover/load balance on two ISPs and put it in front of the Google Wifi and start the migration.

        • Watch out – another reader has just found out that the UDM cannot do port isolation. I dont know whether the UDM Pro can but check before proceeding.

  10. This blog is absolutely amazing. I actually work in the industry, and I can honestly say this is one of the most comprehensive and accurate guides I have ever seen. Kudos to you sir.

  11. Reply
    Tony George Perkins July 16, 2021 at 8:03 pm

    Hi Daniel,

    I have found your site and pleased that I did as I am at the start of getting home security sorted out.

    I am running into a little difficultly. I am not techie enought to undertand all the Acronyms and was wondering if somewhere you have these listed?

    For example, I could not figure out what NAS was (I have now, Network Attached Storage).

    Anyway, glad I found your site I am continuing onthe Pro route and being in New Zealand hopefully can get all the gear at a reasonable price.

    • Hey Tony, welcome and glad my blog has been helping you. I don’t have a glossary but whenever I use an abbreviation for the first time in an article, I try to explain it. Just ask away if you have any other questions.

  12. Daniel, thanks for all of this. Very detailed and helpful. I bought a QNAP 251D, very nice. I’m using QVR Pro, and the client version on my Macbook, iphone and ipad. Question, did you ever figure out how to get push notifications? QNAP wants you to use their cloud and enable UPnP. My understanding, this is insecure. There’s an SMS service option as well.

    • I don’t use any individual software from the manufacturer of my devices (Hikvision/QNAP/Unifi etc) to send notifications – my HomeSeer home automation software is the only thing that I want to send me notifications (email). This is because these days most manufacturers force you to use a cloud P2P service for push notifications which I see as a security risk. Although I should point out you don’t need uPnP to use a cloud service – all uPnP does is open ports on your behalf. If you know which ports QNAP needs to be opened for push notifications, you can just set up port forwarding on those ports and not need uPnP at all.

      I would double check whether QNAP is really right when they say you cant have push notifications unless you use their cloud service. Because if there is a local push notification setup option, then you can have an openVPN server set up on the NAS, and when you are outside the home keep your phone connected via VPN to your home network. Then you will get local push notifications on your phone even though you are not at home. While this is very secure, its a pain in reality because if you forget to connect the VPN you wont get any notifications.

      So instead I would simply use email notifications on QVR Pro with a snapshot attached.

      At the moment I just use email notifications, but from HomeSeer. HomeSeer does have a variety of push notification options like Pushover (free). You are still using a third party service here but at least you don’t need to open a port on your local network.

  13. Hi Daniel,
    Great info and thanks for taking the time to write it up!

    A question, Would a Ubiquiti Dream Machine work in your configuration? It seems like it *might* be able to take the place of the center column of hardware in your map.

    Thanks again!

    • Thanks! If the Dream Machine allows you to create VLANs and create rules for those VLANs, yes you can replace the USG and Unifi managed switch with the Dream machine.

      • Hello Daniel!
        I really like all the build. I am studying that kind of stuff now and I want to ask you can I use this information on my university project? I have to build that kind of system and explain why I chose all the hardware. I will ofcourse translate with my words on my language if you can give me the permission to use the information. Thank you in advance for the good information.

        • I write this blog to share what I have learnt so please make use of this knowledge & reasoning behind the hardware selection – but please don’t copy the article as-is.

  14. Hi Daniel,
    Tons of great information here, thanks for the effort to write it up.

    Any thoughts on the Ubiquiti Dream Machine taking the place of some of your networking components?

    Thanks for your thoughts,

    • The UDM & UDM Pro do support VLANs and port tagging, so it may be a viable option but I haven’t tried it myself.

  15. I’m brand new to security cameras but have done plenty of network configuration / management previously. I’m building out a system based on your recommendations with the primary purpose of IP-based baby-monitoring without the use of any cloud service provider. So I’ll initially have only one camera for that purpose, with the option to add more IP cameras later. I have a bunch of questions. 1) How you are accessing the video feed of the ReoLink? Is it added to the QNAP Surveillance Station and/or QVR, and then you’re using tinyCam to access it? 2) Does this configuration allow you to control the PTZ features of the camera through tinyCam? 3) Does the ReoLink feed get recorded to the NAS as well? 4) Any thoughts on using the QVR Pro Client smartphone app to access the feeds? And finally, 5) which dynamic DNS provider do you use and are there benefits to some over others? Is noip free an okay choice?

    • Thank you!

      1) How you are accessing the video feed of the ReoLink? Is it added to the QNAP Surveillance Station and/or QVR, and then you’re using tinyCam to access it?
      I’m using tinyCam to directly access the wireless Reolinks I use as baby cameras. The wired Reolinks’ streams are pulled into QVR Pro for motion-triggered recording.

      2) Does this configuration allow you to control the PTZ features of the camera through tinyCam?
      Yes although it depends on the specific Reolink model, tinyCAM supports only the PTZ of some models.

      3) Does the ReoLink feed get recorded to the NAS as well?
      Only the wired Reolinks.

      4) Any thoughts on using the QVR Pro Client smartphone app to access the feeds?
      I haven’t really used it much as I find tinyCAM a lot more intuitive and easier to use than any other app I have tried so far.

      And finally, 5) which dynamic DNS provider do you use and are there benefits to some over others? Is noip free an okay choice?
      Yes noip is great but going premium may be better so that you dont need to login every 90 days or so to keep your account active.

  16. Hi
    I have a Chinese Wired ptz camera that i wanna connect to port 4 on a Unifi poe 60 switch.
    Then i have Pc with Blue iris on port 2 on the same switch. I whant to connect those locally without the camera accessing internet. But i cant figure out how to do it.

  17. Thanks for the info! I am learning as I go but can this unit function offline? We are moving into a sailboat and won’t have service most of the time. We keep all the kids schoolwork on the qnap 251+. We keep movies on there and also want to be able to see what is in front of us as we are sailing inside overnight. What changes could I make to use this offline?

    • The NAS doesn’t require an Internet connection to function. Just plug in the NAS and your laptops into the same network switch. If you want to use Wi-Fi plug the NAS into your Wi-Fi router. Effectively the NAS and your devices need to be on the same network and be able to talk to each other, no Internet connection needed.

  18. Hello Daniel, I cannot find the “QNAP TS-253A (8GB RAM version) 2-Bay Professional-Grade Network Attached Storage, Supports 4K Playback (TS-253A-8G-US)” for sale anywhere. Is there another QNAP model you recommend that can do the job?

  19. There is sooo much good information on your site. Im glad I found it. However, much of it is over my head and Im having a hard time trying to ingest it all. I have a fairly high powered PC I am not using, a decent network (nighthawk x6s) with decent internet speeds (200/20). I want a doorbell camera (saw your review on those) and probably 2 other cameras (one flood light cam and another on my deck). Definitely want to avoid a subscription and want to use the PC for motion captures and watching live. Is that doable?

    • Hi there. Yes you can watch your PC for live viewing and as an NVR (using either the manufacturer’s software or a 3rd party software like BlueIris). Have you seen this post where I break down the various options you have?

  20. WOW,AWESOME write up. Thank you for taking the time to do this.
    I myself, am not on the market for a “plug and play” wifi/wireless/cloud based system. I want something flexible and scalable.

    Alot of the terms, I need to learn so I can configure mine correctly and I probably will have 50 more questions, but my first is in regards to smart homes. I currently have a hubitat elevation and a Lutron smart hub (lights only). Can I configure this setup to “talk” to the hubitat?

  21. The QNAP TS-253A is no longer available. Do you have a different suggestion?

  22. Nice seeing this type of article where you’re not being steered towards a particular brand of hardware or service. I’ve had Amazon cameras in my home for a couple of years and they were ok with amazons cloud service, but now that Amazon has stopped selling the cameras its just a matter of time before they stop supporting the cloud cams.

    I’m thinking I want to go PoE with wired cams for the exterior of my home, my garage, pool etc. I also would like a nice PTZ with a good 10X or better optical zoom for the back yard which faces a conservation zone. There’s always neat nature stuff out there that would be cool to look at via a phone or tablet app. I think the last time I looked into this Blue Iris was the SW I was looking into.

    • Yeah that’s the problem with cloud cameras, when the manufacturer decides to make them obsolete you are left with paperweights, not security cameras. Go local-storage local-processing. BlueIris is great if you are ok running a powerful PC 24/7 (think power consumption), otherwise a low-power NAS does the job. You can even integrate the NAS NVR with your home automation system as I have done.

  23. What if burglars steal the NAS?

  24. I am looking into a camera system for outdoor security. My internet access at home is a wireless jetpack only. Is there a system that can connect to the base station without an Ethernet cable or an hard cable ? I want the ability to view from my phone.

    Any help is appreciated.

  25. Thanks for your detailed reply. I really appreciate it. For point #4, I agree with you, we trust a device to a certain level. If tinyCAM is something people generally trust, great.

    But would you agree that using PC with blueIris to access the camera is more safe, as you can rely on your firewall to prevent that PC from accessing the internet or as BlueIris is open source, we could potentially trust more on BlueIris than tinyCam, even if the PC does have access to the internet? (yes that sacrifices convenience of using the phone and needs a dedicated PC which is more power draw).

    • Yes I agree – BlueIris on a locked-down PC isolated from the Internet is safer than an app on a mobile that has Internet access. However I want the convenience of a mobile app – so again we are back at trusting the publisher of an app. Whether it is BlueIris, tinyCAM, QNAP, Synology or somebody else.

  26. Daniel, good write up. Thank you. This provided a great guideline for what I was hoping to achieve. I have a few questions:
    1. You mentioned several other networks switches. I don’t see them used in your current setup. Are they used elsewhere? You said “The TP-Link TL-SG1008P Gigabit PoE switch that powers the cameras is required”, but also the IP cameras are “Physically they are connected to the Unifi Managed Switch which supports PoE as described earlier”. Does it mean that the only needed switch is the managed UniFi switch?
    2. Following #1, is my understanding correct that the cameras are connected to the switch to draw power via PoE, but are being streamed to your NAS wirelessly? (forgive me if this is a stupid question, I do not come from a networking background).
    3. Why IP cameras outdoors? Can I use wifi camera outdoors to save efforts of running cables, if I can get a strong signal strength?
    4. How do you prevent the android app tinyCam from dial-home, since it has access to the camera?
    5. I know the NAS is from a more reputable manufacturer, but is anything done to prevent it from dial-home, in terms of both NVR content and actual storage?
    6. I am not familiar with the OS on the NAS, but can you install other NVR software such as BlueIris or Shinobi to run cameras if desired? Such way to avoid license limitations.
    7. Can you change the NAS OS to freeNAS or some other OS? Pros and cons?

    I know it is quite a long list of questions. Thank you for your time in advance!

    • 1. You mentioned several other networks switches. I don’t see them used in your current setup. Are they used elsewhere? You said “The TP-Link TL-SG1008P Gigabit PoE switch that powers the cameras is required”, but also the IP cameras are “Physically they are connected to the Unifi Managed Switch which supports PoE as described earlier”. Does it mean that the only needed switch is the managed UniFi switch? Sorry that was a typo – text from a previous version of this post. Yes if you get a PoE managed switch, that’s the only thing you need. Of couese on the Unifi US‑8‑60W, only 4 ports are PoE. If you have more thab 4 IP cameras, you need to get another PoE switch and use that. That’s what I have done. One port on the Unifi switch goes to the TP-Link PoE switch and then all the IP cameras plug into the TP-Link.
      2. Following #1, is my understanding correct that the cameras are connected to the switch to draw power via PoE, but are being streamed to your NAS wirelessly? (forgive me if this is a stupid question, I do not come from a networking background). No 🙂 If I can get an Ethernet cable to a camera I would use that, not WI-Fi. Avoid Wi-FI wherever possible. If you look at my network map, VLAN 3 is all the wired Ethernet IP cameras. I have put an Ethernet symbol on theat VLAN to show that they are all PoE. Not Wi-Fi. VLAN5 is Wi-Fi cameras – these are powered through DC wall adaptors. No Ethernet connection at all.
      3. Why IP cameras outdoors? Can I use wifi camera outdoors to save efforts of running cables, if I can get a strong signal strength? Yes you can use WiFi cameras outdoors if you can get a powerful enough Wi-FI signal to where you are running them. Wi-Fi is not designed for 100% up-time the way an Ethernet cable can. IP cameras for security are important enough to not use Wi-Fi. Still if you cant get an Ethernet cable to a location, try Wi-Fi. A Wi-fi camera is better than no camera at all.
      4. How do you prevent the android app tinyCam from dial-home, since it has access to the camera? How do you prevent any app on your phone from taking info from your phone and sending it somewhere? What I am saying is you trust every phone on you phone to some extent. You can limit the Android permissions for any app and I suggest you do that too. The tinyCAM app is generally trusted and has been around for many years.
      5. I know the NAS is from a more reputable manufacturer, but is anything done to prevent it from dial-home, in terms of both NVR content and actual storage? Yes, I have firewall rules which prevent the NAS from accessing the Intenet. THe only thing it can do is to listen to the openVPN port.
      6. I am not familiar with the OS on the NAS, but can you install other NVR software such as BlueIris or Shinobi to run cameras if desired? Such way to avoid license limitations. “Well you can run virtual machines on it, and you can install BlueIris on it. But you need a more powerful NAS for that probably. The idea of the NAS is to avoid having a powerful power-hungry BlurIris PC.
      7. Can you change the NAS OS to freeNAS or some other OS? Pros and cons? I don’t think so.

  27. Great work, thanks do much for all the hard work and detailed content. One question, is your management VLAN on VLAN 1? How do you deal with things like Roku’s which will not allow phone app access across a different network? In addition, you must also allow VLAN3 (PoE Cams) access to your HA in order to trigger motion for automatons etc. Is this correct?



    • Thank you. What do you mean by management VLAN? If you are referring to the Unifi controller, it is running off the Cloud Key on LAN1. Not in any VLAN. I don’t have a Roku sorry so can’t comment. Yes, VLAN3 is allowed to talk to VLAN2 – by default Unifi allows all VLANs to talk to each other. You have to specifically disallow connections between VLANs using firewall rules.

  28. Im looking for an opesource software to handle the recording, and App to view my security camera through smart phone, and configure my freenas server as storage for the recorded footage.

  29. I am new to this so please bear with me. I am getting ready to move to Marco Island so I am researching a 16 camera 4K IP cams 8 inside 8 outside. Could you advise me on QNAP, NAS, NVR for the correct storage for 16 cams. The TS-253A is obsolete and I want one that’s compatible with one you have with capacity to handle 16 4K cams recording on motion activated events only.

  30. Hi Daniel,

    I just started the research process and just wanted to confirm with you that you have the Homeseer HS3 and that it only works on Linux. Is this correct?

    Thank you for sharing

    • Hi Jean, no it runs on Windows, Linux and Raspberry Pi. I run it on an Windows – I have a very old laptop that used to run Vista, installed Win 10 on it and runs HS3 like a champ.

  31. Excellent blog and post, thank you!

    Would you mind sharing some of the firewall rules you set up, please? I decided to go with a set up that is very similar to the one you posted, with a Unifi USG going to a Unifi managed switch. From there I tried setting up a VLAN for my QNAP and one for my cameras but I am having trouble figuring out firewall rules. What I tried was a drop rule from LAN IN blocking the camera group from the LAN network and two Accept rules one going each way from the NAS to the cameras and back. As soon as I implement them I cannot access my QNAP through my PC anymore, I tried taking it off of a VLAN and using its IP address for the camera rules instead but the cameras then get stuck on “Connecting”. Fairly new to networking (as in I saw your post and decided to try it!)

    Thanks again for the great post!

  32. This is super helpful. How do you connect the managed switch with the unamanaged switch? I dont see the unmanaged switch in the diagram.

    • Thanks! I assume you are referring to the VLAN3 virtual network in my diagram. I omitted the unmanaged switch to save space.

      So one network cable from the Unifi anaged switch goes into the unmanaged switch. All the IP cameras then connect to the unmanaged switch. The unmanaged switch is invisible to the Unifi managed switch. It simple sees just the IP cameras hooked up to the unmanaged switch.

      The objective here is to group all the IP cameras into one VLAN and this method helps us do this. We just have to tell the Unifi managed switch to which of its physical ports the unmanaged switch (and therefore cameras) are connected to.

  33. An observation on UPS systems. Many smaller UPS will only run on 50 or 60 HZ +_ 3 Hz. I have a standby generator that tends to run just above 63 Hz with light load and that causes some UPS units to run on battery (and not recharge) while beeping constantly. Frankly, I see no logic for such tight frequency limits but that’s how they work. I found APC Smart UPS to be more tolerant.

  34. Great blog! I’m motivated and on my way planning out rear surveillance. Need advice on installing Hikvision PTZ on corners of a 6′ masonry pool deck wall with an upper screen enclosure. Obviously, mounting on the corner of the wall is out of the question.. too low. Assuming the Cat6 is sitting at the bottom of the rear corner of the wall, what’s the best way to proceed? Thanks 😉

  35. This is the blog I hoped, dreamed and prayed for. Information so clearly laid out and well explained! I’ve been overwhelmed trying to decide on a system, especially being up against a time-constraint with all the recent break-ins happening lately around here. Being a Pro-DIY person myself, I want something that is super customizable and not lock me in. I can’t even begin to tell you how grateful I am for you doing this. I will support this page any way I can. Please keep up the excellent work sir!

  36. Hi. Brilliant site. I have bought myself a Synology DS218+. Unlike the QNAP NAS’, it only has the one Network port. Can I still do what you have done in the diagram with having the cameras and NAS on a home network accessible via VPN. The diagram makes it look as though there are 2 physical connections to the NAS. Can I achieve the same logically with the Synology NAS’ single Network port?

    • Thank you! The image was not meant to be a connection diagram but merely representational. In a network it doesn’t matter where you connect the NAS – just one network port is enough to connect it to your network switch or Wi-Fi router.

  37. Hi Daniel, fantastic insights on how to setup a robust DIY system. I am finally getting around to taking action. Two quick questions if I may – is there an easy way to setup as per your system however “write” to the cloud only when motion detected (de-risking a break-in where equipment taken) and/or write to SD cards located in the cameras – not ideal but better than nothing. Also, I’ll probably need 6/8 cameras – Beyond the cost of the software licenses for the additional channels, is your setup still recommended for these requirements? Thank you, CJ.

    • Thanks CJ!

      1) I haven’t really explored saving clips to the cloud, because my whole reason for going the local storage route is to avoid the cloud for privacy reasons. I have however separately configured all my cameras which have SD cards to also record motion detection clips.

      2) Yes my setup still works well for up to 8 cameras without any extra license costs. QNAP has released a brand new free NAS app called QNAP QVR Pro which grants you 8 IP camera channels regardless of how many channels your QNAP NAS originally came with. Here’s a rundown of QVR Pro and how it compares to QNAP’s standard Surveillance Stations software.

  38. Hi Daniel, thanks for the great information. I am considering installing my first system of exterior cameras. Already have a QNAP NAS, so will build around it, as you have done. Probably I’ll install 3 cameras. Two can readily be PoE, but one will be outside the separate garage with difficulties in ethernet wiring. So would prefer to use a WiFi camera that connects to the network through a 2.4/5 GHz range extender. Do you have any advice as to (1) whether this can be achieved? (2) best camera for the job? (3) traps for the unwary? Thanks!

  39. I’m curious as to the reason Hikvision cameras didn’t make it into your recommendations article, yet above you describe them as being asking the best for enthusiasts. I’m getting ready to put together a system similar to yours, and the Hikvision price points are very attractive. Thoughts? Thanks!

  40. I am excited to start building my own system but am having hard time picking which cameras I want to go with. Have tried searching what currently are the best ones out there. Hikvision, Reolink, Amcrest seem to pop up the most. I am looking for 4-5MP ones. Since you seem to have written this approximately 3 years ago, would you consider any new cameras today? If so, based on experience, what would you recommend today?

  41. Nice setup. I too use Homeseer HS3 but haven’t really done much with it lately as I have been too busy. I will have to take a further look at this and check into it.
    I too went the bought package (Samsung 4 cam/8 port dvr/1tb) and it works. its 2mp and I need 3 more cameras and higher res as 5mp seems to be the sweet spot today.
    Also I am using BNC so not IP cams and still my bud has his own business in installation and sales. He told me there is no reason to not go bnc as its good to 5mp and I have the cables ran. go higher and no I will have to go IP… more to come for me eventually…

    • Thanks! Yeah 5MP really ought to be enough for a long time to come I think. HD over analog BNC cables (HDCVI/HDTVI) is a decent alternative to IP cameras if you have the BNC cables wired up already because you are upgrading an older system. When power over coax eventually launches, BNC will definitely be a good alternative to PoE as it can do longer cable runs.

  42. Maybe I missed this part somewhere. I like the fact that I would record onto my own drive but at the same time if an intruder were to get in, all they have to do is take the NVR and now I have nothing. Do you have it set up to where it also backs it up to a cloud service?


    • Hi Chris, no I do not upload to the cloud – I do not require it actually because I have the QNAP NAS set to email me with snapshots.

  43. Hi Daniel,

    It appears that there are newer models of NAS on Amazon. However, I am not sure what to look for so could you please provide me the link with instructions on how to pick the NAS that can be used as an NVR and VPN server?

  44. Hello Daniel! Here Marc from the Netherlands! I love your work and will make use of it for our house!
    Can you help get all things organized? Why do you mention the IR illuminators? What should I do with them and how should they be integrated?
    And how do I arrange motion detection? Should the cameras have it as a feature? How did you organise that part?

    I love your site and thank you for all the work you put in! I hope to read your reply soon.

    Greetings Marc

    • Hey Marc, glad you liked it! The IR illuminators are used to avoid insects getting attracted to the camera lens which causes false motion detection alerts. If you want to use a NAS NVR, motion detection is actually done by the camera but this is picked up by the NAS and used to trigger actions such as recording footage or sending email alerts.

  45. Hi Daniel,
    Thank you for making this post, this has inspired me to build my own system vs purchasing a box setup. I’m hoping to start running wires in the next few weeks then put together a Amazon order of goodies! I have a few questions before I start. 1st, is your system cat5e? I have 2 spools around that I could use but want to make sure I don’t limit myself by not doing cat6. 2nd question is are the extra qnap camera licenses a yearly subscription or is it lifetime?
    3rd is are there any components you would not use and do differently from the first go- around? Again thank you for the information and inspiration that you have given so many people.

  46. Daniel,
    This write up has given me the confidence to skip over the box kits and try to mirror your setup. The information is extremely well laid out. I’m hoping to start running wires the week before Christmas and then start assembling the components. 2 questions.
    1st, is your system cat5e cable? I happen to have 2 rolls of that but don’t want to install it if it’s not sufficient. Unsure if I should just go by cat6 or if for all foreseeable uses the cat5e is enough. 2nd question, is additional camera licenses from qnap only good for 1 year and need to be renewed / purchased again or is it lifetime? Again thank you for the inspiration! I’m extremely excited to get this project started.

  47. Any thoughts on outdoor cams that can handle subzero temps? Sorry if this has already been asked. I live where it gets cold, real cold. Need to withstand the occasional -20F or -30F cold snaps. I have QNAP ts-251+ for storage, need to find the right cams.

    • Most outdoor cameras I have seen from Hikvision/Dahua are rated for subzero operation (down to -22 °F) – for example the Hikvision DS-2CD2042WD-I or the Dahua IPC-HFW1420S.

  48. Hi Danielle, you’re guides and web page has been a great source of information for me. I am curious as to where your 8 port Netgear switch is used? What do you have connected to it? I believe POE doesn’t pass through switches?
    Kind regards

    • I have the Netgear switch plugged into my ISP router just to get more ports. No PoE involved. The ISP router has only 4 ports.

  49. Hello suggestions where i should have the nas if they break into my house and steal my nas server, than you have no recordings of the thieves. Where should i have the nas or how to make a own cloud storage. Can i rent a nas on a foreign location?

  50. What HomeSeer3 plugin(s) do you use to enable the motion detection that is shown near the top of the article?

    • I don’t use any plugin. I use certain native features to let one control the other. I will be posting a detailed tutorial shortly on how to replicate this. EDIT: The how-to guide is now live here.

  51. Hi Daniel, Have you looked at what the free version of the new QNAP QVR Pro app offers? I’d be interested in hearing what you think of it and how it compares to the previous Surveillance Station app. I liked that if offered 8 free channels but was disappointed that it limits you to 14 days of history. Thanks, Mike

    • Hey Mike, I briefly looked into it but didn’t like the 14 day-only access to recordings. An additional $399 gives you the ‘gold’ license which removes that limitation and gives you 16 camera channels. I need only 4 channels, so the standard Surveillance Station app is best for me. Additional camera licenses are $50 each, so I would need to have at least 12 cameras before the $399 gold licence becomes a better financial choice. Of course having the option to go up to 16 channels in the future is also what the $399 buys you.

  52. Informative blog. Keep Sharing…!!

  53. Hi Daniel. Thanks for this information. I’m strongly considering setting up a system just as you have it. Mainly I cannot find a store bought surveillance system that gets consistently good reviews. Your use of a NAS is a godsend.

    It looks like you’ve been using the QNAP ts-253a for a couple of years now. Would you change anything? I’ve read through many of your email replys but not all. I’ll delve deeper tonight while at work.

    It looks like (email response dated back in 2016) you require about 1.5 TB of storage to keep the last 10 days worth of “film” from all 4 cameras running 24/7/365. Am I reading that correctly?

    Thank you for your work. I ran across your blog a week ago, saved it, but thought your DIY was too expensive. The more I look at store bought systems the more your system makes sense. With the NAS having much more ability than a dedicated NVR I think I can spread the costs to make much more sense financially.

    Thanks again, John

    • Hi John, thanks for dropping by! I have been using the TS-253A for over a year now and I’m very pleased with it. Instead of rigid partitions, I use the shared folders concept where each shared folder can use as much space as it wants on the 3TB WD RED hard drives I use. So I have set a limit of 1.5TB of storage in the the Surveillance Station app. This equates to around 10 days of storage. The only downside to using it as an NVR is that it doesn’t support the advanced motion detection methods of the Hikvision and Dahua cameras that are crucial for reducing false alerts. But I record 24/7 anyway, so it doesn’t bother me too much. A dedicated NVR with redundant storage is very expensive – a NAS with redundant storage can be had for a fraction of that cost (as long as you don’t need more than 4-6 cameras). If you need more than 4-6 cameras, the total cost starts rising due to the extra licence per camera model QNAP and other NAS manufacturers follow. But as you have realised, a NAS can do so much more. The TS-253A also supports one-click virtual machines, so I have set up a Linux Ubuntu virtual machine to play round with as well. I run my OpenVPN server on it, apart from using the HDMI output to view my cameras on the TV. At the moment, the TS-253A gives the best bang for your buck because of the included 4 IP camera licences.

  54. Amazing post guys. Thanks for sharing.

  55. Thank you for your post!
    So I am trying to make sense of the various versions of cameras even just on the Hikvision site.
    Maybe you can save me some time. Budget set aside, I would like to know what the best outdoor cameras are out there for residential use.
    Any recommendations?

  56. Any thoughts on using WiFi cameras to save the extra effort / $$$ of running ethernet cables…?

    • I would never recommend WiFi for your main cameras – its just not as reliable and dependable as a hard wired Ethernet cable. Most consumer routers are poor at maintaining a steady WiFi signal which is not great for your home’s security, not to mention running all your cameras on the same WiFi network is going to max out your WiFI router bandwidth and probably cause dropped frames. Use WiFi for locations you cannot run cable to.

  57. Thanks for taking the time to document your setup, I have a Qnap 453a setup with 4 dlink camera’s at a building site. Power is provided by a solar system and internet via a 4G modem. I can view my camera’s on the dlink app and vmobile while at the site, but once I leave i can view on the dlink app but not vmobile even after changing vmobile to the myqnapcloud address for the NAS.
    I can use myqnapcloud to log into the NAS and download the video files recorded on the NAS.
    I can use the VPN to access another program I have installed on the NAS but vmobile does not want to play.
    My 4G router reports a private 10.x.x.x IP from the mobile network, the noip for the NAS reports a real public IP but I am unable to access the NAS via the public IP.
    I have seen adverts for fixed public IP sim cards but they require a 24 month subscription and I am using a PAYG sim, which suits my £20 budget.
    So any advice on a cheap solution to my issue.

  58. Just started researching options for a home surveillance system and finding your blog very helpful. Thank you.

    Something I am not fully appreciating yet is why you need two switches (i.e., the Netgear and the TP-Link)? Can you not just use the PoE switch? In other words, cameras into the four PoE ports while the QNAP and Internet Router connect to two non-PoE ports (or 2 non-PoE ports for QNAP and 1 non-PoE port for Router if doing link aggregation). So the 8-port TP-Link with 4 PoE and 4 non-PoE ports should be enough…Would that work?

    Separately, I am not able to reply to the above conversation involving Dick and A.M., but I have learned that the two ports on the QNAP are intended for link aggregation. In other words, you can connect the QNAP to two of the ports in the same switch for a more robust signal (I think). Does that sound right?


  59. Hi Daniel,
    Very useful post. But it’s not clear: your home wifi is provided by the ISP router? Is it “in” the VPN? I mean if you browse in your phone (through your home wifi) is it safe or it’s like using a public wifi (because the router is out of the VPN)? Or you always connent via openVPN client? Thanks!

  60. To be obnoxious and anal retentive, CC stands for Closed Circuit and IP cameras are not what is meant by Closed Circuit, so an IP security system is not a CCTV system. Admittedly many people won’t care but it is confusing to those of us suffering from excess pedantism. LOL

    • Thanks for commenting. I do care and doesn’t closed circuit only mean that it is not publicly broadcast. The technology used to form the ‘circuit’ whether it is VHS, analog, or digital IP is irrelevant, isn’t it? And if you look at my circuit it is not broadcast outside my home network. Technically since I use a VPN to connect to my home network from outside, my external device becomes part of the internal network (closed circuit). But I think we should also agree that the term closed circuit was created for an analog world where there was no Internet. CCTV is just that these days, an abbreviation for anything that is used for surveillance, even if it is broadcast to a command center (police control room for example)!

  61. Hi,

    Surveillance Station will cost me $480 for my additional cams and QVR Pro is still Beta but I am using it. It supports 64 cams and license is valid till year end. I believe renewal will cost the same as well so what I have done was used Virtualization Station and created a VM that runs Windows 7 and can access my cams, in order to install a free application that is enabled to record to NAS. I am ready to replace the Windows VM with Ubuntu if that kind of application is not available on Windows. Unfortunately Zoneminder does not support Windows. Blueiris is expensive as well. Does anyone know of such an app on any platform?

  62. Hi Daniel

    fantastic – I have been struggling with this problem for several days and you may just have solved it. I’ve taken a look at the Vera and other alternatives that popped up on Amazon when I selected it. Looks like the Vera is compatible with more devices than either the Samsung Smartthing or Apple home. Thanks for the link to the blog post – I need to digest the material – I have no experience of home automation so this is all new. As far as I can see, Vera is able to control the camera for motion detection, send an alert and specify where the recording will restored. Is that correct? The Smartthings by comparison appears to only offer the option of storing recordings in their cloud – for which a subscription is required (I tend to want to avoid storing videos on 3rd party servers in the cloud for security reasons – and would prefer a solution that does not involve paying monthly fees.
    Anyhow – many thanks for the tip – I will explore further



  63. Hi Daniel

    Interesting write up, thanks. I have the same setup with a synology NAS and an assortment of Foscam up cameras, which works fine, up to a point, and here is my question. The problem is the system is always on, because it’s not practical to go into the NAS and enable or disable every time I leave the house or return. Have you found any way of arming/disarming the system with a key ring type clicker/controller or rfid tags?
    I have searched widely for such a solution but without success – which leaves me with a surveillance setup but not a security alarm. Hence I am not able to use SMS notifications etc

    • Hi Giles,

      Thanks. I don’t think the NAS out of the box has a feature whereby you can arm or disarm Surveillance Station. However you can use a home automation controller such as the one I use, the Vera Plus, to put individual cameras into arm/disarm mode. This effectively lets you control the QNAP NAS’ behaviour. One of my readers has made it work and has written about it in the comments on this post.

      Kind regards,

  64. Did you need to do anything to connect your PoE switch to the rear of the NAS? My cameras don’t show up if it’s connected there.

    • Hi,

      All the cameras just need to be on the same network as the NAS. The PoE switch should be directly or indirectly connected to the NAS (via another router/switch). Is the NAS otherwise accessible – are you able to access the NAS management page from your PC? Also if your NAS has more than one network port, make sure you are using the right one. My QNAP TS-231+ has two ethernet ports, I only use the first one and this has to be selected in QNAP Surveillance Station. You can use the second NAS ethernet port exclusively for surveillance station but its a bit trickier to pull off.

      The only other thing I can think of is – are you using a managed or unmanaged PoE switch? If unmanaged, its plug and play. If its managed, you may have to configure it.

      Also are your cameras individually accessible from your PC?

      Kind regards,

      • Hi Daniel. I have the two cameras attached via an unmanaged PoE switch. They appear promptly in SADPTool and can be accessed via the browser if that switch is connected to my main Netgear (as you’d expect) but not if it’s in the back of the QNAP, which has four RJ45 ports to choose from. The camera models are not supported by Surveillance Station yet, but I had hoped to at least be able to access them.

        • Connecting the PoE switch to the main Netgear works just fine, but I had hoped to use that cable (there will only be two going to the NAS) for trunking and connect the cameras via Ethernet3/4.

          I did find this, but I’ve not had the NAS five minutes 🙂

          Thank you for all your comments.

        • I see the problem now, A.M is right – my network map was not intended to show the actual connections, but I will correct it to make it reflect the actual connections. My PoE switch is not connected to the NAS – it is connected to the ISP modem/router. If you have put the NAS in between your main Netgear PoE switch and your other router, it explains the problems you have been seeing. The NAS cannot pass through the camera traffic to the rest of your network.

          So if you want the cameras to be accessible throughout the network, don’t put their PoE switch behind the NAS (don’t connect them directly to the NAS): Cameras -> PoE switch -> main Netgear switch <- NAS. Your main Netgear switch then acts like the central hub. Now you will be able to access your cameras from the desktop or from your phones etc. In my case my ISP router is the central hub (more for convenience than anything else).

        • If I understood correctly, you’re connecting your unmanaged PoE switch to your QNAP (and NOT to your main netgear) and then you’re unable to access your cameras directly from the browser on your desktop?

          Which QNAP model do you have? On my TS-251, I don’t think the QNAP will bridge network packets from one RJ45 to another by default, and I’m not sure if it’s possible to configure it to do so. If you want to be able to get to your cameras directly from your desktop, you probably need to also connect your PoE switch to your main netgear.

          Connecting your PoE switch directly to the QNAP only allows surveillance station on the QNAP to retrieve video from your cameras, and only if you have the second port on the QNAP set up correctly (e.g. You’ll need to have static IP addresses on the cameras, or need the QNAP to run a dhcp server serving that port.) In the configuration you have, you would presumably be able to view video that the QNAP has retrieved, but you won’t be able to connect directly from your desktop to your cameras. That sort of configuration can be a good thing, as it also prevents your cameras from talking to the outside world but it’s more complicated to set up, as Daniel mentioned.

          I think what you want is that your QNAP and your cameras should all be plugged into some switch that is also connected to your main netgear. Based on what Daniel said, I suspect this is what he has too, although the diagram in the article makes it look as if he has one cable from the switch to the QNAP, and another from the QNAP to the router.

  65. Very relieved that I found this. I am about to add a pair of Hikvision DS-2CD2145F-IS to my QNAP TS-531P and it never occurred to me that I might not be able to connect the PoE switch direct to the NAS – I just assumed it would work.

    The VPN approach is interesting too. My ISP has extremely long lease times on IPs so they very rarely change, but never say never.

  66. Hi Daniel,

    I own an older Avertx system. It has its faults. It fails a during searches. I bought a new model and its crashing all the time. Avertx is aware of the problem and I am waiting for a firmware update. I am considering building my own because the original unit was never rock solid. I would really hate to buy new cameras. The Avertx ones are mounted on the house and they are really very nice. They are 2 megapixels with night vision and they are POE. Do you think I keep these cameras and still build they rest of the system you have?



  67. Last night I was able to get vmobile to connect while my mobile was attached direct to the network via WIFI. When I turn WIFI off and use cell data (LTE and/or 4G), the connection method is via and vmobile will not connect. All the other QNAP apps work using the cloud connect, but vmobile does not.

    So – to get around that, I need to setup VPN sever and VPN client so the mobile thinks it is on a direct connect (via the virtual connect rather than the cloud connect). I’m hoping vmobile will then work on the VPN connect.

    I am stuck on getting all the parameters set for VPN server, and then I need to get the VPN client configured.

    I’ve been reading up on UPnP as another way to use as the connection method (by enabling UPnP Port Forwarding). But, the myQNAPcloud utility on QTS 4.2.2 indicates it can’t find a UPnP router on the network, even though I can see that I have UPnP and NAT enabled on the router. So – I’ve missed something somewhere.

    Also – I’ve read that using the UPnP Port Forwarding is not that secure…

    • Hi,

      I will put together a step by step guide when I get time. With the year end approaching I have not been getting enough time to blog!

      I dislike both cloud and uPNP, but uPNP is far more dangerous than using the QNAP cloud. The reason is that uPNP for never intended to be used on external networks such as the Internet. I keep it disabled on my router and all devices that support it. uPNP is how insecure or compromised(hacked) devices can ‘dial home’ to their manufacturer or even used by hackers to spy on you.

      QNAP cloud – I never tried it because the QNAP openVPN server has been flawless and is very very fast. There is no middleman – my phone connects directly to my home network. Also by just using one app (openVPN client), my phone then is literally inside my home network – I can do everything as if I am am at home, plus all my internet traffic is routed over my home router (not public Wifi for example). I recommend using only the openVPN protocol because all other VPN protocols have been compromised by various governments and so safe to assume hackers as well. The official QNAP documentation is very good and should help with configuring the openVPN server. Some tips – default settings should be good, except under advanced settings use UDP (not TCP) and a random port (not 1194). Then get a dynamic DNS for your home router ( is free, paid ones also exist). Then port forward that specific UDP port from router to NAS. Then download the QNAP configuration file and open it with the official openVPN client app, enter your dynamic DNS settings and login details and off you go. That’s about the gist of it.


      • Thanks for the additional insights.

        I too have now disabled the myQNAPcloud services, except for the myQNAPcloud DDNS service. I believe is serves the same purpose as Every 15 min the myQNAPcloud DDNS service checks the WAN IP and if it sees a change, it updates the WAN IP associated with (where xxxxxx is the name I selected for my NAS). This allows me to use “” as the server IP in the OpenVPN profile.

        I had some other challenges getting the OpenVPN client to work on my devices. Some key points for setting up on the mobile devices (applies to iOS and Android):

        Go to Settings for OpenVPN and change Protocol to UDP (it defaults to TCP); enable “Force AES-CBC ciphersuites”.

        Both of those items took a while for me to figure out. Once set, OpenVPN connects flawlessly.

        I also have the OpenVPN client running and working a couple of laptops. That setup was very easy.

        Thanks again for your comments and insight.

  68. Daniel
    Based on the great info you have been providing, I recently purchased a system (QNAP TS-231+, TP-Link TL-SG1008P, one Hikvision DS-2CD2T42WD-I5(4MM), and two Amcrest ProHD 1080P POE PTZ (IP2M-841EB))

    So far, things are setting up nicely…except OpenVPN and Vmobile (QNAP’s mobile surveilance streaming app).

    I have setup myQNAPcloud and can access Qmanager/Qfile/Qget/Qvideo/etc. But, Vmobile just returns a connect error. So, I started working on VPN server, thinking that will help me find a mobile app (I have iOS devices, so tinyCam Monitor Pro is not an option).

    Have you considered writing a “how to” article on setting up OpenVPN server and configuring the mobile OpenVPN client?

    And have you had any success getting Vmobile to connect? (If so, that would be another great article for us who are trying to self teach this stuff.)


    • Hi Nathan,

      Glad to hear your setup is up and running. I love the VPN server feature and use it every day at work to check in on my cameras. Yes I have considered writing a how-to on setting up VPN access – its not difficult but has quite a few steps including the DDNS setup. I will put up a post shortly on how to do this.

      Yes Vmobile works for me, while it was not a beautiful app by any means, it is functional.

      Is there a particular step that you are stuck at?


  69. Thanks for your responses and information. I have done the research for a good camera system and from what I gathered, Hikvision is that step above the average consumer system you see in local retailers, without breaking the bank. Your write up here goes along way. I’ll be looking forward to future blogs.

    • Thanks and you summed it up well. Hikvision is a brand that is targeted primarily at businesses and white-labelers, not homeowners. But their stuff is worth the extra money – you can pick and choose very high resolution cameras and at the same time not be tied to a particular brand for example. The mainstream market has always a year or so behind Hikvision in the past but the gap is narrowing. For a few years there were no retail brands that could do 3 megapixels for example, but now you have Reolink with 4MP capable cameras.

  70. Are there any performance difference between hikvision’s nvr vs a nas? With the nas doing other data processes, will quality suffer?

  71. Hi Daniel, I have been looking for a system that is exactly like your setup. However, I fear that I do not have the technical knowledge to correctly configure my own system and it will end up in a box in the closet. Do you have a recommended pre-package, plug and play, system that meets most of your requirements? Or would you recommend I hire someone to setup a similar system.
    Thank you for your time.

    • Hi Nick,

      I haven’t yet come across an off-the-shelf system that can do everything my setup can do. I would suggest asking a professional installer to give you a quote for a Hikvision based system – once it is installed and set up, its a doddle to use and very reliable. My uncle went this route and he is very happy with it, even though he is not at all tech-savvy.

      If however you are happy to go with a less powerful system in terms of advanced motion detection etc., I would recommend an Amcrest 3-Megapixel NVR system like this one.


  72. Hello
    First of all – good blog!
    Did you have contact with Hikvision cammeras from china (in example bought from aliexpress)?
    I’ve got one and there is a problem with recording on NAS


    • Hi Adam,

      Thanks for the kind words. Yes in fact my first Hikvision was a 2032-I China model from aliexpress. I successfully got it to record to my QNAP NAS. The trick was to give it its own volume, with its own user. Otherwise the Hikvision refused to recognise the NAS as a valid network location.

      Hope this works.


  73. Good blog Daniel.
    My setup is going to be exactly the same as yours because I have a
    Qnap and it is easy to just buy and setup the cameras.
    Although the footage can be accessed from phone apps and a computer, I want to see the live view on my TV.
    Do you have it setup that way or do you know how?
    Thank you

    P.S. Do you think an android box will work?

    • Hi,

      Thanks! If your QNAP has an HDMI port, yes you can view the Live View on a TV. Mine doesn’t so I can’t see it on the TV. And yes an android TV box with tinyCam monitor Pro on it should work. Actually it is next on my purchase list – I am researching the various models right now.


  74. Daniel – I have a setup quite similar to yours – QNAP TS470 with twin Seagate 2TB drives set up as Raid 1. I have 4 cameras (a mix of Panasonic and D-Link units). I have set the cameras to record. How do I get the QNAP system to send me an email alert (and a jpeg) when an alert is triggered. The Panasonic cameras can trigger on sound, motion or infra-red. I used to run Blue Iris on Windows and am looking for a similar alert capability? Any ideas or clues or tips? We live on an acreage and are away often so security is an ongoing concern. Thanks loads. Ron

    • Hi Ron,

      You can make the QNAP Surveillance Station send you email alerts with snapshots – however its far from straight forward and depends on how well your cameras are supported by QNAP. I have spent a lot of time trying to make it work the way I want, and this is what I learnt:

      When you add a camera and turn on motion detection alerts as described here under the “Configure Alarm Recording on the QNAP NAS” section, the NAS will login to your cameras and attempt to set up motion detection rules in the camera. Then when the camera sends an alert according to the rules defined by the NAS, Surveillance Station will receive them and then respond accordingly (start recording, put an event marker on the timeline, send email snapshot, send an SMS alert etc.).

      So the first key point is that your QNAP NAS actually doesn’t do any motion detection, it relies on the camera to do it. So you wont find any configuration options for those rules in your NAS – you will find it in your cacmera settings. This method is smart because your camera will usually have more advanced motion detection methods such as line detection, intrusion detection, PIR motion sensors etc to which the NAS can theoretically respond. I say theoretically because there is a downside – the NAS’s ability to respond to those alerts depends on how well QNAP supports your specific camera make and model. For eg. I have Hikvision cameras. The NAS will not respond to any motion detection alert other than the basic motion detection. So it ignores the line detection and intrusion detection alerts that I love because it cuts down false alerts massively.

      So then, assuming your camera is supported by QNAP partially/fully, how can you control the motion detection rules? First activate the motion detection rules in Surveillance Station for each camera. Then login to each camera and fine tune the rules, for example you can change the detection area.

      What have I done? I decided QNAP ignoring the Hikvision’s advanced motion detection rules is not something I can live with. So I set up my cameras to send me motion detection emails instead of the NAS. The NAS records 24/7 on a cycle of 10 days.

      Hopefully QNAP supports your cameras fully and you find that the NAS recognises all motion detection triggers (sound, motion, PIR infrared). Hope this helps.


  75. Thanks!

    So what happens when the share of 1TB is full? Do you manually need to clean it up or do the software handle to storage period?

    Do you evaluate any other nas survalliance softwares? Like the synologies.

    • No, the NAS will automatically overwrite the oldest footage and continue recording on a loop. So you will always have the last X days of footage, depending on the size of the recordings share, quality settings etc.

  76. Thanks for a great blog!

    – Are you happy with the qnap survaliance software? Fully functional?

    – Can you set the system to aut. Keep 10 days of storage so so don’t require manual clean ups?

    – How easy is it to go back in time to look at old clips?


    • Hi Kristian,

      Thanks and I hope you found the posts useful. I really like the QNAP software because its stable and simply works. One thing I dont like however is that it is very slow to export clips if I ever need to do so. Its much faster to just browse to the share where the recordings are and just copy the file I need.

      Yes, the share I use for the QNAP surveillance centre is set to a limit of 1TB (on a 3TB drive). This is good for 10 days of storage for each camera running 24/7 @ 1080p, 6Mbps bitrate and 10fps.

      I use QNAP’s PC surveillance software to live view and review footage. Its a good piece of software and scrubbing through video is quick and efficient. I dont use the web interface although that’s pretty decent too. I recently upgraded the NAS to QTS 4.2 and am now testing the new surveillance centre app version.

      There is also a mobile app for surveillance centre – its not very polished but gets the job done.

      Do let me know what else you would like to see on the blog – I am looking for content ideas!


  77. Hi Daniel.

    Awesome site and thanks for sharing your config. It helped answer some of the things I had been researching. Wished I had found your site sooner than later as it would have save me a lot of time.

    You mentioned you record video 24x7x365 and it retains for a week. I’m sure you’ve considered it, but what are your thoughts on pro’s and con’s of recording motion only instead of record everything?

    Initially, without knowing the con’s, I’d think your retention could go up at a minimum 3 weeks.

    Thoughts and thank you again.

    • Hi Steve,

      Thank you and glad that I could help. I have not been posting much lately due to our first baby but I will soon start updating the blog more often. In fact he is helping me type this reply 🙂

      Great question about video storage – I would say it mostly comes down to 3 reasons – personal preference, how motion detection works and the risk.
      1. Personal preference – I started out recording just motion detection clips to my NAS NVR, just as I do on the Hikvisions with SD cards inside. But sometimes I felt like I wanted to see a bit more of what happened before and after the motion detection event. An example – I sometimes get people ringing the doorbell and walking away. Now the Hikvision cameras record 30 seconds before and after the motion trigger. In the unlikely case that it is a burglar casing my house, I would like to know whether he came in a car, what colour the car was, hopefully a plate, and where he parked. With the 30 sec pre and post record, I may or may not get all of these details. But with the NAS recording 24/7, if I want more details than just the pre and post record images sent to me by the Hikvisions by email alert, I can log into the NAS and check out the full video. I am happy with the last 10 days of recording on the NAS for now (1.5 TB space allocated), but I can easily up it to 20-30 days by getting a bigger hard drive.

      2. How motion detection recording works – Since the NAS provides a pre-recording feature, it means that it is actually recording everything it is receiving from the camera, holding on to it for the duration of the pre-record (1 min in our example) in case motion is detected. If there is no alert it has no reason to save the clip and it deletes it. This happens on a rolling basis. My only concern with 24/7 recording was that I would wear out the hard drive quicker – but then if it is in any case recording everything for the pre-recording feature, I cannot do any more harm by recording 24/7. Hope this reasoning makes sense!

      3. Risk – If for some reason, the motion detection didn’t trigger, there is a risk that I may miss important footage. A small risk but worth considering anyhow.

      These are my thoughts on the matter 🙂


  78. Hi Daniel,
    Great stuff and exactly what I was looking for. Has helped immensely.
    Did you have to buy additional camera licenses for use with the QNAP? (I’ve only had experience with Synology and they only let you connect 2 cameras for free, additional cameras require a license)
    Also, can you record the cameras to the NAS without the need of an SD card?

    • Hi Scott,

      Thank you! I have only two cameras connected to the NAS so the included 2 licenses are fine for me.
      Yes, you can record the camera streams without an SD card in the camera. Any RTSP stream from an ONVIF compliant camera can be recorded by the QNAP NAS.


  79. Hi Daniel,
    Great site and thanks for sharing your setup. I’m actually looking at a similar setup.
    Due to time constraints, I may choose to go first with a NVR and later switch (or add) either a NAS or PC running something like BlueIris or ZoneMinder (I have no experience on them, my comments are only based on internet research).
    Ideally what I wish I could do is not only have a local storage for footage but also an offline (ie cloud) storage solution. But given the cost, I would only store the footage triggered by an alert, not the regular footage. Ideally I would send it to something like tarsnap as it’s easy to do from the manage/automate from the command line.
    The question is then : do NAS or solutions like blueiris allow me to copy specific files only (different name or different folder for alert triggered footage) ? I suppose this is not a solution with an NVR unless an NVR can be accessed via ftp/scp.

    • Hi JF,

      Thanks for your kind comments. With my NAS I can access the actual recorded video files and copy them over. With the NVR, I would think this is not very straight forward, but I have not tried it.


      • if you were to build this today, would you use the dream machine pro instead of the individual components like you did here?

        What is the difference between running HS3 on a laptop vs using one of HS home troller or home troller pro hubs? Could you run the HS3 off a laptop and use the samsung smartthings hub?

        • The UDM & UDM Pro do support VLANs and port tagging, so it may be a viable option but I haven’t tried it myself. The main reason I went Unifi was to not be reliant on a small part of my all-in-one router failing and then having to junk the whole thing. So I still wouldn’t buy an all-in-one box like the UDM. If the switch of the UDM dies, you will have to throw away the whole UDM. Whereas in my case, my network would still be chugging along fine, and I would just have to replace the Unifi switch that failed.

          > What is the difference between running HS3 on a laptop vs using one of HS home troller or home troller pro hubs?
          No difference other than that I can use the laptop for other things and have HS3 interface with them if I need to.

          > Could you run the HS3 off a laptop and use the Samsung SmartThings hub?
          Why do you need 2 different smart home controllers in the same home? If you have a need for it of course but bear in mind HS3 cannot run the SmartThings hardware.

    Leave a reply

    Compare items
    • Total (0)