Skip to content

Blocking TP-Link Tapo Camera from Internet While Retaining Local Stream

Step 1: Set Up the Tapo Camera Normally

  1. Install the Tapo App on your mobile device.
  2. Connect your Tapo Camera to your Wi-Fi using the app.
  3. Create a Tapo Account and link it to your camera.
  4. Verify that the camera is working correctly via the Tapo App.

Step 2: Identify Camera's Local IP Address

Once the camera is connected to your network: 1. Open the Tapo App. 2. Navigate to Device Details to find your camera’s local IP address (e.g., 192.168.1.100). 3. Note this IP address, as it will be used for blocking internet access and setting up local streaming.

Step 3: Block Internet Access to the Camera

  1. In your router’s firewall settings, create a rule:
  2. Block all outbound traffic for the camera’s IP address.
  3. This prevents the camera from accessing the internet while keeping it accessible on your LAN.
  4. Apply the rule and save changes.
  5. Restart the router if needed.

Step 4: Enable RTSP Stream

Tapo cameras use RTSP (Real-Time Streaming Protocol) for local streaming. To retrieve the RTSP URL: 1. Open the Tapo App. 2. Navigate to Camera Settings > Advanced Settings. 3. Under Advanced Settings, select Create Account and set a device username and password for RTSP access. 4. The RTSP stream URL should be in the format: 

rtsp://<username>:<password>@<camera-ip>:554/stream1
Example: 
rtsp://admin:mypassword@192.168.1.100:554/stream1

Step 5: Set Up go2rtc for RTSP Proxy (via Docker)

go2rtc is an efficient RTSP proxy that improves camera streaming performance.

1. Run go2rtc in Docker

docker run -d \
  --name go2rtc \
  --restart unless-stopped \
  -p 1984:1984 \
  -p 8554:8554 \
  -p 8555:8555 \
  -v $(pwd)/go2rtc.yaml:/config/go2rtc.yaml \
  alexxit/go2rtc

2. Configure go2rtc

Edit the go2rtc.yaml configuration file: 

streams:
  tapo_camera: rtsp://admin:mypassword@192.168.1.100:554/stream1
  tapo_camera_low: rtsp://admin:mypassword@192.168.1.100:554/stream2

3. Restart go2rtc to Apply Changes

docker restart go2rtc

Step 6: Access the Stream Locally

Once go2rtc is running, you no longer need to use the RTSP URL directly. Instead, you can access your Tapo Camera's stream via: - RTSP Proxy: rtsp://<host-ip>:8554/tapo_camera - Web Interface: http://<host-ip>:1984

Conclusion

With this setup: - The Tapo Camera is blocked from internet access, ensuring privacy. - You can still access the live stream locally. - Using go2rtc allows for better streaming performance without the 2-stream limitation of the camera. - You no longer need to use the direct RTSP URL outside of go2rtc.

This setup keeps your Tapo Camera fully functional on your local network while preventing unwanted internet access.