go2rtc
go2rtc copied to clipboard
AlexxIT
Dahua and Tapo cameras: two-way not working for Frigate and HA
I have Tapo and Dahua cameras. I set them up with Frigate based upon their documentation. However, two-way communication doesn't work at all. Dahua shows the mic icon but doesn't transmit. Tapo doesn't even show the mic icon. I am using HTTPS. They referred me here and I've been tinkering ever since.
- Block domains n-device-api.tplinkcloud.com and security.iot.i.tplinknbu.com
@mofman thank you for the info. Blocked and configured with tapo://.. TAPO C120 now works with 2-way audio in Home Assistant.
@mofman and @rici44 would you be kind enough to provide Frigate go2rtc and camera configs, and maybe any card configuration data from HA?
Anyone else with thoughts I'd be grateful.
This is what I got going currently:
Frigate
go2rtc:
streams:
garage: # Dahua camera
- rtsp://admin:[email protected]:554/cam/realmonitor?channel=1&subtype=0#backchannel=0
- rtsp://admin:[email protected]:554/cam/realmonitor?channel=1&subtype=0
garage_sub: # Dahua camera
- rtsp://admin:[email protected]:554/cam/realmonitor?channel=1&subtype=2#backchannel=0
- rtsp://admin:[email protected]:554/cam/realmonitor?channel=1&subtype=2
kitchen: # Tapo C120
- ffmpeg:rtsp://tapocam:[email protected]:554/stream1#audio=aac#video=copy
- tapo://[email protected]
kitchen_sub: # Tapo C120
- ffmpeg:rtsp://tapocam:[email protected]:554/stream2#audio=aac#video=copy
- tapo://[email protected]
cameras:
garage:
....
ffmpeg:
output_args:
record: preset-record-generic-audio-aac
inputs:
- path:
rtsp://admin:[email protected]:554/cam/realmonitor?channel=1&subtype=0
input_args: preset-rtsp-restream
roles:
- record
- path:
rtsp://admin:[email protected]:554/cam/realmonitor?channel=1&subtype=2
input_args: preset-rtsp-restream
roles:
- detect
- audio
hwaccel_args: preset-vaapi
....
kitchen:
....
ffmpeg:
output_args:
record: preset-record-generic-audio-copy
inputs:
- path: rtsp://tapocam:[email protected]:554/stream2
roles:
- detect
input_args: preset-rtsp-restream-low-latency
- path: rtsp://127.0.0.1:8554/kitchen
input_args: preset-rtsp-restream
roles:
- record
- audio
# hwaccel_args: preset-vaapi
live:
stream_name: kitchen
....
Home Assistant Card:
type: grid
cards:
- type: custom:frigate-card
cameras:
- camera_entity: camera.kitchen_2
go2rtc:
modes: []
webrtc_card: {}
live_provider: go2rtc
view:
update_force: true
update_seconds: 0
menu:
buttons:
mute:
enabled: true
play:
enabled: true
microphone:
enabled: true
type: momentary
alignment: matching
style: overlay
live:
preload: true
controls:
thumbnails:
media: clips
auto_play: all
auto_mute: all
microphone:
always_connected: true
media_viewer:
auto_mute: never
controls:
next_previous: {}
image:
mode: camera
type: custom:frigate-card
cameras:
- camera_entity: camera.garage
live_provider: auto
go2rtc:
modes:
- webrtc
image:
refresh_seconds: 2
view:
default: image
camera_select: live
update_seconds: 2
image:
mode: camera
refresh_seconds: 2
performance:
profile: low
dimensions:
aspect_ratio_mode: dynamic
Showing you the part of the config which need to get right,
you need admin: and your tapo account password sha256 hashed in upper case (the password you use to login to tapo services)
your ffmpeg line is wrong too
go2rtc:
streams:
Kitchen:
- tapo://admin:XXXB3B88C3CA41847092362896109AC1EA681A2E82ED40BFD25C8E25EEFDFXXX@192.168.0.240
- ffmpeg:Kitchen#audio=aac#audio=opus
Showing you the part of the config which need to get right,
you need admin: and your tapo account password sha256 hashed in upper case
your ffmpeg line is wrong too
go2rtc: streams: Kitchen: - tapo://admin:XXXB3B88C3CA41847092362896109AC1EA681A2E82ED40BFD25C8E25EEFDFXXX@192.168.0.240 - ffmpeg:Kitchen#audio=aac#audio=opus
Thanks, I'll tweak that. How do you have the URL for the actual cameras?
@derekcentrico For this setup I use only go2rtc and Custom: WebRTC Camera card in HA
go2rtc config
cam4:
- tapo://admin:[email protected]
Custom: WebRTC Camera
type: custom:webrtc-camera
streams:
- url: cam4
mode: webrtc
media: video,audio,microphone
You mean the ip address?
@mofman Like the camera section in Frigate config.
cameras:
kitchen:
....
ffmpeg:
output_args:
record: preset-record-generic-audio-copy
inputs:
- path: rtsp://tapocam:[email protected]:554/stream2
roles:
- detect
input_args: preset-rtsp-restream-low-latency
- path: rtsp://127.0.0.1:8554/kitchen
input_args: preset-rtsp-restream
go2rtc:
streams:
Kitchen:
- tapo://admin:XXXB3B88C3CA41847092362896109AC1EA681A2E82ED40BFD25C8E25EEFDFXXX@192.168.0.240
- ffmpeg:Kitchen#audio=aac#audio=opus
cameras:
Kitchen:
ffmpeg:
inputs:
- path: rtsp://127.0.0.1:8554/Kitchen
roles:
- detect
output_args:
record: preset-record-generic-audio-aac
detect:
enabled: true
objects:
track:
- person
- cat
- dog
motion:
mask: 0,0.046,0.359,0.047,0.358,0,0,0.002
Assuming its running on the location and the dafault port, use rtsp://127.0.0.1:8554/Kitchen - keep the name the same.
@mofman and @rici44 thank you both.
I revised my cameras. Oddly, I get this error when using the go2rtc URL for the camera:
rtsp://127.0.0.1:8554/kitchen: Invalid data found when processing input
Cloud password is the password that goes to the Tapo app, correct? I tried that one and the tapocam:password from the RTSP setup just for kicks. No go.
2024-11-15 17:56:35.141980187 [2024-11-15 17:56:35] frigate.video ERROR : portable: Unable to read frames from ffmpeg process.
2024-11-15 17:56:35.142058459 [2024-11-15 17:56:35] frigate.video ERROR : portable: ffmpeg process is not running. exiting capture thread...
2024-11-15 17:56:35.157629698 17:56:35.157 WRN [rtsp] error="streams: 401 Unauthorized, exec: rtsp://127.0.0.1:8554/kitchen?audio: Invalid data found when processsing input\n" stream=kitchen
2024-11-15 17:56:35.243087508 [2024-11-15 17:56:35] audio.kitchen ERROR : ffmpeg process is not running, restarting...
I have firmware 1.1.3 flashed to it, using the very last release of 1.1.3 available as a bin.
Did y'all have an issue with a password or anything?
LOL now I get "2024-11-15 18:31:15.077453990 18:31:15.077 WRN [rtsp] error="streams: Expected StatusCode to be 401, received 200, exec: rtsp://127.0.0.1:8554/kitchen?video&audio: Invalid data found when processing input\n" stream=portable" using "Tapo_C120v1_en_1.1.3_Build_230930_Rel.56236n_up_boot-signed_1697192563556.bin" instead of "Tapo_C120v1_en_1.1.3_Build_230930_Rel.56236n_up_boot-signed_1697194362284.bin"
Did you block the domains I suggested?
Yeah I blocked them via pihole.
My firewalla shows only one domain it's hitting, 5 times. aps1-relay-dcipc-beta.i.tplinknbu.com
Are you familiar with python?
If so
Can you try this code, install pytapo via pip then create the script below replacing with your values and let me know what your response is when you run it
pip3 install pytapo
from pytapo import Tapo
user = "admin" # leave this variable as 'admin'
password = "XXXXXXXXX" # password for your **tapo account** in plain text (not hashed)
host = "192.168.0.1" # ip of the camera, example: 192.168.1.52
tapo = Tapo(host, user, password)
print(tapo.getBasicInfo())
@mofman Sure, so here is the resulting matter:
Traceback (most recent call last):
File "/home/derek/Desktop/pytest", line 7, in <module>
tapo = Tapo(host, user, password)
File "/home/derek/.local/lib/python3.10/site-packages/pytapo/__init__.py", line 86, in __init__
self.basicInfo = self.getBasicInfo()
File "/home/derek/.local/lib/python3.10/site-packages/pytapo/__init__.py", line 1091, in getBasicInfo
return self.executeFunction(
File "/home/derek/.local/lib/python3.10/site-packages/pytapo/__init__.py", line 491, in executeFunction
data = self.performRequest(
File "/home/derek/.local/lib/python3.10/site-packages/pytapo/__init__.py", line 532, in performRequest
self.ensureAuthenticated()
File "/home/derek/.local/lib/python3.10/site-packages/pytapo/__init__.py", line 108, in ensureAuthenticated
return self.refreshStok()
File "/home/derek/.local/lib/python3.10/site-packages/pytapo/__init__.py", line 418, in refreshStok
return self.refreshStok(loginRetryCount)
File "/home/derek/.local/lib/python3.10/site-packages/pytapo/__init__.py", line 418, in refreshStok
return self.refreshStok(loginRetryCount)
File "/home/derek/.local/lib/python3.10/site-packages/pytapo/__init__.py", line 423, in refreshStok
raise Exception("Invalid authentication data")
Exception: Invalid authentication data
Seems like I'm stuck in what the other issue thread is about. Hoping @rici44 sends me the blob filename for 1.2.2 so I can download/flash it. 🥇
1.2.2 is just the latest version available from the app,
Go through this checklist
- [ ] Block domains using pihole
- [ ] Factory reset camera
- [ ] Test using python script, ensure you are using admin and your tapo account password (not password for device)
Domains blocked. No flows are going through to any of those domains.
Py script started giving results after factory reset:
{'device_info': {'basic_info': {'device_type': 'SMART.IPCAMERA', 'device_info': 'C120 1.0 IPC', 'features': 3, 'barcode': '', 'device_model': 'C120', 'sw_version': '1.1.3 Build 230930 Rel.56236n', 'device_name': 'C120 1.0', 'hw_version': '1.0', 'device_alias': 'portable', 'mobile_access': '0', 'mac': '20-23-51-0F-3E-87', 'dev_id': '80217D748F6B96A0F9EA4CF5B1BE329722B9C457', 'hw_id': 'F0F676D5F47CAFF56B203949B1FAC42C', 'oem_id': 'CDE31B10524EC3E6E74A09A9D7B57FD8', 'hw_desc': '00000000000000000000000000000000', 'manufacturer_name': 'TP-LINK', 'region': 'US', 'ffs': False, 'is_cal': True, 'avatar': 'Cat tree', 'has_set_location_info': 1, 'longitude': -773812, 'latitude': 389611}}}
I tried the tapo:// combinations of plain text password, admin:MD5 and admin:shasum256. None work. Generated those using the same password used in the py script.
You're really close now that you're successfuly getting authenticated. Try all these combos below, you can try them all at once.
Then go to your go2rtc web client and see if it creates any producers http://192.168.0.XXX:1984/
Kitchen:
- tapo://[email protected] #plaintext
- tapo://XXXX3B88C3CA41847092362896109AC1EA681A2E82ED40BFD25C8E25EEFXXXX4@192.168.0.195 #sha256 UPPERCASE
- tapo://[email protected] #md5 UPPERCASE
- tapo://admin:XXXX3B88C3CA41847092362896109AC1EA681A2E82ED40BFD25C8E25EEFXXXX4@192.168.0.195 #admin + sha256 UPPERCASE
- tapo://admin:[email protected] #admin + md5 UPPERCASE
- ffmpeg:Kitchen#audio=aac#audio=opus
@mofman So, added all those and boom something works because it is in Frigate now. Thanks!!!
No problem, you should be able to identify which is the working line is using a process of elimination.
@derekcentrico proper camera reset and proper blocked domains are necessary steps. I block domains with IP addresses of those domains (nslookup) but IPs changed and I had to reset camera again and block with domain names.
@rici44 yeah so I used pihole to null route the recommended domains and I monitored the network flows with my Firewalla. All good for 2 cameras. The 3rd one appears to be bricked upon flashing. Blinking red for 30 minutes after the reboot. Siiiigh
@AlexxIT I’m wondering if it might be worth considering a mechanism where the user could simply enter their Tapo account password, for example:
- tapo://[email protected]
When go2rtc attempts to connect, it could try various combinations automatically, such as admin:md5, admin:sha256, etc., eliminating the need for users to figure out which combination works.
This should be feasible to implement without disrupting existing setups...
@mofman go2rtc supports password as plaint text for tapo source: https://github.com/AlexxIT/go2rtc?tab=readme-ov-file#source-tapo
