AlexxIT
TP-Link Tapo C120 401 Unauthorized using Tapo Protocol
I have two C120 units on the same Tapo Cloud account and am having authentication issues using the Tapo Protocol tapo:// on only one of them.
My config:
go2rtc:
streams:
c120_A_stream1:
- "rtsp://{username_A}:{password_A}@{ip_A}/stream1"
- "ffmpeg:c120_A_stream1#audio=opus"
c120_A_stream2:
- "rtsp://{username_A}:{password_A}@{ip_A}/stream2"
- "ffmpeg:c120_A_stream2#audio=opus"
c120_A_2way: "tapo://admin:{UPPERCASE-MD5}@{ip_A}"
c120_B_stream1:
- "rtsp://{username_B}:{password_B}@{ip_B}/stream1"
- "ffmpeg:c120_B_stream1#audio=opus"
c120_B_stream2:
- "rtsp://{username_B}:{password_B}@{ip_B}/stream2"
- "ffmpeg:c120_B_stream2#audio=opus"
c120_B_2way: "tapo://admin:{UPPERCASE-MD5}@{ip_B}"
Using the stream link for c120_B_2way results in a viewer with the following errors, while using the stream link for c120_A_2way works just fine: webrtc/offer: streams: 401 Unauthorized and sometimes mse: streams: 401 Unauthorized
Unsure if related, but I'm seeing the following logs:
2023-12-28 22:12:39.766041191 22:12:39.765 ERR github.com/AlexxIT/go2rtc/internal/mjpeg/init.go:166 > error="streams: 401 Unauthorized"
What's weird is that I was originally having this issue with both c120_A_2way and c120_B_2way and found #781 so I attempted to remove and reconnect c120_B_2way. After,c120_A_2way started working again and c120_B_2way still didn't work.
Also before I reconnected c120_B_2way, I attempted to use tapo://{cloud-password}@{IP_A} and changed by password to not have special characters and this didn't resolve anything.
Lastly, the normal RTSP streams for both A and B work just fine and I've double checked that the passwords between c120_A_2way and c120_B_2way are the same as well as the IPs on c120_B_stream1 and c120_B_2way are the same.
For what it's worth I just restarted Frigate and therefore go2rtc and now both cameras are now showing the 401 Unauthorized error
I have not. c120_A_stream1 is relatively new, has been deployed with 1.1.7, and working for at least a week prior to this issue. c120_B_stream1 is brand new, also on 1.1.7, and was working for a day or so before this issue.
Well. I have same issue with my TC60 camera. You need to open stream from mobile app once and all will be fixed.
I am suffering same issue with C210. After trying clear test, md5 and sha256 combinations. Thanks in advance.
Well. I have same issue with my TC60 camera. You need to open stream from mobile app once and all will be fixed.
Do you mean just opening it from the Tapo app? If so, I've done this and the issue still persists
I just purchased C520WS. I have the 401 unauthorized error, when using tapo protocol. The camera's firmware is 1.2.6. I am running go2rtc 1.5. I did not use go2rtc 1.8.5, because my two-way audio with Amcrest camera was lagging. So, I am using go2rtc 1.5 for the moment. BTW, I used both MD5 and SHA256, got same error.
Thanks very much for your quick response.
Yes. I saw your earlier comments, and did open the tapo app. But still got the same error.
I tried to login to the camera via its IP address. But I saw no content. However, it provided some connection info, including SHA-256 fingerprint. But it is different from that I created using the app password (I didn't sign up for cloud service), which I think is the cloud password, using the echo command you provided in your document.
Regards.
Benjamin Chen
On Thu, Feb 29, 2024, 10:05 AM Alex X @.***> wrote:
You need to open stream from the tapo mobile app once.
— Reply to this email directly, view it on GitHub https://github.com/AlexxIT/go2rtc/issues/849#issuecomment-1971580697, or unsubscribe https://github.com/notifications/unsubscribe-auth/AUEOBEL4YERUVQZHG72GHZ3YV5PWFAVCNFSM6AAAAABBF6M4KOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSNZRGU4DANRZG4 . You are receiving this because you commented.Message ID: @.***>
Same issues, none of my tapo cameras work with tapo protocol. They work with RSTP though.
I wonder if the cause why this isn't working could be the same as to why the HASS integration for Tapo is also experiencing issues. It appears TP-Link are rolling out a security fix in waves which most likely broke the way go2rtc was making the connection to the cameras. The only workaround seems to be a factory reset followed by blocking internet access for the cameras which is unacceptable for me as I am using the cloud storage subscription.
https://github.com/JurajNyiri/HomeAssistant-Tapo-Control/issues/551
@AlexxIT reach out to me in discord if you want and are affected as well, i can provide more details about what is going on and might be able to help find the solution for both of us. I am not affected yet unfortunately.
Same issue here. My C320WS, C200, C100 and C220 all started to show the same 401 unauthorized error, after restarting my frigate & go2rtc instance today. I reverted to rtsp streams for now, but that sucks. Note, there was no prompt for a firmware update on these cameras in the tapo app. It has to be something OTA though. If there are any logs i can provide you to help you track this, will be glad to help.
@AlexxIT reach out to me in discord if you want and are affected as well, i can provide more details about what is going on and might be able to help find the solution for both of us. I am not affected yet unfortunately.
My Tapo integration in HASS was working fine even with latest firmware until I changed my tapo password which broke all my cameras. I only changed it because I was setting up the tapo integration in go2rtc.
Is go2rtc working for you?
https://github.com/JurajNyiri/HomeAssistant-Tapo-Control/issues/551#issuecomment-2101438957
Same issue for tapo protocol.
WRN [rtsp] error="streams: 401 Unauthorized" stream=garage_camera
edit: Tried few more options and it only breaks when SHA or MD5 password is used.
Reseting the camera, re-adding it to tapo app and immediately blocking internet access for it, seems to do the trick for now on the latest firmware (1.3.13) for C200. It has to be something server side that gets provisioned as soon as the camera calls home.
ArbiterGR
401 unautorized here too though I can't get rtsp streams to work. Do you still have them running?
ArbiterGR
401 unautorized here too though I can't get rtsp streams to work. Do you still have them running?
Yes, RTSP streams are running fine for all my tapo cameras. It sucks though that i'm missing out on 2way microphone :/ Just Make sure you create a local account/password in tapo app -> camera -> advanced settings -> local account for them to work.
ArbiterGR
401 unautorized here too though I can't get rtsp streams to work. Do you still have them running?
Yes, RTSP streams are running fine for all my tapo cameras. It sucks though that i'm missing out on 2way microphone :/ Just Make sure you create a local account/password in tapo app -> camera -> advanced settings -> local account for them to work.
I have those account set and I used to get rtsp before but now I can't. Was using go2rtc's tapo protocol of course and don't know since when they stopped working. Now that tapo is not going to work for a while need to get back to rtsp. Tried all of these combination:
rtsp://ip/stream1 rtsp://user:pass@ip/stream1 rtsp://user:sha256(pass)@ip:554/stream1 rtsp://user:md5(pass)@ip:554/stream1
also tried adding :554 port.
ArbiterGR
401 unautorized here too though I can't get rtsp streams to work. Do you still have them running?
Yes, RTSP streams are running fine for all my tapo cameras. It sucks though that i'm missing out on 2way microphone :/ Just Make sure you create a local account/password in tapo app -> camera -> advanced settings -> local account for them to work.
I have those account set and I used to get rtsp before but now I can't. Was using go2rtc's tapo protocol of course and don't know since when they stopped working. Now that tapo is not going to work for a while need to get back to rtsp. Tried all of these combination:
rtsp://ip/stream1 rtsp://user:pass@ip/stream1 rtsp://user:sha256(pass)@ip:554/stream1 rtsp://user:md5(pass)@ip:554/stream1
also tried adding :554 port.
What works for me is: rtsp://username:password@camera_ip:554/stream1 . Stream 1 for high res stream, Stream 2 for the lower res. username and password in plaintext, Did you trie deleting the local account from the tapo app and recreate it ?
Tapo RTSP user/pass not related to cloud user/pass. They are totally different.
I'm having this issue on 1.9.2 (default in Frigate 0.14 beta 4). I have Tapo C120 cameras. I cannot get two-way audio. RTSP streams work fine, but do not provide for two-way.
Using tapo:// is the same 401 error reported. "streams: 401 Unauthorized" when using tapo:// options only.
I tried using various streams:
kitchen:
- rtsp://tapocam:[email protected]:554/stream1#backchannel=0
- rtsp://tapocam:[email protected]:554/stream1
- tapo://[email protected]
- tapo://192.168.1.246
- tapo://admin:[email protected]
- tapo://admin:[email protected]
No two-way audio.
Probing shows:
{
"producers": [
{
"type": "RTSP active producer",
"url": "rtsp://192.168.1.246:554/stream1/",
"remote_addr": "192.168.1.246:554",
"user_agent": "go2rtc/1.9.2",
"sdp": "v=0\r\no=- 14665860 31787219 1 IN IP4 192.168.1.246\r\ns=Session streamed by \"TP-LINK RTSP Server\"\r\nt=0 0\r\nm=video 0 RTP/AVP 96\r\nc=IN IP4 0.0.0.0\r\nb=AS:4096\r\na=range:npt=0-\r\na=control:track1\r\na=rtpmap:96 H264/90000\r\na=fmtp:96 packetization-mode=1; profile-level-id=640032; sprop-parameter-sets=Z2QAMqzSAKAC1oQAAA+kAAJxoBA=,aOqPLA==\r\nm=audio 0 RTP/AVP 8\r\na=rtpmap:8 PCMA/8000\r\na=control:track2\r\n",
"medias": [
"video, recvonly, H.264 High 5.0",
"audio, recvonly, PCMA/8000"
],
"receivers": [
"96 H264, bytes=2945351, senders=2",
"8 PCMA/8000, bytes=54272, senders=1"
],
"recv": 3030943
},
{
"type": "RTSP active producer",
"url": "rtsp://192.168.1.246:554/stream1/",
"remote_addr": "192.168.1.246:554",
"user_agent": "go2rtc/1.9.2",
"sdp": "v=0\r\no=- 14665860 31787219 1 IN IP4 192.168.1.246\r\ns=Session streamed by \"TP-LINK RTSP Server\"\r\nt=0 0\r\nm=video 0 RTP/AVP 96\r\nc=IN IP4 0.0.0.0\r\nb=AS:4096\r\na=range:npt=0-\r\na=control:track1\r\na=rtpmap:96 H264/90000\r\na=fmtp:96 packetization-mode=1; profile-level-id=640032; sprop-parameter-sets=Z2QAMqzSAKAC1oQAAA+kAAJxoBA=,aOqPLA==\r\nm=audio 0 RTP/AVP 8\r\na=rtpmap:8 PCMA/8000\r\na=control:track2\r\n",
"medias": [
"video, recvonly, H.264 High 5.0",
"audio, recvonly, PCMA/8000"
],
"receivers": [
"8 PCMA/8000, bytes=0, senders=1",
"96 H264, bytes=0, senders=1"
]
},
{
"url": "tapo://[email protected]"
},
{
"url": "tapo://192.168.1.246"
},
{
"url": "tapo://admin:[email protected]"
},
{
"url": "tapo://admin:[email protected]"
}
],
"consumers": [
{
"type": "RTSP passive consumer",
"url": "rtsp://127.0.0.1:8554/kitchen",
"remote_addr": "127.0.0.1:39546",
"user_agent": "FFmpeg Frigate/0.14.0-a4eb435",
"sdp": "v=0\r\no=- 1 1 IN IP4 0.0.0.0\r\ns=go2rtc/1.9.2\r\nc=IN IP4 0.0.0.0\r\nt=0 0\r\nm=video 0 RTP/AVP 96\r\na=rtpmap:96 H264/90000\r\na=fmtp:96 packetization-mode=1; profile-level-id=640032; sprop-parameter-sets=Z2QAMqzSAKAC1oQAAA+kAAJxoBA=,aOqPLA==\r\na=control:trackID=0\r\n",
"medias": [
"video, sendonly, H264, H265",
"audio, sendonly, MPEG4-GENERIC"
],
"senders": [
"96 H264, bytes=2945351, receivers=1"
],
"send": 2982919
},
{
"type": "probe",
"remote_addr": "192.168.1.140:50545",
"user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36",
"medias": [
"audio, sendonly, ALL",
"video, sendonly, ALL",
"audio, recvonly, ANY"
],
"senders": [
"8 PCMA/8000, bytes=0, receivers=1",
"8 PCMA/8000, bytes=0, receivers=1",
"96 H264, bytes=0, receivers=1",
"96 H264, bytes=0, receivers=1"
]
}
]
}
I'm at a loss on how to further debug/try to get this to work. You'll see that there is no senders under the producers section. The tapo:// URLs don't probe anything.
Adding that this issue is being experience on the tc85 running version 1.2.21. Note that the tapo:// protocol worked with the tc85 while on 1.2.18, and I believe 1.2.20 (by memory, could be wrong about the #)? Affects cleartext, md5, and sha256 alike.
