Access controlPRO
Controlling which senders are accepted for incoming streams.
Overview
Access control restricts which senders a Direkt router accepts for incoming streams across transport methods (UDP unicast/multicast, RTP, RTP+FEC, Bifrost, Stream TCP).
Identification Methods
| Method | Description | Advantages |
|---|---|---|
| IP address | Match sender source IP | Simple for static addressing |
| Access key | Cryptographic key from sender | Works without knowing sender IP; resilient to IP changes |
Time sync between sender and receiver must be within 30 s for key method to function.
Behavior
Without access control, the unit locks to the first sender it receives. With access control configured it filters per allowed list.
Configuration
- Web interface: Active settings -> IP stream in -> Access control
- Add allowed IPs or sender keys.
- ISS: Remote via web tunnel if permitted.
Forwarding Consideration
If another receiver sits behind this unit, that downstream receiver must trust either:
- The original sender's key, or
- This router's IP address (it has no key of its own)
Operational Tips
- Use keys for mobile uplink scenarios where IP changes (cellular) are common.
- Periodically audit allowed list; remove stale senders to reduce attack surface.
Troubleshooting
| Symptom | Cause | Resolution |
|---|---|---|
| Expected stream ignored | Key mismatch / time skew | Sync clocks (ISS, NTP) / re-copy key |
| Intermittent acceptance | Multiple senders racing first packet | Explicitly constrain list / prioritize |