In our former blog post ‘RTSP P2P streaming through Nabto‘, where we talked about how to create an app that enabled remote accesses to an RTSP camera, we used a large Linux-based camera. Later on, we have received many requests on how to do the same type of integration to a ‘low-cost’ WI-FI module-based camera – and that is exactly what we are going to cover in this blog post.


Example of how to use the app to remote control your ESP-camera when you have completed this guide.

In this blog post you will learn:

  • How to make a small low-cost surveillance camera – including app and device source
  • How to use an ESP32 + Omnivision-based camera module to make it remote accessible


Creating a locally accessible camera application with the ESP32 is something that has already been done. But why do you need a camera that you only can access on your local network? You can just go look at the thing that the camera is capturing instead of looking at it on your computer or app (unless you have a very big house). The hard part is to make it remotely accessible and to do this securely.

Fortunately, this is exactly what our technology does. With Nabto you can create a remote connection from a client (smartphone or PC) directly to an IoT device. This remote connection uses P2P technology (the same technology as used in Skype, TeamViewer, etc.), has high security (we use state-of-the-art authentication, integrity check and encryption algorithms) and which is made for all embedded devices. Hopefully, with this explanation, you will understand the schematics of the Nabto platform below a lot better.

The Nabto Platform

Motivation – why do I need this?

Many of our customers have asked us to showcase small, embedded-style cameras. If you are not one of them, maybe you are trying to figure out why this is important.

Simple and secure standard surveillance camera

A simple use case could be that you want to make a standard low-cost, uncomplicated (and secure) surveillance camera. Standard surveillance cameras are often shipped with tons of software which must then be supported with updates, security fixes, etc. A stripped down environment without a desktop/server scale operating system and running services is hence inherently more secure with its much smaller attack surface. But if that is not enough, low cost and small size should convince you.

Remote video feed in other application

A lot of our customers make video surveillance cameras as standalone applications, i.e. you install it and it streams video to your phone whenever you need to see what is happening on the remote end. However, we see more and more projects where streaming video as part of another application. For example, pet feeders with a video stream, doorbells with both audio and video capabilities, 3-D printers you can monitor, etc.

The technical part


ESP32-CAM from Ai Tinker
So, we did some research of the market and found that Seedstudio’s ESP32 CAM was a great place to start and which was probably was one of the first ESP32-based cameras out there. It is low cost and has everything on board that we needed including a nice demo. Later we found out that Espressif, the maker of ESP32, has created a module too called ESP-EYE.

M5Stack ESP32 Cam
We started out with development on the M5Stack ESP32 Cam. It doesn’t have the extra external RAM but instead, it had a USB to the ESP32 UART on board which made it much easier to program (you don’t have to fiddle manually with GPIO0, etc. to get into flash-programming mode)

The problem with the M5Stack is that it lacks the external memory and when you need to stream a lot of data and do it fast, you need to keep a buffer of unacknowledged packets flowing from the camera to the app, ready to resend if the packets are lost in transit. Also, you need to buffer the framebuffer from the camera. This could, of course, be optimized so everything uses the same buffer, but this would go against the separation of concerns principle and also make the integration much harder.

ESP-EYE from Espressif
As mentioned above, we found out that the maker of the ESP32 chip had created their own camera module. It was a little more expensive but the good thing was it came with USB to UART on module for easy programming.


The next decision was how to do the technical software design.

Direct streaming
One way was to create a Nabto P2P stream directly from the app connecting to the camera and push the stream directly onto a canvas of some kind. This would require lots of coding on the app side but would probably be super-fast.

P2P Tunnel MJPEG via HTTP
Instead, we chose to test if we could reuse the app from an old demo using an RPI as a remote camera. The overall design is very similar to SSH tunnel techniques. The demo will establish a TCP server port on the app side that is connected to a tunnel server on the camera side. Once a client (a webview) connects to the server port on the app side, the tunnel server on the camera side would create a TCP connection to the web server.

On both sides, all received data will be forwarded to the other side. This makes it seem to the client like the web server on the camera side is running on the app side, since a get request will be forwarded to the camera side and the camera response will be forwarded to the app side. This way you can use a standard app webview to connect to the web server on the camera (using the tunnel to remotely forward the data).

If this seems like incomprehensible gibberish to you, try do a Google search on “SSH tunnels”, it’s the same principle, just using Nabto streams instead of SSH streams.

Overview of the tunnel setup in the camera demo

Since a few MJPEG http demos are out there for streaming on the local network this would also make it easy to do integration. The main job would be to port the tunnel code (which also can be used for tunneling many other protocols than just HTTP).

If you haven’t set up the esp-idf development environment yet, you should follow the guide here (WARNING – only “stable” works.. “latest” tool chain contains a problem regarding fcntl function):

Start out by cloning the project (REMEMBER the ‘–recursive’ flag):

$ git clone --recursive
Cloning into 'nabto-esp32cam'...

Configure the project as described in the following. You need to supply your WiFi SSID and password.
You also need to fetch a Device ID and a Device Key for free from Nabto cloud console (Nabto’s self-service SaaS portal). Both need to be written into the “Camera configuration”.

$ cd nabto-esp32cam
$ make menuconfig

Chose the “Camera configuration” menu:

Configure the WI-FI SSID and Password. Configure the ID and KEY used for remote access.

If you have an ESP-EYE board nothing else needs to be set up, but if you have an “ESP32 Cam” from Ai Tinker, you need to configure this too (also in the “Camera configuration” menu). Choose “Setup correct wiring of camera” in the menu config.

Adjust the serial device on your workstation used to flash (and monitor) the device:

Note that on macOS, the serial port may require a few steps to work if you have not set it up before. The official docs describe how to identify the port. See this discussion if the port does not appear: Basically you must first install a driver and then allow it to be loaded by the OS.

Once configured, make the project and flash it (btw. for some reason we get *** No rule to make target ‘esp32/gpio_periph.o’ … if you do.. just do it again and it will disappear)

$ make -j 4


$ make flash

If you ‘monitor’ the device

$ make monitor

I (1534) tcpip_adapter: sta ip:, mask:, gw:
00:00:01:457 main.c(134) connected1!

00:00:01:457 main.c(386) connected!

00:00:01:461 main.c(392) IP Address:
00:00:01:465 main.c(393) Subnet mask:
00:00:01:470 main.c(394) Gateway:
00:00:01:475 unabto_application.c(59) In demo_init
00:00:01:479 unabto_application.c(78) Before fp_mem_init
00:00:01:610 unabto_application.c(81) Before acl_ae_init
00:00:01:611 unabto_common_main.c(110) Device id: ''
00:00:01:612 unabto_common_main.c(111) Program Release 4.4.0-alpha.0
00:00:01:618 network_adapter.c(140) Socket opened: port=5570
00:00:01:624 network_adapter.c(140) Socket opened: port=49153
00:00:01:629 unabto_stream_event.c(235) sizeof(stream__)=328
00:00:01:634 unabto_context.c(55) SECURE ATTACH: 1, DATA: 1
00:00:01:639 unabto_context.c(63) NONCE_SIZE: 32, CLEAR_TEXT: 0
00:00:01:646 unabto_common_main.c(183) Nabto was successfully initialized
00:00:01:652 unabto_context.c(55) SECURE ATTACH: 1, DATA: 1
00:00:01:657 unabto_context.c(63) NONCE_SIZE: 32, CLEAR_TEXT: 0
00:00:01:664 network_adapter.c(140) Socket opened: port=49154
00:00:01:668 unabto_attach.c(770) State change from IDLE to WAIT_DNS
00:00:01:674 unabto_attach.c(771) Resolving DNS for
00:00:01:785 unabto_attach.c(790) Resolved DNS for to:
00:00:01:786 unabto_attach.c(796)   Controller ip:
00:00:01:788 unabto_attach.c(802) State change from WAIT_DNS to WAIT_BS
00:00:01:998 unabto_attach.c(480) State change from WAIT_BS to WAIT_GSP
00:00:01:999 unabto_attach.c(481) GSP address:
00:00:02:005 unabto_attach.c(270) ########    U_INVITE with LARGE nonce sent, version: - URL: -
00:00:02:308 unabto_attach.c(563) State change from WAIT_GSP to ATTACHED

It’s important that the Nabto state changes to ATTACHED which means that the device has registered with the Nabto cloud and is ready to receive incoming remote P2P connection requests.

Now download the appropriate app for your phone:

First, for pairing the App and the device, connect your phone to the same WI-FI as you configured the camera module to use. Then start the app.

Click the “Add new +” button. The app should hopefully now discover the camera on the local network.

You can connect to the camera on the local area network (not a big deal, you could this as well without Nabto). However, more importantly, you should now be able to disable WI-FI on your mobile device and access the camera using your cellular data (or connect to the internet via another WI-FI). If it would be of help, you can see the process in the video below.

55 thoughts on “How to make a small, low-cost, remote accessible security camera with an ESP32

    • Carsten Gregersen says:

      Not being an expert, I think night vision (IR based) is something the camera has to support in hardware.
      So it is possible, just not in software.

      • Anonymous says:

        You can remove the infra red filter from the camera which helps a bit but basically I am finding these cameras to be very poor in low light levels

  1. Ian Lewis says:

    I’m getting an error of In file included from /Users/ianlewis/nabto-esp32cam/main/fp_acl_esp32_nvs.c:32:
    /Users/ianlewis/nabto-esp32cam/main/fp_acl_esp32_nvs.h:34:10: fatal error: modules/fingerprint_acl/fp_acl_ae.h: No such file or directory
    compilation terminated.

    Is this something I’m doing wrong?

    • Carsten Gregersen says:

      Did you remember the –recursive on the git pull request?
      (the fp_acl_ae.h is in the unabto repository which is a linked repository)

      • ludo Kustermans says:

        downloaded the latest github and installed ok.
        Only, get an error when make flash :
        Python requirements from C:/msys32/path/esp/esp-idf/requirements.txt are satisfied.
        CC build/esp32-camera/driver/xclk.o
        C:/msys32/path/esp/nabto-esp32cam/components/esp32-camera/driver/xclk.c: In function ‘camera_enable_out_clock’:
        C:/msys32/path/esp/nabto-esp32cam/components/esp32-camera/driver/xclk.c:23:15: error: ‘ledc_timer_config_t {aka struct }’ has no member named ‘clk_cfg’
        timer_conf.clk_cfg = LEDC_USE_APB_CLK;
        C:/msys32/path/esp/nabto-esp32cam/components/esp32-camera/driver/xclk.c:23:26: error: ‘LEDC_USE_APB_CLK’ undeclared (first use in this function)
        timer_conf.clk_cfg = LEDC_USE_APB_CLK;
        C:/msys32/path/esp/nabto-esp32cam/components/esp32-camera/driver/xclk.c:23:26: note: each undeclared identifier is reported only once for each function it appears in
        make[1]: *** [/c/msys32/path/esp/esp-idf/make/ driver/xclk.o] Fout 1
        make: *** [/c/msys32/path/esp/esp-idf/make/ component-esp32-camera-build] Fout 2

        any suggestions ?
        thanks in advance
        best regards

        • Carsten Gregersen says:

          Moved to support for further investigation. It works here with version4.0 for ESP-IDF.
          ESPressif creates so many versions and makes so many breaking changes it’s hard to comply with their build environment.

  2. Dries says:

    I’m getting this error when trying to connect from the app, also the app says this when continuously refreshing: “The device was not found locally and is not online for remote acces”.
    Any help is definitely apreciated

    00:02:50:145 unabto_attach.c(270) ######## U_INVITE with LARGE nonce sent, version: – URL: –
    00:02:50:912 unabto_attach.c(563) State change from WAIT_GSP to ATTACHED
    00:03:09:520 unabto_connection.c(546) (0.1613987254.0) U_CONNECT: noRdv=0, cpeq=0, asy=1, NATType: 0
    00:03:09:520 unabto_connection.c(547) (0.1613987254.0) cp.private:
    00:03:09:525 unabto_connection.c(548) (0.1613987254.0)
    00:03:09:534 unabto_connection.c(622) Connection opened from ” (to Encryption code 8970. Fingerprint f9:14:f3:4f…
    00:03:13:634 network_adapter.c(189) ERROR: 12 in nabto_write() ‘Not enough space’
    00:03:13:636 network_adapter.c(189) ERROR: 12 in nabto_write() ‘Not enough space’
    00:03:13:639 network_adapter.c(189) ERROR: 12 in nabto_write() ‘Not enough space’
    00:03:13:737 network_adapter.c(189) ERROR: 12 in nabto_write() ‘Not enough space’
    00:03:13:841 network_adapter.c(189) ERROR: 12 in nabto_write() ‘Not enough space’
    00:03:14:044 network_adapter.c(189) ERROR: 12 in nabto_write() ‘Not enough space’
    00:03:14:595 network_adapter.c(189) ERROR: 12 in nabto_write() ‘Not enough space’
    00:03:14:596 network_adapter.c(189) ERROR: 12 in nabto_write() ‘Not enough space’
    00:03:14:599 unabto_connection.c(703) Extended rendezvous ports opened: 0, 0 is perfectly fine.
    00:03:19:685 unabto_connection.c(653) (0.1613987254.0) UDP Fallback through the GSP
    00:03:19:690 unabto_application.c(37) Access control list dump:
    00:03:19:690 unabto_application.c(141) Nabto application_event: 10000
    00:03:20:689 unabto_application.c(37) Access control list dump:
    00:03:20:689 unabto_application.c(141) Nabto application_event: 10000
    00:03:21:699 unabto_application.c(37) Access control list dump:
    00:03:21:699 unabto_application.c(141) Nabto application_event: 10000
    00:03:22:716 unabto_application.c(37) Access control list dump:
    00:03:22:716 unabto_application.c(141) Nabto application_event: 10000
    00:03:23:728 unabto_application.c(37) Access control list dump:
    00:03:23:729 unabto_application.c(141) Nabto application_event: 10000
    00:03:25:103 network_adapter.c(189) ERROR: 12 in nabto_write() ‘Not enough space’
    00:03:25:207 network_adapter.c(189) ERROR: 12 in nabto_write() ‘Not enough space’
    00:03:25:743 unabto_connection.c(546) (0.1613987530.0) U_CONNECT: noRdv=0, cpeq=0, asy=1, NATType: 0
    00:03:25:744 unabto_connection.c(547) (0.1613987530.0) cp.private:
    00:03:25:749 unabto_connection.c(548) (0.1613987530.0)

    • Carsten Gregersen says:

      The error “Not enough space” is because the video stream is being generated faster than what can be streamed out to your mobile.
      Since the stream is MJPEG it doesn’t matter that we drop an image, the frames/second rate will just go down.

      On the refreshing part, it is probably happening because the connections is not cleanly shut down. Try to increase the number of concurrent connections:


      Of course this will leave less room for the streaming!


  3. Daniele says:

    when cloning with –recursive, I get this error
    Permission denied (publickey).
    fatal: Could not read from remote repository.

    Please make sure you have the correct access rights
    and the repository exists.

    Can you help me?

    • Carsten Gregersen says:

      Fixed. Thank you for telling. The problem only occurs for non-github users (unabto sub-module was referenced as a user checkout). So hopefully it has not affected too many trying to compile and run the demo.

  4. Stephen Lai says:

    Sir, what’s the ip address should I put in my web application in order to get the video stream? for example, I can get the stream within local area network by putting “” in web app ….

  5. Stephen Lai says:

    Sir, I did not find “Camera Configuration” in Espressif IoT Development Framework Configuration, how do I fix this problem ???!!!

      • timur says:

        I have the same problem. First I saw an error about “CMakeLists.txt file” then I copied that file from another project and when I run “ menuconfig” the framework config window appeared but the camera config tab is absent. I use a prebuilt toolchain, is that the problem?
        Also I have an idea that; in the “main.c” file there are definitions like

        #define WIFI_SSID CONFIG_SSID
        #define NABTO_ID CONFIG_NABTO_ID

        Can I add ssid,password,nabto id and nabto key only by editting this file?
        And also I have to edit the line about the board type (mine is AI-Thinker) in this “main.c” file, but how?

        • Carsten Gregersen says:

          We have only tested the build with the standard ESP-IDF toolchain using the standard ‘make menuconfig’
          Also, as describe, we had a problem with the “latest” toolchain at the release of the blog (which we think is fixed now).

      • Carsten Gregersen says:

        Hi, The project is made with ESP-IDF which does not use cmake.
        Please follow the instructions and just use normal make 🙂

  6. Stephen Lai says:

    Sir, I try to compile nabto-esp32cam project, but the project is missing CMakeLists.txt file, I have copied CMakeLists.txt from another project but still encountered compile errors, how do I fix this problem ???

    • Carsten Gregersen says:

      That could probably be done. But it requires extra hardware (a microphone) and integration to this. Also the streaming would be a little more complicated.

    • Carsten Gregersen says:

      You should be able to access the webserver on the ip address of the camera (which it will log in the console) on port 8081. The camera MJPEG feed is located in the root of the web server. So goto http://

      :8081/ and you should see a MJPEG feed from the camera.
  7. James Richardson says:

    Is it possible to adjust the resolution the camera stream runs at? Looks like 640×480 by default.

    Also, while the P2P stream between the ESP-EYE and the partner Application may be secured, this setup leaves a local stream wide open to anyone on the same Wireless Network as the ESP-EYE (ie: http://:8081). Is there a way to secure that stream?

    • Carsten Gregersen says:

      Yes you can adjust the resoulution. See main.c line 129 “.frame_size = FRAMESIZE_VGA”, but the framerate will go down. It looks like the ESP-IDF built-in http server starts the server on INADDR_ANY (all interfaces). Production versions should start the webserver on the local interface (127.x.x.x) so that the webserver is not exposed on the local network (and only internally in the device). For this to work, you probably need to use another webserver than the one proviced with ESP-IDF.

      • James Richardson says:

        Ok, Thanks. One more question… If I have the stream working to my remote application away from my WiFi, is there a way to access THAT encrypted P2P Stream in another third-party application? I’m thinking a way to monitor using a program like motion using the reverse tunnel P2P connection (since the camera will be behind a firewall that I would like to NOT open).

  8. Eddie says:

    I keep getting camera probe not detected error.
    I have tried all settings and changed all boards and cameras and still getting the same error.

    • Carsten Gregersen says:

      Which board do you use?
      The define “CONFIG_ESP_EYE” controls in which way a reset is performed of the camera.. see line 967 and forward in esp32-camera/driver/camera.c
      This is not something that is fully documented on the different boards..

    • Carsten Gregersen says:

      Not sure what you mean. How to remotely stream the content from Windows 10? or how to compile and flash the board using Windows 10?

  9. Hossien says:

    hello sir
    this is an error that appear on my work.
    00:09:14:863 main.c(458) Initializing camera
    I (129) gpio: GPIO[13]| InputEn: 1| OutputEn: 0| OpenDrain: 0| Pullup: 1| Pulldown: 0| Intr:0

    I (129) gpio: GPIO[14]| InputEn: 1| OutputEn: 0| OpenDrain: 0| Pullup: 1| Pulldown: 0| Intr:0

    I (139) sccb: pin_sda 26 pin_scl 27

    I (139) gpio: GPIO[32]| InputEn: 0| OutputEn: 1| OpenDrain: 0| Pullup: 0| Pulldown: 0| Intr:0

    E (199) camera: Detected camera not supported.
    E (199) camera: Camera probe failed with error 0x20004
    00:09:14:931 main.c(477) Camera Init Failed

    • Carsten Gregersen says:

      What board are you using? And what camera is attached?
      The example is using a external library (the one in components/esp32-camera) to connect to the camera and it looks like it cannot recognize your camera.
      It could also be that the camera is not cleanly mounted on the board.

  10. Raman says:

    Hello, i am using ESP32 based board TTGO-Camera, this board not available on camera list, i select ESP-EYE, camera not working, Android app installed ESP32 board programed, i got error “Cannot show video” make sure the tunnel device configured correctly, including port:8081

    • Carsten Gregersen says:

      I think the problem is that the camera is connected differently than the ESP-EYE and ESP32-CAM.
      So to make it work, you probably need to edit the settings in “static camera_config_t camera_config = {” according to how the TTGO camera is wired. There’s probably an error earlier in the log saying that the camera didn’t get recognized.

  11. Raman says:

    Hello sir, i am using TTGO-Camera board with MIC based on ESP32, i got error Cannot show video, make sure tunnel device configured correctly including port 8081

    • Carsten Gregersen says:

      I think the problem is that the camera is connected differently than the ESP-EYE and ESP32-CAM.
      So to make it work, you probably need to edit the settings in “static camera_config_t camera_config = {” according to how the TTGO camera is wired.

  12. Jacques Maree says:

    Hi. Is there a way to control the GPIO pins of the ESP32, while viewing the feed of the camera remotely? An example would be that a LED is connected to a GPIO pin of the ESP32 and the camera looks at the LED. I would then like to turn the LED ON and OFF (while being able to see it on the video)

    • Carsten Gregersen says:

      The system is constructed like this :

      [webview] –local_tcp– [tunnelclient] –Internet_P2P_connection — [tunneldevice] –local_tcp– [webserver]

      So it should be possible to adjust the webview to include a control that adjust the status of a LED.
      We are planning an blog article involving a control of an servo using a PWM output.

  13. Dbuiviet says:

    Firstly, I’d like to thank for this great tutorial. It helps me a lot!
    Secondly, I followed the step-by-step instructions and got esp32-cam working fine with video streaming in the local network, but when I disabled the wifi connection and used cellular data to connect to esp32-cam, it gave me errors like API not initialized, tunnel not open,etc… Could you explain what was wrong and how can I fix the issue. Thanks again for your helpful tutorial and hope you can help me correct my errors!

    • Ulrik Gammelby says:

      The app and SDK works fine with cellular connections, also changing between the connection types. The error sounds as if the SDK was de-initialized and not re-initialized when accessing the device through cellular. Can you reproduce the problem? If so, please describe the exact steps – including approximately how much time between each step (only relevant for longer durations (e.g. – “backgrounded the app for 2 minutes during which I disabled wifi”)). Also, are you using Android or iOS – and which version?

  14. Petko Petkov says:

    I’m sorry for my bad English!
    I get the following error when execute flash:
    esptool write_flash: error: argument : Detected overlap at address: 0x8000 for file: partition_table/partition-table.bin failed with exit code 2
    Can anyone tell me what to do so that there is no mistake???

  15. Allen says:

    Hi. I’m trying to build an NVR software and wanted to support P2P. Is it possible for an NVR software (acts as P2P device) to communicate to Nabto client instead of the IP Camera itself?

    • Ida Hübschmann says:

      Hi Allen,

      Yes, that is possible! If you want it elaborated and have some more details, please send me your contact info and one of our technical experts will get back to you.

      Kind regards,

  16. Ajdin says:

    Firstly hi. I’m getting this http error related, can i somehow change http request file to be bigger?
    W (249665) httpd_parse: parse_block: request URI/header too long
    W (249665) httpd_txrx: httpd_resp_send_err: 431 Request Header Fields Too Large – Header fields are too long for server to interpret

    • Carsten Gregersen says:

      Try to adjust in sdkconfig :

      If you use the ‘menuconfig’ .. choose “Component config” -> “HTTP Server” -> “Max HTTP Request Header Length”

      best regards

Leave a Reply

Your email address will not be published.