How to install a VPN server on NSA325-v2

24

All Replies

  • Tomalamix
    Tomalamix Posts: 56  Ally Member
    First Comment Friend Collector Third Anniversary

    I cant extract correctly as you said using Winrar but i can see in the file properties that it is in fact a TAR+XZ, however the solution came from 7zip, it can handle it and I can extract just the .tar file. I've done that on my windows desktop.

    I've extracted it and now is on the toolchain folder previously created inside the box. I run the following after:

    tar xf ../toolchain-gcc-4.3.2.tar

    This returns me this error:

    /i-data/910115eb/admin/toolchain $ tar xf ../toolchain-gcc-4.3.2.tar tar: can't create node dev/null: Operation not permitted

    I tried this too but is not available:

    cat bigfile.txz | xz -d | tar -x
    

    I tried the

    wget  http://domain.com/bigfile.txz -o - | xz -d | tar -x 
    

    but this file is no longer hosted on that page so is a dead end on this one.

    I can go now with the tar that i managed to uncompress using 7zip but I have that error.

    Even thought i tried to run the script but i got errors, probably because the unpack of the tar file wasnt completly done:

    /i-data/910115eb/admin/toolchain # sh ./chroot.sh Mounting

    Env

    Chroot

    bash: /bin/hostname: No such file or directory [root@NSA325-v2 /]#

  • Mijzelf
    Mijzelf Posts: 2,788  Guru Member
    250 Answers 2500 Comments Friend Collector Seventh Anniversary

    /i-data/910115eb/admin/toolchain $ tar xf ../toolchain-gcc-4.3.2.tar tar: can't create node dev/null: Operation not permitted

    Ah, should have thought about that. The tar contains a complete Linux root file system, including device nodes and other files which can only be created by root. So tar can't create them either, when not run as root.

    So remove the toolchain directory, and start over, and now run 'su' before running tar.

  • Tomalamix
    Tomalamix Posts: 56  Ally Member
    First Comment Friend Collector Third Anniversary
    edited January 5

    Ok, i've deleted the whole thing and starting all using the superuser and all went fine, no errors.

    Now, Ive ran the "sh ./chroot.sh " and I've got this, there is an error in the end but the shell is running apparently:

    /i-data/910115eb/admin/toolchain # sh ./chroot.sh

    Mounting

    Env

    Chroot

    bash: /bin/hostname: No such file or directory ←—————-ERROR message [root@NSA325-v2 /]# help

    GNU bash, version 4.1.7(2)-release (arm-unknown-linux-gnu) These shell commands are defined internally. Type help' to see this list. Type help name' to find out more about the function name'. Use info bash' to find out more about the shell in general. Use man -k' or info' to find out more about commands not in this list.

    Even if the error is normal what should I do now with this shell running in the box? At this moment I understand that the VPN is not yet installed in the box but I think your idea is to use this toolchain to install it. Afterwards I would like to make it run everytime the NSA powers up, like the chrono script you gave me sometime ago.

    The Softether file is a tar file, just for info and I can also use 7Zip to uncompress it and then upload it to the box.

    Thanks!

  • Mijzelf
    Mijzelf Posts: 2,788  Guru Member
    250 Answers 2500 Comments Friend Collector Seventh Anniversary

    bash: /bin/hostname: No such file or directory

    Apparently there is a call to /bin/hostname in the local .bashrc, which is the script which is used to setup the shell environment. I can't remember if this is normal, but at least it's harmless. The binary is used to get or set the hostname. No problem if that fails.

    Your chroot is sort of a virtual machine, in which a Linux environment is running with a full toolchain installed. Inside the chroot you can create a directory which can be written by samba or winscp:

    mkdir build
    chmod a+w build
    cd build
    

    Now use winscp or samba to put the SoftEther tar file in that directory. (It's path is //<nas>/admin/toolchain/build), and extract it locally. (In most cases it's better to extract tarfiles on a Linux box, when that is the final destination, as it can contain constructions which cannot exist on a Windows filesystem)

    And then read the readme and execute the build script as explained in the readme (I suppose)

  • Tomalamix
    Tomalamix Posts: 56  Ally Member
    First Comment Friend Collector Third Anniversary

    Ok, ive done that but there are some errors coming up, at least two.

    I tried an older version of the Softether but come up with errors too:

    Checking 'Memory Operation System'... RsaCheck(): OpenSSL Library Init Failed. (too old?) Please install the latest version of OpenSSL. Fail

    and also:

    Checking 'Network system'... make: *** [i_read_and_agree_the_license_agreement] Segmentation fault [root@NSA325-v2 vpnserver]#

    I think the installation is running sh .install.sh and the result is this…

  • Mijzelf
    Mijzelf Posts: 2,788  Guru Member
    250 Answers 2500 Comments Friend Collector Seventh Anniversary

    In that case I think we reached the end of the road.

    Checking 'Memory Operation System'... RsaCheck(): OpenSSL Library Init
    Failed. (too old?) Please install the latest version of OpenSSL. Fail

    While it might be possible to compile and install a more recent openssl library, it will be almost impossible to install it in firmware (readonly directories, the firmware will not run with a newer library), a newer openssl might also need newer dependencies. In the end you are updating the whole firmware. And odds are that the old compiler in the toolchain can't compile recent sources.

    Checking 'Network system'... make: *** [i_read_and_agree_the_license_agreement] Segmentation fault [root@NSA325-v2 vpnserver]#

    This is in potention an even bigger problem. I think this means the assembled binary crashes in a test. And the most obvious reason for that is that the provided precompiled files are not compiled for Armv5. In that case the binary crashes on the first Armv7 only code it passes.

    If you absolutely want to run a VPN server on that box, you might consider to run OpenWrt on that box. It has several different packages to run a VPN server. On the other hand, when you want to go the OpenWrt route, installing it on your router might make more sense. A VPN server on the gateway is in most cases more effective due to routing problems with VPN's.

  • Tomalamix
    Tomalamix Posts: 56  Ally Member
    First Comment Friend Collector Third Anniversary

    Ok, I will erase the whole thing. I will try to message AleXSR700 to check with him if he had success with this Softether and if yes how did he do it on this box.

    Now, about the VPN, yes, I absolutely prefer to have a VPN server running on this box it since I am on a remote location and letting a computer running at home is not convenient at all, is a bit complex to get enought space for it.

    Lets go for that OpenWrt. I toke a look at that and apparently it requires an external power supply to flash the box and all that..a bit beyond from what I was expecting but connecting wires, soldering and that kind of DIY stuff is something I'm used to do so is OK, unless now there is a more confortable way of doing it.

    This  OpenWrt is better then the firmware currently running on the box? Is the latest from Zyxel with your reppo installed. Will I be able to remote access it like I do now (HTTPS and FTP) and all that? (you helped me putting all that running 2 years ago)

  • Mijzelf
    Mijzelf Posts: 2,788  Guru Member
    250 Answers 2500 Comments Friend Collector Seventh Anniversary

    The original firmware is old. It runs a kernel and userland which dates from 2008/2009, and apart from the NAS functionality there are hardly any additional packages. The latest firmware is basically the same as the first one, in terms of versions, only some bugfixes.

    On the other hand OpenWrt runs a recent kernel (5.15, from 2021, in the current stable) and has a zillion packages. So yes, it is better. But OpenWrt is a router firmware. Out of the box there is no NAS support. You can add that using packages, and you can mount & use the current volume. There is a thread about that in the OpenWrt forum. But you'll have to know what you are doing, the packages won't be pre-configured. While there is a powerful webinterface, I don't know how much of the NAS functionality can be managed from the webinterface. Maybe you'll have to use the commandline for that.

    And yes, there is at least one ftp server. I don't what you mean by remote access using https? Webdav? A quick look shows there are webdav plugins for lighttpd, apache and nginx. So it can be installed, but configuring is for you.

  • Tomalamix
    Tomalamix Posts: 56  Ally Member
    First Comment Friend Collector Third Anniversary

    well, basically i use the NAS for storage of some photos, videos and other personal files.

    I use for network access and watch the videos I have there anywhere around the house, and some times I need to access those files from the exterior while I am abroad, that is why I want the FTP and/or HTTP service running, to easily access the files and upload anything i need to keep.

    I use also the torrent plugin to let the NAS manage things I want to download by simply placing there the torrent magnet, I use the HTTP service from abroad also for this.

    Additionally I am trying to put the VPN server running there for the same reason, I am abroad and I need to access some national websites only available from computers located in the country.

    Besides this I am not a power user of the NAS, I use it mainly for storage and then those addons.

    I am not also a Linux user and I am afraid of beginning the quest, i trust i can install the openwrt but will I be able to setup the whole thing to get the same functionality Im having so far plus the VPN?

    Is a new way for me and your words dont give me too much confidence. lool

  • Mijzelf
    Mijzelf Posts: 2,788  Guru Member
    250 Answers 2500 Comments Friend Collector Seventh Anniversary

    Additionally I am trying to put the VPN server running there for the
    same reason, I am abroad and I need to access some national websites
    only available from computers located in the country.

    Only websites? Have you ever tried to use a SOCKS proxy as ssh provides?

Consumer Product Help Center