Is it possible to use NSA325v2 as VPN server?
I am currently still running two NSA325v2 and although they are older models I hope some here still love them the way I do
I am currently abroad for work and would like to be able to access German website the way I could from home. Geocaching etc. is making a few sites unavailable to me.
Is it possible to somehow have my NSA325 act as a VPN server only I can connect to and use to access the internet as though I were in Germany?
Right now I have to use VPN services which are either expensive or slow. Since I have all the equipment and a fast internet connection at home, this would be a great fix.
Can someone help me? FFP is of course installed.
#NAS_Oct_2019
Comments
-
If you have FFP, I guess you also have ssh. Then you can easily use a SOCKS proxy for in your browser.Connect to the NAS withssh -D8080 user@<your-domain-or-ip>and configure your browser to use a SOCKS proxy on localhost:80800
-
Hi Mijzelf,
thank you for your fast reply!
Yes, I have SSH. Then I will need to try and get DynDNS running on my router. Think it is DS Lite, so not sure if it is configurable. Can the NSA run DynDNS directly? I would start hacking away at my keyboard if I were at home. But sadly I am not right now.
But I need to be able to connect from different devices like Android SmartPhone or Amazon Fire TV. And preferably not just wiht the browser.
0 -
Can the NSA run DynDNS directly?Sort of. In most cases dyndns providers support an 'auto' mode, the public ip of the calling client is used. So in your NAS you can do something likeand the IP of yourdomain will be set to the public IP of the NAS. But the NAS doesn't know when that IP changes. Only the router knows. So you should have to run this in a cronjob. Using the router is more efficient.
curl https://dyndnsprovider.org?domain=yourdomain&token=somethingsecret
But I need to be able to connect from different devices like Android SmartPhone or Amazon Fire TV. And preferably not just wiht the browser.In that case it becomes difficult. Installing OpenVPN isn't hard, Entware-ng has a package, and I think FFP will have it too, although the FFP package will be old. You'll need the tun kernel module, which is available in the kernel modules package, which I provided.
But the real pain is in forwarding. A 'normal' OpenVPN installation is backed by iptables, to be able to NAT requests. But there is no iptables in your NAS, and you can't install it either. So your VPN client would be able to send a request to an outside server, but the response wouldn't get to your client, because your router doesn't know it has to send the answer to the NAS.
There are some work arounds. You could use a tup device instead of a tun device, and bridge that with the NAS' NIC. In that case the VPN client will get an address from the DHCP server in your router. Technically a mess, and the cleaning up of a connection is hard.
Another possibility is using SoftEther VPN, which is compatible with OpenVPN, but which does NAT in userland. A statically linked server for Arm EABI is available.
1 -
SoftEther VPN looks very interesting. Is it easy enough to set up on the NSA325v2 or is it very complicated?
Or can you just install the service and configure everything remotely with the administration tool?
Is there a tutorial or something somewhere?0 -
It's a time ago I looked at SoftEther, but as far as I remember the whole thing can be configured by the remote administration. There is a downside on that, last time I checked the administration tool was Windows only, which is a showstopper for me.
0 -
Luckily I still run a Windows notebook. I found a Youtube video showing the installation on an ARM system. Seems pretty straight forward. As long as the 'make' command works on our NSAs it should be fine.
Looking forward to when I get back home and can start playing around with it0 -
As long as the 'make' command works on our NSAs it should be fine.
Although it's possible to install 'make' on your NAS using FFP, Entware-ng or using the native toolchain, make is no more than an interpreter of make scripts. And depending on that script you might need a full toolchain, script interpreters like python or perl, and various other tools which are available on a full blown Linux distro, but not on a NAS.
Fortunately SoftEther has precompiled binaries available.
0 -
Ah, I was just trying to install it using the make command and it failed due to lack of make. So I returned here not having received e-mail notification that you had replied.
Where did you find precompiled binaries? I did not see any on the website and did not find them with Google.
P.S.: I switched the web_prefix file for yours and upgraded to 20181001zypkg015 but I do not see any new packages or update files for the existing ones. Did something go wrong?
Info on webinterface:<div># Official repository <span style="background-color: transparent; color: inherit; font-size: inherit;"><font face="Lato, Helvetica, Arial, sans-serif">ftp://ftp2.zyxel.com/+ ZyXEL</font> </span><span style="background-color: transparent; color: inherit; font-size: inherit; font-family: Lato, Helvetica, Arial, sans-serif;"># German mirror </span><span style="background-color: transparent; color: inherit; font-size: inherit; font-family: Lato, Helvetica, Arial, sans-serif;"># ftp://ftp.zyxel-tech.de/2.new_mirror/+ Mirror </span><span style="background-color: transparent; color: inherit; font-size: inherit; font-family: Lato, Helvetica, Arial, sans-serif;"># German beta server </span><span style="background-color: transparent; color: inherit; font-size: inherit; font-family: Lato, Helvetica, Arial, sans-serif;"># ftp://ftp.zyxel-tech.de/+ Beta </span><span style="background-color: transparent; color: inherit; font-size: inherit; font-family: Lato, Helvetica, Arial, sans-serif;"># Medion server </span><span style="background-color: transparent; color: inherit; font-size: inherit; font-family: Lato, Helvetica, Arial, sans-serif;"># ftp://nas-download:sEhtalr@download.medion.de/ Medion </span><span style="background-color: transparent; color: inherit; font-size: inherit; font-family: Lato, Helvetica, Arial, sans-serif;"># Mijzelf's repository </span><span style="background-color: transparent; color: inherit; font-size: inherit; font-family: Lato, Helvetica, Arial, sans-serif;">http://downloads.zyxel.nas-central.org/Users/Mijzelf/zypkg-repo/ Mijzelf </span><span style="background-color: transparent; color: inherit; font-size: inherit; font-family: Lato, Helvetica, Arial, sans-serif;"># Local repository </span><span style="background-color: transparent; color: inherit; font-size: inherit; font-family: Lato, Helvetica, Arial, sans-serif;">/i-data/md0/admin/MyRepo/ Local</span></div>
0 -
You can find the pre-compiled files here: https://www.softether-download.com/en.aspx?product=softetherYou need the Server, for platform Linux, CPU Arm EABI.In your repository 'http://downloads.zyxel.nas-central.org/Users/Mijzelf/zypkg-repo/' should be 'http://zyxel.diskstation.eu/Users/Mijzelf/zypkg-repo/fw4/'.
0 -
That's where I looked, but when I select VPN Server- Linux - ARMEABI there are 72 files and none of them a precompiled. Or am I going blind?
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 147 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight