Is it possible to use NSA325v2 as VPN server?

Mijzelf

Are you trying to run a DHCP server at host side? In that case it's not strange the NAS disappears. It gets an address from itself.

Also, the IP range given to the VPN clients should be a different one that the one in your network. Else the NAS will have a routing problem.

AleXSR700

Ahhh. Okay. I thought it needed to be the same IP range so it would be compatible with the rest of the network.
Or what do you mean with different range?
All my network devices are somewhere between 192.168.2.100-200. I assigned the VPN/NAS server the range 192.168.2.201-210. So there cannot be an overlap.
Or do you mean I have to set the DHCP to something like 192.168.30.1-10?

And I thought you had to set a DHCP server, otherwise the clients won't get an IP, right?
The client needs to get an IP from the NAS VPN Server to be able to connect to it.

I will post a picture later of the DHCP settings screen.

AleXSR700

Okay, I manually deleted the NAT/DHCP settings from the config file and reconfigured using different IP range. Seems to be working. Will need to test from my mobile phone next to see if I am really using the VPN properly.

Edit: Seems like Android needs port 443 which is blocked. Will need to check which process is blocking port 443 or find a free VPN client that can handle port 5555.

But I still need to figure out how to run the server without chroot/toolchain. Any ideas why I am getting this error?

-- Alert: SoftEther VPN Kernel --
String Library Init Failed.
Please check your locale settings and iconv() libraries.

Mijzelf

Seems like Android needs port 443 which is blocked. Will need to check which process is blocking port 443 or find a free VPN client that can handle port 5555.

If your port 443 is only blocked on your NAS, and not on your router, you can use port translation on your router to set <public-ip>:443 to <nas-ip>:5555

String Library Init Failed.
Please check your locale settings and iconv() libraries.

That is about libiconv, or about the environment. The toolchain is the 325 toolchain, so I would expect libiconv.so to be the same inside and outside the chroot.

Does running printenv inside the chroot show another LANG variable as outside the chroot?

AleXSR700

Portforwarding won't be an option. Unfortunately the cable routers provided by my ISP does not allow... well.. anything, really.

I will check the environment when I get home.

AleXSR700

That is about libiconv, or about the environment. The toolchain is the 325 toolchain, so I would expect libiconv.so to be the same inside and outside the chroot..
Does running printenv inside the chroot show another LANG variable as outside the chroot?

I ran printenv as normal admin, then as superuser and then in the toolchain after chroot:

admin@NSA325-v2-101:/e-data/e9902f35-4024-4b41-9626-08c2131c6531/toolchain$ prinenv
SHELL=/ffp/bin/sh
TERM=vt102
USER=admin
PATH=/ffp/bin:/usr/bin:/bin
INPUTRC=/ffp/etc/inputrc
PWD=/e-data/e9902f35-4024-4b41-9626-08c2131c6531/toolchain
LANG=en_US
PS1=\u@\h:\w\$ 
PS2=> 
SHLVL=1
HOME=/home/shares
LESS=-M
LOGNAME=admin
OLDPWD=/e-dat
a/e9902f35-4024-4b41-9626-08c2131c6531
_=/ffp/bin/printenv
root@NSA325-v2-101:/e-data/e9902f35-4024-4b41-9626-08c2131c6531/toolchain# printenv
SHELL=/ffp/bin/sh
TERM=vt102
USER=root
SUDO_USER
=admin
SUDO_U
ID=501
PATH=/
ffp/sbin:/ffp/bin:/sbin:/bin:/usr/sbin:/usr/bin
_=/ffp/bin/printenv
PWD=/e-data/e9902f35-4024-4b41-9626-08c2131c6531/toolchain
INPUTRC=/ffp/etc/inputrc
PS1=\u@\h:\w\$ 
PS2=> 
HOME=/root
SUDO_COMMAND=/ffp/bin/su
SHLVL=2
LOGNAME=root
LESS=-M
SUDO_GID=500
root@NSA325-v2-101:/e-data/e9902f35-4024-4b41-9626-08c2131c6531/toolchain# ./chroot.sh
Mounting
Env
Chroot
bash: /bin/hostname: No such file or directory
[root@NSA325-v2-101 /]# printenv
HOSTNAME=
SHELL=/bin/bash
TERM=vt102
HISTSIZE=1000
HISTFILESIZE=1000
USER=root
LS_COLORS=no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arj=01;31:*.taz=01;31:*.lzh=01;31:*.zip=01;31:*.z=01;31:*.Z=01;31:*.gz=01;31:*.bz2=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.jpg=01;35:*.jpeg=01;35:*.png=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.mpg=01;35:*.mpeg=01;35:*.avi=01;35:*.fli=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:
SUDO_USER=admin
SUDO_UID=501
PAGER=/bin/more 
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/bin/X11:/usr/local/bin
INPUTRC=/etc/inputrc
PWD=/
EDITOR=/bin/vi
DMALLOC_OPTIONS=debug=0x34f47d83,inter=100,log=logfile
PS1=[\u@\h \W]\$ 
PS2=> 
SUDO_COMMAND=/ffp/bin/su
HOME=/root
SHLVL=3
LOGNAME=root
LESS=-M
SUDO_GID=500
_=/usr/bin/printenv
[root@NSA325-v2-101 /]#

<br>I also killed the httpd process to free up port 443. Unfortunately Android still won't connect to the server.

Mijzelf

Nice forum software, eh?

Only the ffp shell as admin seems to contain a LANG. Strange. I'd expect the rootshell not to differ here. And the chrooted shell doesn't contain a LANG either.

I have no running fw4 device here, at the moment, but on my fw5 device LANG isn't set either. You can try to start it with

<div>LANG=C vpnserver</div><div></div>

or

<div>LANG=en_US vpnserver</div><div></div>

or

<div>LANG=en_US.utf8 vpnserver</div><div></div>

Another possibility is to rebuild it without support for Chinese, if that is possible. Maybe there is a readme, or you can try 'make help'.

A 3rth possibility is trying to find out which files it can't find. Run

strace -o logfile vpnserver

inside and outside the chroot, and compare the logs. It tries to open some file outside the which isn't there. probably something in /usr/local/share/ or /usr/share/

AleXSR700

Here are the two logfiles (without actually running the start command).
Would it actually be possible to merge the system with ffp and the toolchain and have all of the command as one?
Without ffp a lot of stuff is missing. But without toolchain you don't even have a make.

Mijzelf

Well, that's clear. Vpnserver reads the textfile /usr/lib/gconv/gconv-modules, and then loads /usr/lib/gconv/EUC-JP.so, /usr/lib/gconv/libJIS.so and /usr/lib/gconv/UTF-16.so.

You can try to copy these files from the toolchain elsewhere, and use the GCONV_PATH environment variable. https://www.systutorials.com/docs/linux/man/1-iconv/. (Of course you can also point into the toolchain directory with GCONV_PATH.)

Would it actually be possible to merge the system with ffp and the toolchain and have all of the command as one?

Toolchain is about libraries. The toolchain dictates which libraries are used to compile&link against. So by using the native toolchain (as provided by ZyXEL (well, more or less)), the build binary 'fits' on the libraries of the firmware, in /lib and /usr/lib.

You can install buildtools in ffp, in which case you can 'make' the vpnserver within ffp (provided it doesn't need functions and compiler options which aren't provided by the ancient ffp toolchain), and in that case vpnserver will not be dependent on /lib/glibc.so, but /ffp/lib/ulibc. In the first case it will run on all fw4 devices from ZyXEL, in the 2nd case on all systems having the same ffp version as yours (and all needed libraries installed).

AleXSR700

Awesome, set the environment variable and now it works as it should!
Will copy the files to the ffp directory and set the variable accordingly.

Now all that is left to achieve is getting an Android device to connect to the server. OpenVPN does not work. Android's ownVPN does not work. And I justheard back from the developer of SoftEther for Android and he said it can only work as root because SoftEther relies on TAP rather than TUN.

So if it continues like this I will have a working server that none of my relevant client hardware can connect too :-D