Is it possible to use NSA325v2 as VPN server?
Comments
-
Are you trying to run a DHCP server at host side? In that case it's not strange the NAS disappears. It gets an address from itself.Also, the IP range given to the VPN clients should be a different one that the one in your network. Else the NAS will have a routing problem.0
-
Ahhh. Okay. I thought it needed to be the same IP range so it would be compatible with the rest of the network.
Or what do you mean with different range?
All my network devices are somewhere between 192.168.2.100-200. I assigned the VPN/NAS server the range 192.168.2.201-210. So there cannot be an overlap.
Or do you mean I have to set the DHCP to something like 192.168.30.1-10?
And I thought you had to set a DHCP server, otherwise the clients won't get an IP, right?
The client needs to get an IP from the NAS VPN Server to be able to connect to it.
I will post a picture later of the DHCP settings screen.0 -
Okay, I manually deleted the NAT/DHCP settings from the config file and reconfigured using different IP range. Seems to be working. Will need to test from my mobile phone next to see if I am really using the VPN properly.
Edit: Seems like Android needs port 443 which is blocked. Will need to check which process is blocking port 443 or find a free VPN client that can handle port 5555.
But I still need to figure out how to run the server without chroot/toolchain. Any ideas why I am getting this error?-- Alert: SoftEther VPN Kernel -- String Library Init Failed. Please check your locale settings and iconv() libraries.
0 -
Seems like Android needs port 443 which is blocked. Will need to check which process is blocking port 443 or find a free VPN client that can handle port 5555.If your port 443 is only blocked on your NAS, and not on your router, you can use port translation on your router to set <public-ip>:443 to <nas-ip>:5555String Library Init Failed.
Please check your locale settings and iconv() libraries.That is about libiconv, or about the environment. The toolchain is the 325 toolchain, so I would expect libiconv.so to be the same inside and outside the chroot.Does running printenv inside the chroot show another LANG variable as outside the chroot?0 -
Portforwarding won't be an option. Unfortunately the cable routers provided by my ISP does not allow... well.. anything, really.
I will check the environment when I get home.0 -
That is about libiconv, or about the environment. The toolchain is the 325 toolchain, so I would expect libiconv.so to be the same inside and outside the chroot..I ran printenv as normal admin, then as superuser and then in the toolchain after chroot:
Does running printenv inside the chroot show another LANG variable as outside the chroot?admin@NSA325-v2-101:/e-data/e9902f35-4024-4b41-9626-08c2131c6531/toolchain$ prinenv SHELL=/ffp/bin/sh TERM=vt102 USER=admin PATH=/ffp/bin:/usr/bin:/bin INPUTRC=/ffp/etc/inputrc PWD=/e-data/e9902f35-4024-4b41-9626-08c2131c6531/toolchain LANG=en_US PS1=\u@\h:\w\$ PS2=> SHLVL=1 HOME=/home/shares LESS=-M LOGNAME=admin OLDPWD=/e-dat a/e9902f35-4024-4b41-9626-08c2131c6531 _=/ffp/bin/printenv root@NSA325-v2-101:/e-data/e9902f35-4024-4b41-9626-08c2131c6531/toolchain# printenv SHELL=/ffp/bin/sh TERM=vt102 USER=root SUDO_USER =admin SUDO_U ID=501 PATH=/ ffp/sbin:/ffp/bin:/sbin:/bin:/usr/sbin:/usr/bin _=/ffp/bin/printenv PWD=/e-data/e9902f35-4024-4b41-9626-08c2131c6531/toolchain INPUTRC=/ffp/etc/inputrc PS1=\u@\h:\w\$ PS2=> HOME=/root SUDO_COMMAND=/ffp/bin/su SHLVL=2 LOGNAME=root LESS=-M SUDO_GID=500 root@NSA325-v2-101:/e-data/e9902f35-4024-4b41-9626-08c2131c6531/toolchain# ./chroot.sh Mounting Env Chroot bash: /bin/hostname: No such file or directory [root@NSA325-v2-101 /]# printenv HOSTNAME= SHELL=/bin/bash TERM=vt102 HISTSIZE=1000 HISTFILESIZE=1000 USER=root LS_COLORS=no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arj=01;31:*.taz=01;31:*.lzh=01;31:*.zip=01;31:*.z=01;31:*.Z=01;31:*.gz=01;31:*.bz2=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.jpg=01;35:*.jpeg=01;35:*.png=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.mpg=01;35:*.mpeg=01;35:*.avi=01;35:*.fli=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35: SUDO_USER=admin SUDO_UID=501 PAGER=/bin/more PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/bin/X11:/usr/local/bin INPUTRC=/etc/inputrc PWD=/ EDITOR=/bin/vi DMALLOC_OPTIONS=debug=0x34f47d83,inter=100,log=logfile PS1=[\u@\h \W]\$ PS2=> SUDO_COMMAND=/ffp/bin/su HOME=/root SHLVL=3 LOGNAME=root LESS=-M SUDO_GID=500 _=/usr/bin/printenv [root@NSA325-v2-101 /]#
<br>I also killed the httpd process to free up port 443. Unfortunately Android still won't connect to the server.
0 -
Nice forum software, eh?Only the ffp shell as admin seems to contain a LANG. Strange. I'd expect the rootshell not to differ here. And the chrooted shell doesn't contain a LANG either.I have no running fw4 device here, at the moment, but on my fw5 device LANG isn't set either. You can try to start it with
<div>LANG=C vpnserver</div><div></div>
or<div>LANG=en_US vpnserver</div><div></div>
or<div>LANG=en_US.utf8 vpnserver</div><div></div>
Another possibility is to rebuild it without support for Chinese, if that is possible. Maybe there is a readme, or you can try 'make help'.A 3rth possibility is trying to find out which files it can't find. Runstrace -o logfile vpnserverinside and outside the chroot, and compare the logs. It tries to open some file outside the which isn't there. probably something in /usr/local/share/ or /usr/share/0 -
Here are the two logfiles (without actually running the start command).
Would it actually be possible to merge the system with ffp and the toolchain and have all of the command as one?
Without ffp a lot of stuff is missing. But without toolchain you don't even have a make.0 -
Well, that's clear. Vpnserver reads the textfile /usr/lib/gconv/gconv-modules, and then loads /usr/lib/gconv/EUC-JP.so, /usr/lib/gconv/libJIS.so and /usr/lib/gconv/UTF-16.so.You can try to copy these files from the toolchain elsewhere, and use the GCONV_PATH environment variable. https://www.systutorials.com/docs/linux/man/1-iconv/. (Of course you can also point into the toolchain directory with GCONV_PATH.)Would it actually be possible to merge the system with ffp and the toolchain and have all of the command as one?Toolchain is about libraries. The toolchain dictates which libraries are used to compile&link against. So by using the native toolchain (as provided by ZyXEL (well, more or less)), the build binary 'fits' on the libraries of the firmware, in /lib and /usr/lib.You can install buildtools in ffp, in which case you can 'make' the vpnserver within ffp (provided it doesn't need functions and compiler options which aren't provided by the ancient ffp toolchain), and in that case vpnserver will not be dependent on /lib/glibc.so, but /ffp/lib/ulibc. In the first case it will run on all fw4 devices from ZyXEL, in the 2nd case on all systems having the same ffp version as yours (and all needed libraries installed).
0 -
Awesome, set the environment variable and now it works as it should!
Will copy the files to the ffp directory and set the variable accordingly.
Now all that is left to achieve is getting an Android device to connect to the server. OpenVPN does not work. Android's ownVPN does not work. And I justheard back from the developer of SoftEther for Android and he said it can only work as root because SoftEther relies on TAP rather than TUN.
So if it continues like this I will have a working server that none of my relevant client hardware can connect too :-D0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 148 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight