Is it possible to use NSA325v2 as VPN server?

135

Comments

  • Mijzelf
    Mijzelf Posts: 2,790  Guru Member
    250 Answers 2500 Comments Friend Collector Seventh Anniversary
    Are you trying to run a DHCP server at host side? In that case it's not strange the NAS disappears. It gets an address from itself.
    Also, the IP range given to the VPN clients should be a different one that the one in your network. Else the NAS will have a routing problem.
  • AleXSR700
    AleXSR700 Posts: 41  Freshman Member
    edited October 2019
    Ahhh. Okay. I thought it needed to be the same IP range so it would be compatible with the rest of the network.
    Or what do you mean with different range?
    All my network devices are somewhere between 192.168.2.100-200. I assigned the VPN/NAS server the range 192.168.2.201-210. So there cannot be an overlap.
    Or do you mean I have to set the DHCP to something like 192.168.30.1-10?

    And I thought you had to set a DHCP server, otherwise the clients won't get an IP, right?
    The client needs to get an IP from the NAS VPN Server to be able to connect to it.

    I will post a picture later of the DHCP settings screen.
  • AleXSR700
    AleXSR700 Posts: 41  Freshman Member
    edited October 2019
    Okay, I manually deleted the NAT/DHCP settings from the config file and reconfigured using different IP range. Seems to be working. Will need to test from my mobile phone next to see if I am really using the VPN properly.

    Edit: Seems like Android needs port 443 which is blocked. Will need to check which process is blocking port 443 or find a free VPN client that can handle port 5555.

    But I still need to figure out how to run the server without chroot/toolchain. Any ideas why I am getting this error?
    -- Alert: SoftEther VPN Kernel --
    String Library Init Failed.
    Please check your locale settings and iconv() libraries.
  • Mijzelf
    Mijzelf Posts: 2,790  Guru Member
    250 Answers 2500 Comments Friend Collector Seventh Anniversary
    Seems like Android needs port 443 which is blocked. Will need to check which process is blocking port 443 or find a free VPN client that can handle port 5555.
    If your port 443 is only blocked on your NAS, and not on your router, you can use port translation on your router to set <public-ip>:443 to <nas-ip>:5555

    String Library Init Failed.
    Please check your locale settings and iconv() libraries.
    That is about libiconv, or about the environment. The toolchain is the 325 toolchain, so I would expect libiconv.so to be the same inside and outside the chroot.
    Does running printenv inside the chroot show another LANG variable as outside the chroot?
  • AleXSR700
    AleXSR700 Posts: 41  Freshman Member
    Portforwarding won't be an option. Unfortunately the cable routers provided by my ISP does not allow... well.. anything, really.

    I will check the environment when I get home.
  • AleXSR700
    AleXSR700 Posts: 41  Freshman Member
    edited October 2019
    That is about libiconv, or about the environment. The toolchain is the 325 toolchain, so I would expect libiconv.so to be the same inside and outside the chroot..
    Does running printenv inside the chroot show another LANG variable as outside the chroot?
    I ran printenv as normal admin, then as superuser and then in the toolchain after chroot:

    admin@NSA325-v2-101:/e-data/e9902f35-4024-4b41-9626-08c2131c6531/toolchain$ prinenv
    SHELL=/ffp/bin/sh
    TERM=vt102
    USER=admin
    PATH=/ffp/bin:/usr/bin:/bin
    INPUTRC=/ffp/etc/inputrc
    PWD=/e-data/e9902f35-4024-4b41-9626-08c2131c6531/toolchain
    LANG=en_US
    PS1=\u@\h:\w\$ 
    PS2=> 
    SHLVL=1
    HOME=/home/shares
    LESS=-M
    LOGNAME=admin
    OLDPWD=/e-dat
    a/e9902f35-4024-4b41-9626-08c2131c6531
    _=/ffp/bin/printenv
    root@NSA325-v2-101:/e-data/e9902f35-4024-4b41-9626-08c2131c6531/toolchain# printenv
    SHELL=/ffp/bin/sh
    TERM=vt102
    USER=root
    SUDO_USER
    =admin
    SUDO_U
    ID=501
    PATH=/
    ffp/sbin:/ffp/bin:/sbin:/bin:/usr/sbin:/usr/bin
    _=/ffp/bin/printenv
    PWD=/e-data/e9902f35-4024-4b41-9626-08c2131c6531/toolchain
    INPUTRC=/ffp/etc/inputrc
    PS1=\u@\h:\w\$ 
    PS2=> 
    HOME=/root
    SUDO_COMMAND=/ffp/bin/su
    SHLVL=2
    LOGNAME=root
    LESS=-M
    SUDO_GID=500
    root@NSA325-v2-101:/e-data/e9902f35-4024-4b41-9626-08c2131c6531/toolchain# ./chroot.sh
    Mounting
    Env
    Chroot
    bash: /bin/hostname: No such file or directory
    [root@NSA325-v2-101 /]# printenv
    HOSTNAME=
    SHELL=/bin/bash
    TERM=vt102
    HISTSIZE=1000
    HISTFILESIZE=1000
    USER=root
    LS_COLORS=no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arj=01;31:*.taz=01;31:*.lzh=01;31:*.zip=01;31:*.z=01;31:*.Z=01;31:*.gz=01;31:*.bz2=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.jpg=01;35:*.jpeg=01;35:*.png=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.mpg=01;35:*.mpeg=01;35:*.avi=01;35:*.fli=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:
    SUDO_USER=admin
    SUDO_UID=501
    PAGER=/bin/more 
    PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/bin/X11:/usr/local/bin
    INPUTRC=/etc/inputrc
    PWD=/
    EDITOR=/bin/vi
    DMALLOC_OPTIONS=debug=0x34f47d83,inter=100,log=logfile
    PS1=[\u@\h \W]\$ 
    PS2=> 
    SUDO_COMMAND=/ffp/bin/su
    HOME=/root
    SHLVL=3
    LOGNAME=root
    LESS=-M
    SUDO_GID=500
    _=/usr/bin/printenv
    [root@NSA325-v2-101 /]#
    
    <br>I also killed the httpd process to free up port 443. Unfortunately Android still won't connect to the server.


  • Mijzelf
    Mijzelf Posts: 2,790  Guru Member
    250 Answers 2500 Comments Friend Collector Seventh Anniversary
    Nice forum software, eh?

    Only the ffp shell as admin seems to contain a LANG. Strange. I'd expect the rootshell not to differ here. And the chrooted shell doesn't contain a LANG either.
    I have no running fw4 device here, at the moment, but on my fw5 device LANG isn't set either. You can try to start it with
    <div>LANG=C vpnserver</div><div></div>
    or
    <div>LANG=en_US vpnserver</div><div></div>
    or
    <div>LANG=en_US.utf8 vpnserver</div><div></div>

    Another possibility is to rebuild it without support for Chinese, if that is possible. Maybe there is a readme, or you can try 'make help'.

    A 3rth possibility is trying to find out which files it can't find. Run
    strace -o logfile vpnserver
    inside and outside the chroot, and compare the logs. It tries to open some file outside the which isn't there. probably something in /usr/local/share/ or /usr/share/

  • AleXSR700
    AleXSR700 Posts: 41  Freshman Member
    Here are the two logfiles (without actually running the start command).
    Would it actually be possible to merge the system with ffp and the toolchain and have all of the command as one?
    Without ffp a lot of stuff is missing. But without toolchain you don't even have a make.
  • Mijzelf
    Mijzelf Posts: 2,790  Guru Member
    250 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited October 2019
    Well, that's clear. Vpnserver reads the textfile /usr/lib/gconv/gconv-modules, and then loads /usr/lib/gconv/EUC-JP.so, /usr/lib/gconv/libJIS.so and /usr/lib/gconv/UTF-16.so.
    You can try to copy these files from the toolchain elsewhere, and use the GCONV_PATH environment variable. https://www.systutorials.com/docs/linux/man/1-iconv/. (Of course you can also point into the toolchain directory with GCONV_PATH.)
    Would it actually be possible to merge the system with ffp and the toolchain and have all of the command as one?
    Toolchain is about libraries. The toolchain dictates which libraries are used to compile&link against. So by using the native toolchain (as provided by ZyXEL (well, more or less)), the build binary 'fits' on the libraries of the firmware, in /lib and /usr/lib.
    You can install buildtools in ffp, in which case you can 'make' the vpnserver within ffp (provided it doesn't need functions and compiler options which aren't provided by the ancient ffp toolchain), and in that case vpnserver will not be dependent on /lib/glibc.so, but /ffp/lib/ulibc. In the first case it will run on all fw4 devices from ZyXEL, in the 2nd case on all systems having the same ffp version as yours (and all needed libraries installed).

  • AleXSR700
    AleXSR700 Posts: 41  Freshman Member
    Awesome, set the environment variable and now it works as it should!
    Will copy the files to the ffp directory and set the variable accordingly.

    Now all that is left to achieve is getting an Android device to connect to the server. OpenVPN does not work. Android's ownVPN does not work. And I justheard back from the developer of SoftEther for Android and he said it can only work as root because SoftEther relies on TAP rather than TUN.

    So if it continues like this I will have a working server that none of my relevant client hardware can connect too :-D

Consumer Product Help Center