Is it possible to use NSA325v2 as VPN server?

AleXSR700
AleXSR700 Posts: 41  Freshman Member
edited October 2019 in Personal Cloud Storage
Hello everyone,
I am currently still running two NSA325v2 and although they are older models I hope some here still love them the way I do :)

I am currently abroad for work and would like to be able to access German website the way I could from home. Geocaching etc. is making a few sites unavailable to me.
Is it possible to somehow have my NSA325 act as a VPN server only I can connect to and use to access the internet as though I were in Germany?
Right now I have to use VPN services which are either expensive or slow. Since I have all the equipment and a fast internet connection at home, this would be a great fix.

Can someone help me? FFP is of course installed.


#NAS_Oct_2019
«1345

Comments

  • Mijzelf
    Mijzelf Posts: 2,598  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    If you have FFP, I guess you also have ssh. Then you can easily use a SOCKS proxy for in your browser.
    Connect to the NAS with
    ssh -D8080 user@<your-domain-or-ip>
    and configure your browser to use a SOCKS proxy on localhost:8080
  • AleXSR700
    AleXSR700 Posts: 41  Freshman Member
    edited October 2019
    Hi Mijzelf,
    thank you for your fast reply!
    Yes, I have SSH. Then I will need to try and get DynDNS running on my router. Think it is DS Lite, so not sure if it is configurable. Can the NSA run DynDNS directly? I would start hacking away at my keyboard if I were at home. But sadly I am not right now.

    But I need to be able to connect from different devices like Android SmartPhone or Amazon Fire TV. And preferably not just wiht the browser.
  • Mijzelf
    Mijzelf Posts: 2,598  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Can the NSA run DynDNS directly?
    Sort of. In most cases dyndns providers support an 'auto' mode, the public ip of the calling client is used. So in your NAS you can do something like
    curl https://dyndnsprovider.org?domain=yourdomain&token=somethingsecret
    
    and the IP of yourdomain will be set to the public IP of the NAS. But the NAS doesn't know when that IP changes. Only the router knows. So you should have to run this in a cronjob. Using the router is more efficient.
    But I need to be able to connect from different devices like Android SmartPhone or Amazon Fire TV. And preferably not just wiht the browser.

    In that case it becomes difficult. Installing OpenVPN isn't hard, Entware-ng has a package, and I think FFP will have it too, although the FFP package will be old. You'll need the tun kernel module, which is available in the kernel modules package, which I provided.

    But the real pain is in forwarding. A 'normal' OpenVPN installation is backed by iptables, to be able to NAT requests. But there is no iptables in your NAS, and you can't install it either. So your VPN client would be able to send a request to an outside server, but the response wouldn't get to your client, because your router doesn't know it has to send the answer to the NAS.

    There are some work arounds. You could use a tup device instead of a tun device, and bridge that with the NAS' NIC. In that case the VPN client will get an address from the DHCP server in your router. Technically a mess, and the cleaning up of a connection is hard.

    Another possibility is using SoftEther VPN, which is compatible with OpenVPN, but which does NAT in userland. A statically linked server for Arm EABI is available.



  • AleXSR700
    AleXSR700 Posts: 41  Freshman Member
    SoftEther VPN looks very interesting. Is it easy enough to set up on the NSA325v2 or is it very complicated?
    Or can you just install the service and configure everything remotely with the administration tool?

    Is there a tutorial or something somewhere?
  • Mijzelf
    Mijzelf Posts: 2,598  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    It's a time ago I looked at SoftEther, but as far as I remember the whole thing can be configured by the remote administration. There is a downside on that, last time I checked the administration tool was Windows only, which is a showstopper for me.
  • AleXSR700
    AleXSR700 Posts: 41  Freshman Member
    Luckily I still run a Windows notebook. I found a Youtube video showing the installation on an ARM system. Seems pretty straight forward. As long as the 'make' command works on our NSAs it should be fine.
    Looking forward to when I get back home and can start playing around with it :wink:
  • Mijzelf
    Mijzelf Posts: 2,598  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    As long as the 'make' command works on our NSAs it should be fine.

    Although it's possible to install 'make' on your NAS using FFP, Entware-ng or using the native toolchain, make is no more than an interpreter of make scripts. And depending on that script you might need a full toolchain, script interpreters like python or perl, and various other tools which are available on a full blown Linux distro, but not on a NAS.

    Fortunately SoftEther has precompiled binaries available.

  • AleXSR700
    AleXSR700 Posts: 41  Freshman Member
    edited October 2019
    Ah, I was just trying to install it using the make command and it failed due to lack of make. So I returned here not having received e-mail notification that you had replied.

    Where did you find precompiled binaries? I did not see any on the website and did not find them with Google. :(

    P.S.: I switched the web_prefix file for yours and upgraded to 20181001zypkg015 but I do not see any new packages or update files for the existing ones. Did something go wrong?

    Info on webinterface:
    <div># Official repository <span style="background-color: transparent; color: inherit; font-size: inherit;"><font face="Lato, Helvetica, Arial, sans-serif">ftp://ftp2.zyxel.com/+ ZyXEL</font> </span><span style="background-color: transparent; color: inherit; font-size: inherit; font-family: Lato, Helvetica, Arial, sans-serif;"># German mirror </span><span style="background-color: transparent; color: inherit; font-size: inherit; font-family: Lato, Helvetica, Arial, sans-serif;"># ftp://ftp.zyxel-tech.de/2.new_mirror/+ Mirror </span><span style="background-color: transparent; color: inherit; font-size: inherit; font-family: Lato, Helvetica, Arial, sans-serif;"># German beta server </span><span style="background-color: transparent; color: inherit; font-size: inherit; font-family: Lato, Helvetica, Arial, sans-serif;"># ftp://ftp.zyxel-tech.de/+ Beta </span><span style="background-color: transparent; color: inherit; font-size: inherit; font-family: Lato, Helvetica, Arial, sans-serif;"># Medion server </span><span style="background-color: transparent; color: inherit; font-size: inherit; font-family: Lato, Helvetica, Arial, sans-serif;"># ftp://nas-download:sEhtalr@download.medion.de/ Medion </span><span style="background-color: transparent; color: inherit; font-size: inherit; font-family: Lato, Helvetica, Arial, sans-serif;"># Mijzelf's repository </span><span style="background-color: transparent; color: inherit; font-size: inherit; font-family: Lato, Helvetica, Arial, sans-serif;">http://downloads.zyxel.nas-central.org/Users/Mijzelf/zypkg-repo/ Mijzelf </span><span style="background-color: transparent; color: inherit; font-size: inherit; font-family: Lato, Helvetica, Arial, sans-serif;"># Local repository </span><span style="background-color: transparent; color: inherit; font-size: inherit; font-family: Lato, Helvetica, Arial, sans-serif;">/i-data/md0/admin/MyRepo/ Local</span></div>
  • Mijzelf
    Mijzelf Posts: 2,598  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    You can find the pre-compiled files here: https://www.softether-download.com/en.aspx?product=softether
    You need the Server, for platform Linux, CPU Arm EABI.






  • AleXSR700
    AleXSR700 Posts: 41  Freshman Member
    edited October 2019
    That's where I looked, but when I select VPN Server- Linux - ARMEABI there are 72 files and none of them a precompiled. Or am I going blind?

Consumer Product Help Center