How to install a VPN server on NSA325-v2
Hi everyone!
A few years ago AleXSR700 had a deep discussion with Mijzelf about how to install SoftEther VPN Server on this old but so far reliable machine, the NSA325-v2.
I followed all the posts on that thread but when they start talking about the "compiling" and "tarball" and all other sort of things my knowledge made me stop, I really dont know what that is, my best guess is that compiling is to convert a code that someone wrote, to a executable file that the machine can read and execute..is that it? I dont know, I am a windows user so I am really null with that and that is why I am posting this, to get some clarity on how to do it.
I have reached the part that I need to get a "pre-compiled" version (which I still dont know exactly what it means because in this case Mijzelf told that this is not fully compiled, is something in-between) of the SoftEther which is currently available on the following versions:
SoftEther VPN 4.43 Build 9799 Beta (August 31, 2023)
SoftEther VPN 4.42 Build 9798 RTM (June 30, 2023)
Since one is Beta and the other is RTM I assume that the Beta is still under some tests and the RTM is the one to go for.
So, this being said, how do I compile this in my NSA325-v2 and how do I put it working? Is necessary any port forwarding after?
The goal is the same as AleXSR700, I am away from my country very often and I recurrently need to access some web pages or Android Apps that requires my presence in the country, that control is made using my IP address and for obvious reasons I don´t want to use public free VPN servers (lack of security, slow, unreliable, pricy and the list goes on…) and since this is not a heavy task for the NSA325-v2 I would like to put it online when I need to access those pages or apps.
Thank you for helping out building this tutorial, the goal is to complete the work done by AleXSR700 and Mijzelf a few years ago and translate all that "compile", "tarball" and other words to something non-linux users can understand.
Tomalamix
All Replies
-
I hope that pre-compiled packages are still compatible with the NAS. They are 'linux arm eabi', but I'm not sure if that by definition Armv5. It might be Armv7 either, which has superseded Armv5 as cheap 32 bits platform.
Anyway, can you point me to that thread?
0 -
Hi Mijzelf ! 💪
There are plenty of SoftEther VPN older versions there available so if there is one more suitable for this hardware which one should I go for?
The old thread is this one here:
Thanks!
0 -
So, this being said, how do I compile this in my NSA325-v2 and how do I put it working?
Basically by installing a toolchain and running the make script provided with the SoftEther package. Nowadays I wouldn't use FFP for that, but the native toolchain instead.
That should provide a binary, which can be executed. Can't remember if it automatically daemonizes. (that is, run in background).
Then you can use a Windows tool (also on the SoftEther download page) to configure it remotely.
Is necessary any port forwarding after?
Yes. But I don't know which port, that depends on how the server is configured. It's years ago I looked at SoftEther, but I remember it supported a lot of protocols, among which the OpenVpn protocol. Maybe it also supports Wireguard now, which would be a better choice, as it is cheaper in cpu terms, and so you can get a higher throughput.
Having said that, reading that thread I have the impression that it ends with an instable SoftEther package. That might be fixed by now, depending on what caused it. Also the use of a native toolchain instead of the FFP one can have different effects.
0 -
Yes..right…toolchain and run the script provided with the SoftEther package..It must be that but like I said I'm null in linux :) I know how to write commands on the prompt but I dont have a clue what those commands do.
I understand that is somekind of installation but how do I do it? In windows i double click on a .EXE file or something, here is not like that, I probably need to upload the file to be installed in a specific folder, then I need to use that toolchain app with lots of strings in front of it to make the installation properly into somewhere, and then I need to make it start everytime the NAS is turned on.
I really dont know how to "toolchain it"
The port forwarding and the settings from the windows app probably I can manage, but not messing inside the NSA325 box..
thanks
0 -
A toolchain is no 'app'. It's a collection of compilers, linkers, libraries, header files, … , everything you need to build binary programs from source code.
To get the toolchain running you have to download it from the link I gave you. Put it in the admin directory. Then unpack it
mkdir toolchain cd toolchain tar xf ../toolchain-gcc-4.3.2.txz
Now you have a lot of directories, and a script 'chroot.sh', you can run that:
su sh ./chroot.sh
Now you are in a sort of virtual machine, , until you enter 'exit'. You can still access the contents of the toolchain directory using Samba, or ssh in another terminal. If you put the SoftEther files somewhere in the toolchain directory, and from the chroot run the make script, it should create a binary. This binary is what you need, and doesn't need the toolchain anymore.
On a normal Linux box the toolchain isn't that complicated. The problem is that on the NAS most directories which have to be used to install the toolchain in, are read-only. Hence the chroot.
0 -
Ok, I've downloaded this softether version:
softether-vpnserver-v4.43-9799-beta-2023.08.31-linux-arm_eabi-32bit.tar.gz
And I've downloaded:
toolchain-gcc-4.3.2.txz - there are several other files in the download directory. Should I download the rest of the files too?
Both files uploaded using FTP to the admin folder.
I used telnet to go into the box but I cannot find the admin folder, there are plenty of folders but I dont know how to get into the admin folder. From there I understand i need to run the toolchain.
Thanks!
0 -
Ok, Ive found it, is here:
/etc/zyxel/storage - after is necessary to go inside that directory there, it will redirect you to the HDD volume where you can see all your folders.
I tried the 1st set of commands you gave me but I get an error:
/i-data/910115eb/admin/toolchain $ tar xf ../toolchain-gcc-4.3.2.txz tar: invalid tar magic
0 -
Compression options -a, --auto-compress Use archive suffix to determine the compression program. -I, --use-compress-program=COMMAND Filter data through COMMAND. It must accept the -d option, for decompression. The argument can contain command line options. -j, --bzip2 Filter the archive through bzip2(1). -J, --xz Filter the archive through xz(1). --lzip Filter the archive through lzip(1). --lzma Filter the archive through lzma(1). --lzop Filter the archive through lzop(1). --no-auto-compress Do not use archive suffix to determine the compression program. -z, --gzip, --gunzip, --ungzip Filter the archive through gzip(1).
The extension is txz, so probably xz is used for compression. And the simple tar on the box can't auto-deduct that. So use 'tar Jxf'
0 -
well..i cant unpack this…several combinations and all gives me errors:
/i-data/910115eb/admin/toolchain $ tar Jxf ../toolchain-gcc-4.3.2.txz tar: invalid option -- 'J' BusyBox v1.17.2 (2017-06-23 10:40:08 CST) multi-call binary. Usage: tar -[cxtzjmvO] [-f TARFILE] [-C DIR] [FILE]...
/i-data/910115eb/admin/toolchain $ tar -jxz ../toolchain-gcc-4.3.2.txz tar: invalid magic tar: short read /i-data/910115eb/admin/toolchain $
/i-data/910115eb/admin/toolchain $ tar -jxf ../toolchain-gcc-4.3.2.txz tar: invalid tar magic
/i-data/910115eb/admin/toolchain $ tar jxf ../toolchain-gcc-4.3.2.txz tar: invalid tar magic
I tried several other combinations and none works. I tried the man tar command, it doesnt work, it seems there is some kind of file missing.
The file is ok since i can open it using Winrar, there are a biiiiig quantity of files on it. I would prefer unpack this inside the box instead of unpack it in windows and then upload the all thing. Ive confirmed with winrar that is like you said, TAR+XZ
I dont understand why can I use J (uppercase) or f (lowercase) if those commands apparently doesnt exist within the tar commands list, the x command is the only one there though:
Usage: tar -[cxtzjmvO] [-f TARFILE] [-C DIR] [FILE]...
This is one more reason I dont like linux, nothing is clear, all info is very deep hidden somewhere to be used in a clear way. :)
0 -
instead of unpack it in windows and then upload the all thing.
That wouldn't work. The file contains a Linux root file system, having Posix file permissions and attributes, and symlinks, which is not supported by Windows filesystems. So if you extract it to a Windows filesystem, it cannot be transferred to a working root file system.
Ive confirmed with winrar that is like you said, TAR+XZ
Can you extract the tar file? In that case you can transfer that to the NAS, and extract it with tar. The other option is to use xz directly, if it's available:
cat bigfile.txz | xz -d | tar -x
This 'prints' the txz file to stdout, which is piped through xz which decompresses it, which output is piped through tar, which extracts it. (Oh the beauty of Linux! You can even extract the file without ever having it on local storage.
wget http://domain.com/bigfile.txz -o - | xz -d | tar -x
downloads the file, and pipes the stream through xz and tar.)
I dont understand why can I use J (uppercase) or f (lowercase)
The whole OS of the NAS has to fit in 128MiB. So some sacrifices have to be made. On of them is the use of BusyBox, which bundles the mayor part of the Linux basic tools in one big (or better, small) binary. To keep that binary small not all options of the 'full versions' are implemented.
This is one more reason I dont like linux, nothing is clear,
I dare to disagree. Especially on a pseudo System V box like the NAS everything is clear. The whole boot process is inside readable scripts. So you can find out how it boots by just downloading a firmware update file, extract it and read the scripts. (This way I opened up my NSA220, which didn't have shell access)
But I agree that there is no GUI which offers (a subset of) all options of the underlying tools. So the learning curve is steeper, but in the end you can do things which are completely impossible on a GUI.
I tried the man tar command, it doesnt work, it seems there is some kind of file missing.
Yeah, part of the 128MiB problem. plus that the firmware was originally not intended to give shell access. I am surprised that the 'man' command is implemented. Anyway, I always google 'man tar'. A web page reads easier than a console page.
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 144 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 237 USG FLEX H Series
- 267 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.3K Consumer Product
- 247 Service & License
- 384 News and Release
- 83 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight