How to install a VPN server on NSA325-v2
All Replies
-
mmm…no, i am not familiar with that. How can I setup that?
0 -
If you have ssh access, connect to the box using
ssh -D8080 user@nas
then a local SOCKS proxy is running on port 8080. Then configure your browser to use it. In Firefox that is in Menu→Settings→Network→Settings→ Manual proxy configuration→SOCKS Host: localhost Port: 8080.
As long as the ssh session is open, the browser will pipe it's request through it. When you close the session, the browser will complain the proxy is denying access.
0 -
i confirm that i have ssh, it is here.
So, I need to leave the command prompt window open while I use the SOCKS. When I close it it will shutdown the SSH connection, is that it? Or do I need to run some other command to put everything back to original state?
0 -
Closing the ssh client, or closing the command prompt in which it's running is enough to close the local SOCKS proxy endpoint. To revert the behaviour of the browser you'll have to disable the proxy in the settings.
0 -
Ok, I've tested and it is working. On firefox is pretty straight forward, the socks options is just there but usually I use Opera portable since I take it in my Usb drive and use this everywhere, but there is no proxy/socks config page on this browser version. I installed Proxy switcher extension, put all 0.0.0.0 for http ftp etc etc and fill the direct connection field with the "localhost" and port 8080 socksv5.
I connected from another IP address, different from where the NAS is connected, and all worked well, i checked my IP online and it was the NAS network IP instead of my connection IP so I think all is working as expected.
While I was doing this I decided to go to your Tweak page on the NSA and I found lots of connections and I think something is not working as safe as it should:
Active connections
Local
Remote
Daemon
localnasIP:9090
94.62.10.8:61901
2575/dservice
localnasIP:4256
104.16.155.36:443
11587/sshd
localnasIP:5157
34.160.63.134:443
11587/sshd
localnasIP:22
143.244.138.33:36570
4136/sshd
localnasIP:22
143.244.138.33:38718
5985/sshd
localnasIP:22
my 2nd external IP:46316
11587/sshd
localnasIP:5222
34.110.253.203:443
11587/sshd
localnasIP:9090
152.110.156.49:54909
2575/dservice
localnasIP:22
143.244.138.33:49458
16058/sshd
localnasIP:4423
172.67.69.80:443
11587/sshd
localnasIP:443
my external IP:1025
11831/httpd
localnasIP:5257
104.16.154.36:443
11587/sshd
All the rest I dont know what it is except the dservice, I think is related with a file Im trying to download with a torrent, the strange thing is that a LOOOOT of sshd connections is coming in and it was not me
0 -
Actually the list is changing a lot, is a lot less unknown IP addresses coming up, the list now is only 1 IP adddress connected or trying to connect to sshd because it stays there just for a few moments then go away, then come back and go away until it doesnt show up again.
Is this actually someone running computers scanning know ports all over the world? Im in Portugal and that IP is from India…there is no relation with my ISP.
If this is the case I would like to know if I can transfer SSH server port to another port, like I did on the 443.
0 -
there is no proxy/socks config page on this browser version.
Opera is Chromium, isn't it? Chromium has a commandline switch:
a LOOOOT of sshd connections is coming in and it was not me
The connections with port 22 locally are incoming. And yes, in your list I think 143.244.138.33 is knocking on the ports. The sshd connections with another port are your forwarded proxy requests.
There is no harm in using the port translation in your router to change port 22 to something else. And yes, I think you can also change port 22 on the box itself. For that you'll have to edit the sshd startscript in /usr/local/zy-pkgs/etc/. Beware that you don't exclude yourself.
0 -
I confirm that the Opera have that available..another shady stuff that should be visible for the regular user like me in the settings of Opera :)
I will explore that settings with Opera later then.
About the port translation I think I will leave it like this for now, this will be on only when I want to use some particular websites while I am abroad and after I shutdown the NSA.
Well, for now I have to thank you for all the help and ask for a final thought about this NSA325. Is there any other firmware, besides the OpenWRT, that I could put here to extend the life of this hardware? It is a pitty to let it die because of the lack of updated firmware, I feel that it still has a strong hardware for the small demands of today, maybe in the future I will actually need the VPN working after all and the hardware is there but not the software and I feel that it is a shame.
You look like an experienced guy with this kind of equipment so your thoughts about this are very valuable.
Thank you again!
0 -
Is there any other firmware, besides the OpenWRT, that I could put here to extend the life of this hardware?
Yes. The NSA325 has upstream Linux support, which means it's supported in the vanilla kernel, which means you can basically run any Distro which support Armv5. If you know how to install it.
For Debian you can find instructions here:
Note: this is an enterprise level server OS, which can run fine on a NSA325. But out of the box there is no GUI. It possible to install OpenMediaVault on top of Debian, but I don't know how snappy the webinterface will be.
0 -
Hi Mijzelf!
Im sending this message just to thank you again! And to let other users to know that is all good!
All is working just fine, I am 8000km from home but I am able to send a Wake On Lan signal to the NSA325 ( i had to configure the router for the magic packet pass through), after waiting a few minutes I can login into my NSA, do everything I need there, download what I need and use the SSH from my local computer like you taught me. The only thing that is not super is the connection speed between the the points, despite the NSA can send 1 or 1.5Mb/s but here I can't get higher then 200kb/s. That is not a big issue, my major needs are all covered!
For now going to another firmware is a bit overkill for my needs, besides I will take a long time to set-up the machine to be working 100% because I am completly green with those firmwares and the way to use them, and in the end I think the CPU will not be enough for all the demands, or do you think that it will be up to the pace? And the process is safe for my data in the HDD? Im afraid of lossing data during the process or not be able to access the HDD afterwards.
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 147 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight