How to install a VPN server on NSA325-v2

13

All Replies

  • Tomalamix
    Tomalamix Posts: 54  Ally Member
    First Comment Friend Collector Second Anniversary

    mmm…no, i am not familiar with that. How can I setup that?

  • Mijzelf
    Mijzelf Posts: 2,763  Guru Member
    250 Answers 2500 Comments Friend Collector Seventh Anniversary

    If you have ssh access, connect to the box using

    ssh -D8080 user@nas
    

    then a local SOCKS proxy is running on port 8080. Then configure your browser to use it. In Firefox that is in Menu→Settings→Network→Settings→ Manual proxy configuration→SOCKS Host: localhost Port: 8080.

    As long as the ssh session is open, the browser will pipe it's request through it. When you close the session, the browser will complain the proxy is denying access.

  • Tomalamix
    Tomalamix Posts: 54  Ally Member
    First Comment Friend Collector Second Anniversary

    i confirm that i have ssh, it is here.

    So, I need to leave the command prompt window open while I use the SOCKS. When I close it it will shutdown the SSH connection, is that it? Or do I need to run some other command to put everything back to original state?

  • Mijzelf
    Mijzelf Posts: 2,763  Guru Member
    250 Answers 2500 Comments Friend Collector Seventh Anniversary

    Closing the ssh client, or closing the command prompt in which it's running is enough to close the local SOCKS proxy endpoint. To revert the behaviour of the browser you'll have to disable the proxy in the settings.

  • Tomalamix
    Tomalamix Posts: 54  Ally Member
    First Comment Friend Collector Second Anniversary

    Ok, I've tested and it is working. On firefox is pretty straight forward, the socks options is just there but usually I use Opera portable since I take it in my Usb drive and use this everywhere, but there is no proxy/socks config page on this browser version. I installed Proxy switcher extension, put all 0.0.0.0 for http ftp etc etc and fill the direct connection field with the "localhost" and port 8080 socksv5.

    I connected from another IP address, different from where the NAS is connected, and all worked well, i checked my IP online and it was the NAS network IP instead of my connection IP so I think all is working as expected.

    While I was doing this I decided to go to your Tweak page on the NSA and I found lots of connections and I think something is not working as safe as it should:

    Active connections

    Local

    Remote

    Daemon

    localnasIP:9090

    94.62.10.8:61901

    2575/dservice

    localnasIP:4256

    104.16.155.36:443

    11587/sshd

    localnasIP:5157

    34.160.63.134:443

    11587/sshd

    localnasIP:22

    143.244.138.33:36570

    4136/sshd

    localnasIP:22

    143.244.138.33:38718

    5985/sshd

    localnasIP:22

    my 2nd external IP:46316

    11587/sshd

    localnasIP:5222

    34.110.253.203:443

    11587/sshd

    localnasIP:9090

    152.110.156.49:54909

    2575/dservice

    localnasIP:22

    143.244.138.33:49458

    16058/sshd

    localnasIP:4423

    172.67.69.80:443

    11587/sshd

    localnasIP:443

    my external IP:1025

    11831/httpd

    localnasIP:5257

    104.16.154.36:443

    11587/sshd

    All the rest I dont know what it is except the dservice, I think is related with a file Im trying to download with a torrent, the strange thing is that a LOOOOT of sshd connections is coming in and it was not me

  • Tomalamix
    Tomalamix Posts: 54  Ally Member
    First Comment Friend Collector Second Anniversary

    Actually the list is changing a lot, is a lot less unknown IP addresses coming up, the list now is only 1 IP adddress connected or trying to connect to sshd because it stays there just for a few moments then go away, then come back and go away until it doesnt show up again.

    Is this actually someone running computers scanning know ports all over the world? Im in Portugal and that IP is from India…there is no relation with my ISP.

    If this is the case I would like to know if I can transfer SSH server port to another port, like I did on the 443.

  • Mijzelf
    Mijzelf Posts: 2,763  Guru Member
    250 Answers 2500 Comments Friend Collector Seventh Anniversary

    there is no proxy/socks config page on this browser version.

    Opera is Chromium, isn't it? Chromium has a commandline switch: https://www.chromium.org/developers/design-documents/network-stack/socks-proxy/

    a LOOOOT of sshd connections is coming in and it was not me

    The connections with port 22 locally are incoming. And yes, in your list I think 143.244.138.33 is knocking on the ports. The sshd connections with another port are your forwarded proxy requests.

    There is no harm in using the port translation in your router to change port 22 to something else. And yes, I think you can also change port 22 on the box itself. For that you'll have to edit the sshd startscript in /usr/local/zy-pkgs/etc/. Beware that you don't exclude yourself.

  • Tomalamix
    Tomalamix Posts: 54  Ally Member
    First Comment Friend Collector Second Anniversary

    I confirm that the Opera have that available..another shady stuff that should be visible for the regular user like me in the settings of Opera :)

    I will explore that settings with Opera later then.

    About the port translation I think I will leave it like this for now, this will be on only when I want to use some particular websites while I am abroad and after I shutdown the NSA.

    Well, for now I have to thank you for all the help and ask for a final thought about this NSA325. Is there any other firmware, besides the OpenWRT, that I could put here to extend the life of this hardware? It is a pitty to let it die because of the lack of updated firmware, I feel that it still has a strong hardware for the small demands of today, maybe in the future I will actually need the VPN working after all and the hardware is there but not the software and I feel that it is a shame.

    You look like an experienced guy with this kind of equipment so your thoughts about this are very valuable.

    Thank you again!

  • Mijzelf
    Mijzelf Posts: 2,763  Guru Member
    250 Answers 2500 Comments Friend Collector Seventh Anniversary

    Is there any other firmware, besides the OpenWRT, that I could put here to extend the life of this hardware?

    Yes. The NSA325 has upstream Linux support, which means it's supported in the vanilla kernel, which means you can basically run any Distro which support Armv5. If you know how to install it.

    For Debian you can find instructions here: https://forum.doozan.com/read.php?2,12096

    Note: this is an enterprise level server OS, which can run fine on a NSA325. But out of the box there is no GUI. It possible to install OpenMediaVault on top of Debian, but I don't know how snappy the webinterface will be.

  • Tomalamix
    Tomalamix Posts: 54  Ally Member
    First Comment Friend Collector Second Anniversary

    Hi Mijzelf!

    Im sending this message just to thank you again! And to let other users to know that is all good!

    All is working just fine, I am 8000km from home but I am able to send a Wake On Lan signal to the NSA325 ( i had to configure the router for the magic packet pass through), after waiting a few minutes I can login into my NSA, do everything I need there, download what I need and use the SSH from my local computer like you taught me. The only thing that is not super is the connection speed between the the points, despite the NSA can send 1 or 1.5Mb/s but here I can't get higher then 200kb/s. That is not a big issue, my major needs are all covered!

    For now going to another firmware is a bit overkill for my needs, besides I will take a long time to set-up the machine to be working 100% because I am completly green with those firmwares and the way to use them, and in the end I think the CPU will not be enough for all the demands, or do you think that it will be up to the pace? And the process is safe for my data in the HDD? Im afraid of lossing data during the process or not be able to access the HDD afterwards.

Consumer Product Help Center