« Back to all recent discussions

Is it possible to use NSA325v2 as VPN server?

AleXSR700AleXSR700 Posts: 8  Junior Member
edited October 7 in Discussions
Hello everyone,
I am currently still running two NSA325v2 and although they are older models I hope some here still love them the way I do :)

I am currently abroad for work and would like to be able to access German website the way I could from home. Geocaching etc. is making a few sites unavailable to me.
Is it possible to somehow have my NSA325 act as a VPN server only I can connect to and use to access the internet as though I were in Germany?
Right now I have to use VPN services which are either expensive or slow. Since I have all the equipment and a fast internet connection at home, this would be a great fix.

Can someone help me? FFP is of course installed.


#NAS_Oct_2019

Comments

  • MijzelfMijzelf Posts: 784  Heroic Warrior Member
    If you have FFP, I guess you also have ssh. Then you can easily use a SOCKS proxy for in your browser.
    Connect to the NAS with
    ssh -D8080 [email protected]<your-domain-or-ip>
    and configure your browser to use a SOCKS proxy on localhost:8080
  • AleXSR700AleXSR700 Posts: 8  Junior Member
    edited October 6
    Hi Mijzelf,
    thank you for your fast reply!
    Yes, I have SSH. Then I will need to try and get DynDNS running on my router. Think it is DS Lite, so not sure if it is configurable. Can the NSA run DynDNS directly? I would start hacking away at my keyboard if I were at home. But sadly I am not right now.

    But I need to be able to connect from different devices like Android SmartPhone or Amazon Fire TV. And preferably not just wiht the browser.
  • MijzelfMijzelf Posts: 784  Heroic Warrior Member
    Can the NSA run DynDNS directly?
    Sort of. In most cases dyndns providers support an 'auto' mode, the public ip of the calling client is used. So in your NAS you can do something like
    curl https://dyndnsprovider.org?domain=yourdomain&token=somethingsecret
    
    and the IP of yourdomain will be set to the public IP of the NAS. But the NAS doesn't know when that IP changes. Only the router knows. So you should have to run this in a cronjob. Using the router is more efficient.
    But I need to be able to connect from different devices like Android SmartPhone or Amazon Fire TV. And preferably not just wiht the browser.

    In that case it becomes difficult. Installing OpenVPN isn't hard, Entware-ng has a package, and I think FFP will have it too, although the FFP package will be old. You'll need the tun kernel module, which is available in the kernel modules package, which I provided.

    But the real pain is in forwarding. A 'normal' OpenVPN installation is backed by iptables, to be able to NAT requests. But there is no iptables in your NAS, and you can't install it either. So your VPN client would be able to send a request to an outside server, but the response wouldn't get to your client, because your router doesn't know it has to send the answer to the NAS.

    There are some work arounds. You could use a tup device instead of a tun device, and bridge that with the NAS' NIC. In that case the VPN client will get an address from the DHCP server in your router. Technically a mess, and the cleaning up of a connection is hard.

    Another possibility is using SoftEther VPN, which is compatible with OpenVPN, but which does NAT in userland. A statically linked server for Arm EABI is available.



  • AleXSR700AleXSR700 Posts: 8  Junior Member
    SoftEther VPN looks very interesting. Is it easy enough to set up on the NSA325v2 or is it very complicated?
    Or can you just install the service and configure everything remotely with the administration tool?

    Is there a tutorial or something somewhere?
  • MijzelfMijzelf Posts: 784  Heroic Warrior Member
    It's a time ago I looked at SoftEther, but as far as I remember the whole thing can be configured by the remote administration. There is a downside on that, last time I checked the administration tool was Windows only, which is a showstopper for me.
  • AleXSR700AleXSR700 Posts: 8  Junior Member
    Luckily I still run a Windows notebook. I found a Youtube video showing the installation on an ARM system. Seems pretty straight forward. As long as the 'make' command works on our NSAs it should be fine.
    Looking forward to when I get back home and can start playing around with it :wink:
  • MijzelfMijzelf Posts: 784  Heroic Warrior Member
    As long as the 'make' command works on our NSAs it should be fine.

    Although it's possible to install 'make' on your NAS using FFP, Entware-ng or using the native toolchain, make is no more than an interpreter of make scripts. And depending on that script you might need a full toolchain, script interpreters like python or perl, and various other tools which are available on a full blown Linux distro, but not on a NAS.

    Fortunately SoftEther has precompiled binaries available.

  • AleXSR700AleXSR700 Posts: 8  Junior Member
    edited October 15
    Ah, I was just trying to install it using the make command and it failed due to lack of make. So I returned here not having received e-mail notification that you had replied.

    Where did you find precompiled binaries? I did not see any on the website and did not find them with Google. :(

    P.S.: I switched the web_prefix file for yours and upgraded to 20181001zypkg015 but I do not see any new packages or update files for the existing ones. Did something go wrong?

    Info on webinterface:
    # Official repository
    ftp://ftp2.zyxel.com/+ ZyXEL
    # German mirror
    # ftp://ftp.zyxel-tech.de/2.new_mirror/+ Mirror
    # German beta server
    # ftp://ftp.zyxel-tech.de/+ Beta
    # Medion server
    # ftp://nas-download:[email protected]/ Medion
    # Mijzelf's repository
    http://downloads.zyxel.nas-central.org/Users/Mijzelf/zypkg-repo/ Mijzelf
    # Local repository
    /i-data/md0/admin/MyRepo/ Local

  • MijzelfMijzelf Posts: 784  Heroic Warrior Member
    You can find the pre-compiled files here: https://www.softether-download.com/en.aspx?product=softether
    You need the Server, for platform Linux, CPU Arm EABI.






  • AleXSR700AleXSR700 Posts: 8  Junior Member
    edited October 17
    That's where I looked, but when I select VPN Server- Linux - ARMEABI there are 72 files and none of them a precompiled. Or am I going blind?
  • MijzelfMijzelf Posts: 784  Heroic Warrior Member
    OK, the packages contain something different than I expected. But they are precompiled. They are only not yet linked. Don't know why it's done this way. Maybe something with licenses.

    Anyway, I think the native toolchain I pointed to can do the linking for you.
  • AleXSR700AleXSR700 Posts: 8  Junior Member
    edited October 17
    You mean create a symlink or what kind of linking to you mean?

    Can I install the native toolchain with MetaRepository somehow? I copied the file to my NAS but not quite sure how to get it up and running and what to do once it is installed.

    Also, the Softether Linux files include a vpnserver.a but not actually the vpnserver app. Or am I mistaken. Not sure it will work without a make. Has anyone actually ever had it up and running on a Zyxel NAS?
  • MijzelfMijzelf Posts: 784  Heroic Warrior Member
    You mean create a symlink or what kind of linking to you mean?

    The sourcecode contains of c or c++ or rust or whatever text files. The compiler compiles them to object files, containing binary machine code. Those object are linked to an executable, or library or whatever.  https://en.wikipedia.org/wiki/Linker_(computing)

    The pre-compiled package seems to contain something between the objects and the executable. I think the objects are linked to a bunch of static libraries, and those can be linked to an executable.

    Can I install the native toolchain with MetaRepository somehow? I copied the file to my NAS but not quite sure how to get it up and running and what to do once it is installed.
    No, you'll have to extract the tarball.
    tar xf toolchainxyz.tgz
    That provides you a Linux tree, containing bin, lib, etc and stuff, which you can chroot using the provided chroot script. Inside the chroot you can use make.
    So make sure your extracted VPN package is somewhere within the chroot, the home directory is fine.

  • AleXSR700AleXSR700 Posts: 8  Junior Member
    edited October 19
    I sucessfully compiled it and will give it a go later. Let's see how far I'll get :-)
Sign In or Register to comment.