Integrated VPN ?

Please post all that you want from a ReadyNAS here. Nothing guaranteed, but we'll certainly do our best if you make a good case for it.

Integrated VPN ?

Postby flysurfing » Tue Apr 08, 2008 12:01 am

Will it be possible to get an integrated VPN in the ReadyNas ?

Thanks
flysurfing
ReadyNAS Newbie
 
Posts: 20
Joined: Mon Mar 31, 2008 4:38 am

Re: Integrated VPN ?

Postby super-poussin » Tue Apr 08, 2008 1:17 am

did not try but perhaps you can using ssh and the apt-get addon

apt-get install openvpn
apt-get install liblzo1 (if you want data compression)
apt-get install openssl (if not installed)


Create your vpn certificate :
cd /usr/share/doc/openvpn/examples/easy-rsa/
vi vars
export KEY_COUNTRY=FR
export KEY_PROVINCE=France
export KEY_CITY=YE
export KEY_ORG="Duo-Poussin"
export KEY_EMAIL="poussin@poussin.fr"
wq!


. ./vars
./clean-all
gunzip openssl.cnf.gz
./build-ca
./build-key-server MyVPNServer


Create Client Key
cd /usr/share/doc/openvpn/examples/easy-rsa/
# . ./vars
# ./build-key Client01



Create Diffie Helman
./build-dh


Copy the keys in the right location
cp ./keys/ca.crt /etc/openvpn/
cp ./keys/ca.key /etc/openvpn/
cp ./keys/MyVPNServer.crt /etc/openvpn/
cp ./keys/MyVPNServer.key /etc/openvpn/
cp ./keys/dh1024.pem /etc/openvpn/


Create a limited user for OpenVPN
groupadd openvpn
useradd -d /dev/null -g openvpn -s /bin/false openvpn


Configure the server using on of the template
cd /usr/share/doc/openvpn/examples/sample-config-files/
gunzip server.conf.gz
cp server.conf /etc/openvpn/


in the server.conf customize the parameter regarding your network
;Port the openvpn will listen to
;port 1194

;Protocole used (udp is more secured than tcp)
proto udp

;Create Virtual Interface
dev tun

;Authentication files
ca ca.crt
cert MyVPNServer.crt
key MyVPNServer.key
dh dh1024.pem

;Virtual Network @ (server is 10.8.0.1)
server 10.8.0.0 255.255.255.0

;add route to the client
push "route 192.168.0.0 255.255.255.0"

;DNS and WINS parameters for the client
push "dhcp-option DNS 192.168.0.2"
push "dhcp-option DOMAIN MonDomaine.com"
push "dhcp-option WINS 192.168.0.3"

# Allow client to see them each-other (if uncomment)
;client-to-client

keepalive 10 120

;Activate compression
comp-lzo

;Processus will use
user openvpn
group openvpn

;Connection is always up
persist-key
persist-tun

status openvpn-status.log

;Log level (from 1 to 9)
verb 1



launch vpn-server
/etc/init.d/openvpn restart


See the log
tail -100 /var/log/syslog


check process is runing :
ps aux | grep openvpn


check interface
ifconfig
...
tun0 Lien encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet adr:10.8.0.1 P-t-P:10.8.0.2 Masque:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:100
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)



ping 10.8.0.1


Now you server is up you can now configure your client

hope it helps

This procedure is given as is , and was not tested on Readynas so take care
If you like my add-ons - Si vous aimez mes add-ons :
EN/US:Image --- -------- FR: Image or Paypal @mail: readynas@orange.fr
Where I'm teaching
4B Perros
User avatar
super-poussin
ReadyNAS Add-ons Expert
 
Posts: 5190
Joined: Fri Jul 13, 2007 1:16 pm
Location: PG
ReadyNAS: RN516

Re: Integrated VPN ?

Postby super-poussin » Sun Feb 15, 2009 2:18 pm

reported as working by one user :)
If you like my add-ons - Si vous aimez mes add-ons :
EN/US:Image --- -------- FR: Image or Paypal @mail: readynas@orange.fr
Where I'm teaching
4B Perros
User avatar
super-poussin
ReadyNAS Add-ons Expert
 
Posts: 5190
Joined: Fri Jul 13, 2007 1:16 pm
Location: PG
ReadyNAS: RN516

Re: Integrated VPN ?

Postby Japex » Tue Feb 17, 2009 11:17 am

What is this procedure?

I would like to have my NV+ with a mapped drive trought the Internet.

Is it possible?

JapeX
NAS 1: ReadyNAS Duo: 1024 MB RAM : 2 x 750 GB Seagate : Raidiator 4.1.6
NAS 2: ReadyNAS NV+ RND-4250 : 1024 MB RAM : 4 x 750 GB Seagate : 4.1.4
Router: Linksys WRT-600N Dual Band Gigabit Wireless a/b/g/n
Japex
ReadyNAS Newbie
 
Posts: 16
Joined: Wed Oct 15, 2008 8:45 am
Location: Sao Paulo - Brazil
ReadyNAS: NV+

Re: Integrated VPN ?

Postby super-poussin » Tue Feb 17, 2009 11:57 am

if you have a vpn client and you apply this procedure yes

you can also buy a ssl312 for example it's more simple and user friendly
If you like my add-ons - Si vous aimez mes add-ons :
EN/US:Image --- -------- FR: Image or Paypal @mail: readynas@orange.fr
Where I'm teaching
4B Perros
User avatar
super-poussin
ReadyNAS Add-ons Expert
 
Posts: 5190
Joined: Fri Jul 13, 2007 1:16 pm
Location: PG
ReadyNAS: RN516

Re: Integrated VPN ?

Postby Alyosha » Tue Mar 10, 2009 5:29 am

Thanks! Works for me as well. (ReadyNAS Duo)
Alyosha
ReadyNAS Newbie
 
Posts: 20
Joined: Wed Feb 04, 2009 6:49 am

Re: Integrated VPN ?

Postby dengar » Thu Mar 12, 2009 6:33 pm

Don't forget about WebDAV - the simplest way to make a mapped drive over the web that is secure.

http://www.readynas.com/?p=126
User avatar
dengar
Jedi Council Alumni
 
Posts: 167
Joined: Wed Nov 05, 2008 7:35 pm
Location: San Jose, CA
ReadyNAS: Pro

Re: Integrated VPN ?

Postby sanchrts » Tue Apr 07, 2009 9:28 am

Don't forget about WebDAV - the simplest way to make a mapped drive over the web that is secure.


Can anyone else comment on the relative security of webDAV as opposed to SSH? I have read so many posts on SSH, using certificates instead of passwords for SSH, issues with webDAV...it's all very confusing!

thanks in advance
Raf
User avatar
sanchrts
ReadyNAS User
 
Posts: 83
Joined: Wed Oct 12, 2005 6:57 am
Location: Hong Kong
ReadyNAS: NVX

Re: Integrated VPN ?

Postby dbott67 » Tue Apr 07, 2009 10:18 am

Have a look at this new add-on:

http://www.readynas.com/?p=1435

SSH, WebDAV and ReadyNAS ReadyNAS Remote are only as strong as the weakest link (in may cases, it's the password). Using SSH with keys (rather than by password) makes brute-force hacking virtually impossible, but does require configuring your router to forward port 22 to the NAS.

WebDAV offers a much more familiar interface (i.e. Windows Explorer or Finder in OSX) and is easy-to-use (just drag & drop). In addition to forwarding ports on the router, you are also limited to username/password authentication.

Both methods can be difficult for inexperienced users to setup, as it may require additional levels of service such as Dynamic DNS.

ReadyNAS remote makes it easy to setup and configure and does not require any router configuration. You can try out it out by installing the latest beta firmware on your NAS and installing the client on your computer.

-Dave
User avatar
dbott67
ReadyNAS Fanatic
 
Posts: 8528
Joined: Mon Dec 31, 2007 9:20 am
Location: District 9
ReadyNAS: Pro

Re: Integrated VPN ?

Postby sanchrts » Tue Apr 07, 2009 6:41 pm

Thanks for pointing out ReadyNAS Remote. I was very interested in this add-on (white-labelled product from Leaf Networks) until I read the following on ReadyNAS's page:
...with ReadyNAS Remote, you simply drag & drop files with File Explorer or Finder over CIFS/SMB...


I am on a Mac and use AFP exclusively as my protocol for accessing files over my filesystem so it looks like this product is not ideal for users on Macs?
User avatar
sanchrts
ReadyNAS User
 
Posts: 83
Joined: Wed Oct 12, 2005 6:57 am
Location: Hong Kong
ReadyNAS: NVX

Re: Integrated VPN ?

Postby super-poussin » Tue Apr 07, 2009 10:27 pm

you have a mac client :)
If you like my add-ons - Si vous aimez mes add-ons :
EN/US:Image --- -------- FR: Image or Paypal @mail: readynas@orange.fr
Where I'm teaching
4B Perros
User avatar
super-poussin
ReadyNAS Add-ons Expert
 
Posts: 5190
Joined: Fri Jul 13, 2007 1:16 pm
Location: PG
ReadyNAS: RN516

Re: Integrated VPN ?

Postby sanchrts » Tue Apr 07, 2009 10:36 pm

Yes I understand there is a Mac client :D ...my issue/question is that the client apparently uses Samba/CIFS to transfer data rather than AFP (the protocol I require).

Also, since this a thread on VPNs, can anyone comment on the security of accessing a ReadyNAS using this client? In the beta discussion forum for this application yoh-dah mentions that the connection is brokered through the cloud by Leaf Networks' servers and that the data transfer is encrypted but I am looking for some documentation to support this?
User avatar
sanchrts
ReadyNAS User
 
Posts: 83
Joined: Wed Oct 12, 2005 6:57 am
Location: Hong Kong
ReadyNAS: NVX

Re: Integrated VPN ?

Postby yoh-dah » Wed Apr 08, 2009 7:48 am

sanchrts wrote:Thanks for pointing out ReadyNAS Remote. I was very interested in this add-on (white-labelled product from Leaf Networks) until I read the following on ReadyNAS's page:
...with ReadyNAS Remote, you simply drag & drop files with File Explorer or Finder over CIFS/SMB...


I am on a Mac and use AFP exclusively as my protocol for accessing files over my filesystem so it looks like this product is not ideal for users on Macs?

We'll have remote AFP support in the future.
User avatar
yoh-dah
Jedi Council Alumni
 
Posts: 13688
Joined: Fri Nov 19, 2004 1:21 am
Location: Borah-Borah
ReadyNAS: Pro

Re: Integrated VPN ?

Postby sanchrts » Wed Apr 08, 2009 8:33 am

yoh-dah wrote:We'll have remote AFP support in the future.

Thanks for confirming that yoh-dah...whilst I'm not sure exactly what the downsides are to me using SMB/CIFS with Macs when using ReadyNAS Remote, I would prefer to stick to the same protocol when accessing my files remotely as when I access them locally (i.e. AFP) to avoid any possible issues.
User avatar
sanchrts
ReadyNAS User
 
Posts: 83
Joined: Wed Oct 12, 2005 6:57 am
Location: Hong Kong
ReadyNAS: NVX

Re: Integrated VPN ?

Postby Nemo7777 » Sun Jul 12, 2009 12:02 pm

Hi there,
can you explain where I can take 'openvpn' and 'openssl' and 'liblzo1' software for RND DUO? Where I can download it?
Nemo7777
ReadyNAS Newbie
 
Posts: 27
Joined: Tue Jun 02, 2009 6:28 am
ReadyNAS: Duo

Next

Return to Feature Request



Who is online

Users browsing this forum: No registered users and 2 guests