NETGEAR ReadyNAS

[flysurfing]

Will it be possible to get an integrated VPN in the ReadyNas ?

Thanks

[super-poussin]

did not try but perhaps you can using ssh and the apt-get addon

apt-get install openvpn
apt-get install liblzo1 (if you want data compression)
apt-get install openssl (if not installed)

Create your vpn certificate :

cd /usr/share/doc/openvpn/examples/easy-rsa/
vi vars
export KEY_COUNTRY=FR
export KEY_PROVINCE=France
export KEY_CITY=YE
export KEY_ORG="Duo-Poussin"
export KEY_EMAIL="poussin@poussin.fr"
wq!

. ./vars
./clean-all
gunzip openssl.cnf.gz
./build-ca
./build-key-server MyVPNServer

Create Client Key

cd /usr/share/doc/openvpn/examples/easy-rsa/
# . ./vars
# ./build-key Client01

Create Diffie Helman

./build-dh

Copy the keys in the right location

cp ./keys/ca.crt /etc/openvpn/
cp ./keys/ca.key /etc/openvpn/
cp ./keys/MyVPNServer.crt /etc/openvpn/
cp ./keys/MyVPNServer.key /etc/openvpn/
cp ./keys/dh1024.pem /etc/openvpn/

Create a limited user for OpenVPN

groupadd openvpn
useradd -d /dev/null -g openvpn -s /bin/false openvpn

Configure the server using on of the template

cd /usr/share/doc/openvpn/examples/sample-config-files/
gunzip server.conf.gz
cp server.conf /etc/openvpn/

in the server.conf customize the parameter regarding your network

;Port the openvpn will listen to
;port 1194

;Protocole used (udp is more secured than tcp)
proto udp

;Create Virtual Interface
dev tun

;Authentication files
ca ca.crt
cert MyVPNServer.crt
key MyVPNServer.key
dh dh1024.pem

;Virtual Network @ (server is 10.8.0.1)
server 10.8.0.0 255.255.255.0

;add route to the client
push "route 192.168.0.0 255.255.255.0"

;DNS and WINS parameters for the client
push "dhcp-option DNS 192.168.0.2"
push "dhcp-option DOMAIN MonDomaine.com"
push "dhcp-option WINS 192.168.0.3"

# Allow client to see them each-other (if uncomment)
;client-to-client

keepalive 10 120

;Activate compression
comp-lzo

;Processus will use
user openvpn
group openvpn

;Connection is always up
persist-key
persist-tun

status openvpn-status.log

;Log level (from 1 to 9)
verb 1

launch vpn-server

/etc/init.d/openvpn restart

See the log

tail -100 /var/log/syslog

check process is runing :

ps aux | grep openvpn

check interface

ifconfig
...
tun0 Lien encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet adr:10.8.0.1 P-t-P:10.8.0.2 Masque:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:100
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

ping 10.8.0.1


Now you server is up you can now configure your client

hope it helps

This procedure is given as is , and was not tested on Readynas so take care

[super-poussin]

reported as working by one user

[Japex]

What is this procedure?

I would like to have my NV+ with a mapped drive trought the Internet.

Is it possible?

JapeX

[super-poussin]

if you have a vpn client and you apply this procedure yes

you can also buy a ssl312 for example it's more simple and user friendly

[Alyosha]

Thanks! Works for me as well. (ReadyNAS Duo)

[dengar]

Don't forget about WebDAV - the simplest way to make a mapped drive over the web that is secure.

http://www.readynas.com/?p=126

[sanchrts]

Don't forget about WebDAV - the simplest way to make a mapped drive over the web that is secure.

Can anyone else comment on the relative security of webDAV as opposed to SSH? I have read so many posts on SSH, using certificates instead of passwords for SSH, issues with webDAV...it's all very confusing!

thanks in advance
Raf

[dbott67]

Have a look at this new add-on:

http://www.readynas.com/?p=1435

SSH, WebDAV and ReadyNAS ReadyNAS Remote are only as strong as the weakest link (in may cases, it's the password). Using SSH with keys (rather than by password) makes brute-force hacking virtually impossible, but does require configuring your router to forward port 22 to the NAS.

WebDAV offers a much more familiar interface (i.e. Windows Explorer or Finder in OSX) and is easy-to-use (just drag & drop). In addition to forwarding ports on the router, you are also limited to username/password authentication.

Both methods can be difficult for inexperienced users to setup, as it may require additional levels of service such as Dynamic DNS.

ReadyNAS remote makes it easy to setup and configure and does not require any router configuration. You can try out it out by installing the latest beta firmware on your NAS and installing the client on your computer.

-Dave

[sanchrts]

Thanks for pointing out ReadyNAS Remote. I was very interested in this add-on (white-labelled product from Leaf Networks) until I read the following on ReadyNAS's page:

...with ReadyNAS Remote, you simply drag & drop files with File Explorer or Finder over CIFS/SMB...

I am on a Mac and use AFP exclusively as my protocol for accessing files over my filesystem so it looks like this product is not ideal for users on Macs?

[super-poussin]

you have a mac client

[sanchrts]

Yes I understand there is a Mac client ...my issue/question is that the client apparently uses Samba/CIFS to transfer data rather than AFP (the protocol I require).

Also, since this a thread on VPNs, can anyone comment on the security of accessing a ReadyNAS using this client? In the beta discussion forum for this application yoh-dah mentions that the connection is brokered through the cloud by Leaf Networks' servers and that the data transfer is encrypted but I am looking for some documentation to support this?

[yoh-dah]

Thanks for pointing out ReadyNAS Remote. I was very interested in this add-on (white-labelled product from Leaf Networks) until I read the following on ReadyNAS's page:

...with ReadyNAS Remote, you simply drag & drop files with File Explorer or Finder over CIFS/SMB...

I am on a Mac and use AFP exclusively as my protocol for accessing files over my filesystem so it looks like this product is not ideal for users on Macs?

We'll have remote AFP support in the future.

[sanchrts]

We'll have remote AFP support in the future.

Thanks for confirming that yoh-dah...whilst I'm not sure exactly what the downsides are to me using SMB/CIFS with Macs when using ReadyNAS Remote, I would prefer to stick to the same protocol when accessing my files remotely as when I access them locally (i.e. AFP) to avoid any possible issues.

[Nemo7777]

Hi there,
can you explain where I can take 'openvpn' and 'openssl' and 'liblzo1' software for RND DUO? Where I can download it?