NETGEAR ReadyNAS

[kraney]

This howto will list the steps necessary to set up a pptp server on a ReadyNAS Duo. PPtP makes a nice choice, because OSX natively supports connecting to PPtP VPNs. I think windows does also, but don't have personal experience with it.

This howto guide was developed against RAIDiator 4.1.6. It may work with older versions, possibly with minor modifications.

First, set up a dev environment using the instructions at http://www.readynas.com/?p=145

Next, you'll need to install and set up the necessary software

1. In FrontView, create a new group named "dip" (this is needed by the ppp package that pptpd relies on.)
2. execute

   Code: Select all

   apt-get install pptpd

3. edit /etc/pptpd.conf, and set up definitions for localip and remoteip. These will need to have appropriate values for your network. There are examples in the default config file. You basically want to pick IP addresses that are within your subnet, but not used by DHCP or by computers in your network. If your local net is 192.168.0.0, you might choose something like
   

   Code: Select all

   localip 192.168.0.2
remoteip 192.168.0.3-50


4. optionally, turn on bcrelay in pptpd.conf
5. edit /etc/ppp/chap-secrets, and add a username and password for a VPN user
6. edit /etc/sysctl.conf and add
   

   Code: Select all

   net.ipv4.ip_forward 1

   
   This will tell the ReadyNAS to route your VPN client's traffic out to the rest of your network. This change will take effect on your next boot. You can go ahead and turn on routing without needing to reboot by running
   

   Code: Select all

   echo 1 >> /proc/sys/net/ipv4/ip_forward

Finally, you'll need to build the PPP kernel modules. This howto assumes you'll be building the kernel modules directly on the NAS device. You can also cross-compile on a different box, but I'll leave that explanation to other guides.

1. Download the Linux kernel posted at http://www.readynas.com/gpl
2. run

   Code: Select all

   apt-get install libncurses5-dev

   (needed to run menuconfig when setting up the kernel)
3. cd to the linux kernel directory, and run

   Code: Select all

   cp arch/padre/defconfig .config

4. There is a hardcoded cross-compile setup in the kernel build, which needs to be fixed. Edit arch/padre/Makefile, and replace the line that starts with "CROSS_COMPILE" with one like this
   

   Code: Select all

   CROSS_COMPILE ?=

5. run

   Code: Select all

   make menuconfig

6. Navigate to the "Network Device Support -> PPP (point-to-point protocol support)" page
7. enable "PPP" by pressing "M" to mark it as a module
8. also enable MPPE compression and async serial support.
9. enable ppp filtering by pressing the space bar (it isn't a module, so 'M' doesn't work.)
10. save the configuration and run
    

    Code: Select all

    make modules
cp drivers/net/{ppp_async,ppp_mppe,ppp_generic,slhc}.ko /lib/modules/2.6.17.8ReadyNAS/kernel/drivers/net/
mkdir /lib/modules/2.6.17.8ReadyNAS/kernel/crypto
cp crypto/{sha1,arc4}.ko /lib/modules/2.6.17.8ReadyNAS/kernel/crypto/
depmod -a


At this point, you should be able to connect from your VPN client, using the username and password you added to /etc/ppp/chap-secrets. The kernel will automatically load the new modules when they're needed.

If you run into trouble, check /var/log/syslog on the ReadyNAS for error messages.

[drey]

Finally, you'll need to build the PPP kernel modules. This howto assumes you'll be building the kernel modules directly on the NAS device. You can also cross-compile on a different box, but I'll leave that explanation to other guides.

1. Download the Linux kernel posted at http://www.readynas.com/gpl
2. run

   Code: Select all

   apt-get install libncurses5-dev

   (needed to run menuconfig when setting up the kernel)
3. cd to the linux kernel directory, and run

   Code: Select all

   cp arch/padre/defconfig .config

4. There is a hardcoded cross-compile setup in the kernel build, which needs to be fixed. Edit arch/padre/Makefile, and replace the line that starts with "CROSS_COMPILE" with one like this
   

   Code: Select all

   CROSS_COMPILE ?=

5. run

   Code: Select all

   make menuconfig

6. Navigate to the "Network Device Support -> PPP (point-to-point protocol support)" page
7. enable "PPP" by pressing "M" to mark it as a module
8. also enable MPPE compression and async serial support.
9. enable ppp filtering by pressing the space bar (it isn't a module, so 'M' doesn't work.)
10. save the configuration and run
    

    Code: Select all

    make modules
cp drivers/net/{ppp_async,ppp_mppe,ppp_generic,slhc}.ko /lib/modules/2.6.17.8ReadyNAS/kernel/drivers/net/
mkdir /lib/modules/2.6.17.8ReadyNAS/kernel/crypto
cp crypto/{sha1,arc4}.ko /lib/modules/2.6.17.8ReadyNAS/kernel/crypto/
depmod -a


At this point, you should be able to connect from your VPN client, using the username and password you added to /etc/ppp/chap-secrets. The kernel will automatically load the new modules when they're needed.

If you run into trouble, check /var/log/syslog on the ReadyNAS for error messages.

You lost me there on Step 3. Where is arch/padre/Makefile?

[sesam]

Any chance of getting the ppp.o binary from someone who has it already?

[kraney]

You lost me there on Step 3. Where is arch/padre/Makefile?

It's a subdirectory inside the linux kernel source. It's the linux-2.6.17 directory within the source distribution.

[kraney]

Any chance of getting the ppp.o binary from someone who has it already?

There is no ppp.o binary. There are a total of 6 kernel modules that are built. In drivers/net, there are:

• ppp_async.ko
• ppp_mppe.ko
• ppp_generic.ko
• slhc.ko

and in drivers/crypto, there are:

• sha1.ko
• arc4.ko

I could potentially upload them here, but I don't see any way to add attachments. I don't want to get in the business of mailing out files one user at a time.

[sesam]

No attachments here, no. I can take the emailing of files to people, if you send them to me. I'm simon.bohlin and I'm a user of gmail.

(Actually I've just contacted readynasfreeware.org admin (user "Who Cares?" on this forum) to try to get the files there, but I guess that'll take a while before anything happens.)

[sesam]

Ok, I've got the files that should go in /lib/modules/2.6.17.8ReadyNAS/kernel/ in folder drivers/net and crypto.

I've done installation (apt-get install pptpd) and edited files /etc/pptpd.conf /etc/ppp/chat-secrets

Doing modprobe ppp gives error: can't find module ppp
I'm temporarily solving this with (below is typed from memory, exact ordering or correct spelling is not guaranteed):
cd /lib/modules/2.6.17.8ReadyNAS/kernel/crypto && insmod sha1.ko && insmod arc4.ko
cd /lib/modules/2.6.17.8ReadyNAS/kernel/drivers/net && insmod slhc.ko && insmod ppp_generic.ko && insmod ppp_mppe.ko && insmod ppp_async.ko

Aftet that a test connection WORKS! I did a connection from a win XP computer running outside the firewall and using a different ip net (otherwise XP complains of loopback).
Though by unchecking use default gateway in IPv4 advanced settings on the XP box, the tunneling stops as well.
Next step now is to figure out how to get XP and pptp to tunnel only the stuff I want tunneled.

So basically working, but not done yet.
And if anyone needs the ppp*.ko files etc, look here (attachments, near the bottom): http://sites.google.com/site/chromiumdev/pptp

[kraney]

Doing modprobe ppp gives error: can't find module ppp
I'm temporarily solving this with (below is typed from memory, exact ordering or correct spelling is not guaranteed):
cd /lib/modules/2.6.17.8ReadyNAS/kernel/crypto && insmod sha1.ko && insmod arc4.ko
cd /lib/modules/2.6.17.8ReadyNAS/kernel/drivers/net && insmod slhc.ko && insmod ppp_generic.ko && insmod ppp_mppe.ko && insmod ppp_async.ko

There's no module named literally ppp. I believe the correct way to force load the modules would be with

Code: Select all

modprobe -v ppp_generic


although I didn't find that to be necessary at all. The modules just load automatically when you try to connect via pptp.

If you're finding it necessary to use insmod directly, my guess is maybe you forgot to run

Code: Select all

depmod -a


[efalsken]

Before commenting on the ppp module compilation above, please indicate which firmware revision and processor (Sparc or x86) you are using.

I can't figure out how to compile the ppp module. I realize that we have to download the kernel from Netgear's GPL page, but it has to be the one specific to our model and firmware revision. This is a lot of trouble. And it appears that the x86 version 4.2.9 (latest stable) is corrupted. (unable to extract fully on my ReadyNAS or Windows machines) Are there any other solutions?

When I type "apt-get install ppp", it says it is already installed. But when I try to connect via pptp, this appears in my syslog:

Code: Select all

May  4 23:22:50 BigBoy pppd[3357]: This system lacks kernel support for PPP.  This could be because the PPP kernel module could not be loaded, or because PPP was not included in the kernel configuration.  If PPP was included as a module, try `/sbin/modprobe -v ppp'.  If that fails, check that ppp.o exists in /lib/modules/`uname -r`/net. See README.linux file in the ppp distribution for more details.
May  4 23:22:50 BigBoy pptpd[3355]: GRE: read(fd=6,buffer=8058640,len=8196) from PTY failed: status = -1 error = Input/output error, usually caused by unexpected termination of pppd, check option syntax and pppd logs
May  4 23:22:50 BigBoy pptpd[3355]: CTRL: PTY read or GRE write failed (pty,gre)=(6,7)
May  4 23:22:50 BigBoy pptpd[3355]: CTRL: Reaping child PPP[3357]


[kraney]

An earlier post provides a link to a place where you can download precompiled kernel modules. These were compiled from 2.6.17.8, for a ReadyNAS duo.

And if anyone needs the ppp*.ko files etc, look here (attachments, near the bottom): http://sites.google.com/site/chromiumdev/pptp

I'm sympathetic, you're right it's a lot of trouble to download and compile the kernel. I'd like to create a prepackaged add-on, but haven't had time to learn how yet.

[efalsken]

Edit 9/9/2012: Updated so all the instructions are up-to-date and in one place.

Be sure to download the GPL code and extract it onto your /c/ filesystem. There's not enough space to extract everything into the root filesystem, and its a good way to kill your ReadyNAS.

Code: Select all

mkdir /c/devel
cd /c/devel
wget http://.......
mkdir (downloaded filename without zip)
unzip (downloaded file) -d (dir you just created)


after downloading the firmware run these command:

Code: Select all

apt-get update
apt-get install build-essential
apt-get install lzma
apt-get install libncurses5-dev
apt-get install nano    <- because I'm no good with vi to edit files.

then pre-compile the current kernel

Code: Select all

cd (unzip dir)/kernel/(kernel version)
cp defconfig.smp linux-(kernel version)/.config     <--For x86_64 systems only!
cp defconfig.up linux-(kernel version)/.config     <--For all others?
cd linux-(kernel version)
make clean

Then this is where you run the 'make menuconfig' command. (Note that you do not need to fix the "Cross Compile" configuration or copy any config files when doing this on an x86-based ReadyNAS.) The PPP options will be under Device Drivers -> Network Device Support -> PPP Support. Be sure to select

Code: Select all

Device Drivers
  Network device support
    <M> PPP Support
      [*] PPP Filtering
      <M> PPP Support for async serial ports
      <M> PPP Support for tty ports
      <M> PPP Deflate compression
      <M> PPP BSD-Compress compression
      <M> PPP MPPE compression
      <M> PPP over Ethernet
Cryptographic API
  <M> Deflate compression algorithm       <- It's at the very bottom
  <M> Zlib compression algorithm
  <M> LZO compression algorithm


Press 'esc, esc' a few times to exit out until it prompts you to save. (yes) Then:

Code: Select all

make modules
make modules_install

That should install the modules. If it doesn't, then you can install them manually:

Code: Select all

cp drivers/net/*.ko /lib/modules/(kernel folder x86_64)/kernel/drivers/net/
depmod -a     <- no output indicates a success
modprobe ppp_generic     <- no output means everything worked!

Now follow the instructions, as above, to install the PPP service: viewtopic.php?f=35&t=33132&p=232929#p182215
Once you've done all that and used to start it up, if it still isn't working or doesn't work as expected, here're some extra commands to figure out exactly what might be going wrong.

Code: Select all

tail -n30 /var/log/syslog
dmesg

If you see a problem in the logfile "unable to open /dev/ppp", then this command will help you:

Code: Select all

mknod /dev/ppp c 108 0

If, every time after rebooting, you still have a problem with the /dev/ppp not existing, then you can add this to your /etc/init.d/pptpd file:

Code: Select all

case "$1" in
  start)
    echo -n "Starting PPTP Daemon: "
    if [ ! -c /dev/ppp ]; then mknod /dev/ppp c 108 0; fi
    start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON \
        -- < /dev/null > /dev/null
    echo "pptpd."
    ;;

And once you get a user CONNECTED to the VPN, here's a WONDERFUL troubleshooting guide to getting traffic flowing correctly over your new VPN: http://poptop.sourceforge.net/dox/diagn ... ding.phtml
As I sit here, my iPhone is able to browse everything on my local ReadyNAS via the cellular connection.

[TeknoJnky]

thanks, I will have to try this soon.

[efalsken]

Of course, I'm never happy unless I can have the latest. So I downloaded the Raidiator/Frontview 4.2.11 update. Here are a few additions to the above procedure. To start with:

Code: Select all

apt-get update
apt-get install build-essential
apt-get install lzma

as above, but you also need to copy the crc_ccitt.ko kernel module after the 'make all':

Code: Select all

mkdir /lib/modules/2.6.33.4.RNx86_64.2.1/kernel/drivers/lib
cp lib/crc-ccitt.ko /lib/modules/2.6.33.4.RNx86_64.2.1/kernel/drivers/lib
-- copy the other modules
depmod -a
/etc/init.d/pptpd restart
-- try connecting to your new PPTP server

Commands that I've found useful while debugging:

Code: Select all

tail -n30 /var/log/syslog
dmesg

And once you get a user CONNECTED to the VPN, here's a WONDERFUL troubleshooting guide to getting traffic flowing correctly over your new VPN: http://poptop.sourceforge.net/dox/diagn ... ding.phtml

[efalsken]

On my ReadyNAS, there are a number of folders in my /lib/modules folder with lots of kernel names. To find your currently active kernel, run this command:

Code: Select all

uname -a

[mfe_]

hello,

i did the descried steps in the first post. compiling worked also fine. but when im trying to login via windows pptp client i get this error on the readynas:

fes-a120d19nas:~# tail /var/log/syslog
Dec 2 23:36:35 fes-a120d19nas pppd[6341]: rcvd [LCP ConfReq id=0x8 <mru 1400> <magic 0x6e8c2f47> <pcomp> <accomp> <callback CBCP>]
Dec 2 23:36:35 fes-a120d19nas pppd[6341]: sent [LCP ConfRej id=0x8 <callback CBCP>]
Dec 2 23:36:37 fes-a120d19nas pppd[6341]: LCP: timeout sending Config-Requests
Dec 2 23:36:37 fes-a120d19nas pppd[6341]: Connection terminated.
Dec 2 23:36:37 fes-a120d19nas pppd[6341]: using channel 14
Dec 2 23:36:38 fes-a120d19nas pppd[6341]: Using interface ppp0
Dec 2 23:36:38 fes-a120d19nas pppd[6341]: Connect: ppp0 <--> /dev/pts/1
Dec 2 23:36:38 fes-a120d19nas pppd[6341]: sent [LCP ConfReq id=0x2 <asyncmap 0x0> <auth chap MS-v2> <magic 0x46330144> <pcomp> <accomp>]
Dec 2 23:36:38 fes-a120d19nas pppd[6341]: sent [LCP TermReq id=0x3]
Dec 2 23:36:38 fes-a120d19nas pppd[6341]: tcflush failed: Bad file descriptor
fes-a120d19nas:~# tail /var/log/syslog
Dec 2 23:36:38 fes-a120d19nas pppd[6341]: sent [LCP ConfReq id=0x2 <asyncmap 0x0> <auth chap MS-v2> <magic 0x46330144> <pcomp> <accomp>]
Dec 2 23:36:38 fes-a120d19nas pppd[6341]: sent [LCP TermReq id=0x3]
Dec 2 23:36:38 fes-a120d19nas pppd[6341]: tcflush failed: Bad file descriptor
Dec 2 23:36:38 fes-a120d19nas pppd[6341]: tcsetattr: Invalid argument (line 1010)
Dec 2 23:36:38 fes-a120d19nas pppd[6341]: Exit.
Dec 2 23:36:38 fes-a120d19nas pptpd[6340]: GRE: read(fd=4,buffer=250c8,len=8196) from PTY failed: status = -1 error = Input/output error, usually caused by unexpected termination of pppd, check option syntax and pppd logs
Dec 2 23:36:38 fes-a120d19nas pptpd[6340]: CTRL: PTY read or GRE write failed (pty,gre)=(4,5)
Dec 2 23:36:38 fes-a120d19nas pptpd[6340]: CTRL: Reaping child PPP[6341]
Dec 2 23:36:38 fes-a120d19nas pptpd[6340]: CTRL: Client 46.124.23.100 control connection finished
Dec 2 23:36:38 fes-a120d19nas pptpd[6340]: CTRL: Couldn't write packet to client.
fes-a120d19nas:~# tail /var/log/syslog
Dec 2 23:36:38 fes-a120d19nas pppd[6341]: sent [LCP ConfReq id=0x2 <asyncmap 0x0> <auth chap MS-v2> <magic 0x46330144> <pcomp> <accomp>]
Dec 2 23:36:38 fes-a120d19nas pppd[6341]: sent [LCP TermReq id=0x3]
Dec 2 23:36:38 fes-a120d19nas pppd[6341]: tcflush failed: Bad file descriptor
Dec 2 23:36:38 fes-a120d19nas pppd[6341]: tcsetattr: Invalid argument (line 1010)
Dec 2 23:36:38 fes-a120d19nas pppd[6341]: Exit.
Dec 2 23:36:38 fes-a120d19nas pptpd[6340]: GRE: read(fd=4,buffer=250c8,len=8196) from PTY failed: status = -1 error = Input/output error, usually caused by unexpected termination of pppd, check option syntax and pppd logs
Dec 2 23:36:38 fes-a120d19nas pptpd[6340]: CTRL: PTY read or GRE write failed (pty,gre)=(4,5)
Dec 2 23:36:38 fes-a120d19nas pptpd[6340]: CTRL: Reaping child PPP[6341]
Dec 2 23:36:38 fes-a120d19nas pptpd[6340]: CTRL: Client 46.124.23.100 control connection finished
Dec 2 23:36:38 fes-a120d19nas pptpd[6340]: CTRL: Couldn't write packet to client.

Is this issuse a config failure?

greetings