Category Archives: NAS

Robert 21:27 on May 17, 2015
Tags: , , , ppp, pppd, ppptp, pptpd, vpn   

Install PPTP server (VPN) on NAS (and OPENWRT router)

Configuration for NAS

Tip: Configuration examples can be found in the /etc/ directory.
A typical configuration may look like:

/etc/pptpd.conf
# See man pptpd.conf to get more information about this file
# pppd options file. By default, /etc/ppp/options is used
option /etc/ppp/options.pptpd
# Server IP in local network
localip 192.168.1.2
# IP address ranges used to assign IPs to new connecting clients
# Here we define two ranges for our 192.168.1.* subnet: 234-238 and 245
remoteip 192.168.1.234-238,192.168.1.244

Now create the pppd options file, in our example this is /etc/ppp/options.pptpd:

/etc/ppp/options.pptpd
# Read man pppd to see the full list of available options
# The name of the local system for authentication purposes
name pptpd
# Refuse PAP, CHAP or MS-CHAP connections but accept connections with
# MS-CHAPv2 or MPPE with 128-bit encryption
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
require-mppe-128
# Add entry to the ARP system table
arp
# For the serial device to ensure exclusive access to the device
lock
# Disable BSD-Compress and Van Jacobson TCP/IP header compression
nobsdcomp
novj
novjccomp
# Disable file logging
nolog
# DNS servers for Microsoft Windows clients. Using Google's public servers here
ms-dns 8.8.8.8
ms-dns 8.8.4.4

Note: Ensure that empty line at the end of the file exists to prevent possible parsing issues.
Now create credentials file for authenticating users:

/etc/ppp/chap-secrets
# <username> <server name> <password> <ip addresses>
user2 pptpd 123 *

Now you can be authenticated with user2 as username and 123 for password.

Create a sysctl configuration file /etc/sysctl.d/30-ipforward.conf and enable kernel packet forwarding that allow connecting clients to have access to your subnet :

/etc/sysctl.conf
net.ipv4.ip_forward=1

Now apply changes to let the sysctl configuration take effect:

# sysctl --system

Iptables firewall configuration
Configure your iptables settings to enable access for PPTP Clients

# Accept all packets via ppp* interfaces (for example, ppp0)
iptables -A INPUT -i ppp+ -j ACCEPT
iptables -A OUTPUT -o ppp+ -j ACCEPT

# Accept incoming connections to port 1723 (PPTP)
iptables -A INPUT -p tcp --dport 1723 -j ACCEPT

# Accept GRE packets
iptables -A INPUT -p 47 -j ACCEPT
iptables -A OUTPUT -p 47 -j ACCEPT

# Enable IP forwarding
iptables -F FORWARD
iptables -A FORWARD -j ACCEPT

# Enable NAT for eth0 и ppp* interfaces
iptables -A POSTROUTING -t nat -o eth0 -j MASQUERADE
iptables -A POSTROUTING -t nat -o ppp+ -j MASQUERADE

Now save the new iptables rules with:
# iptables-save > /etc/iptables/iptables.rules

Start the server

Now you can start and enable your PPTP Server using pptpd.service.

 

For OpenWRT:

  1. Install dependencies: 
    opkg install pptpd kmod-mppe
  2. Start Service 
    /etc/init.d/pptpd enable
/etc/init.d/pptpd start
  3. The next steps are the same as for the NAS installation (tutorial above), the only difference is that the config files are located in /etc/ppt/ folder.

#linux, #nas, #openwrt, #ppp, #pppd, #ppptp, #pptpd, #vpn

Robert 22:33 on May 16, 2015
Tags: ffp, ffp 0.7, , , torrent, transmission   

Install Transmission P2P client on DNS320/DNS323 with FFP 0.7

This article explains how to install a Transmission peer-2-peer client on a DNS-325.

Transmission client on a DNS-325 is very interesting for different aspects :

  • Usually, a NAS is running 7/7 – 24/24
  • Transmission is fully Web controlled
  • It is using very less RAM
  • It is very light on CPU power
  • It is offering lots of parameters (ports limitation, speed throttle, …)
  • So, with this setup, you will be able to serve 24h/24 your latest Linux distributions torrents from home without any computer on.

As a pre-requisite, you must have installed Fun_plug 0.7 and declared Slacker repositories following DNS 325 – Fun_plug 0.7 : Extend your NAS possibilities.

This procedure should also be compatible with a DNS-320, which is running the same system with less memory and less processor power.

1. Install the packages

First thing to do is to connect to your NAS thru SSH. All following commands are issued from the NAS prompt.

At the same time as Transmission, you need to install CURL package, a command line tool for transferring data with URL syntax.

Installation is done via stacker :

# slacker -a

Within slacker, you need to select the following packages :

kylek:Transmission-2.52 +
s:curl-7.21 +

Once packages selected, press Enter to install.

2. Create the Execution Environment

For Transmission running environment, we have to create 2 directories :

– one for the downloaded files, which will be available thru a samba share
– one for the transmission database

This is done with the following commands :

# mkdir /mnt/HD/HD_a2/torrent
# chown -R nobody /mnt/HD/HD_a2/torrent
# mkdir /ffp/var/transmission
# mkdir /ffp/var/transmission/incomplete
# chown -R nobody /ffp/var/transmission

These directories have to be declared in the transmission configuration

# mc -e /ffp/start/transmission.sh
/ffp/start/transmission.sh
...
TRANSMISSION_HOME=/ffp/var/transmission
...

3. First launch

To create the transmission configuration file /ffp/var/transmission/settings.json, you have to manually launch the client a first time with the appropriate environment.

This first launch command will set :

– the username and password to be used to connect thru the web user interface
– the directory /mnt/HD/HD_a2/torrent where completed torrents will be stored
– the network mask allowed to connect thru the web interface (here 127.0.0.1 & 192.168.x.x)

# su nobody -c "transmission-daemon -f -g /ffp/var/transmission -w /mnt/HD/HD_a2/torrent -t -u username -v password -a 127.0.0.1,192.168.*.*"
[18:46:11.233] Transmission 2.52 (13309) started (session.c:718)
[18:46:11.233] RPC Server Adding address to whitelist: 127.0.0.1 (rpc-server.c:803)
[18:46:11.233] RPC Server Adding address to whitelist: 192.168.*.* (rpc-server.c:803)
[18:46:11.233] RPC Server Serving RPC and Web requests on port 127.0.0.1:9091/transmission/ (rpc-server.c:997)
[18:46:11.233] RPC Server Whitelist enabled (rpc-server.c:1001)
[18:46:11.233] RPC Server Password required (rpc-server.c:1004)
[18:46:11.234] UDP Failed to set receive buffer: requested 4194304, got 217088 (tr-udp.c:75)
[18:46:11.234] UDP Please add the line "net.core.rmem_max = 4194304" to /etc/sysctl.conf (tr-udp.c:80)
[18:46:11.234] UDP Failed to set send buffer: requested 1048576, got 217088 (tr-udp.c:86)
[18:46:11.234] UDP Please add the line "net.core.wmem_max = 1048576" to /etc/sysctl.conf (tr-udp.c:91)
[18:46:11.234] DHT Generating new id (tr-dht.c:309)
[18:46:11.234] Using settings from "/ffp/var/transmission" (daemon.c:488)
[18:46:11.235] Saved "/ffp/var/transmission/settings.json" (bencode.c:1731)
[18:46:11.235] transmission-daemon requiring authentication (daemon.c:508)
[18:46:11.235] Port Forwarding (NAT-PMP) initnatpmp succeeded (0) (natpmp.c:72)
[18:46:11.235] Port Forwarding (NAT-PMP) sendpublicaddressrequest succeeded (2) (natpmp.c:72)
[18:46:11.235] Port Forwarding (UPnP) Found Internet Gateway Device "http://192.168.x.x:5555/ctl/IPConn" (upnp.c:202)
[18:46:11.235] Port Forwarding (UPnP) Local Address is "192.168.x.x" (upnp.c:204)
[18:46:11.236] Port Forwarding (UPnP) Port forwarding through "http://192.168.x.x:5555/ctl/IPConn", service "urn:schemas-upnp-org:service:WANIPConnection:1". (local address: 192.168.x.x:51413) (upnp.c:279)
[18:46:11.236] Port Forwarding (UPnP) Port forwarding successful! (upnp.c:282)
[18:46:11.236] Port Forwarding Forwarded (port-forwarding.c:93)

You can stop the process by pressing CTRL+C.

4. Configuration of settings.json

The configuration file /ffp/var/transmission/settings.json has been created and can be modified.

# nano /ffp/var/transmission/settings.json
/ffp/var/transmission/settings.json
...
"incomplete-dir": "/ffp/var/transmission/incomplete",
"incomplete-dir-enabled": true,
...
"peer-port": 11000,
"peer-port-random-high": 11999,
"peer-port-random-low": 11001,
...
"rpc-enabled": true, 
"rpc-password": "password", 
"rpc-port": 9091, 
"rpc-url": "/transmission/", 
"rpc-username": "username", 
"rpc-whitelist-enabled": false,
...

Once modified, you need to apply back the access right, to enable the transmission start at boot. You can also start the daemon.

# chown -R nobody /ffp/var/transmission
# chmod a+x /ffp/start/transmission.sh
# /ffp/start/transmission.sh start

5. Router Port Forwarding

As Transmission client has been configure to use port 11000 to 11999, you now need to setup your home router port forwarding for this TCP range.

So, on your home router you need to configure port forwarding as follow :

protocol : TCP
port range : 11000 – 11999
Address : your DNS-325 IP address on the LAN

Once this is done, you just need to connect at http://YourNasIpAddress:9091/.

6. Access thru a Reverse Prxy

If your DNS 325 is not directly accessible from internet, you can configure your Apache 2 web server to act as a reverse prxy to forward all the traffic from an Internet URL to your DNS 325 transmission client inside your LAN.

To configure the reverse prxy, you just need to declare the following lines in your Apache 2 virtual host :

/path/to/apache/configuration/file
PrxyRequests Off
<Prxy *>
Order deny,allow
Allow from all
</Prxy>
# DNS-325 - Transmission reverse prxy
PrxyPass /transmission/ http://192.168.x.x:9091/transmission/
PrxyPassReverse /transmission/ http://192.168.x.x:9091/transmission/

where 192.168.x.x is the LAN address of your DNS-325.

After an Apache 2 restart, you will be able to access your DSN-325 transmission client from :

http://your.site.name/transmission/web/ if your host is a standard HTTP host
https://your.site.name/transmission/web/ if your host is a SSL one

It is obviously advised to use a SSL reverse prxy !

Done

Your torrents are waiting for you …

#ffp, #ffp-0-7, #linux, #nas, #torrent, #transmission