Openvpn
With the released OpenVPN Package, it is possible to use the NAS as an OpenVPN Server.
First we have to install the openvpn package from Tobias' repository:
opkg update
opkg install luci-app-openvpn
Then we need to edit /etc/config/openvpn
and we put the following lines in it
config 'openvpn' 'custom_config'
option 'enabled' '0'
option 'config' '/etc/openvpn/server.conf'
option 'enable' '1'
Now create the file /etc/openvpn/server.conf
and you can put your custom Server config there.
At least you have to forward your listen port on your router and then you can start the openvpn server by clicking the start button in the webinterface at services/openvpn in the custom_config line
Here is a example for the Server config. I use tap, because its pretty simple and easy to use. It add the client as an extended user in the network. And another nice feature is you can access your NAS services from outside. As example you can reach your samba sharings from friends, work, ...
I use port 443 for connection port between server and client. I used it because, sometimes in public wifis or other network outside, they block some ports. 443 is the port for https connection, and you can expect that this port will be open. First you have to forward the port in your router.
At first you have to generate a pre shared key for authentification. In SSH run:
openvpn --genkey --secret /etc/openvpn/auth.key
This auth.key have to be on server side and on the client which wants to connect to the server.
Now edit your server.conf
and past the following lines
dev tap0
port 443
proto udp
secret /etc/openvpn/auth.key
ping-timer-rem
keepalive 10 120
persist-key
verb 3
mute 50
Now you have to setup a bridge between eth0 and tap0 to simply connect the traffic between the normal lan interface and the "virtual tap0" interface. Run the following command in ssh:
openvpn --mktun --dev tap
Now in your WebInterface go to Network -> Edit
Then go to physical setting and check Bridge interfaces and tap0.
Then hit Save and apply.
Now tap0 is constant opened. If you want that tap0 will be opened everytime you start your NAS (in case of reboot):
cd /etc/init.d
cp mdadm mktun
nano mktun
Now replace the line after start with the following line:
/usr/sbin/openvpn --mktun -dev tap
save it and exit nano
And at least run the command:
/etc/init.d/mktun enable
Now you're done on the server side.
Client Config where is the wan ip of your local DSL. You can use no-ip.org to set up a dyndns. is the ip of your router. In most cases the 192.168.1.1 or something like that. :
remote <SERVER-IP>
port 443
dev tap
secret auth.key
proto udp
route-gateway <LOCAL-ROUTER-IP>
redirect-gateway
keepalive 10 120
explicit-exit-notify 2
That's all, now you can connect to the server :)
-daschacka