http://www.geekfreely.com/2015/12/howto-openvpn-installation-guide-for.html
Otherwise, continue...
In this post I intend to describe the steps required for securing your NAS4Free server so that all external communication with it is conducted via VPN. To achieve this we are going to setup OpenVPN on the NAS4Free server and configure it to use a VPN service, which there are many to choose from.
I actually retrieved most of the information from the following sites:
http://forums.nas4free.org/viewtopic.php?f=47&t=3872
http://tblog.myriad.ca/?p=138
http://lifehacker.com/5967007/turn-your-freenas-box-into-the-ultimate-anonymous-downloading-machine
http://forums.nas4free.org/viewtopic.php?f=47&t=3872
http://tblog.myriad.ca/?p=138
http://lifehacker.com/5967007/turn-your-freenas-box-into-the-ultimate-anonymous-downloading-machine
While this site contains information regarding bittorrents, please note I do not necessarily agree with the opinions of any external site I link to, and I do not condone, or conduct illegal downloading.
Important Notes:
- This was conducted on a FULL NAS4Free installation, not embedded.
- Change /mnt/Data to your own storage location
- Change 192.168.0.* to your NAS4Free IP address
- Some of the directories may already exists from previous HOWTOs
mkdir Extensions
cd Extensions
mkdir var
mkdir usr
mkdir tmp
INSTALLING OPENVPN
Set the temporary directory for the packages, as well as the site to fetch packages from (if you are installing onto a 32 bit system change “amd64″ to “i386″):
setenv PKG_TMPDIR /mnt/Data/Extensions/tmp/
setenv PACKAGESITE "http://ftp6.us.freebsd.org/pub/FreeBSD-Archive/ports/amd64/packages-9.0-release/Latest/"
Install OpenVPN:
pkg_add -rv openvpn
Move openvpn file so it does not get executed every time when system is being started, otherwise your boot process will get stopped and you will be asked for a username/password. NAS4Free executes all the files inside "rc.d" folder on startup.
mv /usr/local/etc/rc.d/openvpn /usr/local/etc/openvpn/
Install Certificates and .ovpn files.
mkdir /usr/local/etc/openvpn
Download your certificates *.crt as well as *.ovpn , rename them to *.crt->openvpn.crt and *.ovpn->openvpn.conf copy them using WinSCP to /usr/local/etc/openvpn/
Once copied edit the openvpn.conf and you should see something like that:
client
dev tun
proto udp
remote 11.170.97.173 443 # - Your server IP and OpenVPN Port
resolv-retry infinite
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ca openvpn.crt
auth-user-pass
comp-lzo
verb 3
Add the following line to openvpn.conf, so passwords aren't stored in memory:
auth-nocache Don't use auth-nocache, as renegotiation after timeout will fail.
Just make sure after "ca" there is openvpn.crt, also check the 2nd line if you have got dev tun or dev tap
Test OpenVPN connection:
/usr/local/etc/openvpn/openvpn onestart /usr/local/etc/openvpn/openvpn.conf
Download the following torrent to make sure your legal torrents are downloaded privately:
http://torguard.net/checkmytorrentipaddress.php
Edit rc.conf to enable OpenVPN. Open up your NAS' web interface and head to System > Advanced > rc.conf and add the following variables:P
openvpn_enable with a value of YES
openvpn_if with a value of tun or tap depending on the contents of openvpn.conf
Now we need to make it autostart, so back to SSH:
pkg_add -r expect
nano /usr/local/etc/openvpn/autosignon
In the file just insert:
#!/usr/local/bin/expect -f
set force_conservative 0
spawn /usr/local/etc/openvpn/openvpn start /usr/local/etc/openvpn/openvpn.conf
match_max 100000
expect -exact "Enter Auth Username:"
send -- "YOUR USERNAME!\r"
expect -exact "Enter Auth Password:"
send -- "YOUR PASSWORD!\r"
expect eof
Save your changes and make that script executable by running the following command:
chmod +x autosignon
AUTOSTART OPENVPN
In NAS4Free webGUI, navigate to: “System|Advanced|Command scripts” and insert the following start-up command (PreInit):
/usr/local/etc/openvpn/autosignon
CONFIGURE FIREWALL
So this is a bit hit or miss for me, I almost feel like I am having to restart my NAS4Free box before I see the changes from the firewall applied. My VPN provider doesn't have a list anymore for which IPs they assign, so I just have to kinda guess. The purpose of the firewall is to provide detection if the event of the VPN service going down, and by protection we mean - no external connection.
Move openvpn file so it does not get executed every time when system is being started, otherwise your boot process will get stopped and you will be asked for a username/password. NAS4Free executes all the files inside "rc.d" folder on startup.
mv /usr/local/etc/rc.d/openvpn /usr/local/etc/openvpn/
mkdir /usr/local/etc/openvpn
Download your certificates *.crt as well as *.ovpn , rename them to *.crt->openvpn.crt and *.ovpn->openvpn.conf copy them using WinSCP to /usr/local/etc/openvpn/
Once copied edit the openvpn.conf and you should see something like that:
client
dev tun
proto udp
remote 11.170.97.173 443 # - Your server IP and OpenVPN Port
resolv-retry infinite
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ca openvpn.crt
auth-user-pass
comp-lzo
verb 3
Just make sure after "ca" there is openvpn.crt, also check the 2nd line if you have got dev tun or dev tap
Test OpenVPN connection:
/usr/local/etc/openvpn/openvpn onestart /usr/local/etc/openvpn/openvpn.conf
Download the following torrent to make sure your legal torrents are downloaded privately:
http://torguard.net/checkmytorrentipaddress.php
Edit rc.conf to enable OpenVPN. Open up your NAS' web interface and head to System > Advanced > rc.conf and add the following variables:P
openvpn_enable with a value of YES
openvpn_if with a value of tun or tap depending on the contents of openvpn.conf
Now we need to make it autostart, so back to SSH:
pkg_add -r expect
nano /usr/local/etc/openvpn/autosignon
In the file just insert:
#!/usr/local/bin/expect -f
set force_conservative 0
spawn /usr/local/etc/openvpn/openvpn start /usr/local/etc/openvpn/openvpn.conf
match_max 100000
expect -exact "Enter Auth Username:"
send -- "YOUR USERNAME!\r"
expect -exact "Enter Auth Password:"
send -- "YOUR PASSWORD!\r"
expect eof
Save your changes and make that script executable by running the following command:
chmod +x autosignon
AUTOSTART OPENVPN
In NAS4Free webGUI, navigate to: “System|Advanced|Command scripts” and insert the following start-up command (PreInit):
/usr/local/etc/openvpn/autosignon
CONFIGURE FIREWALL
So this is a bit hit or miss for me, I almost feel like I am having to restart my NAS4Free box before I see the changes from the firewall applied. My VPN provider doesn't have a list anymore for which IPs they assign, so I just have to kinda guess. The purpose of the firewall is to provide detection if the event of the VPN service going down, and by protection we mean - no external connection.
If you wish to test your NAS4Free box IP directly from command line, install curl.
pkg_add -rv curl
Then enter the following:
curl ifconfig.me
But you can also check your torrent client directly too!
http://checkmytorrentip.net/torrentip/checkMyTorrentIp.png.torrent
9/15/2014 Update: CHange torrent IP tracking address.
9/15/2014 Update: CHange torrent IP tracking address.
No comments:
Post a Comment