• June 05, 2020, 07:30:29 PM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: Add-on "OpenVPN v.2.3.3" for D-Link NAS  (Read 16386 times)

vtverdohleb

  • Level 5 Member
  • *****
  • Posts: 712
    • Add-Ons for D-Link NAS
Add-on "OpenVPN v.2.3.3" for D-Link NAS
« on: December 15, 2014, 05:23:59 AM »

[Add-on] OpenVPN v.2.3.3

[Description]
OpenVPN is an open-source software application that implements virtual private network (VPN) techniques for creating secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It uses a custom security protocol that utilizes SSL/TLS for key exchange. It is capable of traversing network address translators (NATs) and firewalls.

[Version]
Add-on Package v1.00

[Maintainer]
vtverdohleb

[Download link]
DNS-320L OpenVPN Package v1.00_05052014
DNS-325 OpenVPN Package v1.00_05052014
DNS-327L OpenVPN Package v1.00_05052014
DNS-345 OpenVPN Package v1.00_05052014

[Resource]
Website https://openvpn.net/
OpenVPN community project wiki and bug tracker https://community.openvpn.net/openvpn
Configuration example (russian) http://habrahabr.ru/post/196268/
Other Add-ons http://dlink.vtverdohleb.org.ua/Add-On/

[Remarks]
Download and install the OpenVPN Add-On.
Configuration via telnet or ssh.
« Last Edit: September 30, 2015, 07:30:48 AM by vtverdohleb »
Logged
Add-on Application questions and issues, please include the following minimal information in your post:
* ShareCenter Model
* Add-on Name
* Add-on Version
* Detailed Description of your Issue
Donate: http://dlink.vtverdohleb.org.ua/Add-On/donate.php

myhome

  • Level 1 Member
  • *
  • Posts: 3
Re: Add-on "OpenVPN v.2.3.3" for D-Link NAS
« Reply #1 on: August 17, 2015, 09:26:06 AM »

Hoping someone can help, this is my first time trying this and I am confused.  I am trying to get VPN setup in my DNS-320L so I can use Sickrage and Couchpotato to download.  I currently use PIA  for VPN. How do I configure this? I cannot seem to find any kind of simple tutorial.  How do I even get into the configuration screen? 

Do I need access to the /nas_prog folder, how do I get that? 
Do I use Putty? Tried that, but just get an error, won't connect to the 320L
Logged

Kar.ma

  • Level 1 Member
  • *
  • Posts: 3
Re: Add-on "OpenVPN v.2.3.3" for D-Link NAS
« Reply #2 on: December 05, 2019, 08:56:07 AM »

My D-Link DNS-320L has been hacked in April 2019, and some of the content crypted by a ransomware. I decided to format and to move to a VPN solution. I spent many days to configure this OpenVPN Add-on and I finally got it working a few months ago. It was really hard to figure out how to perform the whole process, so I took note of every step.

I believe now it's time to share my findings, if someone is still interested. I registered to this forum today with this purpose.

Please ask here for help if you need to install this Add-on.
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 48822
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Add-on "OpenVPN v.2.3.3" for D-Link NAS
« Reply #3 on: December 05, 2019, 09:34:07 AM »

Please post your findings and step by step process to get the system working.

Thank you.

My D-Link DNS-320L has been hacked in April 2019, and some of the content crypted by a ransomware. I decided to format and to move to a VPN solution. I spent many days to configure this OpenVPN Add-on and I finally got it working a few months ago. It was really hard to figure out how to perform the whole process, so I took note of every step.

I believe now it's time to share my findings, if someone is still interested. I registered to this forum today with this purpose.

Please ask here for help if you need to install this Add-on.
Logged
"Nothing Funny about It...." We are not here to Impress anyone! You have a be a COMPETENT user first to under stand COMPETENT help!

Kar.ma

  • Level 1 Member
  • *
  • Posts: 3
Re: Add-on "OpenVPN v.2.3.3" for D-Link NAS
« Reply #4 on: May 14, 2020, 08:10:57 AM »

I'm sorry I did never write the guide I promised. The problem is I have far less time than I hoped.

A few days ago I received a private message with this request:
Quote
I would like help to install openvpn addon (DNS-320L).

I replied to write in public but he never came back.

Quote from: Kar.ma
I'm glad to help you if I can, I have some notes that can be useful when my memory can't help. Unfortunately I need a lot of time to build a full guide as I hoped (and I have little time even now), but I can definitely answer to specific questions. Please reply to the topic, any question must be public so that anyone can read the answer too.

SOOOOOOOOOOOOOOOOOOOOOO... Let me try to make this guide, I'll try to expand topics when they are raised.
Please note that some certificate settings may not be required, it's just one way to do it. I believe security is still enough with these settings. Every suggestion is still welcome.

I never followed this guide as it is yet, so you can find errors. Please report any error you may find.

-----------------------------------------------------------------------------------------

Guide to install OpenVPN 2.3.10 on D-Link DNS-320L

== STEP 1 ==
Install in the NAS the "DNS-320L OpenVPN Package v1.01_03062016" package (md5 A498FFD1E16DB5A036A47FB67012D3E1). I downloaded from http://dlink.vtverdohleb.org.ua/ (unfortunately login is required). Download links: [1], [2]
I'm not explaining how you do the install, however you will need to upload the downloaded file to your NAS through the browser interface.

== STEP 2 ==
Create the certificates/keys. I wasn't able to create them in the NAS itself, so I ended up creating those files in a separate Linux machine (a Raspberry Pi to be precise).

Steps on this separate Linux machine (not the NAS).

1. Update packages and install openvpn
Code: [Select]
sudo apt-get update && sudo apt-get upgrade
apt-get install openvpn -y
cp -r /usr/share/easy-rsa /etc/openvpn/easy-rsa
cd /etc/openvpn/easy-rsa
cp openssl-1.0.0.cnf openssl.cnf

2. Edit the vars config:
Code: [Select]
nano vars

modify:
Code: [Select]
export EASY_RSA="`pwd`"
with:
Code: [Select]
export EASY_RSA="/etc/openvpn/easy-rsa"
and set your parameters, example given:
Code: [Select]
export KEY_SIZE=1024
export KEY_COUNTRY="IT"
export KEY_PROVINCE="RM"
export KEY_CITY="Rome"
export KEY_ORG="MY CUSTOM OPENVPN"
export KEY_EMAIL="noreply@no-spam-please.org"
export KEY_OU="vpn"

save and close nano (CTRL+O, CTRL+X)

3. Build the CA certificate:
Code: [Select]
source ./vars
./clean-all
./build-ca

Leave all default values (press Enter), except
Code: [Select]
Name: MyCustomServerName
Please note I am using empty challenge password and empty passphrase since they are not needed with this setup. Not sure when you will be prompted about them, so I put this note here.

4. Build the Server certificate:
Code: [Select]
./build-key-server MyCustomServerName

Again, leave all default values (press Enter), except
Code: [Select]
Name: MyCustomServerName

Reply YES:
Code: [Select]
Sign the certificate? y
Commit? y

5. Build the Client certificate:
Code: [Select]
./build-key MyCustomClientName

Leave all default values (press Enter), except
Code: [Select]
Name: MyCustomClientName

6. Build the Diffie-Hellman parameters for the server side (I actually run this in the NAS, but I guess it should be here)
Code: [Select]
./build-dh

7. Export all files to a tgz package file
Code: [Select]
cd /etc/openvpn/easy-rsa/keys
tar zcvf ../keys.tgz ./*
and copy this /etc/openvpn/easy-rsa/keys.tgz file into your NAS.

== STEP 3 ==
Configure your NAS.

1. Access your NAS, i.e. with Windows, and create this folder Z:\openvpn_key\ (assuming letter Z:)
If you enter from the SSH access you will find it as /mnt/HD/HD_a2/openvpn_key/

2. Paste the compressed keys.tgz file inside this Z:\openvpn_key\ folder

3. Access through SSH (I assume you know how) as root and run:
Code: [Select]
cd /mnt/HD/HD_a2/Nas_Prog/OpenVPN/genkey/keys
rm -f *
tar -xvf /mnt/HD/HD_a2/openvpn_key/keys.tgz

4. Edit this setting
Code: [Select]
vi /mnt/HD/HD_a2/Nas_Prog/OpenVPN/genkey/openssl.cnf

type "i" so that you can modify:
Code: [Select]
dir             = ./demoCA
with:
Code: [Select]
dir             = /mnt/HD/HD_a2/Nas_Prog/OpenVPN/ssl/misc/demoCA

exit vi and save (press ESC, type :wq and press ENTER)

5. Backup your key and certificates
Code: [Select]
cp /mnt/HD/HD_a2/Nas_Prog/OpenVPN/genkey/keys/ca.crt /mnt/HD/HD_a2/openvpn_key/
cp /mnt/HD/HD_a2/Nas_Prog/OpenVPN/genkey/keys/MyCustomClientName.crt /mnt/HD/HD_a2/openvpn_key/
cp /mnt/HD/HD_a2/Nas_Prog/OpenVPN/genkey/keys/MyCustomClientName.key /mnt/HD/HD_a2/openvpn_key/
cp /mnt/HD/HD_a2/Nas_Prog/OpenVPN/genkey/keys/dh1024.pem /mnt/HD/HD_a2/openvpn_key/

6. Edit server configuration
Code: [Select]
vi /mnt/HD/HD_a2/Nas_Prog/OpenVPN/etc/server.conf

Remove everything (:1,$d) and write this:
Code: [Select]
port 1194
proto udp
dev tun

ca /mnt/HD/HD_a2/Nas_Prog/OpenVPN/genkey/keys/ca.crt
cert /mnt/HD/HD_a2/Nas_Prog/OpenVPN/genkey/keys/MyCustomClientName.crt
key /mnt/HD/HD_a2/Nas_Prog/OpenVPN/genkey/keys/MyCustomClientName.key  # This file should be kept secret
dh /mnt/HD/HD_a2/Nas_Prog/OpenVPN/genkey/keys/dh1024.pem

server 10.8.0.0 255.255.255.0

ifconfig-pool-persist /mnt/HD/HD_a2/Nas_Prog/OpenVPN/etc/ipp.txt

keepalive 10 120
cipher AES-128-CBC
persist-key
persist-tun

status /var/tmp/openvpn-status.log
log         /var/tmp/openvpn.log
log-append  /var/tmp/openvpn.log
verb 3

== STEP 4 ==
Run the daemon

1. Execute
Code: [Select]
cd /mnt/HD/HD_a2/Nas_Prog/OpenVPN
./start.sh ./

To stop it, run
Code: [Select]
/mnt/HD/HD_a2/Nas_Prog/OpenVPN/stop.sh

2. Check if it's all fine and running:
Code: [Select]
netstat -tulpn | grep 1194
You should see something like this:
Code: [Select]
udp        0      0 0.0.0.0:1194            0.0.0.0:*                           6162/openvpn

Please note that I still have no idea how I can run this service at startup, so I currently run it every time my NAS needs to be restarted.

== STEP 5 ==
Client configuration

1. In your OS (e.g. Windows) create this empty text file and rename it as MyCustomClientName.ovpn.

Paste the following:
Code: [Select]
client

remote 166.166.166.166 1194
proto udp
dev tun

##### From ca.crt
<ca>
-----BEGIN CERTIFICATE-----
MII1D...
-----END CERTIFICATE-----
</ca>

##### From MyCustomClientName.crt
<cert>
-----BEGIN CERTIFICATE-----
MIILE...
-----END CERTIFICATE-----
</cert>

##### From MyCustomClientName.key
<key>
-----BEGIN PRIVATE KEY-----
MIIAC...
-----END PRIVATE KEY-----
</key>

cipher AES-128-CBC

resolv-retry infinite
nobind
persist-key
persist-tun

mute 20
verb 3

Now, replace your
external public IP: (example 166.166.166.166)
external port on router: (1194)
ca certificate: (paste from your ca.crt file)
client certificate: (paste from your MyCustomClientName.crt file)
client private key: (paste from your MyCustomClientName.key file)

Use this file in your OpenVPN client. I tested it in Windows, Linux, iPhone, Andoid clients.

== Final notes ==

Some steps are omitted, e.g. router port configuration.
PLEASE... if you find any simple improvement or a mistake, report it so that I can improve this guide.
Logged

rusatch

  • Level 2 Member
  • **
  • Posts: 65
Re: Add-on "OpenVPN v.2.3.3" for D-Link NAS
« Reply #5 on: May 17, 2020, 01:36:23 PM »

Quote
Please note that I still have no idea how I can run this service at startup, so I currently run it every time my NAS needs to be restarted.
Simply enable addon via web interface.
Logged

Kar.ma

  • Level 1 Member
  • *
  • Posts: 3
Re: Add-on "OpenVPN v.2.3.3" for D-Link NAS
« Reply #6 on: May 18, 2020, 12:41:44 AM »

I did try in the past but thought enabling through web interface was not working. After your suggestion I discovered a simple mouse right-click was the missing step, thank you.
Logged