Connect from Phone to Synology VPN Server

From previous post on how to setup VPN on Synology Server,

Setting up Virtual Private Network (VPN) on Synology

The next thing is to test it. Probably the easiest step is to connect via phone, I will demonstrate how to connect via Iphone.

The first thing is you need to download the Open VPN Client from App Store.

WhatsApp Image 2017-04-06 at 9.08.09 PM

 

Download it and open, you would see something like below

 

WhatsApp Image 2017-04-06 at 9.08.10 PM

 

Install the Open VPN certification

The next thing need to do is to install OpenVPN certification on your OpenVPN application in your phone, there are a couple of ways to copy the certificate and configuration file to your Iphone, but the easiest one is to use ITunes.

10

Connect your Iphone to Itunes on your machine, in the “Apps” section, pick the “OpenVPN” application in the “File Sharing” panel. This is one of the way to copy and paste any file to specific IOS application.

11.PNG

Navigate and access to ca.crt and openvpn.ovpn file in your unzipped directory And Sync it to your Iphone directly.

WhatsApp Image 2017-04-06 at 9.08.10 2 PM

Immediately, you will the OpenVPN application refresh the screen and display one external certificate available. Press the [+] button. add it to your profile.

WhatsApp Image 2017-04-06 at 9.08.11 PM

Enter your Synology username or password and then connect to your Synology VPN server by toggling the connect/disconnect button.

WhatsApp Image 2017-04-06 at 9.08.12 PM

If you are seeing the “connection details” and the “VPN” wording at the toolbar, means you connected to your Synology VPN server successfully.

Advertisements

Setting up Virtual Private Network (VPN) on Synology

I have an ex-colleague read my blog about how to do port forwarding on router for connecting to Synology Disk Station few months ago, and once he told me that I shouldn’t do that because it is very insecure approach.

I went back and think twice, what he said is was entirely true. First, anyone do a random can ping my router. If I disallow my router to being ping by others, they still can create a software to scan the entire Telco network to examine which IP actually has router accessibility.

Although I changed my router admin page to a specific port example: 3333 to make it harder to hack, no doubt that hackers still scan through all the 65535 ports for each IP address in order to land on my router main page. my last approach probably disable the router management page from outside to access it, but my Synology Disk Station login page need to be exposed so I can access my Surveillance Station from WAN.

So the only feasible solution is to install VPN server on the NAS.

Generate a self-signed certification

The first thing need to do is to make sure your synology has a self-signed certification. You can easily generate one from Control Panel > Security > Certificate

5

6

7

After done, move to next step!

Install VPN Server

Basically Synology Disk Station comes with VPN server application, and the setup is pretty straight forward if you get the concept right.

1.PNG

Install the VPN server, and then access to it. I am still using the DSM 5.2, if you are using DSM 6.0 or above probably you will see a similar screen too.

2.PNG

Understand which protocol to use

It comes with 3 standard protocols, PPTP, OpenVPN and L2TP/IPSec.
From what I understand is that PPTP will be slightly faster, but it is less secured.

https://www.howtogeek.com/211329/which-is-the-best-vpn-protocol-pptp-vs.-openvpn-vs.-l2tpipsec-vs.-sstp/

IF you are looking at the above link, it said that:

Don’t use PPTP. Point-to-point tunneling protocol is a common protocol because it’s been implemented in Windows in various forms since Windows 95. PPTP has many known security issues, and it’s likely the NSA (and probably other intelligence agencies) are decrypting these supposedly “secure” connections. That means attackers and more repressive governments would have an easier way to compromise these connections.

Yes, PPTP is common and easy to set up. PPTP clients are built into many platforms, including Windows. That’s the only advantage, and it’s not worth it. It’s time to move on.

In Summary: PPTP is old and vulnerable, although integrated into common operating systems and easy to set up. Stay away.

OK, looks like PP2P is not an option for me, I would rather pick OpenVPN, but the only drawback is you need to install the OpenVPN client software.

OpenVPN support isn’t integrated into popular desktop or mobile operating systems. Connecting to an OpenVPN network requires a a third-party application — either a desktop application or a mobile app. Yes, you can even use mobile apps to connect to OpenVPN networks on Apple’s iOS.

Enable the VPN Server

So the first step is to enable the OpenVPN by checking the “Enable OpenVPN server”.
The rest of settings can just follow the default one.

Once you managed to set it up, means the VPN server in Synology Disk Station is enabled and ready to use. But remember to export the Configuration by clicking on “Export Configuration”

3.PNG

You will see that your a zip file being downloaded, and inside should have 3 files : Certification, open VPN file and a readme.txt file

4

Modify the openvpn file

The openvpn.ovpn come with a default domain, so we need to change that and point to our router IP address or a domain. So when we put this configuration and certification on our phone, so that our phone can connect to the VPN securely.

8.PNG

Port forwarding 1194 Port at router

The next thing is, open only 1 port at router port-forwarding page, and only allow port 1194 (UDP). Please make sure it is UDP!

9.png

 The next step….

Of course is to test it, make sure it works so we can use it. Please refer to:

Connect from Phone to Synology VPN Server

Screen shot inside BIOS system

Ah! Never thought it would be so easy to make a screen shot in BIOS. The magic keystroke is not “Print Screen”, but is F12 instead.

Most of the modern motherboard should support this, but first thing you need a thumb drive. Plug in the thumb drive into your USB port before you start up your machine, and then enter BIOS.

Press F12 keystroke anytime when you want to screen shot the BIOS. Your bios wait for your command which place you want to save your screen shot.

170310214656

170310214705

Get DSM 6.0 works on Virtual Machine

OK, So DSM 6.0 has launched for almost half a year, so far I still can’t find any resource on how to setup DSM 6.0 on a real machine. But there are a couple of online resources mentioned that it is possible to install DSM 6.0 on a virtual machine. But first thing you need are:

  1. VMWare Player : 12.5.3 build-5115892
  2. DSM 6.0 Bootable virtual machine files : https://mega.nz/#!edUjRRhD!r-jBC-PTM0GMfDcxTiWsCcb6V9fbC_Iyg6zZQKSQcLg

 

Install VMWare Player

The first task of course is to install the VMWare Player. Basically it is a free virtual machine player to plug and run any existing virtual machine. You can’t create a new virtual machine here, but can re-run and modify existing virtual machine that saved by others.

1

Extract the DSM 6.0 Bootable virtual machine files

Unzip the entire zipped file, probably best to extract to C:\DSM6 drive for now. So you would see 6 files like below.
2

These files are very important, make sure you don’t simply change or rename all the virtual machine files.

Open and run the virtual machine using VMWare Player

Next important step is to open the VMWare Player and look for C:\DSM6\ directory. And search for DSM 6.vmx file.

3456

Click “Open” and you will see that the “DSM 6” virtual machine is attached with your VMWare Player.

Modify the network settings

It is important to modify the network setting of the virtual machine. By default the virtual machine use NAT, in order for you to able to connect to the DSM 6.0, you have to change the network setting to “Bridge adapter” instead.

7

Adjust the virtual machine processor and memory

Change the processor to 2 cores at least, and memory to 2 GB.

8

Power On the virtual machine

Pick power on from the drop down list or double click to run the virtual machine. A prompt will shown to double confirm if the virtual machine has been moved here, or copied here. Pick “I copied it”

910

Booting the DSM 6.0

DSM 6.0 will boot up in a few minutes, but the next thing is to figure out what IP address you need to connect to DSM 6.0. Easiest way is to access your router and look for new DHCP devices that connected. So from the screen you can see that the DSM 6.0 is 192.168.0.105.

1213

Access to the DSM 6.0 via IP address

Access to http://192.168.0.105/ And you will see the system is getting ready, this will take a couple of minutes.

14

After that you will see the “Create your administrator account” screen.

15

16

Avoid picking up any automatically installation on DSM version, this will screw up your DSM 6.0 in future. Choose “Download DSM updates and install them manually”

17

Bingo!

This is awesome. The screen looks similar like DSM 5.2, but the design definitely looks better.

18

Feel free to comment here if  you need any help.

Disable Chrome PDF Viewer in latest chrome 56

If you ever use Chrome browser to view PDF document, you probably aware that Chrome has it’s own PDF viewer plugin. This allowed user to view any PDF document using iDF document, you can easily disable to plugin in chrome://plugins by un-check the plugin checkbox in that page.

But this has feature has changed drastically since Chrome upgraded to version 56 and above. With the latest Chrome browser, you can’t disable the PDF plugin anymore in chrome://plugins. As stated in chrome bug tracking, they mentioned that  chrome://plugins will be depreciated soon.

Chrome Plugin for PDF.png

https://bugs.chromium.org/p/chromium/issues/detail?id=615738
https://bugs.chromium.org/p/chromium/issues/detail?id=673199

And now, Chrome has moved the setting to Content Settins page instead.

Settings > Show Advanced Settings > Content Settings. Tick the “Open PDF files in the default PDF viewer application”, then you would be able to view PDF document using your own default application.

chrome-pdf-viewer

Kill a process that won’t die using Process Hacker

It is pretty easy to kill a process in Windows operating system’s task manager. But some processes cannot be killed using Windows task manager because it is a “protected process”.

Even using process explorer application, you might not able to kill the process. So recently I found that there is a very powerful tool that can solve the problem. Process Hacker, Process Hacker was started in 2008 as an open source alternative to programs such as Task Manager and Process Explorer. It is a portable application that doesn’t required any installation. It is safe to use, not a hacking tools, just a professional name.

http://processhacker.sourceforge.net

It has graphs and statistics allow you quickly to track down resource hogs and runaway processes.

System information summary

Or view detailed stack traces with kernel-mode, WOW64 and .NET support.

Stack trace

Please download from http://processhacker.sourceforge.net/downloads.php?bottom=1

Permanently disable the annoying Windows Defender in Windows 10

If you are developer and frequently developing a software that send a lot of request to another file server across a network, then you might face this issue that I found that only happened in Windows 10 operating system.

The windows defender originally was installed with Windows 10. So when the windows defender detected there are a lot of unusual connections connecting to another PC across network, it will start cutting down those request.

So far I can’t find any methods to uninstall the Windows Defender, but I found that there is shortcut way to off the windows defender permanently.

Steps to Disable Windows Defender

  1. Go to Run.
  2. Type in ‘gpedit.msc’ (without quotes) and hit Enter. This will open up a new menu, where group policy editor options are listed.
  3. Head to the ‘Administrative Templates’ tab, located under ‘Computer Configuration’.
  4. Click ‘Windows Components’, followed by ‘Windows Defender’.
  5. Find the ‘Turn off Windows Defender’ option, and double-click it.
  6. Apply your changes before exiting the GPE menu.

After done, go and access the Windows Defender again and you will see the screen below.

1