Category Archives: Synology

Connect from Phone to Synology VPN Server

From previous post on how to setup VPN on Synology Server,

Setting up Virtual Private Network (VPN) on Synology

The next thing is to test it. Probably the easiest step is to connect via phone, I will demonstrate how to connect via Iphone.

The first thing is you need to download the Open VPN Client from App Store.

WhatsApp Image 2017-04-06 at 9.08.09 PM

 

Download it and open, you would see something like below

 

WhatsApp Image 2017-04-06 at 9.08.10 PM

 

Install the Open VPN certification

The next thing need to do is to install OpenVPN certification on your OpenVPN application in your phone, there are a couple of ways to copy the certificate and configuration file to your Iphone, but the easiest one is to use ITunes.

10

Connect your Iphone to Itunes on your machine, in the “Apps” section, pick the “OpenVPN” application in the “File Sharing” panel. This is one of the way to copy and paste any file to specific IOS application.

11.PNG

Navigate and access to ca.crt and openvpn.ovpn file in your unzipped directory And Sync it to your Iphone directly.

WhatsApp Image 2017-04-06 at 9.08.10 2 PM

Immediately, you will the OpenVPN application refresh the screen and display one external certificate available. Press the [+] button. add it to your profile.

WhatsApp Image 2017-04-06 at 9.08.11 PM

Enter your Synology username or password and then connect to your Synology VPN server by toggling the connect/disconnect button.

WhatsApp Image 2017-04-06 at 9.08.12 PM

If you are seeing the “connection details” and the “VPN” wording at the toolbar, means you connected to your Synology VPN server successfully.

Setting up Virtual Private Network (VPN) on Synology

I have an ex-colleague read my blog about how to do port forwarding on router for connecting to Synology Disk Station few months ago, and once he told me that I shouldn’t do that because it is very insecure approach.

I went back and think twice, what he said is was entirely true. First, anyone do a random can ping my router. If I disallow my router to being ping by others, they still can create a software to scan the entire Telco network to examine which IP actually has router accessibility.

Although I changed my router admin page to a specific port example: 3333 to make it harder to hack, no doubt that hackers still scan through all the 65535 ports for each IP address in order to land on my router main page. my last approach probably disable the router management page from outside to access it, but my Synology Disk Station login page need to be exposed so I can access my Surveillance Station from WAN.

So the only feasible solution is to install VPN server on the NAS.

Generate a self-signed certification

The first thing need to do is to make sure your synology has a self-signed certification. You can easily generate one from Control Panel > Security > Certificate

5

6

7

After done, move to next step!

Install VPN Server

Basically Synology Disk Station comes with VPN server application, and the setup is pretty straight forward if you get the concept right.

1.PNG

Install the VPN server, and then access to it. I am still using the DSM 5.2, if you are using DSM 6.0 or above probably you will see a similar screen too.

2.PNG

Understand which protocol to use

It comes with 3 standard protocols, PPTP, OpenVPN and L2TP/IPSec.
From what I understand is that PPTP will be slightly faster, but it is less secured.

https://www.howtogeek.com/211329/which-is-the-best-vpn-protocol-pptp-vs.-openvpn-vs.-l2tpipsec-vs.-sstp/

IF you are looking at the above link, it said that:

Don’t use PPTP. Point-to-point tunneling protocol is a common protocol because it’s been implemented in Windows in various forms since Windows 95. PPTP has many known security issues, and it’s likely the NSA (and probably other intelligence agencies) are decrypting these supposedly “secure” connections. That means attackers and more repressive governments would have an easier way to compromise these connections.

Yes, PPTP is common and easy to set up. PPTP clients are built into many platforms, including Windows. That’s the only advantage, and it’s not worth it. It’s time to move on.

In Summary: PPTP is old and vulnerable, although integrated into common operating systems and easy to set up. Stay away.

OK, looks like PP2P is not an option for me, I would rather pick OpenVPN, but the only drawback is you need to install the OpenVPN client software.

OpenVPN support isn’t integrated into popular desktop or mobile operating systems. Connecting to an OpenVPN network requires a a third-party application — either a desktop application or a mobile app. Yes, you can even use mobile apps to connect to OpenVPN networks on Apple’s iOS.

Enable the VPN Server

So the first step is to enable the OpenVPN by checking the “Enable OpenVPN server”.
The rest of settings can just follow the default one.

Once you managed to set it up, means the VPN server in Synology Disk Station is enabled and ready to use. But remember to export the Configuration by clicking on “Export Configuration”

3.PNG

You will see that your a zip file being downloaded, and inside should have 3 files : Certification, open VPN file and a readme.txt file

4

Modify the openvpn file

The openvpn.ovpn come with a default domain, so we need to change that and point to our router IP address or a domain. So when we put this configuration and certification on our phone, so that our phone can connect to the VPN securely.

8.PNG

Port forwarding 1194 Port at router

The next thing is, open only 1 port at router port-forwarding page, and only allow port 1194 (UDP). Please make sure it is UDP!

9.png

 The next step….

Of course is to test it, make sure it works so we can use it. Please refer to:

Connect from Phone to Synology VPN Server

Get DSM 6.0 works on Virtual Machine

OK, So DSM 6.0 has launched for almost half a year, so far I still can’t find any resource on how to setup DSM 6.0 on a real machine. But there are a couple of online resources mentioned that it is possible to install DSM 6.0 on a virtual machine. But first thing you need are:

  1. VMWare Player : 12.5.3 build-5115892
  2. DSM 6.0 Bootable virtual machine files : https://mega.nz/#!edUjRRhD!r-jBC-PTM0GMfDcxTiWsCcb6V9fbC_Iyg6zZQKSQcLg

 

Install VMWare Player

The first task of course is to install the VMWare Player. Basically it is a free virtual machine player to plug and run any existing virtual machine. You can’t create a new virtual machine here, but can re-run and modify existing virtual machine that saved by others.

1

Extract the DSM 6.0 Bootable virtual machine files

Unzip the entire zipped file, probably best to extract to C:\DSM6 drive for now. So you would see 6 files like below.
2

These files are very important, make sure you don’t simply change or rename all the virtual machine files.

Open and run the virtual machine using VMWare Player

Next important step is to open the VMWare Player and look for C:\DSM6\ directory. And search for DSM 6.vmx file.

3456

Click “Open” and you will see that the “DSM 6” virtual machine is attached with your VMWare Player.

Modify the network settings

It is important to modify the network setting of the virtual machine. By default the virtual machine use NAT, in order for you to able to connect to the DSM 6.0, you have to change the network setting to “Bridge adapter” instead.

7

Adjust the virtual machine processor and memory

Change the processor to 2 cores at least, and memory to 2 GB.

8

Power On the virtual machine

Pick power on from the drop down list or double click to run the virtual machine. A prompt will shown to double confirm if the virtual machine has been moved here, or copied here. Pick “I copied it”

910

Booting the DSM 6.0

DSM 6.0 will boot up in a few minutes, but the next thing is to figure out what IP address you need to connect to DSM 6.0. Easiest way is to access your router and look for new DHCP devices that connected. So from the screen you can see that the DSM 6.0 is 192.168.0.105.

1213

Access to the DSM 6.0 via IP address

Access to http://192.168.0.105/ And you will see the system is getting ready, this will take a couple of minutes.

14

After that you will see the “Create your administrator account” screen.

15

16

Avoid picking up any automatically installation on DSM version, this will screw up your DSM 6.0 in future. Choose “Download DSM updates and install them manually”

17

Bingo!

This is awesome. The screen looks similar like DSM 5.2, but the design definitely looks better.

18

Feel free to comment here if  you need any help.

Setup TP-Link NC-250 on Synology Surveillance Station

It is pretty easy to setup the NC-250 IP Camera on Synology Surveillance Station. Basically we don’t really need to do any hacking other than add the camera into surveillance station with a couple of quick setting.

The first thing we need is to make sure we know the IP address of the TP-Link NC-250. But before that, it would be better if you install the IP camera using TP-Link phone app so that it can connect to your router, and then you get the IP address of the camera from DHCP list or from the setting page in the phone app.

1.PNG

Because TP-Link NC-250 IP camera is not officially recognized as compatible camera in Synology Surveillance Station, so we have to choose [User Define] brand.

Put “8080” as your port number and this is fixed by TP-Link firmware, the source path is “/stream/video/mjpeg”, default username is “admin”, default password is “admin”, but the key thing is you can’t put the actual password here, TP-Link firmware recognize only base64 encoded password, so go to https://www.base64encode.org/, and encode it to base64 format. Example, password “admin” would be converted to “YWRtaW4=”, passsword “qwerty123” would converted to “cXdlcnR5MTIz”. Put the encoded password at the password field. Click “Test Connection”, you would see your IP camera video screen if everything is correct.

But anyway, I still can’t get the video setting correctly to work dynamically like other brand, so everything would follow the default IP camera setting.

2.PNG

Reply or comment below if you need my help.

DO NOT upgrade XiaoMi IP camera to latest firmware

What I noticed within these few days is that XiaoMi release a latest IP camera firmware 1.8.6.1B_201603181307 to anyone who connect to XiaoMi Server to view their IP camera.

I had a close friend that bought the same camera at China, he updated to latest firmware. It works OK at the first place because he was connecting the IP camera at China (Because currently he is working at ShenZhen). But nightmare starts when he went back to Malaysia for short vacation, and the IP camera no longer working.

A uncommon voice message prompt and said “you can only use this camera within China”.

I took some risk too and update my XiaoMi IP camera to that problematic version, and hit the wall for the whole night. I was trying to rollback the firmware to older version, but it never work.

I am quite confident that I am not the only person that face this issue, there are a couple of MIUI forumer hit with the same issue too. But some of them successfully rollback the firmware version.

Change XiaoMi IP camera timezone

By default, the XiaoMI IP camera timezone followed China timezone (Of course! it is from a China company) So if you are from other country then the timezone that appeared at the camera probably is not the one you want. In order to change the timezone accordingly, we must make sure we can connect to XiaoMi IP camera using either FTP or Telnet service. If it is a night vision version, then please follow this guide to enable the FTP or telnet service first. You can do it together when you flashed the firmware by following my guide, but If you missed that step, you still can connect to FTP or telnet to do it later.

Stop accessing the IP camera (Stop Surveillance Station or any source that accessing the IP camera – this is extremely important because I noticed that the timezone will be revert back to original value if we keep accessing the camera, except FTP). Use FillZilla or any FTP client, connect to you IP camera address. eg: 192.168.0.195, and you should see a list of Linux directory like below,

1.PNG

Access to /etc/ directory, there is a file called “TZ”, which means “timezone”. You can download the directory to your local, and then access it with notepad. change the timezone to the timezone you want.

2.PNG

Remember to upload it back. You don’t really need to reboot the IP camera.

Enabling RTSP for XiaoMi IP night vision camera

Basically XiaoMi launched 2 type of IP cameras. The first one was launched 2 years ago, 720P without night vision, and the latest one was launched a year ago that has a night vision feature. Besides that, one of the major difference between these 2 versions is the RTSP protocol. The oldest one was able to be accessed by RTSP protocol, but RTSP protocol was completely disabled by XiaoMi. Which means the latest night vision IP camera cannot be used in Synology Surveillance Station or other NAS operating system.

After referring to a few online guide, I noticed that there is a possibility to implant the RTSP protocol into that latest night vision camera. What we need is a SD-card.

Overall I refer to http://xiaoyi.querex.be/ which is an unofficial web site to download Xiao Mi IP camera firmware.

2 important steps to enable RTSP protocol on XiaoMi IP camera,

  1. Flash the firmware
  2. Add in code to implant the RTSP server file

Beside enabling for RTSP protocol, we are able to enable FTP, Telnet, and HTTP web protocol in a single upgrade. I tested with quite some versions, what I noticed is that not all the version is working fine, but the one that always works is version K.

Which firmware to use?

So far I had already flashed up to 4 Xiao Mi IP camera with version K (http://xiaoyi.querex.be/1.8.5.1K_201508311131.rar). So download this firmware and then download (http://xiaoyi.querex.be/1.8.5.1K_test-rtspfix-3.rar) as well.

Extract all the .rar file, and then copy and move the “home” firmware to the root of the SD-card, and move /test/ directory to the root as well. So you should see something like below,

1

The /test/ directory should have contain below files,

2.PNG

The equip_test.sh is a C++ file responsible to do some tasks during the firmware upgrade. The “rtspsvr” and “server” is RTSP server file which is needed to enable RTSP protocol.

If you open the equip_test.sh file, you would see something like below,

Change the timezone

3.PNG

By default, the time zone would be +0 (China timezone). If you are staying at Malaysia, then you don’t need to change this value.

How to flash another firmware

  1. Disconnect cam
  2. Remove micro SD card
  3. Power on and long press reset button
  4. Disconnect cam
  5. Put “home” firmware file and “test” directory on SD card
  6. Insert micro SD card an power on
  7. Wait around 5 min and try to connect from smartphone app
  8. Check your cam it’s IP address in the router DHCP list

How to check if succeeded?

If you are able to access RTSP address using VLC, means you had just succeeded. If you planned to link it with your Synology NAS, you can follow this detailed guide here to setup your XiaoMi CCTV on Surveillance Station.

Setup custom Synology NAS on a real hardware

You can like my Facebook page here for more technology knowledge.
https://www.facebook.com/ahkhaitech/

Sorry, was quite busy lately. Before that, I explained in a separate post on how to install Synology Disk Station on virtual machine. So it was only just on a virtual machine that installed under Windows 7 operating system. So which means there are 2 main concerns if we try to do that.

  1. Virtual machine hard disk may easily corrupted
    The real problem here is virtual machine hard disks are much more difficult to backup and restore if there is virtual hard disk corrupted
  2. Performance issue
    You won’t get a real performance if you run everything on a virtual machine, no matter how it still run under Windows 7 operating system.
  3. High Power Consumption
    The old NAS is running with first generation of Intel I7 Processor. And then the motherboard is an old powerful model Asus P7P55D. Both are very high power consumption. And the motherboard don’t have embedded graphic card chipset. So I have to buy an extra fanless graphic card which is expect to be low power consumption.

So it was OK if you plan to do quick testing on Synology Disk Station, then you can use virtual machine for that purposes. Before I am writing this post, I actually already setup the DSM 5.1 version on an old machine. I tried to install DSM 5.2 but it can’t detect the XPEnology bootable disk. So I suspect because the motherboard are too old to install DSM 5.2. Below are my old PC specification.

Old PC.PNG

The major reasons why I start to buy some new hardware because the old PC that runs DSM 5.1, will auto reboot itself every couple of days. I tested on DSM 5.2 before on another new PC (Asus Z97-M plus motherboard), and it is looking stable and good. so I decide to pick some new hardware. Because Asus Z97M-Plus motherboard is out of stock at the moment, so I think that it was OK if i pick Asus H97M-E. Slightly lower spec than the Asus Z97M-Plus but I believe that it should runs DSM 5.2 pretty well.

So below is my custom Synology NAS hardware.

new PC.PNG

Basically the Intel Pentium G3260 comes with 2 cores (2 threads). which is super low power compare to I3 or I5 processor. And the motherboard is Asus H97M-E, can support up to 4 x 6.0 gb/s SATA. 2 GB ram is very good enough for DSM 5.2, So I am using back the old kingston 120GB SSD as my main storage, and you can add additional HDD if you want.

Power Consumption

This motherboard has already comes with embedded graphic card chip-set. So the total power consumption is around < 25W (Without HDD) for the new NAS. The old one was 50Watt (Without any HDD)! So there is a 50% improvement on power consumption.

Casing, Power Supply

I am using existing power supply and Lian Li Casing for this new NAS.

IMG_2191

IMG_2194IMG_2196IMG_2200IMG_2201IMG_2204IMG_2209

Things we need this round

XPEnoboot_DS3615xs_5.2-5592.1.img

Win32DiskImager-0.9.5-install.exe

DSM_DS3615xs_5592.pat

Create the XPEnology bootable pen drive

After assemble all the hardware, now the first step is to create the bootable pen drive. You can create a bootable CD drive, but I never tried before. I used an old kingston 8GB pen drive as my bootable device. So install the Win32 Disk Imager on ur PC, then you would see something like below.

Win32DiskImager

Change BIOS Settings

You should have change your BIOS setting to run then bootable pen drive as highest priority

IMG_2207

System tuning and power consumption

Adjust your system to lowest possible eco mode, it will save a lot of power consumption

IMG_2204

Boot for the first time

https://youtu.be/iUzeGgo_6KA

You should see this screen if you are running XPEnoboot 5.2-5592.1 on your system. Choose the install/upgrade (But actually it doesn’t really matter so far from what I noticed). And then the system will be loaded. And when you see “DiskStation Login:”, you can use http://find.synology.com/ to search for this Disk Station.

IMG_2210IMG_2212

Installing your Disk Station Manager

Once you found your disk station, you should see the screen like below, choose a manual installation and select your DSM_DS3615xs_5592.pat file locally. The installation should takes around 5 minutes depending on your system performance.

This slideshow requires JavaScript.

Setting up your credential

Once the installation completed, you should see a welcome page. Proceed to setup your administrator credential. If you lost your connection to Disk Station, you can access it again by getting the IP address from your router DHCP list and then use username=”admin” and password =”” to re-login again.

This slideshow requires JavaScript.

Done!

Feel free to comment below if you have any question or better suggestion.

9.PNG

 

 

 

Disk Station Manager 6.0 (Release Candidate)

This is the moment! Synology is going to launch their latest Disk Station Manager (DSM) version 6.0. The latest beta testing can be downloaded from their web site and you can refer to your specific models here in order to make sure if your model can use the latest version.

The latest disk station version contains a couple of major changes include Mail Services, Spreadsheet Collaboration Tools, improvement on their Note Station with charting features, and optimized 64-bit computing.

mail_01
Mail Services in your private cloud
yourown_01
Nore Station charting features
powerful_01
Powerful Context indexing

 

 

Setup Cloud Station on Synology NAS

Synology Disk Station allowed user to setup a cloud service which is fairly similar like DropBox.com.

The majority of people now switch between multiple devices every day, resulting in a dramatic increase in the popularity of cloud storage. Sometimes our entire productive life – working reports, notes, references – relies on the cloud, meaning we need a cost-efficient, high-capacity yet absolutely private cloud solution more than ever. Synology NAS can provide the solution.

Installing the Synology Cloud Station Client application on windows 7.

cloud1

You can select a quick setuo, or advanced setup. If  you selected advanced setup you can specify your cloud directory where you want to sync.

cloud2

If you completed, you can see the cloud in your windows directory.

cloud3

You can setup multiple cloud sources from different Synology NAS.

cloud4

The toolbar icon will displayed if you have the latest up to date files.

cloud5

cloud6

Below is the mobile version, you can login to specific domain with port number.

IMG_1792

Below is the mobile version of cloud directory.

IMG_1793

You can see your sync files.

IMG_1794

Because it is a mobile version, so  you can filtered files by file format.

IMG_1795