Category Archives: Synology

Connect from Phone to Synology VPN Server

From previous post on how to setup VPN on Synology Server,

Setting up Virtual Private Network (VPN) on Synology

The next thing is to test it. Probably the easiest step is to connect via phone, I will demonstrate how to connect via Iphone.

The first thing is you need to download the Open VPN Client from App Store.

WhatsApp Image 2017-04-06 at 9.08.09 PM

 

Download it and open, you would see something like below

 

WhatsApp Image 2017-04-06 at 9.08.10 PM

 

Install the Open VPN certification

The next thing need to do is to install OpenVPN certification on your OpenVPN application in your phone, there are a couple of ways to copy the certificate and configuration file to your Iphone, but the easiest one is to use ITunes.

10

Connect your Iphone to Itunes on your machine, in the “Apps” section, pick the “OpenVPN” application in the “File Sharing” panel. This is one of the way to copy and paste any file to specific IOS application.

11.PNG

Navigate and access to ca.crt and openvpn.ovpn file in your unzipped directory And Sync it to your Iphone directly.

WhatsApp Image 2017-04-06 at 9.08.10 2 PM

Immediately, you will the OpenVPN application refresh the screen and display one external certificate available. Press the [+] button. add it to your profile.

WhatsApp Image 2017-04-06 at 9.08.11 PM

Enter your Synology username or password and then connect to your Synology VPN server by toggling the connect/disconnect button.

WhatsApp Image 2017-04-06 at 9.08.12 PM

If you are seeing the “connection details” and the “VPN” wording at the toolbar, means you connected to your Synology VPN server successfully.

Advertisements

Setting up Virtual Private Network (VPN) on Synology

I have an ex-colleague read my blog about how to do port forwarding on router for connecting to Synology Disk Station few months ago, and once he told me that I shouldn’t do that because it is very insecure approach.

I went back and think twice, what he said is was entirely true. First, anyone do a random can ping my router. If I disallow my router to being ping by others, they still can create a software to scan the entire Telco network to examine which IP actually has router accessibility.

Although I changed my router admin page to a specific port example: 3333 to make it harder to hack, no doubt that hackers still scan through all the 65535 ports for each IP address in order to land on my router main page. my last approach probably disable the router management page from outside to access it, but my Synology Disk Station login page need to be exposed so I can access my Surveillance Station from WAN.

So the only feasible solution is to install VPN server on the NAS.

Generate a self-signed certification

The first thing need to do is to make sure your synology has a self-signed certification. You can easily generate one from Control Panel > Security > Certificate

5

6

7

After done, move to next step!

Install VPN Server

Basically Synology Disk Station comes with VPN server application, and the setup is pretty straight forward if you get the concept right.

1.PNG

Install the VPN server, and then access to it. I am still using the DSM 5.2, if you are using DSM 6.0 or above probably you will see a similar screen too.

2.PNG

Understand which protocol to use

It comes with 3 standard protocols, PPTP, OpenVPN and L2TP/IPSec.
From what I understand is that PPTP will be slightly faster, but it is less secured.

https://www.howtogeek.com/211329/which-is-the-best-vpn-protocol-pptp-vs.-openvpn-vs.-l2tpipsec-vs.-sstp/

IF you are looking at the above link, it said that:

Don’t use PPTP. Point-to-point tunneling protocol is a common protocol because it’s been implemented in Windows in various forms since Windows 95. PPTP has many known security issues, and it’s likely the NSA (and probably other intelligence agencies) are decrypting these supposedly “secure” connections. That means attackers and more repressive governments would have an easier way to compromise these connections.

Yes, PPTP is common and easy to set up. PPTP clients are built into many platforms, including Windows. That’s the only advantage, and it’s not worth it. It’s time to move on.

In Summary: PPTP is old and vulnerable, although integrated into common operating systems and easy to set up. Stay away.

OK, looks like PP2P is not an option for me, I would rather pick OpenVPN, but the only drawback is you need to install the OpenVPN client software.

OpenVPN support isn’t integrated into popular desktop or mobile operating systems. Connecting to an OpenVPN network requires a a third-party application — either a desktop application or a mobile app. Yes, you can even use mobile apps to connect to OpenVPN networks on Apple’s iOS.

Enable the VPN Server

So the first step is to enable the OpenVPN by checking the “Enable OpenVPN server”.
The rest of settings can just follow the default one.

Once you managed to set it up, means the VPN server in Synology Disk Station is enabled and ready to use. But remember to export the Configuration by clicking on “Export Configuration”

3.PNG

You will see that your a zip file being downloaded, and inside should have 3 files : Certification, open VPN file and a readme.txt file

4

Modify the openvpn file

The openvpn.ovpn come with a default domain, so we need to change that and point to our router IP address or a domain. So when we put this configuration and certification on our phone, so that our phone can connect to the VPN securely.

8.PNG

Port forwarding 1194 Port at router

The next thing is, open only 1 port at router port-forwarding page, and only allow port 1194 (UDP). Please make sure it is UDP!

9.png

 The next step….

Of course is to test it, make sure it works so we can use it. Please refer to:

Connect from Phone to Synology VPN Server

Get DSM 6.0 works on Virtual Machine

OK, So DSM 6.0 has launched for almost half a year, so far I still can’t find any resource on how to setup DSM 6.0 on a real machine. But there are a couple of online resources mentioned that it is possible to install DSM 6.0 on a virtual machine. But first thing you need are:

  1. VMWare Player : 12.5.3 build-5115892
  2. DSM 6.0 Bootable virtual machine files : https://mega.nz/#!edUjRRhD!r-jBC-PTM0GMfDcxTiWsCcb6V9fbC_Iyg6zZQKSQcLg

 

Install VMWare Player

The first task of course is to install the VMWare Player. Basically it is a free virtual machine player to plug and run any existing virtual machine. You can’t create a new virtual machine here, but can re-run and modify existing virtual machine that saved by others.

1

Extract the DSM 6.0 Bootable virtual machine files

Unzip the entire zipped file, probably best to extract to C:\DSM6 drive for now. So you would see 6 files like below.
2

These files are very important, make sure you don’t simply change or rename all the virtual machine files.

Open and run the virtual machine using VMWare Player

Next important step is to open the VMWare Player and look for C:\DSM6\ directory. And search for DSM 6.vmx file.

3456

Click “Open” and you will see that the “DSM 6” virtual machine is attached with your VMWare Player.

Modify the network settings

It is important to modify the network setting of the virtual machine. By default the virtual machine use NAT, in order for you to able to connect to the DSM 6.0, you have to change the network setting to “Bridge adapter” instead.

7

Adjust the virtual machine processor and memory

Change the processor to 2 cores at least, and memory to 2 GB.

8

Power On the virtual machine

Pick power on from the drop down list or double click to run the virtual machine. A prompt will shown to double confirm if the virtual machine has been moved here, or copied here. Pick “I copied it”

910

Booting the DSM 6.0

DSM 6.0 will boot up in a few minutes, but the next thing is to figure out what IP address you need to connect to DSM 6.0. Easiest way is to access your router and look for new DHCP devices that connected. So from the screen you can see that the DSM 6.0 is 192.168.0.105.

1213

Access to the DSM 6.0 via IP address

Access to http://192.168.0.105/ And you will see the system is getting ready, this will take a couple of minutes.

14

After that you will see the “Create your administrator account” screen.

15

16

Avoid picking up any automatically installation on DSM version, this will screw up your DSM 6.0 in future. Choose “Download DSM updates and install them manually”

17

Bingo!

This is awesome. The screen looks similar like DSM 5.2, but the design definitely looks better.

18

Feel free to comment here if  you need any help.

Setup TP-Link NC-250 on Synology Surveillance Station

It is pretty easy to setup the NC-250 IP Camera on Synology Surveillance Station. Basically we don’t really need to do any hacking other than add the camera into surveillance station with a couple of quick setting.

The first thing we need is to make sure we know the IP address of the TP-Link NC-250. But before that, it would be better if you install the IP camera using TP-Link phone app so that it can connect to your router, and then you get the IP address of the camera from DHCP list or from the setting page in the phone app.

1.PNG

Because TP-Link NC-250 IP camera is not officially recognized as compatible camera in Synology Surveillance Station, so we have to choose [User Define] brand.

Put “8080” as your port number and this is fixed by TP-Link firmware, the source path is “/stream/video/mjpeg”, default username is “admin”, default password is “admin”, but the key thing is you can’t put the actual password here, TP-Link firmware recognize only base64 encoded password, so go to https://www.base64encode.org/, and encode it to base64 format. Example, password “admin” would be converted to “YWRtaW4=”, passsword “qwerty123” would converted to “cXdlcnR5MTIz”. Put the encoded password at the password field. Click “Test Connection”, you would see your IP camera video screen if everything is correct.

But anyway, I still can’t get the video setting correctly to work dynamically like other brand, so everything would follow the default IP camera setting.

2.PNG

Reply or comment below if you need my help.

DO NOT upgrade XiaoMi IP camera to latest firmware

What I noticed within these few days is that XiaoMi release a latest IP camera firmware 1.8.6.1B_201603181307 to anyone who connect to XiaoMi Server to view their IP camera.

I had a close friend that bought the same camera at China, he updated to latest firmware. It works OK at the first place because he was connecting the IP camera at China (Because currently he is working at ShenZhen). But nightmare starts when he went back to Malaysia for short vacation, and the IP camera no longer working.

A uncommon voice message prompt and said “you can only use this camera within China”.

I took some risk too and update my XiaoMi IP camera to that problematic version, and hit the wall for the whole night. I was trying to rollback the firmware to older version, but it never work.

I am quite confident that I am not the only person that face this issue, there are a couple of MIUI forumer hit with the same issue too. But some of them successfully rollback the firmware version.

Change XiaoMi IP camera timezone

By default, the XiaoMI IP camera timezone followed China timezone (Of course! it is from a China company) So if you are from other country then the timezone that appeared at the camera probably is not the one you want. In order to change the timezone accordingly, we must make sure we can connect to XiaoMi IP camera using either FTP or Telnet service. If it is a night vision version, then please follow this guide to enable the FTP or telnet service first. You can do it together when you flashed the firmware by following my guide, but If you missed that step, you still can connect to FTP or telnet to do it later.

Stop accessing the IP camera (Stop Surveillance Station or any source that accessing the IP camera – this is extremely important because I noticed that the timezone will be revert back to original value if we keep accessing the camera, except FTP). Use FillZilla or any FTP client, connect to you IP camera address. eg: 192.168.0.195, and you should see a list of Linux directory like below,

1.PNG

Access to /etc/ directory, there is a file called “TZ”, which means “timezone”. You can download the directory to your local, and then access it with notepad. change the timezone to the timezone you want.

2.PNG

Remember to upload it back. You don’t really need to reboot the IP camera.

Enabling RTSP for XiaoMi IP night vision camera

Basically XiaoMi launched 2 type of IP cameras. The first one was launched 2 years ago, 720P without night vision, and the latest one was launched a year ago that has a night vision feature. Besides that, one of the major difference between these 2 versions is the RTSP protocol. The oldest one was able to be accessed by RTSP protocol, but RTSP protocol was completely disabled by XiaoMi. Which means the latest night vision IP camera cannot be used in Synology Surveillance Station or other NAS operating system.

After referring to a few online guide, I noticed that there is a possibility to implant the RTSP protocol into that latest night vision camera. What we need is a SD-card.

Overall I refer to http://xiaoyi.querex.be/ which is an unofficial web site to download Xiao Mi IP camera firmware.

2 important steps to enable RTSP protocol on XiaoMi IP camera,

  1. Flash the firmware
  2. Add in code to implant the RTSP server file

Beside enabling for RTSP protocol, we are able to enable FTP, Telnet, and HTTP web protocol in a single upgrade. I tested with quite some versions, what I noticed is that not all the version is working fine, but the one that always works is version K.

Which firmware to use?

So far I had already flashed up to 4 Xiao Mi IP camera with version K (http://xiaoyi.querex.be/1.8.5.1K_201508311131.rar). So download this firmware and then download (http://xiaoyi.querex.be/1.8.5.1K_test-rtspfix-3.rar) as well.

Extract all the .rar file, and then copy and move the “home” firmware to the root of the SD-card, and move /test/ directory to the root as well. So you should see something like below,

1

The /test/ directory should have contain below files,

2.PNG

The equip_test.sh is a C++ file responsible to do some tasks during the firmware upgrade. The “rtspsvr” and “server” is RTSP server file which is needed to enable RTSP protocol.

If you open the equip_test.sh file, you would see something like below,

Change the timezone

3.PNG

By default, the time zone would be +0 (China timezone). If you are staying at Malaysia, then you don’t need to change this value.

How to flash another firmware

  1. Disconnect cam
  2. Remove micro SD card
  3. Power on and long press reset button
  4. Disconnect cam
  5. Put “home” firmware file and “test” directory on SD card
  6. Insert micro SD card an power on
  7. Wait around 5 min and try to connect from smartphone app
  8. Check your cam it’s IP address in the router DHCP list

How to check if succeeded?

If you are able to access RTSP address using VLC, means you had just succeeded. If you planned to link it with your Synology NAS, you can follow this detailed guide here to setup your XiaoMi CCTV on Surveillance Station.