Tag Archives: Synology

Connect from Phone to Synology VPN Server

From previous post on how to setup VPN on Synology Server,

Setting up Virtual Private Network (VPN) on Synology

The next thing is to test it. Probably the easiest step is to connect via phone, I will demonstrate how to connect via Iphone.

The first thing is you need to download the Open VPN Client from App Store.

WhatsApp Image 2017-04-06 at 9.08.09 PM

 

Download it and open, you would see something like below

 

WhatsApp Image 2017-04-06 at 9.08.10 PM

 

Install the Open VPN certification

The next thing need to do is to install OpenVPN certification on your OpenVPN application in your phone, there are a couple of ways to copy the certificate and configuration file to your Iphone, but the easiest one is to use ITunes.

10

Connect your Iphone to Itunes on your machine, in the “Apps” section, pick the “OpenVPN” application in the “File Sharing” panel. This is one of the way to copy and paste any file to specific IOS application.

11.PNG

Navigate and access to ca.crt and openvpn.ovpn file in your unzipped directory And Sync it to your Iphone directly.

WhatsApp Image 2017-04-06 at 9.08.10 2 PM

Immediately, you will the OpenVPN application refresh the screen and display one external certificate available. Press the [+] button. add it to your profile.

WhatsApp Image 2017-04-06 at 9.08.11 PM

Enter your Synology username or password and then connect to your Synology VPN server by toggling the connect/disconnect button.

WhatsApp Image 2017-04-06 at 9.08.12 PM

If you are seeing the “connection details” and the “VPN” wording at the toolbar, means you connected to your Synology VPN server successfully.

Setting up Virtual Private Network (VPN) on Synology

I have an ex-colleague read my blog about how to do port forwarding on router for connecting to Synology Disk Station few months ago, and once he told me that I shouldn’t do that because it is very insecure approach.

I went back and think twice, what he said is was entirely true. First, anyone do a random can ping my router. If I disallow my router to being ping by others, they still can create a software to scan the entire Telco network to examine which IP actually has router accessibility.

Although I changed my router admin page to a specific port example: 3333 to make it harder to hack, no doubt that hackers still scan through all the 65535 ports for each IP address in order to land on my router main page. my last approach probably disable the router management page from outside to access it, but my Synology Disk Station login page need to be exposed so I can access my Surveillance Station from WAN.

So the only feasible solution is to install VPN server on the NAS.

Generate a self-signed certification

The first thing need to do is to make sure your synology has a self-signed certification. You can easily generate one from Control Panel > Security > Certificate

5

6

7

After done, move to next step!

Install VPN Server

Basically Synology Disk Station comes with VPN server application, and the setup is pretty straight forward if you get the concept right.

1.PNG

Install the VPN server, and then access to it. I am still using the DSM 5.2, if you are using DSM 6.0 or above probably you will see a similar screen too.

2.PNG

Understand which protocol to use

It comes with 3 standard protocols, PPTP, OpenVPN and L2TP/IPSec.
From what I understand is that PPTP will be slightly faster, but it is less secured.

https://www.howtogeek.com/211329/which-is-the-best-vpn-protocol-pptp-vs.-openvpn-vs.-l2tpipsec-vs.-sstp/

IF you are looking at the above link, it said that:

Don’t use PPTP. Point-to-point tunneling protocol is a common protocol because it’s been implemented in Windows in various forms since Windows 95. PPTP has many known security issues, and it’s likely the NSA (and probably other intelligence agencies) are decrypting these supposedly “secure” connections. That means attackers and more repressive governments would have an easier way to compromise these connections.

Yes, PPTP is common and easy to set up. PPTP clients are built into many platforms, including Windows. That’s the only advantage, and it’s not worth it. It’s time to move on.

In Summary: PPTP is old and vulnerable, although integrated into common operating systems and easy to set up. Stay away.

OK, looks like PP2P is not an option for me, I would rather pick OpenVPN, but the only drawback is you need to install the OpenVPN client software.

OpenVPN support isn’t integrated into popular desktop or mobile operating systems. Connecting to an OpenVPN network requires a a third-party application — either a desktop application or a mobile app. Yes, you can even use mobile apps to connect to OpenVPN networks on Apple’s iOS.

Enable the VPN Server

So the first step is to enable the OpenVPN by checking the “Enable OpenVPN server”.
The rest of settings can just follow the default one.

Once you managed to set it up, means the VPN server in Synology Disk Station is enabled and ready to use. But remember to export the Configuration by clicking on “Export Configuration”

3.PNG

You will see that your a zip file being downloaded, and inside should have 3 files : Certification, open VPN file and a readme.txt file

4

Modify the openvpn file

The openvpn.ovpn come with a default domain, so we need to change that and point to our router IP address or a domain. So when we put this configuration and certification on our phone, so that our phone can connect to the VPN securely.

8.PNG

Port forwarding 1194 Port at router

The next thing is, open only 1 port at router port-forwarding page, and only allow port 1194 (UDP). Please make sure it is UDP!

9.png

 The next step….

Of course is to test it, make sure it works so we can use it. Please refer to:

Connect from Phone to Synology VPN Server

Setup TP-Link NC-250 on Synology Surveillance Station

It is pretty easy to setup the NC-250 IP Camera on Synology Surveillance Station. Basically we don’t really need to do any hacking other than add the camera into surveillance station with a couple of quick setting.

The first thing we need is to make sure we know the IP address of the TP-Link NC-250. But before that, it would be better if you install the IP camera using TP-Link phone app so that it can connect to your router, and then you get the IP address of the camera from DHCP list or from the setting page in the phone app.

1.PNG

Because TP-Link NC-250 IP camera is not officially recognized as compatible camera in Synology Surveillance Station, so we have to choose [User Define] brand.

Put “8080” as your port number and this is fixed by TP-Link firmware, the source path is “/stream/video/mjpeg”, default username is “admin”, default password is “admin”, but the key thing is you can’t put the actual password here, TP-Link firmware recognize only base64 encoded password, so go to https://www.base64encode.org/, and encode it to base64 format. Example, password “admin” would be converted to “YWRtaW4=”, passsword “qwerty123” would converted to “cXdlcnR5MTIz”. Put the encoded password at the password field. Click “Test Connection”, you would see your IP camera video screen if everything is correct.

But anyway, I still can’t get the video setting correctly to work dynamically like other brand, so everything would follow the default IP camera setting.

2.PNG

Reply or comment below if you need my help.

Disk Station Manager 6.0 (Release Candidate)

This is the moment! Synology is going to launch their latest Disk Station Manager (DSM) version 6.0. The latest beta testing can be downloaded from their web site and you can refer to your specific models here in order to make sure if your model can use the latest version.

The latest disk station version contains a couple of major changes include Mail Services, Spreadsheet Collaboration Tools, improvement on their Note Station with charting features, and optimized 64-bit computing.

mail_01
Mail Services in your private cloud
yourown_01
Nore Station charting features
powerful_01
Powerful Context indexing

 

 

Modify Synology Photo Station Default Directory

By default, Synology Disk Station will only accept one photo directory as the photo station source. But sometimes you want to re-connect the existing photo directory that you already have, or migrate the photo directory to a bigger hard disk volume. You can’t select multiple photo directories unless you install the Synology Media Server application.

If you don’t want to do that, the only solution is to change your photo station default directory to the hard disk volume that you preferred.

After you installed the Photo Station on your Synology NAS, go to Control Panel and refer to the “Shared folder” page.

photo1

photo2

As you can see now, the default shared folder of the Photo Station is pointing at “Volume 1”, So our task now is to migrate it to “Volume 2”.

photo3photo4photo5

 

Connect DS Cam to your Synology NAS

Since we had already setup external access for our Synology NAS, now is time to test it and make sure we can access our Synology Surveillance Station from the WAN network using our phone or browsers. If you are using IOS or Android phone, download the Synology official Surveillance Cam App,

IOS: https://itunes.apple.com/us/app/ds-cam/id349087111?mt=8
Android: https://play.google.com/store/apps/details?id=com.synology.DScam&hl=en

Install them, and you would see the DS cam icon like below,

 

You can enter your router external IP Address with the forwarded port, if you are not sure how to do a port forwarding for Synology NAS please refer to my previous post here.

IMG_1742

The green box is “navigation menu”, and the red one is “view all mode”

IMG_1743

If you click on individual camera, the right box at the top is “manual recording”.

IMG_1744

Navigation Menu

IMG_1745

Recordings video

IMG_1746

You can filter the recording videos by source, cameras, and date. And if you want you can sort it by date.

IMG_1747

This is “view all” mode. You can see all the camera real time activities in a single view.

IMG_1748

 

Setup external access to your Synology NAS

2 Ways

There are 2 ways to setup external access for your Synology NAS, the first way is to setup Synology QuickConnect ID. The other method is to setup router port forwarding. If you are using QuickConnect ID definitely would be safer compare to router port forwarding method because you have to manage your router security better if you are doing it your way.

A standard port to access Synology NAS HTTP is port 5000. HTTP then required port 5001. To access photo station externally then you required a port 80. Surveillance Station required standard port 5000 or 5001.

Synology Network Ports

You can see the complete list of network port for Synology NAS, refer to here.

https://www.synology.com/en-us/knowledgebase/DSM/tutorial/General/What_network_ports_are_used_by_Synology_services

Although in the network port list, they mentioned required port 9000 or 9001 for Surveillance Station, but I noticed that exposing port 5000 and 5001 is sufficient enough.

Router Port Forwarding

Let’s say, for an example if your Synology NAS URL is, http://192.168.0.108:5000/webman/index.cgi

You can set your router port forwarding like below,

forward1.PNG

If your external IP address (router IP address) is like 175.200.142.46, you can access your Synology NAS using http://175.200.142.46:20000/ then you can see your Synology NAS login screen.

For cloud station, just access it with http://175.200.142.46:20001/ will do.

In order to test if your Synology NAS successfully exposed to external access, use Google Paping to double check with “paping 175.200.142.46 -p 20001”.

*Most importantly, setup your Synology NAS properly, please refer to here.*

 

Installing Synology NAS on Virtual Machine

Always starts with virtual machine

Let’s us start with installing the Disk Station on virtual machine, before we install it on real hardware. A standard 4-bay Synology NAS could cost more than USD 450 alone, without any hard drive installed. So the idea here is to re-used some of the old PC hardware, and then install the Synology Disk Station on it.

But before we go for a real one, probably the best idea now is to install the Synology Disk Station on a virtual machine. Try it out first before you spend hundred dollars on new hardware.

Preparation

The first step is to select a simple and good virtual machine for the installation. So i decided to pick Virtual Box from Oracle. Simple, easy to configure and use less memory than other virtual machine.

Secondly, we must select the correct version of bootable XPEnology, a compatible Synology Disk Station version and download proper tools for installation.

Virtual Box Version: 5.0.14

XPEnology Bootable version: XPEnoboot_DS3615xs_5.1-5055.1.iso

Disk Station version: DSM_DS3615xs_5055.pat

Surveillance Station version: SurveillanceStation-bromolow-7.0-3762.spk

Installation

First step, install the virtual box 5.0.14 version, other version is acceptable too.

vm1.PNG

vm2.PNG

Second step, create a virtual machine for SynologyNAS

vm3

Choose Linux Operating System, Synology Disk Station basically developed under Linux Platform. and pick Linux 2.4 (64 bit) version. I noticed that the XPEnology bootable won’t work if you pick 32-bit linux version. Some PC might not support 64-bit, You can try to enable the virtualization support in BIOS see if it helps.

vm4

Select at least 2GB ram for Synology Disk Station installation on a virtual machine.

vm5

Create a virtual machine hard disk, allocate at least 20GB for it.

vm6vm7vm8

vm9

Here is the final result.

vm10

Configure the Synology Disk Station virtual machine

Go to settings, and configure the network adapter. Change the network adapter type to “Bridge” instead of NAT”, This step will make your Synology Disk Station connect directly to your router.

vm11

vm12

Choose a virtual optical disk file on the storage tab. pick the XPEnoboot_DS3615xs_5.1-5055.1.iso

vm13vm14

Start the virtual machine, XPEnoboot will load for a few minute, If you can see the login screen means all the steps are correct.

vm15.PNG

From your another PC, access http://find.synology.com, this page will help you to look for new DiskStation within your network.

vm16

Start setting up the Disk Station.

vm17

Choose a manual installation, and then pick the DiskStation file DSM_DS3615xs_5055.pat from your local PC that you downloaded earlier.

vm18.PNG

vm19.PNG

vm20

will need around 10-20 minutes for Synology DiskStation installation.

vm21

If you can’t see find your Synology DiskStation from the http://find.synology.com, then you can try to look for the IP address on your router DHCP device list.

You can manually access the Synology DiskStation with this URL on port 5000,
http://192.168.0.105:5000/

vm22.PNG

Setting up user account

After the installation completed, the next important step is to setup an admin user account.

vm23

vm24

Change the DSM Update Settings to “Download DSM updates but let me choose whether to install them”, don’t pick the automatically option. Because we are going to hack the Surveillance Station later, Synology update will override everything if we picked that.

vm25

After completed the user account, you can login to the DiskStation, you would see the desktop.

vm26

You can try to login using the account that you created earlier on the linux command prompt.

vm27

Done. That’s all.

vm28