QNAP ver. 4.3.3 configuration problems

[bitbrain 0]

Hi all.

 

I thought I would start a new thread for QNAP configuration.

 

I generated AirVPN config files (Linux, Other)

I was able to use the QNAP's OpenVPN client (called QVPN) to connect to AirVPN.

After connecting, the AirVPN website confirms I am connected, and a new interface is created on the QNAP, called "tun2002":

 

% netstat -r

Kernel IP routing table

Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface

default         192.168.1.1     0.0.0.0         UG        0 0          0 eth0

10.4.0.0        *               255.255.0.0     U         0 0          0 tun2002

10.4.21.0       *               255.255.255.0   U         0 0          0 tun2002

127.0.0.0       *               255.0.0.0       U         0 0          0 lo

192.168.1.0     *               255.255.255.0   U         0 0          0 eth0

 

curl seems to default to still using eth0 interface:

% curl http://checkip.dyndns.org

<shows my ISP allocated IP addr>

 

If I force curl to route through the new interface:

% curl --interface tun2002  http://checkip.dyndns.org

<shows my AirVPN allocated IP addr>

 

If I startup an on my QNAP system (like a torrent download client), it does not use the new interface tun2002

 

Help!

 

 

Here's my openvpn file:

auth-retry nointeract

cipher AES-256-CBC

client

comp-lzo

connect-retry-max 1

daemon openvpn-client

dev tun2002

script-security 3

up /etc/openvpn/openvpn_up

down /etc/openvpn/openvpn_down

explicit-exit-notify 1

key-direction 1

management /tmp/openvpn.client1.sock unix

nobind

persist-key

persist-tun

remap-usr1 SIGTERM

remote ca.vpn.airdns.org 443

pull

proto udp

remote-cert-tls server

reneg-sec 0

route-delay 5

verb 3

tls-cipher TLS-SRP-SHA-RSA-WITH-3DES-EDE-CBC-SHA:TLS-DHE-RSA-WITH-AES-128-CBC-SHA:TLS-DHE-RSA-WITH-AES-256-CBC-SHA

tls-exit

resolv-retry infinite

route-noexec

auth-user-pass /etc/config/openvpn/clients/client1.auth

log-append /share/homes/admin/VPN/openvpn.log

plugin /usr/lib/vpn_ext.so 2

writepid /var/run/openvpn.client1.pid

<ca>

--keys removed--

 

 

Openvpn.log

Thu Jul 13 19:04:25 2017 OpenVPN 2.3.6 arm-none-linux-gnueabi [sSL (OpenSSL)] [LZO] [EPOLL] [MH] [iPv6] built on Mar 24 2017

Thu Jul 13 19:04:25 2017 library versions: OpenSSL 1.0.2k  26 Jan 2017, LZO 2.05

Thu Jul 13 19:04:25 2017 MANAGEMENT: unix domain socket listening on /tmp/openvpn.client1.sock

Thu Jul 13 19:04:25 2017 WARNING: file '/etc/config/openvpn/clients/client1.auth' is group or others accessible

Thu Jul 13 19:04:25 2017 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

Thu Jul 13 19:04:25 2017 PLUGIN_INIT: POST /usr/lib/vpn_ext.so '[/usr/lib/vpn_ext.so] [2]' intercepted=PLUGIN_UP

Thu Jul 13 19:04:25 2017 Control Channel Authentication: tls-auth using INLINE static key file

Thu Jul 13 19:04:25 2017 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication

Thu Jul 13 19:04:25 2017 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication

Thu Jul 13 19:04:25 2017 Socket Buffers: R=[163840->131072] S=[163840->131072]

Thu Jul 13 19:04:25 2017 UDPv4 link local (bound): [undef]

Thu Jul 13 19:04:25 2017 UDPv4 link remote: [AF_INET]184.75.221.162:443

Thu Jul 13 19:04:27 2017 TLS: Initial packet from [AF_INET]184.75.221.162:443, sid=6e4f99cc 70bae188

Thu Jul 13 19:04:27 2017 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this

Thu Jul 13 19:04:27 2017 VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org

Thu Jul 13 19:04:27 2017 Validating certificate key usage

Thu Jul 13 19:04:27 2017 ++ Certificate has key usage  00a0, expects 00a0

Thu Jul 13 19:04:27 2017 VERIFY KU OK

Thu Jul 13 19:04:27 2017 Validating certificate extended key usage

Thu Jul 13 19:04:27 2017 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication

Thu Jul 13 19:04:27 2017 VERIFY EKU OK

Thu Jul 13 19:04:27 2017 VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, emailAddress=info@airvpn.org

Thu Jul 13 19:04:40 2017 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key

Thu Jul 13 19:04:40 2017 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

Thu Jul 13 19:04:40 2017 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key

Thu Jul 13 19:04:40 2017 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

Thu Jul 13 19:04:40 2017 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES128-SHA, 4096 bit RSA

Thu Jul 13 19:04:40 2017 [server] Peer Connection Initiated with [AF_INET]184.75.221.162:443

Thu Jul 13 19:04:43 2017 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)

Thu Jul 13 19:04:45 2017 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 10.4.0.1,comp-lzo no,route-gateway 10.4.0.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.4.21.91 255.255.0.0'

Thu Jul 13 19:04:45 2017 OPTIONS IMPORT: timers and/or timeouts modified

Thu Jul 13 19:04:45 2017 OPTIONS IMPORT: LZO parms modified

Thu Jul 13 19:04:45 2017 OPTIONS IMPORT: --ifconfig/up options modified

Thu Jul 13 19:04:45 2017 OPTIONS IMPORT: route options modified

Thu Jul 13 19:04:45 2017 OPTIONS IMPORT: route-related options modified

Thu Jul 13 19:04:45 2017 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified

Thu Jul 13 19:04:45 2017 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 IFACE=eth0 HWADDR=00:08:9b:c3:40:

Thu Jul 13 19:04:45 2017 TUN/TAP device tun2002 opened

Thu Jul 13 19:04:45 2017 TUN/TAP TX queue length set to 100

Thu Jul 13 19:04:45 2017 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0

Thu Jul 13 19:04:45 2017 /sbin/ifconfig tun2002 10.4.21.91 netmask 255.255.0.0 mtu 1500 broadcast 10.4.255.255

Thu Jul 13 19:04:45 2017 PLUGIN_CALL: POST /usr/lib/vpn_ext.so/PLUGIN_UP status=0

Thu Jul 13 19:04:45 2017 /etc/openvpn/openvpn_up tun2002 1500 1558 10.4.21.91 255.255.0.0 init

Thu Jul 13 19:04:50 2017 Initialization Sequence Completed

 

 

[zhang888 1066]

You can do it either by editing your torrent client config file to use the VPN

interface, or force this application to use your VPN gateway with iptables.

[bitbrain 0]

OK, I got it working.  I took your advice and worked on getting the torrent client to work with the VPN (rather than messing with iptables)

QNAP Download Manager (default torrent client for QNAP) doesn't provide a means to do this.

However, "Transmission" does.  Here's how I set it up:

 

1. Connecting QNAP to the VPN.

 

2. Ensure the Transmission process is stopped.

 

3. figure out the IP address for the VPN interface:

% ifconfig

---snip---

tun2002   Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00

          inet addr:10.4.96.247  P-t-P:10.4.96.247  Mask:255.255.0.0

          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1

          RX packets:124239 errors:0 dropped:0 overruns:0 frame:0

          TX packets:72989 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:100

          RX bytes:147655705 (140.8 MiB)  TX bytes:7048530 (6.7 MiB)

 

That's the address needed (and it will change whenever you drop and reconnect to the VPN)

 

4. Now, edit /share/MD0_DATA/.qpkg/Transmission/conf/settings.json

(your path may be different, depending how you installed Transmission)

and change bind-address-ipv4 to match the IP listed in ifconfig

"bind-address-ipv4": "10.4.96.247"

 

5. Start Transmission

 

Thanks for the guidance.