Connect from Phone to Synology VPN Server

From previous post on how to setup VPN on Synology Server,

Setting up Virtual Private Network (VPN) on Synology

The next thing is to test it. Probably the easiest step is to connect via phone, I will demonstrate how to connect via Iphone.

The first thing is you need to download the Open VPN Client from App Store.

 

Download it and open, you would see something like below

 

 

Install the Open VPN certification

The next thing need to do is to install OpenVPN certification on your OpenVPN application in your phone, there are a couple of ways to copy the certificate and configuration file to your Iphone, but the easiest one is to use ITunes.

Connect your Iphone to Itunes on your machine, in the “Apps” section, pick the “OpenVPN” application in the “File Sharing” panel. This is one of the way to copy and paste any file to specific IOS application.

Navigate and access to ca.crt and openvpn.ovpn file in your unzipped directory And Sync it to your Iphone directly.

Immediately, you will the OpenVPN application refresh the screen and display one external certificate available. Press the [+] button. add it to your profile.

Enter your Synology username or password and then connect to your Synology VPN server by toggling the connect/disconnect button.

If you are seeing the “connection details” and the “VPN” wording at the toolbar, means you connected to your Synology VPN server successfully.

Setting up Virtual Private Network (VPN) on Synology

I have an ex-colleague read my blog about how to do port forwarding on router for connecting to Synology Disk Station few months ago, and once he told me that I shouldn’t do that because it is very insecure approach.

I went back and think twice, what he said is was entirely true. First, anyone do a random can ping my router. If I disallow my router to being ping by others, they still can create a software to scan the entire Telco network to examine which IP actually has router accessibility.

Although I changed my router admin page to a specific port example: 3333 to make it harder to hack, no doubt that hackers still scan through all the 65535 ports for each IP address in order to land on my router main page. my last approach probably disable the router management page from outside to access it, but my Synology Disk Station login page need to be exposed so I can access my Surveillance Station from WAN.

So the only feasible solution is to install VPN server on the NAS.

Generate a self-signed certification

The first thing need to do is to make sure your synology has a self-signed certification. You can easily generate one from Control Panel > Security > Certificate

After done, move to next step!

Install VPN Server

Basically Synology Disk Station comes with VPN server application, and the setup is pretty straight forward if you get the concept right.

Install the VPN server, and then access to it. I am still using the DSM 5.2, if you are using DSM 6.0 or above probably you will see a similar screen too.

Understand which protocol to use

It comes with 3 standard protocols, PPTP, OpenVPN and L2TP/IPSec.
From what I understand is that PPTP will be slightly faster, but it is less secured.

https://www.howtogeek.com/211329/which-is-the-best-vpn-protocol-pptp-vs.-openvpn-vs.-l2tpipsec-vs.-sstp/

IF you are looking at the above link, it said that:

Don’t use PPTP. Point-to-point tunneling protocol is a common protocol because it’s been implemented in Windows in various forms since Windows 95. PPTP has many known security issues, and it’s likely the NSA (and probably other intelligence agencies) are decrypting these supposedly “secure” connections. That means attackers and more repressive governments would have an easier way to compromise these connections.

Yes, PPTP is common and easy to set up. PPTP clients are built into many platforms, including Windows. That’s the only advantage, and it’s not worth it. It’s time to move on.

In Summary: PPTP is old and vulnerable, although integrated into common operating systems and easy to set up. Stay away.

OK, looks like PP2P is not an option for me, I would rather pick OpenVPN, but the only drawback is you need to install the OpenVPN client software.

OpenVPN support isn’t integrated into popular desktop or mobile operating systems. Connecting to an OpenVPN network requires a a third-party application — either a desktop application or a mobile app. Yes, you can even use mobile apps to connect to OpenVPN networks on Apple’s iOS.

Enable the VPN Server

So the first step is to enable the OpenVPN by checking the “Enable OpenVPN server”.
The rest of settings can just follow the default one.

Once you managed to set it up, means the VPN server in Synology Disk Station is enabled and ready to use. But remember to export the Configuration by clicking on “Export Configuration”

You will see that your a zip file being downloaded, and inside should have 3 files : Certification, open VPN file and a readme.txt file

Modify the openvpn file

The openvpn.ovpn come with a default domain, so we need to change that and point to our router IP address or a domain. So when we put this configuration and certification on our phone, so that our phone can connect to the VPN securely.

Port forwarding 1194 Port at router

The next thing is, open only 1 port at router port-forwarding page, and only allow port 1194 (UDP). Please make sure it is UDP!

 The next step….

Of course is to test it, make sure it works so we can use it. Please refer to:

Connect from Phone to Synology VPN Server

Screen shot inside BIOS system

Ah! Never thought it would be so easy to make a screen shot in BIOS. The magic keystroke is not “Print Screen”, but is F12 instead.

Most of the modern motherboard should support this, but first thing you need a thumb drive. Plug in the thumb drive into your USB port before you start up your machine, and then enter BIOS.

Press F12 keystroke anytime when you want to screen shot the BIOS. Your bios wait for your command which place you want to save your screen shot.

Get DSM 6.0 works on Virtual Machine

OK, So DSM 6.0 has launched for almost half a year, so far I still can’t find any resource on how to setup DSM 6.0 on a real machine. But there are a couple of online resources mentioned that it is possible to install DSM 6.0 on a virtual machine. But first thing you need are:

1. VMWare Player : 12.5.3 build-5115892
2. DSM 6.0 Bootable virtual machine files : https://mega.nz/#!edUjRRhD!r-jBC-PTM0GMfDcxTiWsCcb6V9fbC_Iyg6zZQKSQcLg

 

Install VMWare Player

The first task of course is to install the VMWare Player. Basically it is a free virtual machine player to plug and run any existing virtual machine. You can’t create a new virtual machine here, but can re-run and modify existing virtual machine that saved by others.

Extract the DSM 6.0 Bootable virtual machine files

Unzip the entire zipped file, probably best to extract to C:\DSM6 drive for now. So you would see 6 files like below.

These files are very important, make sure you don’t simply change or rename all the virtual machine files.

Open and run the virtual machine using VMWare Player

Next important step is to open the VMWare Player and look for C:\DSM6\ directory. And search for DSM 6.vmx file.

Click “Open” and you will see that the “DSM 6” virtual machine is attached with your VMWare Player.

Modify the network settings

It is important to modify the network setting of the virtual machine. By default the virtual machine use NAT, in order for you to able to connect to the DSM 6.0, you have to change the network setting to “Bridge adapter” instead.

Adjust the virtual machine processor and memory

Change the processor to 2 cores at least, and memory to 2 GB.

Power On the virtual machine

Pick power on from the drop down list or double click to run the virtual machine. A prompt will shown to double confirm if the virtual machine has been moved here, or copied here. Pick “I copied it”

Booting the DSM 6.0

DSM 6.0 will boot up in a few minutes, but the next thing is to figure out what IP address you need to connect to DSM 6.0. Easiest way is to access your router and look for new DHCP devices that connected. So from the screen you can see that the DSM 6.0 is 192.168.0.105.

Access to the DSM 6.0 via IP address

Access to http://192.168.0.105/ And you will see the system is getting ready, this will take a couple of minutes.

After that you will see the “Create your administrator account” screen.

Avoid picking up any automatically installation on DSM version, this will screw up your DSM 6.0 in future. Choose “Download DSM updates and install them manually”

Bingo!

This is awesome. The screen looks similar like DSM 5.2, but the design definitely looks better.

Feel free to comment here if  you need any help.

Disable Chrome PDF Viewer in latest chrome 56

If you ever use Chrome browser to view PDF document, you probably aware that Chrome has it’s own PDF viewer plugin. This allowed user to view any PDF document using iDF document, you can easily disable to plugin in chrome://plugins by un-check the plugin checkbox in that page.

But this has feature has changed drastically since Chrome upgraded to version 56 and above. With the latest Chrome browser, you can’t disable the PDF plugin anymore in chrome://plugins. As stated in chrome bug tracking, they mentioned that  chrome://plugins will be depreciated soon.

https://bugs.chromium.org/p/chromium/issues/detail?id=615738
https://bugs.chromium.org/p/chromium/issues/detail?id=673199

And now, Chrome has moved the setting to Content Settins page instead.

Settings > Show Advanced Settings > Content Settings. Tick the “Open PDF files in the default PDF viewer application”, then you would be able to view PDF document using your own default application.

Kill a process that won’t die using Process Hacker

It is pretty easy to kill a process in Windows operating system’s task manager. But some processes cannot be killed using Windows task manager because it is a “protected process”.

Even using process explorer application, you might not able to kill the process. So recently I found that there is a very powerful tool that can solve the problem. Process Hacker, Process Hacker was started in 2008 as an open source alternative to programs such as Task Manager and Process Explorer. It is a portable application that doesn’t required any installation. It is safe to use, not a hacking tools, just a professional name.

http://processhacker.sourceforge.net

It has graphs and statistics allow you quickly to track down resource hogs and runaway processes.

Or view detailed stack traces with kernel-mode, WOW64 and .NET support.

Please download from http://processhacker.sourceforge.net/downloads.php?bottom=1

Permanently disable the annoying Windows Defender in Windows 10

If you are developer and frequently developing a software that send a lot of request to another file server across a network, then you might face this issue that I found that only happened in Windows 10 operating system.

The windows defender originally was installed with Windows 10. So when the windows defender detected there are a lot of unusual connections connecting to another PC across network, it will start cutting down those request.

So far I can’t find any methods to uninstall the Windows Defender, but I found that there is shortcut way to off the windows defender permanently.

Steps to Disable Windows Defender

1. Go to Run.
2. Type in ‘gpedit.msc’ (without quotes) and hit Enter. This will open up a new menu, where group policy editor options are listed.
3. Head to the ‘Administrative Templates’ tab, located under ‘Computer Configuration’.
4. Click ‘Windows Components’, followed by ‘Windows Defender’.
5. Find the ‘Turn off Windows Defender’ option, and double-click it.
6. Apply your changes before exiting the GPE menu.

After done, go and access the Windows Defender again and you will see the screen below.

WhatsApp launches video calling

Facebook today announces that they had launched the most promising feature that everyone has been waiting for quite a long time which is video call.

The main objective is to replace Apple’s FaceTime technology that only can be use in Apple’s products. The Facebook-owned chat service WhatsApp is officially launching video calling for its over 1 billion users worldwide on iOS, Android and Windows Phone. Facebook’s founder Mark Zuckerberg announce the news in his Facebook’s news feed today.

To use the new feature, WhatsApp users can hit the call button in the top right corner of a conversation, which will bring up an overlaid interstitial asking if you want to voice or video call the friend or family member you’re chatting with. To kick off the video call, you simply select the “video call” option from this screen.

During the call itself, you can switch between the forward-facing and rear camera, mute the call or press the red button to hang up.

Personally I have try the video calling, so far it looks very stable and smart enough to adjust the resolution according to the network connectivity bandwidth.

 

 

TP-Link NC-450 Pan & Tilt IP Camera

Overview

TP-Link just make an announcement that they are going to launch another new model for TP-Link smart home product very soon. TP-Link NC-450 is a pan & tilt IP camera that has the night vision ability. The specification is exactly like the TP-Link NC-250 that I reviewed earlier, the only major different is that NC-450 see up to 360 degrees horizontally and 150 degrees vertically and comes with 2-way audio communication.

NC-450 allowed user to put in SD-card so you can save your video based on motion or audio detection setting.

Specification

• 720p HD Imaging – HD resolution provides sharper, clearer images
• Pan / Tilt – See up to 360 degrees horizontally and 150 degrees vertically.
• Night Vision– Know what’s happening when it’s dark, with up to 26 feet of night vision.
• Motion & Sound Detection -Receive push and email notifications when motion or sound is detected.
• 2-way Audio – Start 2-way audio with ease to communicate with your family instantly
• SD Card Storage -Save your videos and images easily thanks to an integrated SD slot
• tpCamera App – Use the tpCamera app to access feeds from anywhere, at any time

From TP-Link NC-450 emulator, you can see that NC-450 firmware has more functionality than NC-250 firmware, it has a joystick control for pan & tilt functionality. User can adjust the brightness, contrast and saturation of the camera. http://www.tp-link.fi/resources/simulator/NC450-emulator/index.html

 

The firmware is much more quicker compare to D-Link one.

User can view back recorded video at SD card page, and it also fully support FTP and notification delivery.

CAMERA
Image Sensor	1/4″ Progressive scan CMOS sensor
Resolution	1.0 Megapixel (1280 x 720)
Lens	F: 2.0, f: 3.6 mm
Viewing Angle	FOV = 75°
Pan/Tilt Range	Pan range 300° Tilt range 110°

VIDEO/IMAGE
Video Compression	H.264
Frame Rate & Resolutions	Max. 30 fps at 1280×720 (HD)
Video Streaming	Controllable Frame rate
Image Settings	Rotation: Mirror, Flip Configurable brightness, contrast, saturation Overlay capabilities: time, date, text

AUDIO
Audio Communication	2-Way
Audio Input	Built-in microphone
Audio Output	Built-in speaker

ALARM AND EVENT MANAGEMENT
Input Trigger	Motion/Sound detection
Notification	E-mail, App
Storage	SD Card

NETWORK
Standards and Protocols	Bonjour, TCP/IP, DHCP, ARP, ICMP, FTP, SMTP, NFS,DNS, NTP, HTTP, HTTPS, UDP
Security	Multiple password-protected user levels

WIRELESS
Wireless Data Rates	IEEE 802.11 b/g/n, Up to 300Mbps
Frequency	2.4-2.4835GHz
Wireless Transmit Power	<20dBm (EIRP)
Wireless Encryption	WEP, WPA/WPA2, WPA-PSK/WPA2-PSK

INTERFACES
Network Interface	RJ-45 for Ethernet 10/100 Base-T
Power Connector	DC power jack
Button	Reset/WPS push button

SURVEILLANCE MANAGEMENT
Users	13 simultaneous unicast users
Bundled Management Software	Viewing and recording up to 36 cameras

MINIMUM SYSTEM REQUIREMENTS
Supported OS	Windows XP or higher Mac OS X 10.7 or higher Android 4.1 or higher iOS 7.0 or higher
Supported Browser	Microsoft Internet Explorer 8.0 or higher Firefox 4.0 or higher Safari 5.0 or higher Chrome 5.0 or higher Opera 12.0 or higher

GENERAL
External Power Supply	12V DC, Max 12W
Certification	RoHS, FCC, CE
Package Contents	NC450 Power Adapter Extension Cable RJ-45 Ethernet Cable Quick Installation Guide Passive PoE Injector
Environment	Operating Temperature: 0°C~40°C (32°F ~104°F) Storage Temperature: -40°C ~70°C (-40°F ~158°F) Operating Humidity: 10%~90% non-condensing Storage Humidity: 5%~90% non-condensing
Dimensions( H X W X D )	5.7 x 4.3 x 4.2 in. ( 144 x 109 x 106 mm )
Packaging Dimensions	10.6 x 8.8 x 5.3 in. (270 x223 x 135mm)
PoE	12V DC, Max 12W

COMPATIBILITY
Supported OS	Windows 10

 

For more detail can refer to TP-Link Official Site:
http://www.tp-link.com/en/products/details/NC450.html

Setup TP-Link NC-250 on Synology Surveillance Station

It is pretty easy to setup the NC-250 IP Camera on Synology Surveillance Station. Basically we don’t really need to do any hacking other than add the camera into surveillance station with a couple of quick setting.

The first thing we need is to make sure we know the IP address of the TP-Link NC-250. But before that, it would be better if you install the IP camera using TP-Link phone app so that it can connect to your router, and then you get the IP address of the camera from DHCP list or from the setting page in the phone app.

Because TP-Link NC-250 IP camera is not officially recognized as compatible camera in Synology Surveillance Station, so we have to choose [User Define] brand.

Put “8080” as your port number and this is fixed by TP-Link firmware, the source path is “/stream/video/mjpeg”, default username is “admin”, default password is “admin”, but the key thing is you can’t put the actual password here, TP-Link firmware recognize only base64 encoded password, so go to https://www.base64encode.org/, and encode it to base64 format. Example, password “admin” would be converted to “YWRtaW4=”, passsword “qwerty123” would converted to “cXdlcnR5MTIz”. Put the encoded password at the password field. Click “Test Connection”, you would see your IP camera video screen if everything is correct.

But anyway, I still can’t get the video setting correctly to work dynamically like other brand, so everything would follow the default IP camera setting.

Reply or comment below if you need my help.