- WD Community
- News & Assistance
- New to Community
- Forum Feedback
- Software & Apps
- WD Software
- WD Mobile Apps
- Software & Accessory Ideas
- WD TV Live Streaming
- Live Streaming Discussions
- Live Streaming Firmware
- Live Streaming Ideas
- Live Streaming Issues
- WD TV Live Hub
- Hub Discussions
- Hub Firmware
- Hub Themes
- WD TV Live Hub Ideas
- WD TV Live Hub Issue Reporting
- WD TV Play
- WD TV Play
- Live & Live Plus
- Live Discussions
- Live Firmware
- Elements Play
- Elements Play
- External Drives
- Mac Externals
- PC Externals
- Portable Drives
- External Drive Ideas
- Network Devices
- Networking Devices
- Live Duo
- My Book Live
- Other Network Drives
- Network Product Ideas
- Internal Drives
- Desktop & Portable
- Internal Drive Ideas
- Nuevo a La Comunidad
- Los Productos de WD
- Software y Accesorios
- Reproductores Multimedia
- Unidades de Red
- Unidades Externas
- Unidades Internas
- Neu in der Community
- WD Produkte
- WD Programme
- WD TV Media Player
- Netzwerk Laufwerke
- Externe Laufwerke
- Interne Laufwerke
- Annunci e Novita'
- Nuovo per La Comunita'
- Prodotti WD
- Programmi & Accessori
- Riproduttori Multimediali
- Dischi di Rete
- Dischi Esterni
- Dischi Interni
- WD TV Legacy
- Hub Network
- Live Networking
- WD TV HD
- WD TV Mini
- WD Photos
- Other Software & Accessories
- Hard Drives
- WD ShareSpace
- Other Externals
- Other Internal Drives
04-27-2012 08:15 AM
as promised I have made a script to install Openvpn as a server and let you easily create windows, mac and linux clients from it.
This script installs all the right software, preps the server config (after asking questions) and then you can generate keys, install.
You need to be familiar with SSH into your My Book Live and run basic shell commands
You need to be able to apt-get install stuff (there is probably another howto for this)
Networking and VPN concepts are also a pre-requisite. Don't do this if you don't know what you are doing.
You need to understand how openvpn works and how to do a port forward on your router.
Sample Diagram of the setup here:
You can download the package script here:
Or ssh into your MBL and wget like so:
then extract it and run ./install.sh
tar zxvf openvpn-server-wdlive-0.1.tar.gz
Please answer the questions carefully. If you make a mistake try do CTRL+C and run ./install.sh again.
Once its installed and it says the server restarted successfully, you can generate a certificate with the 'ovs' command
ovs help will help you
will build a zip file with a config file and a cert file you can drop into the config directory on windows
likewise for mac and linux (you can use the mac one
Then you can connect and browse as per the network diagram.
ovs status will show you who is connected and their current throughput (uses ifstat)
This is really quick and dirty and I have done some basic testing. Don't blame me if it breaks your stuff.
Happy to answer any questions.
Enjoy strongly encrypted remote connections to your mybooklive.
And yes, as long as you portfoward 1194 UDP only, this should be rock solid in terms of security.
I would have used a 2048bit DHparams key, but it would take nearly 20mins to generate on this hardware.
04-27-2012 01:10 PM
Thanks a lot for this installation script.
All works fine except using 'ovs status' : '/usr/share/openvpn-server/scripts/status: line 25: ifstat: command not found'
I saw during install that ifstat wasn't installed correctly.
openvpn-server-wdlive-0.1/ openvpn-server-wdlive-0.1/install.sh openvpn-server-wdlive-0.1/bin/ openvpn-server-wdlive-0.1/bin/ovs openvpn-server-wdlive-0.1/config-templates/ openvpn-server-wdlive-0.1/config-templates/ovpn-cl
ient.conf openvpn-server-wdlive-0.1/config-templates/openssl .cnf openvpn-server-wdlive-0.1/init-server-config.sh openvpn-server-wdlive-0.1/scripts/ openvpn-server-wdlive-0.1/scripts/help openvpn-server-wdlive-0.1/scripts/build-windows-cl ient openvpn-server-wdlive-0.1/scripts/build-mac-client openvpn-server-wdlive-0.1/scripts/functions.sh openvpn-server-wdlive-0.1/scripts/build-ddwrt-clie nt openvpn-server-wdlive-0.1/scripts/revoke-cert openvpn-server-wdlive-0.1/scripts/status ByteServer:~# cd openvpn-server-wdlive-0.1 ByteServer:~/openvpn-server-wdlive-0.1# ./install.sh Reading package lists... Done Building dependency tree Reading state information... Done zip is already the newest version. openvpn is already the newest version. openvpn set to manually installed. Some packages could not be installed. This may mean that you have requested an impossible situation or if you are using the unstable distribution that some required packages have not yet been created or been moved out of Incoming. The following information may help to resolve the situation: The following packages have unmet dependencies: ifstat: Depends: libsnmp15 (>= 5.4.1~dfsg) but it is not going to be installed E: Broken packages Setting up server config. Please answer the questions correctly. This is a very rough script, so tread carefully
Trying to install ifstat manually gives me the same error.
I'm really new to linux and it would be nice to get help with this.
And another thing is how to start and stop the OpenVPN-Server service via script would be nice to know, too!
And last to change change the subnet of the OpenVPN subnet, is it just to change in '/var/lib/openvpn-server/openvpn/ifconfig-pool.txt
Thank you for your efforts!
04-27-2012 03:58 PM - edited 04-27-2012 03:58 PM
To change the subnet you change the 'server' line in /etc/openvpn/yourorg-server.conf.
Where yourorg is the name you chose during install.
But you may be barking up the wrong tree - only change the server subnet if it conflicts with your own. OpenVPN is not trying to hand out IPs on your LAN, it has a seperate subnet for VPN clients.
If you want to enable VPN clients to get to machines other than your NAS on your LAN, you need to enable ip forwarding, which you can do in the OpenVPN config, add this line:
up " echo 1 > /proc/sys/net/ipv4/ip_forward"
which will turn your WDlive into a router, and route traffic between the tun interface and the eth0 interface. Then you need to ALSO add a route back to the VPN subnet on your router. Many routers can do this. Its called adding a static route, and the route format will be in english:
The VPN subnet (eg 172.22.6.0 netmask 255.255.255.0) is out the IP of the NAS (eg 192.168.0.240).
Adding a routeback over the LAN will be different for different routers, and some can't even do it, but its the best way.
Oh and then to apply any changes you make the config file:
works just fine.
As for ifstat, like I said the pre-requisite was you could apt-get install stuff, but to help you out, I enabled it by editing /etc/apt/sources.list, and uncommenting this line so it only contains this:
deb http://ftp.us.debian.org/debian/ squeeze main
'#' is a comment in most linux config files.
and then doing 'apt-get update' and then you can 'apt-get install ifstat'
Now you can apt-get install all sorts of dangerous stuff, so tread carefully. Dangerous in the sense it will conflict with the WD customisations, and break everything.
04-27-2012 04:36 PM
That fixed it!
My sources.list looked like this:
deb http://archive.debian.org/debian-archive/debian/ lenny main contrib non-free deb-src http://archive.debian.org/debian-archive/debian/ lenny main contrib non-free deb http://archive.debian.org/debian-archive/debian-se
curity/ lenny/updates main deb-src http://archive.debian.org/debian-archive/debian-se curity/ lenny/updates main #deb http://ftp.us.debian.org/debian/ squeeze main #deb http://ftp.us.debian.org/debian/ sid main #deb http://ftp.us.debian.org/debian/ experimental main
I tried it before uncommenting the squeeze line, but it did not work.
Commenting out all the other archive repositories and only have the squeeze one active did the fix, nice!
04-28-2012 04:40 PM
You don't need to install any packages to make it work. Just ignore any errors from apt-get and 1 part of 'ovs status' won't work.
The primary dependencies are openssl and openvpn (and various shell utilities), which should already be installed.