ASUSTOR NAS AS5202T

WORDPRESS – SITE INSTALLED – CONFIG SECURITY – TRY FOR URL

Security for WP site – breakdown for overall NAS – URL ISSSUES

After enabling this, users on the NAS only need to create a www folder within the Home folder and upload their Web page to it in order to have their own dedicated URL. They can connect to their Web page using the following URL: http://NAS IP/~username.

TRY DDNS

– maybe if I can get it online – I can figure out what’s wrong

Installed phpmyadmin – new db – get wp running

Updated default user and pw for phpmyadmin – updated wp_config to match

– new database –
create – name it – use unicode: “utf8_general ci”

Wordpress installed

SECURITY: UNDERSTANDING CHANGES

https://www.tipsandtricks-hq.com/wordpress-security-and-firewall-plugin#advanced_features_note

Updated login rights / Registration / Change prefix for wp

File Permissions Updated

Allow / Disallow Editing

– can be added / removed from the wp_config file as you need it to be – so when I’m working on it – I just switch it in wp_config then when I’m done – make them un-editable again –

https://wordpress.org/support/article/editing-wp-config-php/#disable-the-plugin-and-theme-editor

Occasionally you may wish to disable the plugin or theme editor to prevent overzealous users from being able to edit sensitive files and potentially crash the site. Disabling these also provides an additional layer of security if a hacker gains access to a well-privileged user account.

Disable Plugin and Theme Update and Installation #Disable Plugin and Theme Update and Installation<br>
define( ‘DISALLOW_FILE_MODS’, true );

This will block users being able to use the plugin and theme installation/update functionality from the WordPress admin area. Setting this constant also disables the Plugin and Theme editor (i.e. you don’t need to set DISALLOW_FILE_MODS and DISALLOW_FILE_EDIT, as on its own DISALLOW_FILE_MODS will have the same effect).

Disalow Editor

define( ‘DISALLOW_FILE_EDIT’, true );

Note: The functionality of some plugins may be affected by the use of current_user_can(‘edit_plugins’) in their code. Plugin authors should avoid checking for this capability, or at least check if this constant is set and display an appropriate error message. Be aware that if a plugin is not working this may be the cause.

disallow – files such as readme.html, license.txt and wp-config-sample – etc. + turn off error display / reporting

the nas itself has a blacklist – country blocking etc. – some of this is in the wp

PRE-FIREWALL HTACCESS

FireWall – all in one security – should be good for thsi small site

This setting will implement the following basic firewall protection mechanisms on your site:

1. Protect your htaccess file by denying access to it.
2. Disable the server signature.
3. Limit file upload size (10MB).
4. Protect your wp-config.php file by denying access to it.

The above firewall features will be applied via your .htaccess file and should not affect your site’s overall functionality.

You are still advised to take a backup of your active .htaccess file just in case.

>

xmlrpc.php – should disable – have to 2x check

I turned this down to pinback only – woocommerce (jetpack) was not working correctly)

Had to turn xmlrp compleely back on 100% for woocommerce to work – items to show up in cart

If you use Jetpack or WP iOS or other apps which need WP XML-RPC functionality then check this. This will enable protection against WordPress pingback vulnerabilities. -More Info
NOTE: If you use Jetpack or the Wordpress iOS or other apps then you should enable this feature but leave the “Completely Block Access To XMLRPC” checkbox unchecked.

The feature will still allow XMLRPC functionality on your site but will disable the pingback methods.

This feature will also remove the “X-Pingback” header if it is present.

OR USE “Disable Pingback Functionality From XMLRPC” checkbox. – if can’t block it all

htaccess – basic firewall

htaccess-basic-firewall

More Firewall

• Listing of directory contents – w/o an index.php file you can browse dirctories – plugin wants – “AllowOverride” of the Indexes directive must be enabled in your httpd.conf file. –
  
  Can you just add index.php to folders with out it?
  No, they should not. If a plugin has vulnerabilities just because someone might see its directory structure it is broken. These bugs should be fixed.
  Security through obscurity is a bug for itself.

  It’s up to the site owner to allow or forbid directory browsing.

  A second issue is performance: WordPress scans all PHP files in a plugin’s root directory to find plugin headers. This allows you to have multiple plugins under the same directory, eg /wp-content/plugins/wpse-examples/.

  It also means that unused PHP files in that directory are wasting time and memory when WordPress is searching for plugins. One file will not do much harm, but imagine this is getting a common practice. You are creating a real problem in an attempt to fix a fictional.

  trace and track

  HTTP Trace attack (XST) can be used to return header requests and grab cookies and other information.
  This hacking technique is usually used together with cross site scripting attacks (XSS).
  Disabling trace and track on your site will help prevent HTTP Trace attacks.

  forbid proxy comment posting

  This setting will deny any requests that use a proxy server when posting comments.
  By forbidding proxy comments you are in effect eliminating some SPAM and other proxy requests.

  ---

  htaccess with additional firewall

  htaccess-additional-firewall

  6G Blacklist / Firewall settings

  Check this if you want to apply the 6G Blacklist firewall protection from perishablepress.com to your site.
  This setting will implement the 6G security firewall protection mechanisms on your site which include the following things:

  1. Block forbidden characters commonly used in exploitative attacks.
  2. Block malicious encoded URL characters such as the “.css(” string.
  3. Guard against the common patterns and specific exploits in the root portion of targeted URLs.
  4. Stop attackers from manipulating query strings by disallowing illicit characters.
  5. ….and much more.

  The 6G Blacklist is a simple, flexible blacklist that helps reduce the number of malicious URL requests that hit your website.

  The added advantage of applying the 6G firewall to your site is that it has been tested and confirmed by the people at PerishablePress.com to be an optimal and least disruptive set of .htaccess security rules for general WP sites running on an Apache server or similar.

  Therefore the 6G firewall rules should not have any impact on your site’s general functionality but if you wish you can take a backup of your .htaccess file before proceeding.

  htaccess-with-6G-added

  Internet BOTS (google)

  Internet Bot Settings
  What is an Internet Bot?

  A bot is a piece of software which runs on the Internet and performs automatic tasks. For example when Google indexes your pages it uses automatic bots to achieve this task.

  A lot of bots are legitimate and non-malicous but not all bots are good and often you will find some which try to impersonate legitimate bots such as “Googlebot” but in reality they have nohing to do with Google at all.

  Although most of the bots out there are relatively harmless sometimes website owners want to have more control over which bots they allow into their site.

  This feature allows you to block bots which are impersonating as a Googlebot but actually aren’t. (In other words they are fake Google bots)

  Googlebots have a unique indentity which cannot easily be forged and this feature will indentify any fake Google bots and block them from reading your site’s pages.

  Attention: Sometimes non-malicious Internet organizations might have bots which impersonate as a “Googlebot”.

  Just be aware that if you activate this feature the plugin will block all bots which use the “Googlebot” string in their User Agent information but are NOT officially from Google (irrespective whether they are malicious or not).

  All other bots from other organizations such as “Yahoo”, “Bing” etc will not be affected by this feature.

  
  Block Fake Googlebots: Check this if you want to block all fake Googlebots. -More Info
  This feature will check if the User Agent information of a bot contains the string “Googlebot”.

  It will then perform a few tests to verify if the bot is legitimately from Google and if so it will allow the bot to proceed.

  If the bot fails the checks then the plugin will mark it as being a fake Googlebot and it will block it

  htaccess with bots

  htaccess-with6G-bots-extrafirewall

  Prevent IMG hotlink

  A Hotlink is where someone displays an image on their site which is actually located on your site by using a direct link to the source of the image on your server.
  Due to the fact that the image being displayed on the other person’s site is coming from your server, this can cause leaking of bandwidth and resources for you because your server has to present this image for the people viewing it on someone elses’s site.

  This feature will prevent people from directly hotlinking images from your site’s pages by writing some directives in your .htaccess file.

  htaccess – no hotlink

  htaccess-extrafire-6G-bots-nohotlink

  404 Blocking

  A 404 or Not Found error occurs when somebody tries to access a non-existent page on your website.
  Typically, most 404 errors happen quite innocently when people have mis-typed a URL or used an old link to page which doesn’t exist anymore.
  However, in some cases you may find many repeated 404 errors which occur in a relatively short space of time and from the same IP address which are all attempting to access a variety of non-existent page URLs.

  Such behaviour can mean that a hacker might be trying to find a particular page or URL for sinister reasons.

  This feature allows you to monitor all 404 events which occur on your site, and it also gives you the option of blocking IP addresses for a configured length of time.
  If you want to temporarily block or blacklist an IP address, simply click the “Temp Block” or “Blacklist IP” link for the applicable IP entry in the “404 Event Logs” table below.

  Enable 404 IP Detection and Lockout:
  
  Check this if you want to enable the lockout of selected IP addresses.
  When you enable this checkbox, all 404 events on your site will be logged in the table below. You can monitor these events and select some IP addresses listed in the table below and block them for a specified amount of time. All IP addresses you select to be blocked from the “404 Event Logs” table section will be unable to access your site during the time specified.

  Time Length of 404 Lockout (min): 60
  Set the length of time for which a blocked IP address will be prevented from visiting your site
  You can lock any IP address which is recorded in the “404 Event Logs” table section below.
  To temporarily lock an IP address, hover over the ID column and click the “Temp Block” link for the applicable IP entry.

  404 Lockout Redirect URL:http://127.0.0.1
  blocked visitor will be automatically redirected to this URL.

  htaccess with 404 enabled

  htaccess-extrafire-6G-bots-nohotlink-404

  ---

  Brute Force – Rename login page – REPLACED by cookie _ secret word

  An effective Brute Force prevention technique is to change the default WordPress login page URL.

  Normally if you wanted to login to WordPress you would type your site’s home URL followed by wp-login.php.

  This feature allows you to change the login URL by setting your own slug and renaming the last portion of the login URL which contains the wp-login.php to any string that you like.
  
  By doing this, malicious bots and hackers will not be able to access your login page because they will not know the correct login page URL.
  
  You may also be interested in the following alternative brute force prevention features:
  
  Cookie Based Brute Force Prevention
  
  Login Page White List

  Cookie Brute Force Protect – this replaces the url replacement – so back to normal wp url

  A Brute Force Attack is when a hacker tries many combinations of usernames and passwords until they succeed in guessing the right combination.
  Due to the fact that at any one time there may be many concurrent login attempts occurring on your site via malicious automated robots, this also has a negative impact on your server’s memory and performance.

  The features in this tab will stop the majority of Brute Force Login Attacks at the .htaccess level thus providing even better protection for your WP login page and also reducing the load on your server because the system does not have to run PHP code to process the login attempts.

  Even though this feature should not have any impact on your site’s general functionality you are strongly encouraged to take a backup of your .htaccess file before proceeding.
  If this feature is not used correctly, you can get locked out of your site. A backed up .htaccess file will come in handy if that happens.

  To learn more about how to use this feature please watch the following video tutorial.

  Advanced 0/20

  This feature can lock you out of admin if it doesn’t work correctly on your site. You must read this message before activating this feature.

  Enable Brute Force Attack Prevention:
  Secret Word: – created

  Choose a secret word consisting of alphanumeric characters which you can use to access your special URL. Your are highly encouraged to choose a word which will be difficult to guess.
  Re-direct URL:
  http://127.0.0.1

  Specify a URL to redirect a hacker to when they try to access your WordPress login page.

  My Site Has Posts Or Pages Which Are Password Protected:
  Check this if you are using the native WordPress password protection feature for some or all of your blog posts or pages.

  My Site Has a Theme or Plugins Which Use AJAX:
  Check this if your site uses AJAX functionality.

  Before using this feature you are required to perform a cookie test first. This is to make sure that your browser cookie is working correctly and that you won’t lock yourself out.

  htaccess – htaccess-extrafire-6G-bots-nohotlink-404-brutecookie

  htaccess-extrafire-6G-bots-nohotlink-404-brutecookie

  Captcha

  Skipping for this install

  Login Whitelist

  IPs added

  Enter one or more IP addresses or IP ranges you wish to include in your whitelist. Only the addresses specified here will have access to the WordPress login page. -More Info
  Each IP address must be on a new line.

  To specify an IPv4 range use a wildcard “*” character. Acceptable ways to use wildcards is shown in the examples below:

  Example 1: 195.47.89.*

  Example 2: 195.47.*.*

  Example 3: 195.*.*.*

  Or you can enter an IPv6 address (NOTE: ranges/wildcards are currently not supported for ipv6)

  Example 4: 4102:0:3ea6:79fd:b:46f8:230f:bb05

  Example 5: 2205:0:1ca2:810d::

  ---

  Honeypot on login – enabled

  This feature allows you to add a special hidden “honeypot” field on the WordPress login page. This will only be visible to robots and not humans.
  Since robots usually fill in every input field from a login form, they will also submit a value for the special hidden honeypot field.
  The way honeypots work is that a hidden field is placed somewhere inside a form which only robots will submit. If that field contains a value when the form is submitted then a robot has most likely submitted the form and it is consequently dealt with.
  Therefore, if the plugin detects that this field has a value when the login form is submitted, then the robot which is attempting to login to your site will be redirected to its localhost address – http://127.0.0.1.

  ---

  htaccess-extrafire-6G-bots-nohotlink-404-brutecookie-honey

  htaccess-extrafire-6G-bots-nohotlink-404-brutecookie-honey.txt

  SPAM

  – not comment captcha

  – block spambots

  A large portion of WordPress blog comment SPAM is mainly produced by automated bots and not necessarily by humans.
  This feature will greatly minimize the useless and unecessary traffic and load on your server resulting from SPAM comments by blocking all comment requests which do not originate from your domain.
  In other words, if the comment was not submitted by a human who physically submitted the comment on your site, the request will be blocked.

  This feature will implement a firewall rule to block all comment attempts which do not originate from your domain.
  
  A legitimate comment is one which is submitted by a human who physically fills out the comment form and clicks the submit button. For such events, the HTTP_REFERRER is always set to your own domain.

  A comment submitted by a spambot is done by directly calling the comments.php file, which usually means that the HTTP_REFERRER value is not your domain and often times empty.
  
  This feature will check and block comment requests which are not referred by your domain thus greatly reducing your overall blog SPAM and PHP requests done by the server to process these comments.

  ---

  all site features still seem to be working

  http://169.254.1.3/wordpress/checkout/

  Autoblock sammers / sammer list

  
  This feature allows you to automatically and permanently block IP addresses which have exceeded a certain number of comments labelled as SPAM.
  
  Comments are usually labelled as SPAM either by the Akismet plugin or manually by the WP administrator when they mark a comment as “spam” from the WordPress Comments menu.
  
  NOTE: This feature does NOT use the .htaccess file to permanently block the IP addresses so it should be compatible with all web servers running WordPress.
  
  Enable Auto Block of SPAM Comment IPs: Check this box if you want this plugin to automatically block IP addresses which submit SPAM comments.
  Minimum number of SPAM comments:1
  

  
  Specify the minimum number of SPAM comments for an IP address before it is permanently blocked.

  Example 1: Setting this value to “1” will block ALL IP addresses which were used to submit at least one SPAM comment.
  
  Example 2: Setting this value to “5” will block only those IP addresses which were used to submit 5 SPAM comments or more on your site.

  list of spam comments

  This section displays a list of the IP addresses of the people or bots who have left SPAM comments on your site.

  This information can be handy for identifying the most persistent IP addresses or ranges used by spammers.

  By inspecting the IP address data coming from spammers you will be in a better position to determine which addresses or address ranges you should block by adding them to the permanent block list.

  To add one or more of the IP addresses displayed in the table below to your blacklist, simply click the “Block” link for the individual row or select more than one address using the checkboxes and then choose the “block” option from the Bulk Actions dropdown list and click the “Apply” button.

  Buddy press / BBPress not used

  ---

  Security

  ADM Defender

  ADM Defender can protect your NAS from malicious Internet attacks, ensuring the security of your system.

  • Firewall: Here you can block specific IP addresses or only allow specific IP addresses to access your NAS.
  • Trusted List: The IP(s) specified in the trusted list will not be blocked by the black list or after multiple failed login attempts.
  • Auto Black List: After enabling this function, the client IP address will be blocked if there are too many unsuccessful login attempts within the specified time period.
  • Black and White List: The Black and White list can be defined using IP address, range, and geolocation. If you wish to define the Black and White list using geolocation, please first install the Geo IP Database App.
  About the Black and White List

  The Black and White List can protect you from malicious attacks and prevent hackers from trying to access your NAS. Supported protocols are as follows:

  • ADM system login (HTTP & HTTPS)
  • Windows File Service (CIFS/SAMBA)
  • Apple Filing Protocol (AFP)
  • File Transfer Protocol (FTP)
  • Secure Shell (SSH)

  ---

  File Detection Scan

  
  If given an opportunity hackers can insert their code or files into your system which they can then use to carry out malicious acts on your site.
  Being informed of any changes in your files can be a good way to quickly prevent a hacker from causing damage to your website.
  In general, WordPress core and plugin files and file types such as “.php” or “.js” should not change often and when they do, it is important that you are made aware when a change occurs and which file was affected.
  The “File Change Detection Feature” will notify you of any file change which occurs on your system, including the addition and deletion of files by performing a regular automated or manual scan of your system’s files.
  This feature also allows you to exclude certain files or folders from the scan in cases where you know that they change often as part of their normal operation. (For example log files and certain caching plugin files may change often and hence you may choose to exclude such files from the file change detection scan)

  To perform a manual file change detection scan click on the button below.
  Click the button below to view the saved file change results from the last scan.

  1st scan

  The following files were changed on your host.
  File File Size File Modified
  /volume1/Web/wordpress/wp-content/uploads/wp-file-manager-pro/fm_backup/.htaccess 13 2020-10-25 02:40:27
  /volume1/Web/wordpress/wp-content/uploads/wp-file-manager-pro/fm_backup/index.html 0 2020-10-25 02:40:27
  /volume1/Web/wordpress/wp-content/aiowps_backups/aiowps_fcd_data_mx2p1n4pnw 2927606 2020-10-25 02:40:00

  File manager pro

  had several sites that were compromised during the past week because of the file manager plugin vulnerability. On sites where I have fully deactivated and deleted the plugin, I am seeing that files in the: wp-content/uploads/wp-file-manager-pro/fm_backup/ directory still exist and are being updated. (Especially: index.html)
  If the plugin has been removed is it ok to delete these directories? And why would the index.html file be updated once the plugin is removed?

  Viewing 1 replies (of 1 total)
  Plugin Authormndpsingh287 (@mndpsingh287)
  1 month, 2 weeks ago
  Hi @edash22

  Firstly, we truly apologize for the inconvenience this has caused you.

  Yes, you can remove these directories if you don’t need them. This directory contains the backups of your wp-content directory that you have created with File Manager. The file index.html is a direct directory access protector file. You can delete it as well.

  If you need any further assistance we can schedule a call for personalized support on your issue. Reach out to us at https://filemanagerpro.io/contact.

  https://app.malcare.com/ | http://see.spiffy-nas-ty.space/ – better luck with outer IP

  – this may not work because of the setup – inability for the NAS to reach public IP

  ---

  http://see.spiffy-nas-ty.space/ vs http://169.254.1.3/wordpress/product/all-purpose-balm/

  all site functions work with IP – checkout etc. are not correct with see.spiffy-nas-ty.space

  Must be a better way to ust the url – so that it does not get screwy

  Hosting Site | Configuring SSH | SFTP

  Asustor – Knowledgebase

  https://www.asustor.com/en/knowledge?id=1

  ---

  Hosting Site

  https://www.asustor.com/en/knowledge/detail/?id=&group_id=111

  No matter if it is a personal blog, company website, or e-commerce website, ASUSTOR NAS’s Web Server function lets you host your very own website
  right on the NAS. Furthermore, you can use App Central to download Apps for
  content management, database management, bulletin board systems and more,
  allowing you to easily set up all different types of websites in just minutes.

  To host your website on your NAS, please
  follow the instructions below:

  1. Select [Services] -> [Web Server]. Select the [Enable Web server] checkbox found under the Web Server heading and then click [Apply].

  2. In order to check that the setting has been successfully applied, enter the ASUSTOR NAS’s IP address into a Web browser and connect to it. You should be able to see the “Congratulations!”
  page as shown in the graphic below. This page is located in the ASUSTOR NAS’s “Web”
  shared folder. In order to host a website on the ASUSTOR NAS, you must upload
  it to the “Web” shared folder of the NAS.

  3. Now click on the Virtual Host tab and then click on the button.

  4. The Virtual Host window will
  now appear. Fill out the required fields and then click [OK] once you are done. Your website should now be successfully hosted on the NAS.

  *Please note that if
  you need to fine tune the Web server on the NAS, you can use terminal service
  to connect to the NAS and configure .ini for apache server or php. Please refer
  to following link for instructions on connecting to the NAS’s terminal service:

  http://support.asustor.com/index.php?/Default/Knowledgebase/Article/View/190/22/how-to-ssh-into-my-asustor-nas

  SSH into Asustor NAS

  http://support.asustor.com/index.php?/Default/Knowledgebase/Article/View/190/22/how-to-ssh-into-my-asustor-nas

  ---

  Please follow below steps to ssh into your ASUSTOR NAS.

   

  1. Enable SSH on the NAS.

      Login ADM ->　Services -> Terminal -> SSH -> Enable SSH service.

  2. Download PuTTY which is a free implementation of Telnet and SSH  for Windows and Unix platforms, along with an xterm terminal emulator.

      http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html

  3. Open Putty SSH and then type in your NAS IP address.

    

  4. Login as “root” and the SSH password for root is same as your “admin” account’s password.

  (Please note that only root account is allowed to ssh into NAS.)

  

  ---

  Hosting multiple websites with Virtual Host

  [3d-flip-book mode=”fullscreen” id=”107882″ ][/3d-flip-book]

  
  

  ---

  Local Ip Configuration – Self Assigning NATS AN IP

  covers network settings more thoroughly

  [3d-flip-book mode=”fullscreen” id=”105191″ ][/3d-flip-book]

  ---

  Beginner Guide to Networking

  NAS 105 – Networking: A Beginner’s Guide
  [3d-flip-book mode=”fullscreen” id=”105193″ ][/3d-flip-book]
  

  Link Aggregation

  NAS 307 – Networking: Link Aggregation

  [3d-flip-book mode=”fullscreen” id=”105195″ ][/3d-flip-book]
  

  
  

  ---

  <p≥https://www.asustor.com/online/online_help?id=4

  Network

  Note: This function may differ depending on the NAS model in use. Here you can configure the server name, LAN and Wi-Fi settings. Other settings include IP address, DNS server and default gateway.

  • Server Name: An online name for your NAS.
  • Default Gateway: The default gateway that you wish to use.
  • DNS Server: Here you can set the DNS server that you wish to use. Should you choose to obtain your IP address via DHCP the system will automatically obtain the available DNS servers for you. If you choose to manually enter an IP address then you will have to manually enter a DNS server as well.
    Reminder: Using an invalid DNS server will affect some network related functions. (i.e., Download Center). If you are uncertain about how to proceed, please choose to obtain your IP address automatically.
  • Sign In Page: Under Sign In Page Style you will be able to configure the following
    • Lease time (hr): Enter a value (1-720) to set the DHCP lease time (in hours) for IP addresses assigned to DHCP clients.
    • Primary/Secondary DNS: Enter the Primary/Secondary DNS address for DHCP clients.
    • Domain Name: Set the domain name for the DHCP server.
    • Subnet List: You can add subnets here.
    • DHCP Client List: Here you can check the list of DHCP clients and their network configurations (e.g. MAC address, IP address, hostname, and the amount of time left before the DHCP lease expires).
    • DHCP Reservations: If you want a client to always receive the same IP address during DHCP lease renewal, you can add the client to the DHCP reservation list.
  • Proxy: Here you can enable proxy server connections, allowing the NAS to connect to the internet via a proxy server.
    • Proxy Server: The address of the proxy server you wish to connect to. (Supports HTTP and HTTPS
    • Port: The communications port of the proxy server.
    • Proxy Server: The address of the proxy server you wish to connect to. (Supports HTTP and HTTPS
  • PPPoE
    • If you are using DSL or a cable modem to connect to the Internet and your Internet service provider uses PPPoE (Point to Point Protocol over Ethernet), you can go to [Settings] > [Network] > [PPPoE] and enter your account information to allow the system to connect to the Internet without having to go through a router. If you wish to get more information about PPPoE, please contact your Internet service provider or network administrator.
  • VPN
  • Here you can let your ASUSTOR NAS become a VPN client, and via PPTP or Open VPN, connect to a VPN server to access a virtual private network. ASUSTOR NAS supports the use of different connection settings files, allowing you to connect to the VPN server of your choice. The ASUSTOR VPN client currently supports the two most common connection protocols: PPTP and OpenVPN.
  • Link Aggregation
  • Link aggregation (a.k.a. trunking, bonding or teaming) combines two or more network connections into one. To use link aggregation, your Ethernet cables must be connected to the same network switch and your network switch must support link aggregation.

  ---

  Dynamic DNS for NAS

  1. YDNS
  https://ydns.io/
  Based out of Germany, YDNS is a freeDdynamic DNS provider that only asks for you to sign up with your email address and password before you start using it. Unless you’re using a custom domain name, you’re restricted to using the “ydns.eu” domain, but for many people that will suffice.

  ---

  DHCP / ETHERNET CONNECTION ARTICLES

  • https://support.apple.com/lv-lv/guide/mac-help/mh21939/mac
  • https://support.apple.com/guide/mac-help/use-dhcp-or-a-manual-ip-address-on-mac-mchlp2718/mac

  ---

  https://www.synology.com/en-us/knowledgebase/DSM/help/DSM/AdminCenter/connection_routerconf

  
  

  Hi all, I had a NAS ( synology ds216j ) in my LAN with ip address assigned on 192.168.0.20

  I got a new router from my provider and the local address is now 192.168.1.X, so obiously now I cannot see the NAS.

  I wonder how to get on the NAS to change the parameter assigned before in DHCP instead so that can be recognized now.

  I know I could:

  Reset the NAS by default but I just dont want to delete all the configuration done before.

  I know I could mount back the old modem.

  Is there anything else I can do? If I connect one computer in my LAN (in wifi) and I connect the ethernet cable from the computer to the NAS i get this configuration:

  Connection-specific DNS Suffix . :
  Link-local IPv6 Address . . . . . : fe80::1422:438f:4ba7:1bdb%15
  Autoconfiguration IPv4 Address. . : 169.254.27.219
  Subnet Mask . . . . . . . . . . . : 255.255.0.0
  Default Gateway . . . . . . . . . :

  Wireless LAN adapter Wi-Fi:

  Connection-specific DNS Suffix . :
  Link-local IPv6 Address . . . . . : fe80::d4c:3381:30bf:1c00%9
  IPv4 Address. . . . . . . . . . . : 192.168.1.186
  Subnet Mask . . . . . . . . . . . : 255.255.255.0
  Default Gateway . . . . . . . . . : 192.168.1.1

   

  ---

  Comcast Business IP Gateway and Static IP overview
  https://business.comcast.com/help-and-support/internet/using-a-static-ip/

  IntroductionComcast’s IP Gateway (Comcast’s firewall, switch and static IP-capable modem) is all you need to take advantage of a static IP and built-in firewall features. Find out what you can do with a static IP, along with the additional features available on the IP Gateway device. Static IP support, in most cases, includes support for both IPv4 and IPv6.

  Please note, some earlier makes and models of Comcast Business IP Gateways do not support IPv6.
  Using a static vs. a dynamic IP addressA static IP address is manually configured. This manual configuration prevents the IP address from changing. A static IP allows you to run an email, web or VPN server, from a device behind the Comcast modem (Gateway), with a static routable (publicly accessible) IP address.
  A dynamic IP address, for IPv4 and IPv6, has the potential to change at any given interval. A lease time is usually assigned to the IP address and once it has expired a different IP address is assigned to the device.

  Static IPv4 prefixes can be ordered in blocks of 1, 5, and (in select areas) 13, for an additional monthly charge. Static IPv6 prefixes are allocated in a single size for all Business IP Gateway customers, the size being a /56. A /56 provides several millions of addresses. Once ordered, a custom configuration containing the static IP range is remotely configured to the Comcast IP Gateway with no additional hardware required for you to connect it to your equipment (server, firewall, etc.). For IPv6, no custom configuration is required on the Business IP Gateway since the provisioning of the IPv6 prefix is managed by Comcast.
  Use your static IPs to run a server – IPv4Your server or firewall (connected to the modem) should be configured with the following settings:
  IP address: The IP addresses which can be assigned to equipment connected to the Comcast IP Gateway will be given to you once it is built.
  Subnet mask:
  A CIDR /30 (or 1 static IP) – 255.255.255.252
  A /29 (or 5 static IPs) – 255.255.255.248
  A /28 (or 13 static IPs) – 255.255.255.240
  Gateway IP: This is a static IP address, in addition to the number of ordered IPs, which is assigned to the Comcast modem (IP Gateway). By default, it is the last IP in the range loaded on the Comcast Gateway.
  Primary DNS: 75.75.75.75
  Secondary DNS: 75.75.76.76
  Use your static IPs to run a server – IPv6Your server or firewall (connected to the modem) should be configured with the following settings:
  IP address: Identify the IPv6 prefix assigned to the LAN of the Business IP Gateway, this is typically a /64 even though your gateway is allocated a /56. From the /64 configured on the LAN of the Business IP Gateway select the bits desired for the interface identified on the server (essentially the lower 64 bits of the IPv6 address).
  The mask for the LAN of the Business IP Gateway will most always be a /64.
  Default IPv6 Gateway will be dynamically learned by IPv6 compliant and enabled hosts connected to the LAN of the Business IP Gateway. The default gateway for IPv6 is no longer learned or transmitted using DHCPv6, IPv6 router discovery is how hosts or nodes learn their IPv6 default gateway. The IPv6 default gateway will be the IPv6 link local address of the LAN interface of the Business IP Gateway.
  Primary DNS: 2001:558:feed::1
  Secondary DNS: 2001:558:feed::2
  Comcast IP Gateway featuresThe Comcast IP Gateway’s firewall offers:
  Support for both IPv4 and IPv6
  Stateful packet inspection (SPI)
  Port forwarding (up to 35 forwards)
  Port blocking
  Port triggering (up to 50)
  Keyword blocking (up to 50)
  The Comcast firewall will not provide DQOS control or bandwidth usage data. For those functions we recommend that you add your own router with firewall capabilities.
  Comcast can configure the Gateway according to your specifications. However, we will only disable your firewall and DHCP service on the Gateway upon request.
  Port forwardingPort forwarding allows internet traffic sent to a specified public IP address on the specified port to be redirected to a local private IP address. Port forwarding rules can be set up that will allow you to run servers from your private LAN IP subnet.
  Port forwarding is not applicable to static public IPs outside of local devices configured for 1-to-1 NAT (forwards all traffic destined to the specified public IP to a private IP).COVERS NETWORK SETTINGS MORE THOROUGHLY – THAN REST –
  Port forwarding allows you to use the static IP address that is configured to the Comcast IP Gateway (gateway IP) effectively giving you an additional IP address beyond the number of addresses paid for.
  Network your computersYou can attach your computers to the IP Gateway using it as your DHCP server for IPv4 and IPv6. Stateless IPv6 address auto-configuration is also supported by Business IP Gateways. It has 4 available ports and can support up to 256 for IPv4 (by default, this is set to 189) networked devices, however bandwidth needs may necessitate limiting the number of simultaneous connections.
  Accessing the Gateway deviceYou can make changes while onsite by following the instructions in the Comcast IP Gateway User’s Guide. (See the “Ports blocked by Comcast Business Internet” article for additional information.)
  Comcast does not provide remote access to the Gateway. While offsite, you will need to call Comcast Business Customer Support at 1-800-391-3000 to make changes.

  Show more

  Show less
  
  

  ---

  How to Forward Ports on Your Router

  https://www.howtogeek.com/66214/how-to-forward-ports-on-your-router/

  Although modern routers handle most functions automatically, some applications will require you to manually forward a port to that application or device. Fortunately, it’s really simple to do if you know where to look.

  What Is Port Forwarding?

  There are plenty of projects we’ve covered that use your computer as a server for other devices. When you’re inside of your network, most things will work fine. But some apps, if you want to access them when you’re outside your network, make things significantly hairier. Let’s start by taking a look at why that is.

  How Your Router Handles Requests and Uses Ports

  Here’s a map of a simple home network. The cloud icon represents the greater internet and your public, or forward-facing, Internet Protocol (IP) address. This IP address represents your entire household from the oustide world–like a street address, in a way.

  The red address 192.1.168.1 is the router address within your network. The additional addresses all belong to the computers seen at the bottom of the image. If your public IP address is like a street address, think of the internal IP addresses like apartment numbers for that street address.

  

  The diagram raises an interesting question which you may not have thought about before. How does all the information from the internet get to the right device inside the network? If you visit howtogeek.com on your laptop how does it end up on your laptop and not your son’s desktop if the public-facing IP address is the same for all devices?

  This is thanks to a wonderful bit of routing magic known as a Network Address Translation (NAT). This function occurs at the router level where the NAT acts like a traffic cop, directing the flow of network traffic through the router so that a single public IP address can be shared among all the devices behind the router. Because of the NAT, everyone in your household can request web sites and other internet content simultaneously and it will all be delivered to the right device.

  So where do ports come into this process? Ports are an old but useful holdover from the early days of network computing. Back in the day, when computers could only run one application at a time, all you had to do was point one computer at another computer on the network to connect them as they would be running the same application. Once computers became sophisticated to run multiple applications, early computer scientists had to wrestle with the issue of ensuring applications connected to the right applications. Thus, ports were born.

  Some ports have specific applications which are standards throughout the computing industry. When you fetch a web page, for example, it uses port 80. The receiving computer’s software knows that port 80 is used for serving http documents, so it listens there and responds accordingly. If you send an http request over a different port—say, 143—the web server won’t recognize it because it’s not listening there (although something else might be, like an IMAP email server which traditionally uses that port).

  Other ports don’t have pre-assigned uses, and you can use them for whatever you want. To avoid interfering with other standard-abiding applications, it’s best to use larger numbers for these alternate configurations. Plex Media Server uses port 32400, for example, and Minecraft servers use 25565—both numbers that fall into this “fair game” territory.

  pagespeed.lazyLoadImages.overrideAttributeFunctions();

  Each port can be used via either TCP or UDP. TCP, or Transmission Control Protocol, is what’s used most commonly. UDP, or User Datagram Protocol, is less widely used in home applications with one major exception: BitTorrent. Depending on what is listening, it’ll be expecting requests to be made in either one or the other of these protocols.

  Why You Need to Forward Ports

  So why exactly would you need to forward ports? While some applications take advantage of NAT to set their own ports and handle all the configuration for you, there are still plenty of applications that do not, and you’ll need to give your router a helping hand when it comes to connecting services and applications.

  In the diagram below we’re starting with a simple premise. You’re on your laptop somewhere in the world (with an IP address of 225.213.7.32), and you want to connect to your home network to access some files. If you simply plug your home IP address (127.34.73.214) into whatever tool you’re using (an FTP client or remote desktop application, for example), and that tool doesn’t take advantage of those advanced router features we just mentioned, you’re out of luck. It won’t know where to send your request, and nothing will happen.

  

  This, by the way, is a great security feature. If somebody connects to your home network and they aren’t connected to a valid port, you want the connection to get rejected. That’s the firewall element of your router doing its job: rejecting unwelcome requests. If the person knocking on your virtual door, however, is you, then the rejection isn’t so welcome and we need to do a little tweaking.

  To solve that problem, you want to tell your router “hey: when I access you with this program, you’ll need to send it to this device at this port”. With those instructions in place, your router will make sure you can access the right computer and application on your home network.

  

  So in this example, when you’re out and about and using your laptop, you use different ports to make your requests. When you access your home network’s IP address using port 22, your router at home knows that this should go to 192.168.1.100 inside the network. Then, the SSH daemon on your Linux installation will respond. At the same time, you can make a request over port 80, which your router will send to the web server at 192.168.1.150. Or, you can try to remotely control your sister’s laptop with VNC, and your router will connect you to your laptop at 192.168.1.200. In this way, you can easily connect to all the devices you’ve set up a port forward rule for.

  The usefulness of port forwarding doesn’t end there though! You can even use port forwarding to change existing services’ port numbers for clarity and convenience. For example, let’s say you have two web servers running on your home network and you want one to be readily and obviously accessible (e.g. it’s a weather server you want people to be able to easily find) and the other web server is for a personal project.

  

  When you access your home network from the public-facing port 80, you can tell your router to send it to port 80 on the weather server at 192.168.1.150, where it will be listening at port 80. But, you can tell your router that when you access it via port 10,000, that it should go to port 80 on your personal server, 192.168.1.250. This way, the second computer doesn’t have to be reconfigured to use a different port, but you can still manage traffic effectively—and at the same time by leaving the first web server linked to port 80 you make it easier for people accessing your aforementioned weather server project.

  Now that we know what port forwarding is and why we might want to use it, lets’ take a look at some small considerations regarding port forwarding before diving into actually configuring it.

  Considerations Before Configuring Your Router

  There are a few things to keep in mind before sitting down to configure your router and running through them in advance is guaranteed to cut down on frustration.

  Set Static IP Address for Your Devices

  First and foremost, all your port forwarding rules will fall apart if you’re assigning them to devices with dynamic IP addresses assigned by your router’s DHCP service. We dig into the details of what DHCP is in this article on DHCP vs. static IP address assignments, but we’ll give you the quick summary here.

  RELATED:

  Your router has a pool of addresses that it reserves just for handing out to devices as they join and leave the network. Think of it like getting a number at a diner when you arrive—your laptop joins, boom, it gets IP address 192.168.1.98. Your iPhone joins, boom, it gets address 192.168.1.99. If you take those devices offline for a period of time or the router is rebooted, then the whole IP address lottery happens all over again.

  Under normal circumstances this is more than fine. Your iPhone doesn’t care which internal IP address it has. But if you’ve created a port forwarding rule that says your game server is at a certain IP address and then the router gives it a new one, that rule won’t work, and nobody will be able to connect to your game server. In order to avoid that, you need to assign a static IP address to each network device you’re assigning a port forwarding rule to. The best way to do that is through your router—check out this guide for more info.

  Know Your IP Address (and Set a Dynamic DNS Address)

  In addition to using static IP assignments for the relevant devices inside your network, you also want to be aware of your external IP address—you can find it by visiting whatismyip.com while on your home network. Although its possible you might have the same public IP address for months or even over a year, your public IP address can change (unless your internet service provider has explicitly given you a static public-facing IP address). In other words, you can’t rely on typing in your numeric IP address into whatever remote tool you’re using (and you can’t rely on giving that IP address to a friend).

  RELATED:

  Now, while you could go through the hassle of manually checking that IP address each time you leave the house and intend to work away from home (or every time your friend is going to connect to your Minecraft server or the like), that’s a big headache. Instead, we highly recommend you set up a Dynamic DNS service which will allow you to link your (changing) home IP address to a memorable address like mysuperawesomeshomeserver.dynu.net. For more information how to set up a dynamic DNS service with your home network, check out our full tutorial here.

  Pay Attention to Local Firewalls

  Once you set up the port forwarding on the router level, there is a possibility that you may need to tweak firewall rules on your computer too. For example, we’ve gotten a lot of emails over the years from frustrated parents setting up port forwarding so their kids can play Minecraft with their friends. In almost every case, the problem is that despite setting up the port forwarding rules on the router correctly, somebody ignored the Windows firewall request asking if it it was OK if the Java platform (that runs Minecraft) could access the greater internet.

  Be aware that on computers running local firewall and/or anti-virus software that includes firewall protection, you’ll likely need to confirm the connection you’ve set up is okay.

  Step One: Locate the Port Forwarding Rules on Your Router

  Exhausted by all the networking lessons? Don’t worry, it’s finally time to set it up–and now that you know the basics, it’s pretty simple.

  As much as we’d love to provide exact instructions for your exact router, the reality is that every router manufacturer has their own software, and how that software looks can even vary between router models. Rather than attempt to capture every variation, we’ll highlight a few to give you an idea what the menu looks like and encourage you to look up the manual or online help files for your particular router to find the specifics.

  In general, you’re going to be looking for something called—you guessed it—“Port Forwarding”. You may have to look through the different categories to find it, but if your router is any good, it should be there.

  For comparison, here’s what the port forwarding menu looks like on D-Link DIR-890L router:

  

  And here’s what the port forwarding menu looks like on the same router running the popular third-party DD-WRT firmware:

  

  As you can see, the complexity between the two views varies greatly, even on the same hardware. In addition, the location is completely different within the menus. As such it’s most useful if you look up the exact instructions for your device using the manual or a search query.

  Once you’ve located the menu it’s time to set up the actual rule.

  Step Two: Create a Port Forwarding Rule

  After learning all about port forwarding, setting up a dynamic DNS for your home IP address, and all the other work that went into this, the important step—creating the actual rule–is pretty much a walk in the park. In the port forwarding menu on our router, we’re going to create two new port forwarding rules: one for the Subsonic music server and one for a new Minecraft server we just set up.

  

  Despite the differences in location on different router software, the general input is the same. Almost universally, you’ll name the port forwarding rule. It’s best to simply name it what the server or service is and then append it if need be for clarity (e.g. “Webserver” or “Webserver-Weather” if there is more than one). Remember the TCP/UDP protocol we talked about at the beginning? You’ll also need to specify TCP, UDP, or Both. Some people are very militant about finding out exactly what protocol every application and service uses and matching things up perfectly for security purposes. We’ll be the first to admit that we’re lazy in this regard and we almost always just pick “Both” to save time.

  Some router firmware, including the more advanced DD-WRT we’re using in the screenshot above, will allow you to specify a “Source” value which is list of IP addresses you’re restricting the port forward to for security purposes. You can use this feature if you wish, but be forewarned it introduces a whole new host of headaches as it presumes that remote users (including you when you’re away from home and friends who are connecting in) have static IP addresses.

  Next you’ll need to put in the external port. This is the port that will be open on the router and facing the internet. You can use any number you want here between 1 and 65353, but practically most of the lower numbers are taken up by standard services (like email and web servers) and many of the higher numbers are assigned to fairly common applications. With that in mind, we’d recommend picking a number above 5,000 and, to be extra safe, using Ctrl+F to search this long list of TCP/UDP port numbers to make sure you’re not selecting a port that conflicts with an existing service you’re already  using.

  Finally, put in the internal IP address of the device, the port you on that device, and (if applicable) toggle the rule on. Don’t forget to save the settings.

  Step Three: Test Your Port Forwarding Rule

  The most obvious way to test if your port forward worked is to connect using the routine intended for the port (e.g. have your friend connect their Minecraft client to your home server), but that’s not always an immediately available solution if you’re not away from home.

  Thankfully, there’s a handy little port checker available online at YouGetSignal.com. We can test to see if our Minecraft server port forward took simply by having the port tester try to connect to it. Plug in your IP address and the port number and click “Check”.

  

  You should receive a message, as seen above, like “Port X is open on [Your IP]”. If the port is reported as closed, double check both the settings in the port forwarding menu on your router and your IP and port data in the tester.

  ---

  It’s a wee bit of a hassle to set up port forwarding, but as long as you assign a static IP address to the target device and set up a dynamic DNS server for your home IP address, it’s a task you only need to visit once to enjoy hassle free access to your network in the future.

  Show more

  Show less

  ---

  Comcast Connected Devices

  http://10.0.0.1/connected_devices_computers.php

  Change the IP address assignment method for Online Devices.

  If DHCP is selected, the Gateway’s DHCP server will automatically assign the IP address.

  If Reserved IP is selected, the IP address will be fixed without DHCP operation and you’ll need to manually enter the IP address. The IP address must be within the DHCP IP address pool. To find your IP address range, go to Gateway > Connection > Local IP Network.

  Reserved IP addresses can be assigned to any device that acts as a server or that requires a fixed IP address.

  Gateway > Connection > Local IP Configuration

  Manage your home network settings.

  Gateway address: Enter the IP address of the Gateway.

  Subnet Mask: The subnet mask is associated with the IP address. Select the appropriate subnet mask based on the number of devices that will be connected to your network.

  DHCP Beginning and Ending Addresses: The DHCP server in the Gateway allows the router to manage IP address assignment for the connected devices.

  DHCP Lease time: The lease time is the length of time the Gateway offers an IP address to a connected device. The lease is renewed while it is connected to the network. After the time expires, the IP address is freed and may be assigned to any new device that connects to the Gateway.

  Managing your home network settings is now easier than ever. Visit xfinity.com/myxfi to view and manage your list of connected/offline devices. You can block access to your home network for any device, among many other features and settings.

  CURRENT SETTINGS

  spiffy-nas-ty

  IPv4 Address
  10.0.0.143
  Local Link IPv6 Address
  fe80::264b:feff:fe83:466b
  MAC Address
  24:4B:FE:83:46:6B

  10.0.0.2 – 10.0.0.253

  Lease 2 days

  NAS – Network Panel In Settings

  Assign IP
  

  • 

    1manuallyip
  • 

    2manuallyip
  • 

    3manuallyip
  
  
  ddns – ezrouter
  
  • 

    1ezroutersettings
  • 

    1ddns-settings

  How to set up a static IP Address

  https://www.pcmag.com/how-to/how-to-set-up-a-static-ip-address

  When you have a lot of devices on your network—computers, , and —it can be annoying to constantly look up their IP addresses when you need to access them remotely. Make your life easier with a set of unchanging, static IP addresses for those machines.

  Your router assigns IP addresses to devices on your network using , or Dynamic Host Configuration Protocol. As you connect new devices to the network, they’ll be assigned the next IP address in the pool, and if a device hasn’t connected in a few days, its IP address will “expire” so it can be assigned to something else.

  For everyday use, this is perfectly fine, and you’ll never even notice it happening in the background. But if you regularly , to turn your computer on from across the house, or perform other advanced networking tasks, DHCP can become an annoyance.

  It’s hard to remember which IP address is assigned to which device, and if they ever expire, you have to look it up all over again. That’s where a static IP address comes in handy.

  Understanding Static IP Addresses

  Instead of letting your router assign whatever IP address is free at any given time, you can assign specific IP addresses to the devices you access frequently. For example, I have my home server set to 192.168.1.10, my main desktop to 192.168.1.11, and so on—easy to remember, sequential, and unchanging.

  

  You can assign these static IP addresses on the device itself—using, say, Windows’ network settings on each computer—or you can do it at the router level. Doing it at the router level is called assigning a DHCP reservation, though many people (and even some routers) still refer to it as a “static IP address.”

  DHCP reservations allow you to easily set everything up in one place with all your computers left at their default settings. Your computer will ask for an IP address via DHCP, and your router will assign it the one you’ve reserved, with your computer being none the wiser.

  How to Set Up a DHCP Reservation

  To set up a DHCP reservation, —usually by typing its IP address in your browser’s navigation bar—and log in. (If you’re using a mesh Wi-Fi system with an app instead of a config page, you’ll find these settings in the app.)

  

  The location is different for every config page, but you’re looking for something called “DHCP reservations,” “static IP addresses,” or something similar—on my Asus router, it’s in the LAN settings category.

  To assign a reservation, you’ll need the MAC address of the device in question. This is a unique string of characters that identifies a particular network adapter, and you can usually find it in your router’s list of connected devices. Make sure you’re getting the MAC address for the correct network adapter—if you have both Ethernet and Wi-Fi on your computer, you’ll have one MAC address for each.

  On your router’s config page, enter an easy-to-remember label for the device (like “Whitson’s Desktop PC”), the MAC address, and your desired IP address. Save your changes, and repeat the process for any other IP addresses you want to reserve.

  From then on, those devices should have your reserved IP addresses assigned to them, and you’ll never have to look them up again.

  ---

  Using NAS as a VPN server

  https://www.asustor.com/en/online/College_topic?topic=323

  COURSE OBJECTIVES

  Upon
  completion of this course you should be able to

  1. Be able to use your ASUSTOR NAS as a VPN
  server and connect to it using Windows and Mac.

  
  

  PREQUISITES

  Course Prerequisites:

  None

  Students are
  expected to have a working knowledge of:

  N/A

  
  

  OUTLINE

  1.1 Enabling and configuring PPTP
  connections

  1.2 Enabling and configuring OpenVPN
  connections

  1.3 Enabling
  and configuring L2TP connections

  2.1.1 Connecting using
  Windows 7

  2.1.3 Connecting
  using a Mac

  2.2.1 Connecting using
  Windows 7

  2.2.2 Connecting using
  a Mac

  2.3 Configuring the gateway and routing for the
  VPN client
  2.3.1 Configurations
  using Windows 7

  2.3.3 Configurations
  using a Mac

  2.4 Connecting to your VPN server via L2TP/Ipsec

  ---

  1. Configuring Your VPN Server

  In the following example, we wil configure
  ASUSTOR NAS’s VPN Server.
  Before you begin, log in to ADM from your
  Web browser and then search for and install [VPN Server] from [App
  Central].

  1.1 Enabling and configuring PPTP connections

  
  

  STEP
  1

  Enabling
  PPTP service: You can use the toggle found under [PPTP] to enable PPTP service.

  
  

  

  STEP
  2

  Adding
  a new user: Select [Privilege] → [User] → [Add]. In the graphic
  below, we have chosen to add the account “vpn” as an example. After you have
  chosen the user that wish to add, click on [Save].

  
  

  

  Select the [PPTP] checkbox and then click on [Apply]. Now, the “vpn” user account
  will be able to utilize PPTP connections.

  
  

  

  STEP
  3

  Configuring
  advanced settings: Select [Settings] → [PPTP]. Here, you will be
  able to configure settings for [Dynamic
  IP address], [Max. client number], [Authentication], [Max. MTU], [Max. MRU] and [DNS server].
  Make sure to click on [Apply] after
  you have made any changes to the settings.

  
  

  

  1.2 Enabling and configuring OpenVPN connections
  
  STEP
  1

  Enabling
  OpenVPN service: You can use the toggle found under [OpenVPN] to enable OpenVPN service.

  
  

  

  STEP
  2

  Adding
  a new user: Select [Privilege] → [User] → [Add]. In the graphic
  below, we have chosen to add the account “vpn” as an example. After you have
  chosen the user that wish to add, click on [Save].

  
  

  

  Select the [OpenVPN] checkbox and then click on [Apply]. Now, the “vpn” user account
  will be able to utilize PPTP connections.

  
  

  

  STEP
  3

  Configuring
  advanced settings: Select [Settings] → [OpenVPN]. Here, you will be
  able to configure settings for [Dynamic
  IP address], [Transmission Protocol], [Port], [Max. client number], [Checksum
  (Digest)], [Encryption (Cipher)], [DNS server], [Redirect gateway] and [VPN
  link compression]. Make sure to click on [Apply] after you have made any changes to the settings.

  
  

  Note: Click on the [Download
  configuration file] button to download the configuration file for
  OpenVPN clients. You must import this file to your VPN client in order to
  successfully create OpenVPN connections.
  

  
  

  1.3 Enabling and configuring L2TP connections

  STEP 1

  Enabling L2TP service: Enable XL2TP service by using the provided toggle button.

  
  

  

  STEP 2

  Add new users: Select [Privilege] > [User] > [Add]. In this example we add the user “vpn” by selecting its checkbox and then clicking on [Save].

  
  

  
  

  
  

  For the added user, select the [XL2TP] checkbox and then click on [Apply]. This will allow the user to use XL2TP connections.

  

  STEP 3

  Modifying advanced settings: Click on [Settings] >[XL2TP]. Here you will be able to configure settings such as the dynamic IP address, max client number, max MTU, DNS server and key. Make sure to click on [Apply] once you are done modifying the settings.

  
  

  

  2. Connecting to Your VPN
  Server Using Windows and Mac
  2.1 Connecting to your VPN server via
  PPTP
  2.1.1 Connecting using Windows 7
  
  STEP
  1

  Select [Control
  Panel] → [All
  Control Panel Items] → [Network and Sharing Center] → [Set
  up a new connection or network].

  
  

  

  STEP
  2

  Select [Connect
  to a workplace] → [Next].

  
  

  

  STEP
  3

  Select [No, create a new connection] → [Next].

  
  

  

  STEP
  4

  Select [Use my Internet connection (VPN)].

  
  

  

  STEP
  5

  Enter
  the IP address of your ASUSTOR NAS into the [Internet address] field and then click on [Next].

  
  

  

  STEP 6

  Enter a username and password in the appropriate fields and then click
  on [Connect]. You will now be able
  to access your ASUSTOR NAS through Windows.

  
  

  

  Note: If you are unable to connect to your
  VPN server, please ensure that your VPN settings are identical to your VPN
  server settings.

  For example, in the graphic below, we check
  that the [Type of VPN] is Point to Point Tunneling Protocol (PPTP),
  that the [Data encryption] method is PAP or MS-CHAP v2 and that they have been allowed under the [Allow these protocols] radio button.

  
  

  

  2.1.2 Connecting using Windows 10

  
  

  STEP
  1

  Click the [Network] icon on the bottom right-hand
  side of the system tray and select [Network
  Settings].

  
  

  
  
  STEP
  2

  Select [VPN] from the left panel, and click [Add a VPN connection].

  
  

  
  
  STEP
  3

  Select Windows (built-in) in [VPN
  Provider] field. Type in the name for this VPN connection and enter the IP address of your ASUSTOR NAS into the [Server name or address] field. Choose PPTP as the [VPN Type], enter the username/password in the
  appropriate fields, and click [Save].

  
  

  

  STEP
  4

  Now you can see that the
  newly created VPN connection has appeared. To specify the authentication protocol,
  please click [Change adapter options].

  
  

  
  

  Right click on the VPN
  connection and select [Properties].

  
  

  
  
  STEP
  5

  Select the [Security] tab, check the [Allow these protocols] option, then
  choose the same protocol (PAP or MS-CHAP v2) as the VPN server on your ASUSTOR
  NAS. Click [OK] to save the
  settings.

  
  

  
  
  STEP
  6

  To establish the VPN
  connection, go to the Windows [NETWORK
  & INTERNET] > [VPN] page,
  select an existing VPN profile and click [Connect].

  
  

  
  

  2.1.3 Connecting using a Mac

  
  

  STEP 1

  From the Apple menu, select [System Preferences…].

  
  

  

  STEP 2

  Select [Network].

  
  

  

  STEP
  3

  Click on the [ ＋ ] button and then select [VPN] for Interface, [PPTP] for VPN Type,
  fill in the Service Name as “VPN (PPTP)”
  and then click on [Create].

  
  

  

  STEP
  4

  Enter your [Server Address] and [Account
  Name], select “None” for [Encryption] and then click on [Connect]. Please ensure that your VPN
  client settings and VPN server settings are identical.

  
  

  

  STEP 5

  Enter the name and password for
  your VPN server and then click on [OK].

  
  

  

  STEP
  6

  You should now be successfully connected and should be able to access
  your ASUSTOR NAS using your Mac. You can disconnect the connection at any time
  by clicking on the [Disconnect] button.

  
  

  
  
  2.2 Connecting to your VPN server via OpenVPN
  2.2.1 Connecting using Windows 7
  
  STEP
  1

  Download and
  install the OpenVPN program from the OpenVPN website.

  
  

  

  STEP
  2

  Extract the OpenVPN configuration file that you
  have downloaded from your ASUSTOR NAS’s VPN server (see section 3.2). Open the [asustor.ovpn] file, change the IP
  address for the VPN server and then save the changes. In the graphic below, we
  have changed the IP address of the VPN server to 172.16.2.102.

  
  

  

  STEP
  3

  Copy the [asustor.ovpn] and [ca.crt] files to the (C:Program
  FilesOpenVPNconfig) folder.

  
  

  

  STEP
  4
  Open [OpenVPN GUI].

  You
  should now be able to see the [OpenVPN
  GUI] icon in your system tray. Double-click on it.

  
  

  

  STEP
  5

  Enter the username and
  password for your ASUSTOR NAS VPN server and then click on [OK].

  
  

  

  STEP
  6

  After
  successfully connecting, you should be able to see that the OpenVPN GUI icon in
  your system tray has turned green. You should now be able to access your
  ASUSTOR NAS using Windows.

  
  

  
  
  2.2.2 Connecting using a Mac
  
  STEP
  1
  Download tunnelblick.
  

  STEP
  2

  Install [Tunnelblick].

  
  

  

  After
  installation, click on [Launch].

  
  

  

  STEP
  3

  Click
  on [I have configuration files].

  
  

  

  If
  you have already download the configuration file from your ASUSTOR NAS’s VPN
  server, click on [OpenVPN
  Configuration(s)].

  
  

  

  You should now be able to
  see the newly created [Empty Tunnelblick
  VPN Configuration] folder on your desktop. Copy the configuration file from
  your ASUSTOR NAS’s VPN server to this folder.

  
  

  

  Open
  the [asustor.ovpn] file and then
  change the IP address for your ASUSTOR NAS VPN server.

  
  

  

  After
  saving the changes to the file, change the name of the folder to “ASUSTORVPN.tblk”.

  
  

  

  Tunnelblick
  VPN configurations should have now been installed successfully.

  
  

  

  STEP
  4

  From
  the Mac menu bar, click on the [Tunnelblick] icon and then select [Connect
  ASUSTORVPN].

  
  

  

  
  STEP
  5

  After
  successfully connecting, you will be able to see the connection status and time
  in the menu bar as shown in the graphic below.

  
  

  
  
  2.3 Configuring the gateway and routing for the VPN client
  When
  using a VPN client, the system will automatically forward your VPN server’s default gateway.
  Under these circumstances, you will not be able to connect to the Internet.
  Therefore, we must change the VPN gateway and routing in order to connect to
  the Internet.
  2.3.1 Configurations using Windows 7
  
  STEP
  1

  Right-click
  on your VPN connection and then select [Properties].
  Select [Internet
  Protocol Version 4 (TCP/IPv4)] and
  then click on [Properties].

  
  

  

  STEP
  2

  Click
  on [Advanced…].

  
  

  
  
  STEP
  3

  Uncheck
  the [Use default gateway on remote
  network] checkbox.

  
  

  

  2.3.2 Configurations using Windows 10
  
  STEP
  1

  Click the
  Windows icon on the bottom left-hand side of the taskbar, select [All apps] from
  the list, and scroll down to find [Windows Powershell].
  Click on it to execute the program.

  
  

  
  
  STEP
  2
  Issue
  the ”Get-VpnConnection” command
  to list the information of your existing VPN connections.

  By
  default, the value of the SplitTunneling parameter is False, which means all
  network traffic of this VPN client will be forwarded to the VPN server’s
  gateway.

  
  

  
  
  STEP
  3
  Issue the “Set-VpnConnection
  -Name “ASUSTOR VPN” -SplitTunneling $True”
  command to change the value of the SplitTunneling parameter to True.

  Note: The “ASUSTOR NAS” string in the example above
  must be replaced to your own VPN connection name.

  
  

  

  STEP
  4

  Issue the ”Get-VpnConnection” command again to verify that the change has been made successfully.

  
  

  

  2.3.3 Configurations using a Mac
  
  STEP
  1

  Open [Terminal] and
  then enter the command “ifconfig-a”. You
  will now be able to see your VPN server’s IP address. Note that the Mac operating
  system only provides this gateway for connecting to a VPN server and cannot
  connect to the Internet. Therefore, we will have to manually enter the IP
  address for the ASUSTOR NAS.

  
  

  

  STEP
  2
  Please
  replace either 10.0.1.6 or 10.0.1.5 with the IP address of the ASUSTOR NAS.
  Executing the commands below will allow you to connect to the Internet.

  sudo route add –net 172.16.1.216/16 10.0.1.6 OR sudo route add –net 172.16.1.216/16 10.0.1.5

  
  

  2.4 Connecting to your VPN server via L2TP/IPsec

  2.4.1 Connecting using Windows 7

  If you are using an ASUS router, please manually open port 500 under port forwarding. From the router configuration interface, select [WAN]  [Virtual Server / Port Forwarding] tab  [Port Forwarding List]. Add a new item to the Port Forwarding list by entering the following information:

  Service Name: A name of your choice
  Port Range: 500
  Local IP: Your NAS’s IP address
  Local Port: 500
  Protocol: UDP

  Click on the [Add] button after you have entered all the information. Port 500 should now be opened.

  

  STEP 1
  In Windows, go to [Control Panel] > [All Control Panel Items] > [Network and Sharing Center] and then click on [Set up a new connection or network].

  

  STEP 2
  Select [Connect to a workplace] then click [Next].

  

  STEP 3
  Select [No, create a new connection] and then click [Next].

  

  STEP 4
  Select [Use my Internet connection (VPN)]

  

  STEP 5
  In the [Internet address:] field enter your ASUSTOR NAS’s IP address or domain address.

  

  STEP 6
  Enter your [User name] and [Password] and then click on [Connect]. You will now be able to access the local network resources on your ASUSTOR NAS via Windows.

  

  Note: If you are unable to connect to the VPN Server, please ensure that the [VPN Settings] and [VPN Server] settings are identical.
  Using the graphic below as an example, we check that the [Type of VPN] is L2TP/IPSec, that the data encryption method is either PAP or MS-CHAP v2 and that [Allow these protocols] radio button has been selected.

  
  STEP 7
  Click on [Start] and run “regedit”.

  

  STEP 8
  Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent and then right click and select [New] > [DWORD (32 bit) Value].

  

  STEP 9
  For the Value name enter “AssumeUDPEncapsulationContextOnSendRule”and set the Value data to “2” and then click [OK]. Restart your computer.

  

  STEP 10
  After restarting your computer, go to [Control Panel] > [Network and Internet] > [Network Connections] to see that your new connection is successful.

  

  2.4.2 Connecting using Windows 10

  
  If you are using an ASUS router, please manually open port 500 under port forwarding. From the router configuration interface, select [WAN] > [Virtual Server / Port Forwarding] tab > [Port Forwarding List]. Add a new item to the Port Forwarding list by entering the following information:

  Service Name: A name of your choice
  Port Range: 500
  Local IP: Your NAS’s IP address
  Local Port: 500
  Protocol: UDP

  Click on the [Add] button after you have entered all the information. Port 500 should now be opened.

  STEP 1
  Click on the [Network] icon in the system tray and then click on [Open Network and Sharing Center].

  

  STEP 2
  Click on [Set up a new connection or network].

  

  STEP 3
  Select [Connect to a workplace] then click [Next].

  

  STEP 4
  Click on [Use my Internet connection (VPN)].

  

  STEP 5
  Enter the Internet address, Destination name and then select the [Allow other people to use this connection] checkbox. Click on [Create] once you are done.

  

  STEP 6
  Click on [Change adapter settings]. Right-click on the VPN connection that you have just created and select [Properties]. Click on the [Security] tab and change the [Type of VPN] to L2TP/IPsec. Click on [Advanced settings], make sure the [Use preshared key for authentication] radio button is selected and then enter your key (Your key can be found from the ADM interface by selecting [VPN Server] > [Settings] > [L2TP]). Click on [OK] once you are done.

  

  STEP 7
  Click on [Start] and run “regedit”.

  

  STEP 8
  Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent and then right click and select [New] > [DWORD (32 bit) Value].

  

  STEP 9
  For the Value name enter “AssumeUDPEncapsulationContextOnSendRule”and set the Value data to “2” and then click [OK]. Restart your computer.

  

  2.4.3 Connecting using a Mac
  If you are using an ASUS router, please manually open port 500 under port forwarding. From the router configuration interface, select [WAN] > [Virtual Server / Port Forwarding] tab > [Port Forwarding List]. Add a new item to the Port Forwarding list by entering the following information:

  Service Name: A name of your choice
  Port Range: 500
  Local IP: Your NAS’s IP address
  Local Port: 500
  Protocol: UDP

  Click on the [Add] button after you have entered all the information. Port 500 should now be opened.

  

  STEP 1
  Click on the [Apple] icon and then select [System Preferences…].

  

  STEP 2
  Click on [Network].

  

  STEP 3
  Click on the + button, select [VPN] for “Interface:”, [L2TP Over IpSec] for “VPN Type”, enter a Service Name and then click on [Create].

  

  STEP 4
  Enter your [Server Address] and [Account Name]. Click on [Authentication Settings…] and enter the User Account Password and Shared Secret (The Shared Secret is the key that can be found from the ADM interface by selecting [VPN Server] > [Settings] >[XL2TP]).

  

  Click [OK] and then click on [Connect].

  

  

  STEP 5
  Enter the VPN Server account name and password and then click on [OK].

  

  STEP 6
  After successfully connecting, you will be able to access the resources on your ASUSTOR NAS local network. If you wish to disconnect the VPN connection, you can click on the [Disconnect] button.

  

  2.4.4 Connecting using an Android device

  STEP 1
  Select [Settings]>[More] > [VPN].

  

  

  STEP 2
  Click on [Add VPN profile], enter a name of your choice, select [L2TP/IPSEC PSK] for “Type” and enter your NAS’s IP address or URL into the [Server Address] field. Choose an encryption method and then select [Save] to complete configurations.

  

  STEP 3
  Select the created VPN profile. After entering the username and password, select [Connect] to create the VPN connection.

  

  After creating the connection, selecting the profile again will allow you to view the associated information for the connection.

  
  
  

  2.4.5 Connecting using an iOS device

  The configurations in the following example were done using an iPhone 6.

  STEP 1
  In iOS, select [Settings] >[General] > [VPN].

  STEP 2
  Select [Add a VPN configuration…] and then enter the following information:
  Type: L2TP
  Description: A description of your choice
  Server: Your NAS’s IP address or URL
  Account: Your account name
  Password: The password for the account
  Secret: They key that can be found in ADM interface by selecting [VPN Server]> [Settings]>[XL2TP]

  Once you have finished entering the information select [Done].

  

  STEP 3
  After completing the VPN profile you can select the status toggle to activate the VPN connection.

  

  ---

  iSCSI with your NAS

  https://www.qnap.com/en/how-to/tutorial/article/how-to-create-and-use-the-iscsi-target-service-on-a-qnap-nas/

  ---

  https://clickety-clack.click/img/whitepaper_ipbridge_xtendsan_iscsi_macosx.pdf

  [3d-flip-book mode=”fullscreen” id=”108117″ ][/3d-flip-book]

  ---

  https://www.asustor.com/en/online/College_topic?topic=308

  COURSE OBJECTIVES

  Upon completion of this course you should be able to:

  1. Have a basic understanding of iSCSI

  2. Be able to use the iSCSI service with your ASUSTOR NAS

  PREREQUISITES

  Course Prerequisites:

  None

  Students are expected to have a working knowledge of:

  N/A

  ---

  1. Introduction to iSCSI

  1.1 What is iSCSI?

  iSCSI, (Internet Small Computer System Interface), is an Internet Protocol (IP)-based storage networking standard for linking data storage facilities. It
  offers high expandability and low implementation costs. Through existing network infrastructure and iSCSI you can use your NAS to expand existing storage
  space or have it act as a backup destination.

  iSCSI consists of two ends, a target and an initiator. The initiator (on your computer) functions as an iSCSI client and is used to search for iSCSI hosts
  and to set up targets. Targets are storage resources that are located on an iSCSI server. An iSCSI target is often a dedicated network-connected hard disk
  storage device (ASUSTOR NAS).

  Note: A single target should not be simultaneously connected to multiple clients or initiators.

  2. Using the iSCSI service with your computer

  In the following example we will take you through the process of creating an iSCSI volume on the ASUSTOR NAS and then connecting to it using a PC.

  2.1 Creating an iSCSI target and LUN

  STEP 1

  Open [Storage Manager]. Click on [Create] button under the iSCSI section.

  

  STEP 2

  The Create New iSCSI Device window will now appear. Select the [An iSCSI target with one LUN] radio button and click [Next].

  

  STEP 3

  Enter a name for your Target and then click [Next].

  

  STEP 4

  Select the [No authentication required] radio button and click [Next].

  In our example we have chosen not to use authentication. However, if you wish to verify a user’s identity you can choose to use CHAP authentication. If
  you choose to use CHAP authentication, a CHAP password must first be entered from the initiator for verification before it can connect to the target.

  

  STEP 5

  Select the [Create a new iSCSI LUN] radio button. Fill in a name for your LUN and select a size for it. Once, you’re done click [Next].

  Note: A LUN (logical unit number) represents an individually addressable (logical) SCSI device that is part of a physical SCSI device (target). In an
  iSCSI environment, LUNs are essentially numbered disk drives. An initiator negotiates with a target to establish connectivity to a LUN. LUNs represent
  slices of your hard disks.

  

  STEP 6

  Look over a final summary of your settings. Once you’re done, confirm these settings by clicking [Finish].

  

  STEP 7

  You will now be able to see the new target that you have created.

  

  You will be able to see the LUN that you have created in the iSCSI LUN section.

  

  2.2 Connecting to the target using the iSCSI initiator

  STEP 1

  In Windows, click [Start] and then click on [Control Panel].

  

  STEP 2

  Select [Administrative Tools].

  

  STEP 3

  Double-click on [iSCSI Initiator].

  

  STEP 4

  Under the Targets tab enter the IP address of your NAS into the [Target:] field and then click on [Quick Connect…].

  

  STEP 5

  You will now see the Quick Connect dialog box and that your target has been connected to. Click on [Done].

  

  STEP 6

  Once again, you will see that the target has been connected to under the [Discovered targets] heading. Click on [OK].

  

  2.3 Initializing the new disk volume

  STEP 1

  In Windows click [Start]. Then right-click on [Computer] and select [Manage].

  

  STEP 2

  The Computer Management window will now appear. Click on [Disk Management] under [Storage] in the left hand panel. The Initialize Disk
  dialog box will now appear. Make sure the disk is selected and then click [OK] to initialize it.

  

  STEP 3

  You will now see that the new disk is online but unallocated. Right-click on it and select [New Simple Volume…].

  

  STEP 4

  The New Simple Volume Wizard will now appear. Follow the steps provided by the wizard to complete the creation of the new disk volume.

  

  STEP 5

  This is what the information for the disk should look like once the new volume has been created.

  

  STEP 6

  The new volume is now ready for use. It will appear as a hard disk drive as in the picture below. You can use it as if it were a hard drive on your
  computer and any data that you store on it will be saved to the ASUSTOR NAS.

  Note: Please remember that a single target should not be simultaneously connected to multiple clients or initiators.

  

  3. Using iSCSI LUN Snapshots

  A snapshot of an iSCSI LUN is a point-in-time, read-only copy of an iSCSI LUN. It saves a significant amount of time and storage capacity when compared
  with traditional LUN backups. Each individual LUN supports up to 256 snapshot versions. In the following example we will show you how to create and restore
  an iSCSI LUN snapshot.

  3.1 Manually creating an iSCSI LUN snapshot

  STEP 1

  Open [Storage Manager]. Go to the [iSCSI LUN] tab, select a LUN that supports snapshots, click on [LUN Snapshot] and then choose [Create].

  

  STEP 2

  Click [Next] to proceed.

  

  STEP 3

  Now you will be able to configure the snapshot name, description (optional), and snapshot lock status. If the snapshot is locked, it cannot be removed
  manually or automatically. Click [Finish] to complete creation of the snapshot.

  

  Upon completion, you will see the newly created snapshot in the LUN Snapshot table as shown in the graphic below.

  

  3.2 Scheduled creation of iSCSI LUN snapshots

  STEP 1

  Open [Storage Manager]. Go to the [iSCSI LUN] tab, select a LUN that supports snapshots, click on [LUN Snapshot] and then choose [Schedule].

  

  STEP 2

  Define the schedule in accordance with your own requirements and then click [OK] when you are done.

  

  STEP 3

  You will now be able to see the schedule details in the [Snapshot Manager].

  

  3.3 Restoring from an iSCSI LUN snapshot

  STEP 1

  Open [Storage Manager]. Go to the [iSCSI LUN] tab, select a LUN that has existing snapshot(s), click on [LUN Snapshot] and then choose [Management].

  

  STEP 2

  Select the snapshot you want to restore, click on [Action] and then choose [Restore].

  

  STEP 3

  You will be provided with some extra settings before starting the restoration. You can configure the settings according to your requirements. After you
  click [OK], the iSCSI LUN will be rolled back with the selected snapshot.

  

  ---

  iSCSI with your NAS

  https://www.qnap.com/en/how-to/tutorial/article/how-to-create-and-use-the-iscsi-target-service-on-a-qnap-nas/

  ---

  https://clickety-clack.click/img/whitepaper_ipbridge_xtendsan_iscsi_macosx.pdf

  [3d-flip-book mode=”fullscreen” id=”108117″ ][/3d-flip-book]

  ---

  https://www.asustor.com/en/online/College_topic?topic=308

  COURSE OBJECTIVES

  Upon completion of this course you should be able to:

  1. Have a basic understanding of iSCSI

  2. Be able to use the iSCSI service with your ASUSTOR NAS

  PREREQUISITES

  Course Prerequisites:

  None

  Students are expected to have a working knowledge of:

  N/A

  ---

  1. Introduction to iSCSI

  1.1 What is iSCSI?

  iSCSI, (Internet Small Computer System Interface), is an Internet Protocol (IP)-based storage networking standard for linking data storage facilities. It
  offers high expandability and low implementation costs. Through existing network infrastructure and iSCSI you can use your NAS to expand existing storage
  space or have it act as a backup destination.

  iSCSI consists of two ends, a target and an initiator. The initiator (on your computer) functions as an iSCSI client and is used to search for iSCSI hosts
  and to set up targets. Targets are storage resources that are located on an iSCSI server. An iSCSI target is often a dedicated network-connected hard disk
  storage device (ASUSTOR NAS).

  Note: A single target should not be simultaneously connected to multiple clients or initiators.

  2. Using the iSCSI service with your computer

  In the following example we will take you through the process of creating an iSCSI volume on the ASUSTOR NAS and then connecting to it using a PC.

  2.1 Creating an iSCSI target and LUN

  STEP 1

  Open [Storage Manager]. Click on [Create] button under the iSCSI section.

  

  STEP 2

  The Create New iSCSI Device window will now appear. Select the [An iSCSI target with one LUN] radio button and click [Next].

  

  STEP 3

  Enter a name for your Target and then click [Next].

  

  STEP 4

  Select the [No authentication required] radio button and click [Next].

  In our example we have chosen not to use authentication. However, if you wish to verify a user’s identity you can choose to use CHAP authentication. If
  you choose to use CHAP authentication, a CHAP password must first be entered from the initiator for verification before it can connect to the target.

  

  STEP 5

  Select the [Create a new iSCSI LUN] radio button. Fill in a name for your LUN and select a size for it. Once, you’re done click [Next].

  Note: A LUN (logical unit number) represents an individually addressable (logical) SCSI device that is part of a physical SCSI device (target). In an
  iSCSI environment, LUNs are essentially numbered disk drives. An initiator negotiates with a target to establish connectivity to a LUN. LUNs represent
  slices of your hard disks.

  

  STEP 6

  Look over a final summary of your settings. Once you’re done, confirm these settings by clicking [Finish].

  

  STEP 7

  You will now be able to see the new target that you have created.

  

  You will be able to see the LUN that you have created in the iSCSI LUN section.

  

  2.2 Connecting to the target using the iSCSI initiator

  STEP 1

  In Windows, click [Start] and then click on [Control Panel].

  

  STEP 2

  Select [Administrative Tools].

  

  STEP 3

  Double-click on [iSCSI Initiator].

  

  STEP 4

  Under the Targets tab enter the IP address of your NAS into the [Target:] field and then click on [Quick Connect…].

  

  STEP 5

  You will now see the Quick Connect dialog box and that your target has been connected to. Click on [Done].

  

  STEP 6

  Once again, you will see that the target has been connected to under the [Discovered targets] heading. Click on [OK].

  

  2.3 Initializing the new disk volume

  STEP 1

  In Windows click [Start]. Then right-click on [Computer] and select [Manage].

  

  STEP 2

  The Computer Management window will now appear. Click on [Disk Management] under [Storage] in the left hand panel. The Initialize Disk
  dialog box will now appear. Make sure the disk is selected and then click [OK] to initialize it.

  

  STEP 3

  You will now see that the new disk is online but unallocated. Right-click on it and select [New Simple Volume…].

  

  STEP 4

  The New Simple Volume Wizard will now appear. Follow the steps provided by the wizard to complete the creation of the new disk volume.

  

  STEP 5

  This is what the information for the disk should look like once the new volume has been created.

  

  STEP 6

  The new volume is now ready for use. It will appear as a hard disk drive as in the picture below. You can use it as if it were a hard drive on your
  computer and any data that you store on it will be saved to the ASUSTOR NAS.

  Note: Please remember that a single target should not be simultaneously connected to multiple clients or initiators.

  

  3. Using iSCSI LUN Snapshots

  A snapshot of an iSCSI LUN is a point-in-time, read-only copy of an iSCSI LUN. It saves a significant amount of time and storage capacity when compared
  with traditional LUN backups. Each individual LUN supports up to 256 snapshot versions. In the following example we will show you how to create and restore
  an iSCSI LUN snapshot.

  3.1 Manually creating an iSCSI LUN snapshot

  STEP 1

  Open [Storage Manager]. Go to the [iSCSI LUN] tab, select a LUN that supports snapshots, click on [LUN Snapshot] and then choose [Create].

  

  STEP 2

  Click [Next] to proceed.

  

  STEP 3

  Now you will be able to configure the snapshot name, description (optional), and snapshot lock status. If the snapshot is locked, it cannot be removed
  manually or automatically. Click [Finish] to complete creation of the snapshot.

  

  Upon completion, you will see the newly created snapshot in the LUN Snapshot table as shown in the graphic below.

  

  3.2 Scheduled creation of iSCSI LUN snapshots

  STEP 1

  Open [Storage Manager]. Go to the [iSCSI LUN] tab, select a LUN that supports snapshots, click on [LUN Snapshot] and then choose [Schedule].

  

  STEP 2

  Define the schedule in accordance with your own requirements and then click [OK] when you are done.

  

  STEP 3

  You will now be able to see the schedule details in the [Snapshot Manager].

  

  3.3 Restoring from an iSCSI LUN snapshot

  STEP 1

  Open [Storage Manager]. Go to the [iSCSI LUN] tab, select a LUN that has existing snapshot(s), click on [LUN Snapshot] and then choose [Management].

  

  STEP 2

  Select the snapshot you want to restore, click on [Action] and then choose [Restore].

  

  STEP 3

  You will be provided with some extra settings before starting the restoration. You can configure the settings according to your requirements. After you
  click [OK], the iSCSI LUN will be rolled back with the selected snapshot.

  

  ---

  Chats with Comcast during setup

  Asustor chats with comcast during setup →