NASLite Network Attached Storage

We've been using NASlite 2 USB and Truecrypt to create a secure(ish) server as detailed on this thread http://www.serverelements.com/phpBB2/viewtopic.php?t=1043&highlight=&sid=f9a2126a6beda8b322758619e58ebf67

From reading other threads on these boards, we see that several people have raised the issue of increasing the security of NASlite - ie password protecting shares and so forth, and that the NASlite developers have chosen not to do so in order to keep the system simple and efficient. If that decision is ever reconsidered, we'd love to see the addition of a VPN server utility to the basic NASlite functions in order to be able to connect to it securely. Until that happens, does anyone know if it might be possible to do that with a third party add on ?

You may find that using a free dedicated app like smoothwall will more than meet your needs on the VPN area. It is a Firewall and NAT box with VPN function built in. It runs one an old PC and works great. I have setup about 20 of them so far and they just keep running and running. Easy setup and admin as well.

http://www.smoothwall.org

Hope this helps,

Mike

I would suggest that a NASLite is absolutely the wrong place to terminate a VPN.

I agree a firewall approach would be much better however i would say IPCOP or Astaro rather than Smoothwall (As i have had eprsonal dealings with one particlar snoothwall dude who was quite simply the most unpleasant person ive ever met).

Astaro is an excellent VPN device that i use all the time.

An alternative to SmoothWall is IPCop:
http://www.ipcop.org

IPCop manual on VPN:
http://www.ipcop.org/1.4.0/en/admin/html/vpnaw.html

A guide on how to setup VPN in IPCop can be found here:
http://www.tech-geeks.org/geeklog/artic ... 1130201398

I've been using pfSenseso Win2003's can PPTP into NASlite nightly. No complaints.

I agree, this needs to be in the firewall.
The only authentication from the NET I'd like to see is FTP (with an alt port). To me, this would be the easiest to add.

The rest should be LAN only for simplicity.

Thanks for the responses, they are most useful. I was thinking that one option might be to use a router /wifi access point with a VPN built in - I need to replace my existing router / wifi ap and so getting one with a built in VPN server would kill three birds with the one stone. Whichever option I take for a VPN server, be it the router approach or using an old pc and a Linux distro, I was thinking of using a SSL VPN rather than IPSEC. I'm told that though IPSEC is theoretically more secure, it can be more difficult to implement and many networks are not set up properly to handle it. SSL, on the other paw, are secure enough for our needs and can be used over virtually any network...

Just so you know;
pfSense with a PCMCIA PCI card, Orinoco PC card, and a following of a tutorial, will get you that router, AP, IPSEC.
My IPSEC site to site is even working over a DSL client that doesn't have a static IP. I haven't touched it after the inital sweat.

Good stuff.

One reason to consider a router/firewall appliance over a linux package on an old PC is operating expense and noise.

We obviously need to have the server running constantly in order to be able to access its contents, but would rather not have a second pc running continuously - noise and operatings costs are important factors. Because of that, the VPN server would either be a service run from the server or from the network's router/switch/modem appliance. Consensus seems to be that running a VPN service from the data server is a potential security flaw, and in any case NASlite doesn't have that capability, hence our feeling that replacing our dying modem/wifi access point with one with VPN functions is the way to go.

As for IPSec versus SSL, we understand that SSL is more universally available and reliable. Badger field operatatives will be logging in to Badger Central's server over a variety of networks - wi-fi hotspots, cyber cafes and so forth, and it seems that a fair proportion of those either deliberately reject IPSec traffic or are badly configured and thus mishandle it anyway: the end result is the same - no access. SSL however, being a web based protocol, is almost never deliberately blocked and rarely misconfigured. As SSL offers adequate security for our needs, we feel it a better option than IPsec based systems.

Off topic i know, but have to ask. What the heck is this "Badger Korporashun" dude. Read the website but dont get it

You doesn't get it ? Hmmm, but then we supposes you is a 'merrykan type 'ooman...

The Korporashun
Pre-eminent amongst global multinationals, The Badger Corporation, often known simply as "the Korporashun", is a secretive underground organisation. Though in truth little is known about it, the Korporashun is generally regarded as being the role model upon which Ian Fleming based James Bond's arch adversaries "Spectre" and "Smersh". Heading up The Korporashun is the CEO (Chief Executing Officer), a sinister figure known as Darth Badger. Few, if any, 'oomans have ever survived a meeting with Darth Badger.

A significant proportion of the Korporashun's traceable expenditure seems to be on Public Relations: teams of PR staff are employed to insinuate the notion of badgers being cute, cuddly, likeable creatures oppressed by farmers and persecuted by Vauxhall Vectra drivers. Much of this propaganda is aimed at the weak and vulnerable in society - the Korporashun taking particular care to target children through story books - and environmental activists.[/b]

How do you install Truecrypt? Does it only run on the box u are accessing the data on, or does it get installed onto the NASLite box. I looked in both you're link ref'd above and in the documentation for Truecrypt and neither explains it clearly.

Thanx for the help!

TrueCrypt would be run from your Windows or Linux box and it would create a secure container on the NASLite box that would appear as a drive or mount.